Error when changing config folder for the IDM pod

Tagged: ,

This topic contains 2 replies, has 2 voices, and was last updated by  jason.du 3 weeks, 2 days ago.

  • Author
    Posts
  • #26226
     jason.du 
    Participant

    I’m attempting to change the IDM pod config folder from “/git/config/6.5/default/idm/sync-with-ldap-bidirectional” to “/git/config/6.5/cdm/m-cluster/idm/ds-repo-explicit” in order to use Postgres as the backend IDM repo rather than embedded DJ. Im using the helm upgrade –recreate-pods to achieve this. But below is the error message

    ShellTUI: No standard input…exiting.
    Aug 23, 2019 7:44:57 PM org.forgerock.openidm.health.HealthService$4 run
    SEVERE: OpenIDM failure during startup, ACTIVE_NOT_READY: Not all modules started [] [org.forgerock.openidm.repo-opendj] []

    Any tips or suggestions to resolve this would be greatly appreciated.Below is the complete log from the IDM pod

    + PROJECT_HOME=/git/config/6.5/cdm/m-cluster/idm/ds-repo-explicit
    + LOGGING_PROPERTIES=/var/run/openidm/logging/logging.properties
    + OPENIDM_HOME=/opt/openidm
    + export ‘IDM_ENVCONFIG_DIRS=/var/run/openidm/commons’
    + ‘[‘ openidm ‘=’ openidm ]
    + hostname
    + HOSTNAME=prod-openidm-openidm-0
    + NODE_ID=prod-openidm-openidm-0
    + ‘[‘ -r secrets/keystore.jceks ]
    Copying Keystores
    + echo ‘Copying Keystores’
    + cp -L secrets/keystore.jceks secrets/realm.properties secrets/truststore security
    + cp ‘/opt/openidm/conf/*.patch’ /git/config/6.5/cdm/m-cluster/idm/ds-repo-explicit/conf
    cp: can’t stat ‘/opt/openidm/conf/*.patch’: No such file or directory
    + BUNDLE_PATH=/opt/openidm/bundle
    + find_bundle_file ‘slf4j-api-[0-9]*.jar’
    + find /opt/openidm/bundle -name ‘slf4j-api-[0-9]*.jar’
    + echo /opt/openidm/bundle/slf4j-api-1.7.21.jar
    + SLF4J_API=/opt/openidm/bundle/slf4j-api-1.7.21.jar
    + find_bundle_file ‘slf4j-jdk14-[0-9]*.jar’
    + find /opt/openidm/bundle -name ‘slf4j-jdk14-[0-9]*.jar’
    + echo /opt/openidm/bundle/slf4j-jdk14-1.7.21.jar
    + SLF4J_JDK14=/opt/openidm/bundle/slf4j-jdk14-1.7.21.jar
    + find_bundle_file ‘jackson-core-[0-9]*.jar’
    + find /opt/openidm/bundle -name ‘jackson-core-[0-9]*.jar’
    + echo /opt/openidm/bundle/jackson-core-2.9.8.jar
    + JACKSON_CORE=/opt/openidm/bundle/jackson-core-2.9.8.jar
    + find_bundle_file ‘jackson-databind-[0-9]*.jar’
    + find /opt/openidm/bundle -name ‘jackson-databind-[0-9]*.jar’
    + echo /opt/openidm/bundle/jackson-databind-2.9.8.jar
    + JACKSON_DATABIND=/opt/openidm/bundle/jackson-databind-2.9.8.jar
    + find_bundle_file ‘jackson-annotations-[0-9]*.jar’
    + find /opt/openidm/bundle -name ‘jackson-annotations-[0-9]*.jar’
    + echo /opt/openidm/bundle/jackson-annotations-2.9.8.jar
    + JACKSON_ANNOTATIONS=/opt/openidm/bundle/jackson-annotations-2.9.8.jar
    + SLF4J_PATHS=/opt/openidm/bundle/slf4j-api-1.7.21.jar:/opt/openidm/bundle/slf4j-jdk14-1.7.21.jar
    + JACKSON_PATHS=/opt/openidm/bundle/jackson-core-2.9.8.jar:/opt/openidm/bundle/jackson-databind-2.9.8.jar:/opt/openidm/bundle/jackson-annotations-2.9.8.jar
    + echo /opt/openidm/bundle/openidm-system-6.5.0.1.jar
    + OPENIDM_SYSTEM_PATH=/opt/openidm/bundle/openidm-system-6.5.0.1.jar
    + echo /opt/openidm/bundle/openidm-util-6.5.0.1.jar
    + OPENIDM_UTIL_PATH=/opt/openidm/bundle/openidm-util-6.5.0.1.jar
    + CLASSPATH=’/opt/openidm/bin/*:/opt/openidm/framework/*:/opt/openidm/bundle/slf4j-api-1.7.21.jar:/opt/openidm/bundle/slf4j-jdk14-1.7.21.jar:/opt/openidm/bundle/jackson-core-2.9.8.jar:/opt/openidm/bundle/jackson-databind-2.9.8.jar:/opt/openidm/bundle/jackson-annotations-2.9.8.jar:/opt/openidm/bundle/openidm-system-6.5.0.1.jar:/opt/openidm/bundle/openidm-util-6.5.0.1.jar’
    + exec tini -v — java ‘-Djava.util.logging.config.file=/var/run/openidm/logging/logging.properties’ -server -Xms4g -Xmx4g -XX:+UseCompressedOops -XX:+UseG1GC -XX:+UseNUMA ‘-XX:MaxGCPauseMillis=100’ -verbose:gc -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+PrintGCDetails -XX:+PrintPromotionFailure -XX:+PrintAdaptiveSizePolicy -Xloggc:/tmp/gc.log ‘-Djava.endorsed.dirs=’ -classpath ‘/opt/openidm/bin/*:/opt/openidm/framework/*:/opt/openidm/bundle/slf4j-api-1.7.21.jar:/opt/openidm/bundle/slf4j-jdk14-1.7.21.jar:/opt/openidm/bundle/jackson-core-2.9.8.jar:/opt/openidm/bundle/jackson-databind-2.9.8.jar:/opt/openidm/bundle/jackson-annotations-2.9.8.jar:/opt/openidm/bundle/openidm-system-6.5.0.1.jar:/opt/openidm/bundle/openidm-util-6.5.0.1.jar’ ‘-Dopenidm.system.server.root=/opt/openidm’ ‘-Djava.endorsed.dirs=’ ‘-Djava.awt.headless=true’ ‘-Dopenidm.node.id=prod-openidm-openidm-0’ org.forgerock.openidm.launcher.Main -c /opt/openidm/bin/launcher.json -p /git/config/6.5/cdm/m-cluster/idm/ds-repo-explicit
    [INFO tini (1)] Spawned child process ‘java’ with pid ’22’
    Aug 23, 2019 7:44:37 PM org.forgerock.openidm.config.logging.LogServiceTracker logEntry
    SEVERE: Bundle: org.forgerock.openidm.repo-opendj [9] FrameworkEvent ERROR
    org.apache.felix.log.LogException: org.osgi.framework.BundleException: Activator start error in bundle org.forgerock.openidm.repo-opendj [9].
    at org.apache.felix.framework.Felix.activateBundle(Felix.java:2290)
    at org.apache.felix.framework.Felix.startBundle(Felix.java:2146)
    at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1373)
    at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)
    at java.lang.Thread.run(Thread.java:748)
    Caused by: org.apache.felix.log.LogException: org.forgerock.i18n.LocalizedIllegalArgumentException: The provided value “openidm” could not be parsed as a valid distinguished name because the last non-space character was part of the attribute name ‘openidm’
    at org.forgerock.opendj.ldap.Ava.decode(Ava.java:129)
    at org.forgerock.opendj.ldap.Rdn.decode(Rdn.java:183)
    at org.forgerock.opendj.ldap.Dn.decode(Dn.java:280)
    at org.forgerock.opendj.ldap.Dn.valueOf(Dn.java:253)
    at org.forgerock.opendj.ldap.Dn.valueOf(Dn.java:222)
    at org.forgerock.opendj.ldap.messages.Requests.newSimpleBindRequest(Requests.java:1420)
    at org.forgerock.opendj.rest2ldap.Rest2LdapJsonConfigurator.parseAuthenticationParameters(Rest2LdapJsonConfigurator.java:596)
    at org.forgerock.opendj.rest2ldap.Rest2LdapJsonConfigurator.configureConnectionFactory(Rest2LdapJsonConfigurator.java:552)
    at org.forgerock.opendj.rest2ldap.Rest2LdapJsonConfigurator.configureConnectionFactory(Rest2LdapJsonConfigurator.java:507)
    at org.forgerock.openidm.repo.opendj.impl.Activator.start(Activator.java:194)
    at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:697)
    at org.apache.felix.framework.Felix.activateBundle(Felix.java:2240)
    … 4 more

