cancel
Showing results for 
Search instead for 
Did you mean: 

Using a single node 'out of the box' cluster

des_smith
Member
0 Kudos

I'm trying to check the BI Authentication configuration in SAP ESP 5.1 SP08.

I've installed a typical configuration. So I have setup my single node cluster using the default setup.

I've verified that my cluster db is running on port 19111 (netstat -na |findstr 19111) and also I have started the node using the start_node.bat file.

My database and cluster node for the default cluster esp1, are both running.

Next I want to use the Studio to connect to the node running in the cluster.

I assume that because it is a single node, containing both the Manager and Controller portions for this cluster, that I should simply have to add a New Server Url,through my ESP Studio.

But what username and password do I use for this default single node cluster, esp1?

Or where can I change the default password.

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Des,

ESP 5.1 SP08 has a new clustering architecture.  There is a diagram of it here:

  Clustering Architecture - Configuration and Administration Guide - SAP Library

Port 19111 is normally used by the cluster database in this diagram (unless you overrode the default ports during the installation).   Normally you would never try to connect to this port directly.  The ESP cluster manager will connect to the cluster database to check permissions to streams and windows.  The cluster database also stores the cluster configuration.

If you used the default ports during the installation, you would attempt connect to the cluster manager's port number 19011 using your BI user name and password.

However, before you do that you should connect to the cluster with the special user "espsysusr" and grant your BI user permission to create workspaces, access streams and windows, etc. :

  http://help.sap.com/saphelp_esp51sp08cfa/helpdata/en/5d/487862b43d4692bd2d06b9911aa1fd/frameset.htm

During the installation, the installer asks you to create a cluster database password.  Use this for the "espsysusr" to connect to the cluster and grant permissions.  For example:

$ESP_HOME/bin/

esp_cluster_admin --uri=esps://hostname:19011 --username=espsysusr --password=Password1

> grant perm all to user espadm

> exit

NOTE: Change the "hostname" to your host and "esps" to "esp" if you chose to not use SSL communication during the installation.

Thanks,

Neal

Former Member
0 Kudos

Hi Neal,

Thanks for your reply! We followed your steps and created new server URL (esps://<Host_IP>:19011) in the SAP ESP Run-Test prospective provided the user credentials as espsysusr. But while creating the Workspace for the url, it throws below exception -

[FAILURE:No authorization for requested permission: privilege=add, privilege-type=workspace, resource-type=workspace, resource=default][CODE:710005]

Any thoughts on what is restricting the user (espsysusr) to create the Workspace? And how to grant the necessary permissions to achieve it.

Former Member
0 Kudos

Hello,

The "espsysusr" is a special user that only has permission to grant/revoke other permissions.  This user can't do anything else in ESP.

Once you use "espsysusr" to grant permissions to one of your regular users, you will want to login to the ESP cluster manager with the regular user (BI user, Native operating system user, LDAP user, etc.) and use that user to add a workspace, load projects, etc.

Thanks,

Neal

Former Member
0 Kudos

Hi Neal, Thanks again for the clarification.

I tried to create a user through esp_cluster_admin Commands but could not find a way, rather gave it a try to assign permissions to a user (superuser) through Interactive mode logged in through espsysusr (without creating the user separately) and succeed in assigning All permissions and the user was created, using below command -

esp_cluster_admin --uri=esps://<Host>:19011 --username=espsysusr --password=<pwd>

>grant perm all to user superuser

And the user was displayed on "get users" command. Now when I am trying to log in to Interactive mode with superuser, I could not get through and get authentication error because of the unknown password.

I explored ESP 5.1 SP08 esp_Config_Admin_Guide.pdf (http://help.sap.com/Download/Multimedia/zip-esp5108/esp_Config_Admin_Guide.pdf) and (SyBooks Online) which is an SP04 release (file based configuration) with no luck.

Can you please assist us on the missing links. Any contents on how to create different types of users (BI user). Thanks in advance.

Former Member
0 Kudos

Hello,

Just to be clear, you can't create users within ESP unless you setup the pre-configured type of user name/password authentication:

   Enabling the Preconfigured User-Name-Password Option

This is a less-secure type of authentication (because it consists of a single user) and it is mainly used for demonstration systems.

All of the other user name/password types of authentication (LDAP, SAP BI, Native Operating System) use a valid, existing user.  So for example if you chose LDAP authentication during installation, if you wanted to connect to ESP you would need to enter a valid user/password according to your LDAP server.  If you chose Native OS while installing ESP on Linux, you would need to enter a valid Linux user/password.

When you use the "get users", command, it shows only users that have been granted a permission:

C:\>esp_cluster_admin --uri=esp://archer:51011 --username=espsysusr --password=Password1

> get users

    User:                         I825186@GLOBAL

    User:                         espadm

    User:                         espadm@DENN00530262A

3 users found.

> get permissions for user espadm

permission=[privilege=all, privilegeType=all, resourceType=all, resource=null], grantor=[SYSUSER:espsysusr], grantOption=[false], fromRole=[null]

Thanks,

Neal

Former Member
0 Kudos

Hi Alice,

We are facing two issues here -

First, We followed the Enabling SAP BI Authentication - Installation Guide (Windows) - SAP Library and make the necessary configuration for SAP BI authentication but after copying the files as per the guide, the node refused to start and throwing below errors in the log file -

Aug 05 2014 17:05:12.510 INFO - SAP Event Stream Processor Cluster Node 5.1.08.00/20140507.1/SP08 PL00/winnt/x86_64/64-bit/OPT/Wed, May 07, 2014  7:19:57 PM

Aug 05 2014 17:05:13.348 FATAL - CODE_700418 | Could not load config from database

com.sybase.esp.cluster.config.ConfigException: java.lang.UnsupportedOperationException:  setXIncludeAware is not supported on this JAXP implementation or earlier: class org.apache.xerces.jaxp.DocumentBuilderFactoryImpl

  at com.sybase.esp.cluster.impl.ConfigDatabaseAccessor._load(Unknown Source)

  at com.sybase.esp.cluster.impl.ConfigDatabaseAccessor.load(Unknown Source)

  at com.sybase.esp.cluster.impl.ConfigDatabaseManager.load(Unknown Source)

  at com.sybase.esp.cluster.impl.Node.initialize(Unknown Source)

  at com.sybase.esp.cluster.FactoryNode.factory(Unknown Source)

  at com.sybase.esp.cluster.FactoryNode.main2(Unknown Source)

Caused by: java.lang.UnsupportedOperationException:  setXIncludeAware is not supported on this JAXP implementation or earlier: class org.apache.xerces.jaxp.DocumentBuilderFactoryImpl

  at javax.xml.parsers.DocumentBuilderFactory.setXIncludeAware(DocumentBuilderFactory.java:614)

  at com.sybase.esp.cluster.config.Config.fromXml(Unknown Source)

  at com.sybase.esp.cluster.config.Config.readData(Unknown Source)

  ... 6 more

Aug 05 2014 17:05:13.352 FATAL - CODE_700412 | Factory of new node failed

Here are the steps we followed as per the guide.

1. Downloaded SBOP BI 4.1 installer from SAP software portal.

2. Install it and navigate to the installed folder to java/lib and copied the files.

3. Paste those files to %ESP_HOME%\libj\boe

4. Node failed to start while starting Cluster DB then Cluster node.

--------

And Second, we are trying to start the Cockpit server as per the guide and succeed but when trying to navigate to the browser using cockpit url, 'system' drop down on the webpage did not show any item (while Cluster DB and Cluster node were running) and so could not get log on to the cockpit.

We are trying to configure the BI authentication and then manage Cluster configuration through Cockpit prospective.

Any thoughts on what is missing here?

Many Thanks,

Nikhil

Former Member
0 Kudos

Hi Nikhil,

From the version string I see that you are not using a production version of ESP 5.1 SP08:

  SAP Event Stream Processor Cluster Node 5.1.08.00/20140507.1/SP08 PL00/winnt/x86_64/64-bit/OPT/Wed, May 07, 2014

The production build of SP08 should have this version string:

  SAP Event Stream Processor Engine 5.1.08.00/20140618.1/SP08 PL00/winnt/x86_64/64-bit/OPT/Wed, Jun 18, 2014 12:33:24 PM

Please do not use internal engineering builds unless you have explicit knowledge of the build's success or failure.  Engineering is constantly fixing bugs and unless you have knowledge of what they have checked in (and consequently broken or fixed), you will run into problems like this.

You need to uninstall the current version of ESP that you have, download the production version of ESP 5.1 SP08 from the SAP Software Download Center and install it and try again.

NOTE: Make sure that all ESP process are stopped before uninstalling and installing the new version (use the Windows task manager to kill any esp*.exe processes if you have to).

In the meantime, I will download the "SBOP BI Platform 4.1 Client Tools - Win 32B" and restart my cluster to see if I get similar errors.

Thanks,

Neal

Former Member
0 Kudos

Hello,

After downloading and installing "SBOP BI Platform 4.1 Client Tools - Win 32B" as per the instructions, when I try to start the cluster manager, it immediately shuts down with the same exception against the production release of ESP 5.1 SP08.  I have logged the following bug:

   768659 - Cluster manager won't start after enabling SAP BI authentication

The only possible workaround is to use a different authentication mechanism.

