cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

XS Advanced and FQDN

Go to solution
fabian_krger
Participant

on ‎02-10-2016 9:24 AM

0 Kudos

Hello guys,

I have a HANA DB with Rev 110 and XS Advanced installed.

The hostname of the machine is hdb.

The fully qualified hostname is hdb.domain.tld (just replaced it for privacy). This is also what "hostname -f" on OS level is returning.

In XS Advanced I already created the domain hdb.domain.tld in addition to the default domain hdb and also set a (signed) certificate for this new domain.

This way I can access one of my XS Advanced apps by calling https://hdb.domain.tld:51011 in my browser. However when I want to use the uaa service there are many problems. The first obvious problem is that the browser redirects me to https://hdb:30032/uaa-security/login which is not available from the client since the domain name is missing.

While it is possible to specify the domain for apps, service brokers seem to have fixed urls? I tried the xs update-service-broker but it just gives me a "Not implemented" message. Also I need to specify a username and password for this command - but which? I tried with SYS_XS_UAA but doesn't matter at all since its not implemented as mentioned before.

Another problem is that I can't just manually visit https://hdb.domain.tld:30032/uaa-security/login because it then gives me a 404 error. It seems that the uaa server is using SNI and is only serving the url which is specified during startup.

Although the startup script xs-uaa-server in /usr/sap/hana/shared/HDB/xs/bin clearly states the usage [port] [full qualified hostname] [ssl-enable OR ssl-disable] [start OR run] [router-port], the argument is retrieved by the hdbxsuaaserver script in the same directory by



if [ "$USE_DEFAULT_DOMAIN" != "" ]; then


   HOSTNAME_TO_USE=$USE_DEFAULT_DOMAIN


else


   HOSTNAME_TO_USE=`cat $SAP_RETRIEVAL_PATH/sapprofile.ini | sed -n 's/SAPLOCALHOST *= *//p'`


fi

So basically it just reads parameter SAPLOCALHOST of the sapprofile.ini which is NOT the fully qualified hostname. The sapprofile.ini also doesn't even contain the parameter SAPLOCALHOSTFULL like it is for ABAP systems.

You can easily see where this leads to by looking at the xsuaaserver.out in the trace directory:



hdb


-Dcom.sap.xs.scenario=hana -Duaaserver.port=30031


UAA_PORT 30031


FULL_QUALIFIED_HOSTNAME hdb


SSL_ENABLE true


STARTMODE run


JAVA_OPTS  -Dcom.sap.xs.scenario=hana -Duaaserver.port=30031 -Duaaserver.logdir=/usr/sap/hana/shared/HDB/xs/bin/../uaaserver/tomcat/logs -Duaaserver.host=hdb -Duaaserver.ssl.enable=true -Duaaserver.ssl.keystore=/usr/sap/hana/shared/HDB/xs/bin/../uaaserver/tomcat/ssl_key_store.jks -Duaaserver.ssl.keystore.pass=iBoi8mKKJfzL6wx-HI7WokKUvjCJs9hqGRX -Duaaserver.port=30031 -Dcom.sap.sapjvm.vmtag=xsuaaserver


INTERNAL UAA URL https://hdb:30031/uaa-security


EXTERNAL UAA URL https://hdb:30032/uaa-security

Sine the startup script is looking for a xsa_startup_properties file which is sourced before the start, I also tried creating this file with content



#!/bin/bash


USE_DEFAULT_DOMAIN=hdb.domain.tld

which is then used as fully qualified hostname. You can see the effect in the xsuaaserver.out and also the 404 is gone then, but typing xs service-brokers still gives the internal url only. Also redirection is still to the local hostname. When you restart the hana instance then (probably xs controller service needs to pick up the changes) the xs controller service startup fails (because it can't find the uaa server).

So my question is, are there any workarounds and will there ever be an official solution for using fqdn?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

marcbecker
Contributor
‎02-12-2016 8:54 AM

Hi Fabian,

currently the XSA controller & UAA server use the HANA local hostname as the hostname to setup the whole system. Basically you were right, that you need to change the "hdb" hostname to the FQDN.

Currently the only true solution is to reinstall the system and when HDBLCM asks "Enter Local Hostname" enter the FQDN. Then all XSA services will use this correct hostname.

In the future you will have the opportunity to specify different hostnames for the HANA Local Hostname and the XSA Default Domain. Also system rename will be available for XSA in one of the upcoming releases, which could also solve such an issue.

