It's all about the answers!

Ask a question

RAFW issue when running the import of cell resources


Luca Martinucci (1.0k397112) | asked Dec 09 '13, 11:10 a.m.

I am working with RAFW 7.1.1.4.

I have successfully discovered a WAS cell and created a new RAFW environment associated to that cell.

Now I ma running the BuildForge project created by the cell discovery in order to import the resources associated to the cell in a BF environment.

The job fails during the import of cell resources.

Here is an excerpt of the job log:

401 Dec 9 13 04:49:25PM EXEC call_wsadmin:
402 Dec 9 13 04:49:25PM EXEC      [exec] WASX7209I: Connected to process "dmgr" on node n0611686CellManager01 using SOAP connector;  The type of process is: DeploymentManager
403 Dec 9 13 04:49:27PM EXEC      [exec] WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[-washome, /opt/IBM/WebSphere/AppServer/profiles/Dmgr01, -scope, cell, -scopename, Prod02_07, -nodename, n0611686CellManager01, -delete_groups, -properties, /opt/RAFW/user/environments/Prod01/cells/Prod02_07/fileRegistry.xml, -mode, import]"
404 Dec 9 13 04:49:27PM EXEC      [exec] Importing File Registry Groups
405 Dec 9 13 04:49:27PM EXEC      [exec] WASX7017E: Exception received while running file "/opt/RAFW/product/actions/configure/was/common/nd/scripts/fileRegistryGroups.py"; exception information: com.ibm.websphere.wim.exception.WIMApplicationException: com.ibm.websphere.wim.exception.WIMApplicationException: CWWIM5505E To manage users and groups, either federated repositories must be the current realm definition or the current realm definition configuration must match the federated repositories configuration. If you use Lightweight Directory Access Protocol (LDAP), configure both the federated repositories and standalone LDAP registry configurations to use the same LDAP server.
406 Dec 9 13 04:49:27PM EXEC      [exec]

[.....]

421 Dec 9 13 04:49:27PM EXEC /opt/RAFW/product/lib/RAFW_lib.xml:167: The following error occurred while executing this line:
422 Dec 9 13 04:49:27PM EXEC /opt/RAFW/product/actions/configure/was/common/configure_was_common.xml:884: compositeaction unable to execute task: The following error occurred while executing this line:
423 Dec 9 13 04:49:27PM EXEC /opt/RAFW/product/actions/configure/was/common/nd/configure_was_file_registry_common.xml:61: The following error occurred while executing this line:
424 Dec 9 13 04:49:27PM EXEC /opt/RAFW/product/actions/configure/was/common/nd/configure_was_file_registry_common.xml:61: The following error occurred while executing this line:
425 Dec 9 13 04:49:27PM EXEC /opt/RAFW/product/lib/jython/ant_jythonLib.xml:190: exec returned: 105

Any idea about the causes of this issue?

Thanks in advance.

Accepted answer


permanent link
Ryan Ruscett (1.0k413) | answered Dec 10 '13, 9:18 a.m.
 Hello, 

RAF uses ssh to jump to the target system. Then if the OS_user is indeed a WebSphere user. Then RAF will try and run that command, as the OS_user defined. If you are using a Run_AS user. RAF will run that command as the Run_AS user defined. 

That is how it works. You can have multiple stand alone LDAP servers to create federated repositories. The LDAP user must have Admin rights to run internal WAS methods to query the LDAP. This is a bit off topic, and I don't think the user is an issue, or else you would have had permissions issues. 

RAF uses wsadmin to directly manipulate the configuration repository. The user using wsadmin should have the ability to manipulate all WebSphere dir, or at least read them. The issue that you are hitting 

CWWIM5505E To manage users and groups, either federated repositories must be the current realm definition or the current realm definition configuration must match the federated repositories configuration. If you use Lightweight Directory Access Protocol (LDAP), configure both the federated repositories and standalone LDAP registry configurations to use the same LDAP server. 

This says that the user must be in the current realm definition. You need to confirm that the LDAP is configured under the proper realm in the event you have more than 1. If you have only 1. The second part stating the configuration must match the federated repository configuration goes along with what I mentioned as well. You are using LDAP, so you need to configure both the Fed repo and STD LDAP to use the same LDAP Server and be contained within the same realm. 

This messages can be vague, but until you can confirm that both the fed repo and the std ldap are configured properly, it's hard to know what is what. 

Luca Martinucci selected this answer as the correct answer

One other answer



permanent link
Ryan Ruscett (1.0k413) | answered Dec 10 '13, 7:22 a.m.
 Hello Luca,

When WebSphere is installed. It creates a single built-in file based repository that is build into the system and included in the realm by default. It is important to understand what a realm is. Think of it like a Security Domains, or Replication Domain. Instead of managing who can access what within the system or High Availability segments. A realm holds identities for multiple federated repositories. (provided links below)

This error indicates that RAF is having a problem with the ResourceFile -fileRegistry. ResourceFiles are typically xml files that RAF uses to handle configurations. The RAF fileRegistry file is the same as the WebSphere xml being used to "Importing File Registry Groups" The return code 105 can mean many things. In this case, it would appear that you do not have your federated repositories contained within the same realm. 

I have provided some links below to help better understand configuring federated repositories and better understand a WebSphere Realm. It would be to much to try to describe here. I would verify your environment according to these settings. Confirm that it is set up the way RAF needs. 

LIKELY CAUSE:
1. You have a repository of user information, That is not configured inside the realm being read from the import. Which is contained within the fileRegistry.xml. You can verify this via wsadmin or the Console by the links below. 



REALM CONFIG 

FED REPO


Comments
Luca Martinucci commented Dec 10 '13, 8:41 a.m.

Hello Ryan,

actually, RAFW was trying to connect to WAS using an internal WAS user.

Now I have provided RAFW with a LDAP user (who is able to connect to the WAS Console via browser), but apparently nothing has changed.

I still get the same error messages.

Notice that WAS is configured for a standalone LDAP authentication.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.