    ShellTUI: No standard input…exiting.
    Aug 23, 2019 7:44:57 PM org.forgerock.openidm.health.HealthService$4 run
    SEVERE: OpenIDM failure during startup, ACTIVE_NOT_READY: Not all modules started [] [org.forgerock.openidm.repo-opendj] []

    #26233
     Warren Strange 
    Participant

    Hi Jason

    It’s hard to tell from that error log. You might have to exec into the pod to examine the folder to see if it is properly mounted and IDM can read it. I would not trust the redeploy option of helm – I would install from scratch.

    We also have a preview branch in forgeops that uses skaffold / kustomize to deploy. It makes configuration much easier. Take a look here:

    https://github.com/ForgeRock/forgeops/tree/skaffold-6.5

    #26237
     jason.du 
    Participant

    Thanks for the reply. Unfortunately, the decision was made to use helm/tiller rather than skaffold/kustomize. I did cleared out the namespace and re-deployed all components. It again produced the same error as above. I changed the config path from “/git/config/6.5/default/idm/sync-with-ldap-bidirectional” to “/git/config/6.5/cdm/m-cluster/idm/ds-repo-explicit” from the value file in the forgeops-init repo here: https://github.com/ForgeRock/forgeops/blob/master/samples/config/prod/s-cluster/openidm.yaml. Please let me know if there is any other config i need to change in order to replace the embedded DJ with Postgresql.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?