Best regards,

Marc

Show replies
Show replies
fabian_krger
Participant
‎02-12-2016 10:51 AM
0 Kudos

Thanks Marc for your reply.

There is another option in my mind:

Using the XSA controller web dispatcher and updating the rewrite-rules. I already got it working to some point (modifying as well the "Host" header of the HTTP request as well as the "location"-Redirect header of the response), but

1) The rewrite rules are not persistent because they get generated and overwritten regularly

2) Could not get the login working properly, got several redirects between auth->callback->undefined->auth->callback->undefined->....

3) The certificate of the local host is used instead of the certificate for the fqdn --> self signed --> warning messages in browser

Already looking forward to the release where I can specify the hostname for the XSA Default Domain!

Best Regards,

Fabian

gregorw
Active Contributor
‎05-11-2020 4:38 PM
0 Kudos

The Note: 2245631 - Routing Mode and Default Domain configuration for SAP HANA extended application services, ... provides some more information on this topic.

Answers (1)

Answers (1)

architectSAP
Active Contributor
‎03-06-2016 2:39 PM
0 Kudos

Hello Fabian,

I have a similar problem. I got a HANA Database Revision 111 system with AS Advanced installed. All services seem to be running fine, but when I try to login with the XSA CLI tool, I got this error message:

Authentication failed. UAA at https://hostname:30032/uaa-security is not up.

I can see that the xsuaaserver is running on port 30031.

Am I missing something?

Many thanks in advance

Frank Schuler

Show replies
Show replies
Former Member
‎04-19-2016 10:28 AM
0 Kudos

Hi Frank,

have you fixed this issue?

I also got the same error like you said.

Thanks & Kind regards

Stefanie

fabian_krger
Participant
‎04-19-2016 10:33 AM
0 Kudos

Hi Frank,

did you change anything to the hostname/fqdn or is it a general problem?

Usually the platform router should route the request from port 30032 to 30031...

Former Member
‎04-19-2016 10:43 AM
0 Kudos

Hi Fabian,

I have met the same issue like Frank, and I did NOT change anything. I just download the XS_Client and use the XSA command line to connect to the server. But when I input the 'xs login -u XSA_ADMIN', I login failed and got the error info

'Authentication failed. UAA at https://hostname:30032/uaa-security is not up.'

is there any configuration I have to do before the login?

Thanks & Kind regards

Stefanie

fabian_krger
Participant
‎04-19-2016 12:14 PM
0 Kudos

Did you execute the command from the HANA host via ssh or locally? Are you able to ping hostname in that case / are there any firewall rules in place?

architectSAP
Active Contributor
‎04-19-2016 7:08 PM
0 Kudos

Hello Fabian,

no, I did not change neither the hostname nor any of the ports. The issue turned out to be with the SSL certificate.

Please try paramter --skip-ssl-validation as per the SAP HANA Developer Guide For SAP HANA XS Advanced Model.

Very best regards

Frank

Former Member
‎04-20-2016 9:12 AM
0 Kudos

Hi Fabian,

I execute the command locally, and I can ping the hostname successfully. I tried to connect another XSA controller and still failed. I can execute the xs api hostname successfully, but I failed to login the server. In fact the xsuaaserver is up.

architectSAP
Active Contributor
‎04-20-2016 2:50 PM
0 Kudos

Hello Stefanie,

have you tried paramter --skip-ssl-validation as per the SAP HANA Developer Guide For SAP HANA XS Advanced Model.

Very best regards

Frank

Former Member
‎04-21-2016 2:37 AM
0 Kudos

yes, I execute the ‘xs api https://hostname:30130 --skip-ssl-validation ' successfully, but I login failed.

Kind regards

Stefanie

Former Member
‎08-19-2016 12:11 AM
0 Kudos

Did you ever get this problem resolved? I'm having the same problem.

marcbecker
Contributor
‎08-19-2016 8:31 AM
0 Kudos

Hello Robert,

can you access the URL in the error message from your browser on the same machine you are using the client? Which client and server version are you using. You can query them by running "xs version"

Best regards,

Marc

Former Member
‎08-19-2016 9:45 AM
0 Kudos

Hi Marc,

Thanks for replying. I've been working on this all week.

Yes, I can access the site. I navigate to https://<FQDN>:30032/uaa-security/ and I'm prompted to login. When I do with the XSA_ADMIN, I get a message saying:

Welcome to XSUAA

The error message and version are below:

Any guidance you can give will be much appreciated.

Thanks,

Rob

fabian_krger
Participant
‎08-19-2016 10:55 AM
0 Kudos

I recently updated to Rev. 122 with XSA PL 32.

