on 02-10-2016 9:24 AM
Hello guys,
I have a HANA DB with Rev 110 and XS Advanced installed.
The hostname of the machine is hdb.
The fully qualified hostname is hdb.domain.tld (just replaced it for privacy). This is also what "hostname -f" on OS level is returning.
In XS Advanced I already created the domain hdb.domain.tld in addition to the default domain hdb and also set a (signed) certificate for this new domain.
This way I can access one of my XS Advanced apps by calling https://hdb.domain.tld:51011 in my browser. However when I want to use the uaa service there are many problems. The first obvious problem is that the browser redirects me to https://hdb:30032/uaa-security/login which is not available from the client since the domain name is missing.
While it is possible to specify the domain for apps, service brokers seem to have fixed urls? I tried the xs update-service-broker but it just gives me a "Not implemented" message. Also I need to specify a username and password for this command - but which? I tried with SYS_XS_UAA but doesn't matter at all since its not implemented as mentioned before.
Another problem is that I can't just manually visit https://hdb.domain.tld:30032/uaa-security/login because it then gives me a 404 error. It seems that the uaa server is using SNI and is only serving the url which is specified during startup.
Although the startup script xs-uaa-server in /usr/sap/hana/shared/HDB/xs/bin clearly states the usage [port] [full qualified hostname] [ssl-enable OR ssl-disable] [start OR run] [router-port], the argument is retrieved by the hdbxsuaaserver script in the same directory by
if [ "$USE_DEFAULT_DOMAIN" != "" ]; then
HOSTNAME_TO_USE=$USE_DEFAULT_DOMAIN
else
HOSTNAME_TO_USE=`cat $SAP_RETRIEVAL_PATH/sapprofile.ini | sed -n 's/SAPLOCALHOST *= *//p'`
fi
So basically it just reads parameter SAPLOCALHOST of the sapprofile.ini which is NOT the fully qualified hostname. The sapprofile.ini also doesn't even contain the parameter SAPLOCALHOSTFULL like it is for ABAP systems.
You can easily see where this leads to by looking at the xsuaaserver.out in the trace directory:
hdb
-Dcom.sap.xs.scenario=hana -Duaaserver.port=30031
UAA_PORT 30031
FULL_QUALIFIED_HOSTNAME hdb
SSL_ENABLE true
STARTMODE run
JAVA_OPTS -Dcom.sap.xs.scenario=hana -Duaaserver.port=30031 -Duaaserver.logdir=/usr/sap/hana/shared/HDB/xs/bin/../uaaserver/tomcat/logs -Duaaserver.host=hdb -Duaaserver.ssl.enable=true -Duaaserver.ssl.keystore=/usr/sap/hana/shared/HDB/xs/bin/../uaaserver/tomcat/ssl_key_store.jks -Duaaserver.ssl.keystore.pass=iBoi8mKKJfzL6wx-HI7WokKUvjCJs9hqGRX -Duaaserver.port=30031 -Dcom.sap.sapjvm.vmtag=xsuaaserver
INTERNAL UAA URL https://hdb:30031/uaa-security
EXTERNAL UAA URL https://hdb:30032/uaa-security
Sine the startup script is looking for a xsa_startup_properties file which is sourced before the start, I also tried creating this file with content
#!/bin/bash
USE_DEFAULT_DOMAIN=hdb.domain.tld
which is then used as fully qualified hostname. You can see the effect in the xsuaaserver.out and also the 404 is gone then, but typing xs service-brokers still gives the internal url only. Also redirection is still to the local hostname. When you restart the hana instance then (probably xs controller service needs to pick up the changes) the xs controller service startup fails (because it can't find the uaa server).
So my question is, are there any workarounds and will there ever be an official solution for using fqdn?
Hi Fabian,
currently the XSA controller & UAA server use the HANA local hostname as the hostname to setup the whole system. Basically you were right, that you need to change the "hdb" hostname to the FQDN.
Currently the only true solution is to reinstall the system and when HDBLCM asks "Enter Local Hostname" enter the FQDN. Then all XSA services will use this correct hostname.
In the future you will have the opportunity to specify different hostnames for the HANA Local Hostname and the XSA Default Domain. Also system rename will be available for XSA in one of the upcoming releases, which could also solve such an issue.
Best regards,
Marc
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Marc for your reply.
There is another option in my mind:
Using the XSA controller web dispatcher and updating the rewrite-rules. I already got it working to some point (modifying as well the "Host" header of the HTTP request as well as the "location"-Redirect header of the response), but
1) The rewrite rules are not persistent because they get generated and overwritten regularly
2) Could not get the login working properly, got several redirects between auth->callback->undefined->auth->callback->undefined->....
3) The certificate of the local host is used instead of the certificate for the fqdn --> self signed --> warning messages in browser
Already looking forward to the release where I can specify the hostname for the XSA Default Domain!
Best Regards,
Fabian
The Note: 2245631 - Routing Mode and Default Domain configuration for SAP HANA extended application services, ... provides some more information on this topic.
Hello Fabian,
I have a similar problem. I got a HANA Database Revision 111 system with AS Advanced installed. All services seem to be running fine, but when I try to login with the XSA CLI tool, I got this error message:
Authentication failed. UAA at https://hostname:30032/uaa-security is not up.
I can see that the xsuaaserver is running on port 30031.
Am I missing something?
Many thanks in advance
Frank Schuler
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Fabian,
I have met the same issue like Frank, and I did NOT change anything. I just download the XS_Client and use the XSA command line to connect to the server. But when I input the 'xs login -u XSA_ADMIN', I login failed and got the error info
'Authentication failed. UAA at https://hostname:30032/uaa-security is not up.'
is there any configuration I have to do before the login?
