Friday, 7 August 2015

Doh, DSRA0010E and the missing SSL connection

I hit an issue with IBM Operational Decision Manager 8.7 earlier this evening, having extended an existing environment ( WAS cell ) by adding a second node ( located on a separate LPAR for resilience, but that's not important right now ).

Having added the second node into the cell, and run the necessary addNodeToDSCluster script, I magically expected the second application server ( cluster member ) to just work.

However, when I started it, I saw a bunch of DB2-related exceptions.

Long story short, I did the usual trick of checking the JDBC data source connections from WAS to DB2, specifically testing BOTH connections, one per node / LPAR.

Whilst one tested out absolutely fine, the other ( new ) node failed with: -

[07/08/15 16:32:01:340 BST] 00000075 DSConfigurati W   DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the Data

Source.  Encountered java.sql.SQLException: [jcc][t4][2030][11211][3.69.24] A communication error occurred during operations on the connection's underlying socket, socket input stream,

or socket output stream.  Error location: Reply.fill() - insufficient data (-1).  Message: Insufficient data. ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499.

java.sql.SQLException: [jcc][t4][2030][11211][3.69.24] A communication error occurred during operations on the connection's underlying socket, socket input stream,

or socket output stream.  Error location: Reply.fill() - insufficient data (-1).  Message: Insufficient data. ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499

I checked the custom properties for the data source - for some reason, ODM has two quirks in this area: -

(1) Data sources are configured at the node rather than cluster or cell scope
(2) Credentials are held in custom properties for each data source

Whilst comparing/contrasting the custom properties between the working and failing data sources, I found the missing link .....

I'm using SSL/TLS 1.2 to connect from WAS to DB2, and having made all the necessary changes at the cell-level ( creating SSL configurations, importing DB2 signer certificates etc. ), I'd absolutely failed to set the mandatory custom property of sslConnection=true.

Of course, I absolutely had done that for the primary node using a neat-o Jython script: -

cellID=AdminControl.getCell()
node = AdminConfig.getid( '/Cell:'+cellID+'/Node:AppSrv02Node/')
for dataSource in AdminConfig.list('DataSource',node).splitlines():
if (AdminConfig.showAttribute(dataSource,'name') == 'DecisionServer - Datasource'):
  propertySet = AdminConfig.list("J2EEResourcePropertySet", dataSource).splitlines()
  AdminConfig.create('J2EEResourceProperty',propertySet[0],'[[name "sslConnection"] [type "java.lang.String"] [description ""] [value "true"] [required "false"]]')

AdminConfig.save()
AdminNodeManagement.syncActiveNodes()

Once I ran that against the second node, and restart the Node Agent, guess what ??

Yep, it just bloomin' worked.

As I often say on Twitter #LifeIsGood

No comments: