Archive

Archive for January, 2014

Usage of various pgp command

January 30, 2014 Leave a comment

Recently I got a request from a bank where the customer transmits some of the files. Bank was upgrading and changing their target server and hence we need to accommodate certain changes on our side to do the testing before the same is done in production environment.

Command to list the existing Key IDs on the keyring


appluser.DEV.pdc-xyz-ibm> /usr/local/bin/pgp -kv
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
Type bits      keyID      Date       User ID
RSA  1024      ********** 2009/07/02 *** DEFAULT SIGNING KEY ***
                                     XY_ABCBANK_TEST
RSA  1024      ********** 2009/07/06 abc pqr <a href="mailto:abc.pqr@domain.com">abc.pqr@domain.com</a>>
RSA  2048/2048 ********** 2012/02/21 expires 2014/05/01
                                      File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
RSA  2048/2048 ********** 2009/03/04 *** KEY EXPIRED ***
                                      ABCBANK_ECS_QA_2011 <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
4 matching keys found.

Bank sends the new public key from their TEST/QA server. This is done so as to do point to point testing from our DEV/QA to Bank DEV/QA server.

Once the new public key is recived,this needs to be added into the keyring using below command


/usr/local/bin/pgp -ka <BANK_PUBLIC_KEY.ASC>
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
Looking for new keys...
RSA  2048/2048 ************ 2012/02/21 File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
sig?           ************             (Unknown signator, can't be checked)

keyfile contains 1 new keys. Add these keys to keyring ? (Y/n) Y
New userid: "File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>".
New signature from keyID ********* on userid File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>

Keyfile contains:
   1 new key(s)
   1 new signatures(s)
   1 new user ID(s)
Summary of changes :

New userid: "File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>".
New signature from keyID ********** on userid File_Transfer_Services <a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>

Added :
   1 new key(s)
   1 new signatures(s)
   1 new user ID(s)

Comand to extract the key for the user XY_ABCBANK_TEST (copies ID’s key to keyfile from keyring )

XY_ABCBANK_TEST is the user ID signing the encrypted file


/usr/local/bin/pgp -kx XY_ABCBANK_TEST /tmp/pgp_key_XY_Nov2013.asc

Getting a warning message while encrypting and signing the file


Key for user ID: File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
2048-bit RSA key, Key ID ******, created 2012/02/21, expires 2014/05/01
WARNING:  Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: "File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>".

Now to overcome the error, we need to sign the public key received from 3rd party using our secret key on key ring

pgp -ks <HER_USERID>-u <YOUR_USERID>keyring


appluser.DEV.pdc-xyz-ibm> pgp -ks File_Transfer_Services -u XY_ABCBANK_TEST_2013
Pretty Good Privacy(tm) Version 6.5.8
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.
Key for user ID: File_Transfer_Services <<a href="mailto:connectivity.services.engineering@abc.com">connectivity.services.engineering@abc.com</a>>
2048-bit RSA key, Key ID ***********, created 2012/02/21, expires 2014/05/01
          Key fingerprint =  XY PQ 86 14 PO E9 9F 11  9Q E7 2G 80 69 75 U8 37  F6 8S 7C C3
READ CAREFULLY:  Based on your own direct first-hand knowledge, are
you absolutely certain that you are prepared to solemnly certify that
the above public key actually belongs to the user specified by the
above user ID (y/N)? y

You need a pass phrase to unlock your secret key.
Key for user ID "XY_ABCBANK_TEST_2013"
Key does not have a passphrase.

Attach a regular expression to this signature, or
press enter for none:
appluser.DEV.pdc-xyz-ibm>

Reference URL for other various PGP command summary

http://www.dsj.net/pgp/pgphelp.html

http://www.cs.wm.edu/pgp.html

-Anand

Categories: Oracle Apps

adstpall.sh on Web tier and giving “Timeout specified in context file: 100 second(s)” error

January 30, 2014 Leave a comment

Today our development team complained of ‘Development’ instance of Oracle 11 Ebiz is not accessible. Even the login page is not loading.

I tried to login and got the login page but later on after keying the login credential, it was taking extremely long time to open and later on threw ‘page not found’ error. I thought of bouncing apache.