I ended up with some workarouds before, currently I did a system rename as suggested to fully qualified hostname.

Not sure if this is needed though, since xscontroller.ini now has an option to set the domain! I also switched to hostname based routing (instead of port based routing).

Looks pretty good now, additionally I have another webdispatcher running which is serving both the classic xs engine as well as xs advanced on the same port (443).

Regarding to your "UAA ... is not up": Did you try calling this URL in your web browser? Maybe it's a firewall issue?

marcbecker
Contributor
‎08-19-2016 11:47 AM
0 Kudos

Hi Robert,

there is an incompatibility between the client you are using and the server version you are targeting. I suggest you to update your client. You require at least xs client version 1.0.24.

In case you need the client for a specific platform you can download it from SMP. However the client is not available as a separate download in SMP. We are still working on making this available. You need to download the full HANA Platform edition installation medium, which contains xs client for all platforms. Please download the newest SPS 12 release to get a version >= 1.0.24

Best regards,

Marc

fabian_krger
Participant
‎08-19-2016 12:11 PM
0 Kudos

I couldn't find the latest version of the client, too. I ended up in copying the jars (which are platform independent) to my local client directory, now I can run the client of PL 32 on my local PC, too.

Previously you could find the client on SMP by searching von XS_JAVASCRIPT, but it seems to be gone

Former Member
‎08-19-2016 2:32 PM
0 Kudos

Hi Marc,

Thanks for the information. If there's any way SAP can get this up as a separate download as soon as possible, that would be great. It's extremely time-consuming to have to download the entire platform just to get the client...

In the meantime, I've already started pulling it down from SMP. I'll let you know if/when I get things working.

Thanks again,

Rob

Former Member
‎08-19-2016 7:08 PM
0 Kudos

Hi Marc,

I've gotten access to the XS Advanced Administration and Monitoring Tools, and I want to add the Developer role to my user; however, there is no Developer role. Can you tell me what I'm doing wrong?

Thanks,

Rob

Former Member
‎08-19-2016 7:26 PM
0 Kudos

Hi Marc,

Sorry to keep bothering you. I finally figured out how to add the Developer role to my user, but now, when I try to access the SAP Web IDE, I get a Permission denied! error. I've tried this with multiple browsers. Do you have any suggestions?

Thanks,

Rob

Former Member
‎08-21-2016 10:33 PM
0 Kudos

Marc,

Getting the latest client did allow me to login, and I've even managed to start the TinyWorld tutorial; however, when I try to build the HDB module, I receive the following error message:

I've tried several fixes, including increasing the JVM max memory, deleting and recreating the project in the DEV space, in the SAP space, etc.

I've also made sure I had developer rights for all spaces in my environment with the user I created for this purpose. Frankly, I'm out of ideas. Can you please tell me what I need to do to get this project built?

Thanks,

Rob

Former Member
‎08-22-2016 3:16 AM
0 Kudos

Hi Robert,

I have met the same issue as you described.

I have add the [IP-Address] [full-Qualified-Host-name] [short-host-name] to the etc/host file.

then i can login the XSA runtime successfully, I think maybe you can try it.

B.R.

Stefanie

marcbecker
Contributor
‎08-22-2016 9:42 AM
0 Kudos

Hi Robert,

so you overcame the "Permission denied" problems?

The error message you see, means that there is no di-builder in the space that you are trying to develop in. There should be an application called "di-space-enablement-ui" in the space where you installed WebIDE. If you launch that using the URL it is associated with you can enable development for the different spaces.

As far as I know the documentation in the official SAP HANA Developer Guide is not up-to-date with the version of WebIDE you seem to be using. There is additional documentation attached to the release note of SAP WebIDE SPS 12 1. It can be found here: http://service.sap.com/sap/support/notes/2304873

Best regards,

Marc

Former Member
‎08-22-2016 3:06 PM
0 Kudos

Hi Marc,

Yes, I did get past the permission denied error. Thanks for the additional information about the hdi-builder problem. I'll try that as soon as I get a chance.

Thanks,

Rob

Former Member
‎08-31-2016 9:10 PM
0 Kudos

Hi Marc,

I finally found time to work on this again. When I use the following command:

xs app di-spaceenablement-ui --urls

I get a message "App "di-spaceenablement-ui" not found."

Suggestions?