Please contact me internally if you are unable to use a different authentication mechanism and let me know the details of your project so that I can set the priority of this bug with engineering.

Thanks,

Neal

Former Member
0 Kudos

Hello,

I just wanted to post the steps we followed to get ESP to authenticate with BusinessObjects so in case others run into this problem they might find the solution here:

To enable the "SAP BI" authentication during an ESP installation, you must select the "SAP BI" authentication mechanism by doing a "Custom" installation.  If you do a "Typical" installation, the default authentication mechanism of "native operating system" will be used.

If you do a "Custom" install and choose "SAP BI", the installer will ask you to specify the host name and port of "SAP BI Configuration".  This is actually the host of the Central Management Server (CMS) and its listening name server port (default 6400).

Regardless of whether you choose a "Custom" or "Typical" installation, there are some post installation steps documented here:

http://help.sap.com/saphelp_esp51sp08win/helpdata/en/e7/996bad6f0f1014a6bbe054a90b82c0/frameset.htm

NOTE: ESP 5.1 SP08 requires a newer version of some Java classes than what is found in the BusinessObjects installation that are copied into the ESP "libj" directory.  So after step 3 of the above link you must delete every instance of “xercesImpl.jar” (there are three of them) from the %ESP_HOME%\libj\boe\* directories and then start the ESP Cluster Manager.

If you didn't select BI as the authentication and want to enable it later, follow these steps:

1) This installation had native operating system selected and I didn't want to change it so I copied %ESP_HOME%\cluster\config\esp1 to %ESP_HOME%\cluster\config\boe_auth

2) Change into the new directory for the rest of these instructions

  cd %ESP_HOME%\cluster\config\boe_auth

3)  In the file “auth_boe.xml”, fill in the CMS values normally entered via the installer:

  <Authenticator>

   <Provider>com.sybase.esp.cluster.security.BoeLoginModule</Provider>

    <Options>

  <Option expand="true" name="cmsUri">hostabc.acme.corp:6400</Option>

  <Option expand="true" name="authenticationMethod">secEnterprise</Option>

   </Options>

  </Authenticator>

4) Confirm that %ESP_HOME%\cluster\config\boe_auth\cluster.xml has the “auth_boe.xml” selected for the authentication type:

  <Authenticators>

    <xi:include href="auth_boe.xml" parse="xml"/>

  </Authenticators>

5) Start the ESP cluster database:

  D:\ESP51_SP8\ESP-5_1\cluster\config\boe_auth> start_db.bat

6) Deploy those changes (to the XML files) to the ESP cluster database :

  D:\ESP51_SP8\ESP-5_1\cluster\config\boe_auth>esp_cluster_node --config cluster.cfg --deploy --config-type file --file cluster.xml

  Want to deploy config-version 1

  Successfully deployed version 1

7) Start the cluster manager:

  D:\ESP51_SP8\ESP-5_1\cluster\config\boe_auth> start_node.bat node1

😎 Now log in as the special user “espsysusr” and grant permission to the BO “Administrator” user (or a valid BO user) so they can do some things inside ESP (after they authenticate):

  d:\ESP51_SP8\ESP-5_1\cluster\config\boe_auth>esp_cluster_admin --uri=esp://localhost:19011 --username=espsysusr --password=Password1

  > grant perm all to user Administrator

  > quit

9) Now try authenticating the BO “Administrator” user:

  d:\ESP51_SP8\ESP-5_1\cluster\config\boe_auth>esp_cluster_admin --uri=esp://localhost:19011 --username=Administrator --password=Password1

  > add workspace default

  [done]

  > get users

  User:                         Administrator

  1 users found.

  > quit

Former Member
0 Kudos

Hi All,

Thanks for suggestions. Its really helped me allot to come out from initial hurdles which i was facing during cluster setup with four nodes(3- managers & 1 controller). But when iam trying to create workspace by granting all permissions to my user account. Even then it is not allowing me to create the workspace.

This is the permission i have to my user account

> get permissions for user premsai

permission=[privilege=all, privilegeType=all, resourceType=all, resource=null], grantor=[SYSUSER:espsysusr], grantOption=[false], fromRole=[null]

>

But this was the error iam getting when iam trying to create the workspace.

> add workspace default

[error] server returned : [FAILURE:No authorization for requested permission: privilege=add, privilege-type=workspace, resource-type=workspace, resource=default][CODE:710005]

>

please help me to fix this issue.

Thanks,

-Sai Prem K

JWootton
Advisor
Advisor
0 Kudos

Try adding a workspace with a different name.  It might be that the error message is a bit misleading and it's not a permission issue, but since a workspace named "default" is created by default, you can't add another workspace with the same name.

P.S. - suggest it would have been better to start a new thread rather than post this at the end of a discussion from last year