When I tried to bounce apache, I got below error.


ORACLE error 604 in afpodbinit

Cause:  afpodbinit failed due to ORA-00604: error occurred at recursive SQL level 1
ORA-01013: user requested cancel of current operation
ORA-06508: PL/SQL: could not find program unit being called
ORA-06512: at "APPS.FND_GLOBAL", line 101
ORA-06512: at "APPS.FND_GLOBAL",.

The SQL statement being executed at the time of the error was: begin fnd_global.bless_next_init('FND_PERMIT_0000'); fnd_global.initialize(:session_id, :user_id, :resp_id, :resp_appl_id, :security_group_id, :site_id, :login_id, :conc_login_id, :prog_appl_id, :conc_program_id, :conc_request_id, :conc_priority_request, :form_id, :form_application_id, :conc_process_id, :conc_queue_id, :queue_appl_id, :server_id); fnd_profile.put('ORG_ID', :org_id); fnd_profile.put('MFG_ORGANIZATION_ID', :mfg_org_id); fnd_profile.put('MFG_CHART_OF_ACCOUNTS_ID', :coa); fnd_profile.put('APPS_MAINTENANCE_MODE', :amm); end; and was executed from the file &ERRFILE.

Apache Web Server Listener :httpd ( pid 17197 ) is running.
Stopping Apache Web Server Listener (dedicated HTTP) ...

Oracle error -6508: ORA-01013: user requested cancel of current operation
ORA-06508: PL/SQL: could not find program unit being called
has been detected in FND_GLOBAL.INITIALIZE.

Oracle error -6508: ORA-01013: user requested cancel of current operation
ORA-06508: PL/SQL: could not find program unit being called
has been detected in FND_GLOBAL.INITIALIZE.
Apache Web Server Listener (PLSQL) :httpd ( pid 17521 ) is running.
Stopping Apache Web Server Listener (dedicated PLSQL) ...
Oracle error -6508: ORA-01013: user requested cancel of current operation
ORA-06508: PL/SQL: could not find program unit being called
has been detected in FND_GLOBAL.INITIALIZE.

adapcctl.sh: exiting with status 0

Later on when I tried to run adstpall.sh on Web tier, I got following in the error.


Setting service Oracle Apache Server DEV_pdc-al-lnx12 to mode 3
Executing service control script:
/d01/wfmdev/common/admin/scripts/DEV_pdc-al-lnx12/adapcctl.sh stop
Timeout specified in context file: 100 second(s)

script returned:
****************************************************
ERROR : Timed out( 100000 ): Interrupted Exception

adapcctl.sh version 115.50

Later on when I looked into the database, I got following latches/library pin waits and hence decided to go for database bounce.


    1    71 library cache lock            JDBC Thin Client     APPS        ############ 5.0440E+17        302   1117
    1    87 library cache lock               ?  @pdc-al-lnx12  APPS        ############ 5.0440E+17        302   1084
                                          (TNS V1-V3)

    1    88 library cache lock                                 APPS        ############ 5.0440E+17        302    817
    1   104 library cache lock            JDBC Thin Client     APPS        ############ 5.0440E+17        302    520
    1   132 library cache lock                                 APPS        ############ 5.0440E+17        302   1169
    1   150 library cache lock               ?  @pdc-al-lnx12  APPS        ############ 5.0440E+17        302    817
                                          (TNS V1-V3)

    1   164 library cache lock            JDBC Thin Client     APPS        ############ 5.0440E+17        302   1117
    1   233 library cache lock               ?  @pdc-al-lnx12  APPS        ############ 5.0440E+17        302    189
                                          (TNS V1-V3)

    1   142 library cache pin                ?  @pdc-al-lnx12  APPS        ############ 5.0440E+17        302    219
                                          (TNS V1-V3)

    1   171 library cache pin                ?  @pdc-al-lnx12  APPS        ############ 5.0440E+17        202     11

DB bounce helped to resolve the issue. ‘adstpall.sh’ and ‘adstrtal.sh’ executed successfully. Application was very much accessible.

-Anand

 

Categories: Oracle Apps