Thanks,

Rob

thomas_jung
Developer Advocate
Developer Advocate
‎08-31-2016 9:26 PM
0 Kudos

I think you are missing a dash in the name. It should be di-space-enablement-ui

Former Member
‎09-01-2016 4:15 PM
0 Kudos

I get the same message if I add a - between space and enablement.

Rob

thomas_jung
Developer Advocate
Developer Advocate
‎09-01-2016 6:36 PM
0 Kudos

First make sure you are targeting the correct space.  These admin tools should be in the SAP space.  Use XS target -s SAP.  Then run xs apps to list all the apps. You should see the di-space-enablement-ui in the list. If not perhaps your system isn't at the latest patch level of the SAP Web IDE for SAP HANA.

Former Member
‎09-01-2016 6:52 PM
0 Kudos

If I'm not on the latest version, then it's because the latest version of HANA SPS12 does not have the latest version, as this is a new installation with the latest revision of SPS12. I'm downloading the core and client again now. I'll try again after I verify that I have the absolute latest version of both installed; however, I'm not hopeful. This is the exact problem that I had on the previous system I was trying this on, and I manually installed the latest WebIDE core and client on that one.

Rob

Former Member
‎09-01-2016 7:04 PM
0 Kudos

I have the following component versions installed:

SAP Web IDE 1                        3.12.0

DI Core 1                                  3.12.0

XS Monitoring 1                        1.2.0

XS Services 1                           1.2.0

SAP HANA Runtime Tools 1     1.2.2

I know that the Web IDE and DI Core are the latest available for download, as I just pulled those from the marketplace. If there's a newer version of any of these available, please let me know where to find them. Otherwise, please give me some advice on how to get the di-space-enablement-ui running.

Thanks for all the help!

Rob

thomas_jung
Developer Advocate
Developer Advocate
‎09-01-2016 7:11 PM
0 Kudos

3.12.00 is definitely not the latest available on the service marketplace. The latest if SPS 12 Patch 1 which is an MTA version of 3.12.25. 

https://launchpad.support.sap.com/#/softwarecenter/template/products/_APP=00200682500000001943&_EVEN...

jacobtan89
Explorer
‎09-01-2016 7:28 PM
0 Kudos

Hello Stefanie,

I've tried what you've done, but still can't seems to work.

Do you mind looking into my inputs here.

My etc/hosts has a line of,

172.31.31.64    ip-172-31-31-64

Am I doing it right here?

If not, may I please ask for an example?

Thank you.

Jacob Tan

jacobtan89
Explorer
‎09-01-2016 7:42 PM
0 Kudos

Hello Stefanie,

Please ignore my previous reply.

I've managed to resolve it.

For record tracking purposes, I'll post what I did here.

1. Downloaded the similar client version (34)

2. Run to xs cmd from bin folder inside the client

Thank you.

Jacob Tan

Former Member
‎09-01-2016 7:51 PM
0 Kudos

Okay, thanks for the information. I realized that the order in which I added components in the hdblcmgui was referencing the older Web IDE core and client in the HANA installation media instead of the newer components I downloaded. After also grabbing the latest runtime tools, I'm in the process of updating the Web IDE components now.

It would be nice if the "latest" HANA platform would get updated with the latest XS Advanced components as well...:/

I'll update you after I get things updated to the latest versions. As always, thanks for the help.

Rob

Former Member
‎09-01-2016 8:41 PM
0 Kudos

Okay, now that I've updated to the latest version, I get a permission denied error when I try to login to the Web IDE. Suggestions?

Thanks,

Rob

thomas_jung
Developer Advocate
Developer Advocate
‎09-01-2016 8:44 PM
0 Kudos

It sounds like you are missing the new role. Have you manually created the role collection and assigned it to your development user?

Former Member
‎09-01-2016 8:54 PM
0 Kudos

Is this a different role from the one that allowed me to login to the SAP Web IDE previously? Because I had the ability to login to the Web IDE before the upgrade. I just couldn't get anything to build.

Thanks,

Rob

thomas_jung
Developer Advocate
Developer Advocate
‎09-01-2016 8:58 PM
0 Kudos

The role is new in Patch 1 of SPS 12.

Former Member
‎09-01-2016 9:22 PM
0 Kudos

Okay, thanks. I've added the role collection to my user and I can now login to the Web IDE again; however, when I create a project, I get "(Project Space) Failed to set workspace settings." I get this whether I try to use the SAP space or my own space. I also get the same error if I navigate to the Project Settings and try to change the space there. No matter which space I choose, when I click Save, I get the same error.

Please help.

Thanks,

Rob

Ask a Question