Thanks & Kind regards
Stefanie
Hello Fabian,
no, I did not change neither the hostname nor any of the ports. The issue turned out to be with the SSL certificate.
Please try paramter --skip-ssl-validation as per the SAP HANA Developer Guide For SAP HANA XS Advanced Model.
Very best regards
Frank
Hello Stefanie,
have you tried paramter --skip-ssl-validation as per the SAP HANA Developer Guide For SAP HANA XS Advanced Model.
Very best regards
Frank
yes, I execute the ‘xs api https://hostname:30130 --skip-ssl-validation ' successfully, but I login failed.
Kind regards
Stefanie
Hi Marc,
Thanks for replying. I've been working on this all week.
Yes, I can access the site. I navigate to https://<FQDN>:30032/uaa-security/ and I'm prompted to login. When I do with the XSA_ADMIN, I get a message saying:
Welcome to XSUAA
The error message and version are below:
Any guidance you can give will be much appreciated.
Thanks,
Rob
I recently updated to Rev. 122 with XSA PL 32.
I ended up with some workarouds before, currently I did a system rename as suggested to fully qualified hostname.
Not sure if this is needed though, since xscontroller.ini now has an option to set the domain! I also switched to hostname based routing (instead of port based routing).
Looks pretty good now, additionally I have another webdispatcher running which is serving both the classic xs engine as well as xs advanced on the same port (443).
Regarding to your "UAA ... is not up": Did you try calling this URL in your web browser? Maybe it's a firewall issue?
Hi Robert,
there is an incompatibility between the client you are using and the server version you are targeting. I suggest you to update your client. You require at least xs client version 1.0.24.
In case you need the client for a specific platform you can download it from SMP. However the client is not available as a separate download in SMP. We are still working on making this available. You need to download the full HANA Platform edition installation medium, which contains xs client for all platforms. Please download the newest SPS 12 release to get a version >= 1.0.24
Best regards,
Marc
I couldn't find the latest version of the client, too. I ended up in copying the jars (which are platform independent) to my local client directory, now I can run the client of PL 32 on my local PC, too.
Previously you could find the client on SMP by searching von XS_JAVASCRIPT, but it seems to be gone
Hi Marc,
Thanks for the information. If there's any way SAP can get this up as a separate download as soon as possible, that would be great. It's extremely time-consuming to have to download the entire platform just to get the client...
In the meantime, I've already started pulling it down from SMP. I'll let you know if/when I get things working.
Thanks again,
Rob
Marc,
Getting the latest client did allow me to login, and I've even managed to start the TinyWorld tutorial; however, when I try to build the HDB module, I receive the following error message:
I've tried several fixes, including increasing the JVM max memory, deleting and recreating the project in the DEV space, in the SAP space, etc.
I've also made sure I had developer rights for all spaces in my environment with the user I created for this purpose. Frankly, I'm out of ideas. Can you please tell me what I need to do to get this project built?
Thanks,
Rob
Hi Robert,
so you overcame the "Permission denied" problems?
The error message you see, means that there is no di-builder in the space that you are trying to develop in. There should be an application called "di-space-enablement-ui" in the space where you installed WebIDE. If you launch that using the URL it is associated with you can enable development for the different spaces.
As far as I know the documentation in the official SAP HANA Developer Guide is not up-to-date with the version of WebIDE you seem to be using. There is additional documentation attached to the release note of SAP WebIDE SPS 12 1. It can be found here: http://service.sap.com/sap/support/notes/2304873
Best regards,
Marc
First make sure you are targeting the correct space. These admin tools should be in the SAP space. Use XS target -s SAP. Then run xs apps to list all the apps. You should see the di-space-enablement-ui in the list. If not perhaps your system isn't at the latest patch level of the SAP Web IDE for SAP HANA.
If I'm not on the latest version, then it's because the latest version of HANA SPS12 does not have the latest version, as this is a new installation with the latest revision of SPS12. I'm downloading the core and client again now. I'll try again after I verify that I have the absolute latest version of both installed; however, I'm not hopeful. This is the exact problem that I had on the previous system I was trying this on, and I manually installed the latest WebIDE core and client on that one.
Rob
I have the following component versions installed:
SAP Web IDE 1 3.12.0
DI Core 1 3.12.0
XS Monitoring 1 1.2.0
XS Services 1 1.2.0
SAP HANA Runtime Tools 1 1.2.2
I know that the Web IDE and DI Core are the latest available for download, as I just pulled those from the marketplace. If there's a newer version of any of these available, please let me know where to find them. Otherwise, please give me some advice on how to get the di-space-enablement-ui running.
Thanks for all the help!
Rob
Okay, thanks for the information. I realized that the order in which I added components in the hdblcmgui was referencing the older Web IDE core and client in the HANA installation media instead of the newer components I downloaded. After also grabbing the latest runtime tools, I'm in the process of updating the Web IDE components now.
It would be nice if the "latest" HANA platform would get updated with the latest XS Advanced components as well...:/
I'll update you after I get things updated to the latest versions. As always, thanks for the help.
Rob
Okay, thanks. I've added the role collection to my user and I can now login to the Web IDE again; however, when I create a project, I get "(Project Space) Failed to set workspace settings." I get this whether I try to use the SAP space or my own space. I also get the same error if I navigate to the Project Settings and try to change the space there. No matter which space I choose, when I click Save, I get the same error.
Please help.
Thanks,
Rob
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.