aveksaServer.log is not getting updated after applying 7.5.2 patch P04 in SecurID Governance & Lifecycle
2 years ago
Article Number
000068020
Applies To
  • SecurID Governance & Lifecycle 7.5.2 P04
Issue
In a WildFly deployment of SecurID Governance & Lifecycle 7.5.2, the aveksaServer.log is not getting updated after applying patch P04. Other log files, such as aveksaServerInfo.log, do get updated as expected as shown in the example below:
Screenshot_1.jpg

Prior to applying P04 (that is, at 7.5.2 P03), the aveksaServer.log was properly getting updated.
 
Cause
This issue occurs if the WildFly based deployment of SecurID Governance & Lifecycle is installed in a folder other than the default /home/oracle.

For a WildFly cluster deployment of SecurID Governance & Lifecycle 7.5.2 P04, the aveksaServer.log does not update on non-domain (host) nodes regardless of the installation folder (default or non-default).
Resolution
This issue is resolved in the following version/patch:
  • SecurID Governance & Lifecycle 7.5.2 P05
Workaround
If you are unable to apply the fixed version (7.5.2 P05 or later), you can follow the steps below to work around the known issue in 7.5.2 P04.
 

WildFly Single-Node Deployment:

If your WildFly single-node deployment of SecurID Governance & Lifecycle 7.5.2 is installed in a non-default folder (e.g., /opt/rsa/igl_server), AND you are about to apply patch P04, follow the steps below to work around the problem:
  1. Follow the patch installation procedure until you are about to run patch.sh script.  Before running patch.sh, you must update the script contents.
  2. In the SSH session, navigate to the folder containing patch.sh for the 7.5.2 P04 patch.  For example: 
    cd /opt/rsa/igl_server/Aveksa_7.5.2_P04
  3. Execute the following command to update the script patch.sh: 
    sed -i 's#/home/oracle#$AVEKSA_HOME#g' patch.sh
  4. The previous step will replace five occurrences of /home/oracle in patch.sh with $AVEKSA_HOME 
  5. Continue with applying the patch P04 as usual, that is, run the updated patch.sh: 
    sh patch.sh

If you have already applied patch P04 on your SecurID Governance & Lifecycle 7.5.2 (and hence already affected by the issue), follow the above steps #2 through #5 to re-run the updated patch.sh.  Running patch.sh again does not have any adverse effect.
 

WildFly Cluster Deployment:

If your WildFly cluster deployment of SecurID Governance & Lifecycle 7.5.2 is installed in a non-default folder (e.g., /opt/rsa/igl_server), all nodes in the cluster are affected.  If installed in the default folder (/home/oracle), the domain node is NOT affected but all other nodes ARE affected.

A) Domain Node
If the Domain Node is installed in the default folder (/home/oracle), it is not affected by the issue and no additional steps are required on the domain node. However, you must take steps on all other nodes to rectify the issue.
If the Domain Node is installed in a non-default folder (e.g., /opt/rsa/igl_server), AND you are about to apply patch P04, follow the steps below to work around the problem:
  1. Follow the patch installation procedure until you are about to run patch.sh script on the Domain Node.  Before running patch.sh, you must update the script contents.
  2. In the SSH session, navigate to the folder containing patch.sh for the 7.5.2 P04 patch.  For example: 
    cd /opt/rsa/igl_server/Aveksa_7.5.2_P04
  3. Execute the following command to update the script patch.sh: 
    sed -i 's#/home/oracle#$AVEKSA_HOME#g' patch.sh
  4. The previous step will replace five occurrences of /home/oracle in patch.sh with $AVEKSA_HOME 
  5. Continue with applying the patch P04 as usual on the Domain Node, that is, run the updated patch.sh: 
    sh patch.sh

If you have already applied patch P04 on the Domain Node (and hence already affected by the issue), follow the above steps #2 through #5 to re-run the updated patch.sh.  Running patch.sh again does not have any adverse effect.

B) Host Nodes
All non-Domain Nodes (called Host Nodes) in a WildFly cluster are affected by this issue regardless of whether the SecurID Governance & Lifecycle is installed in the default or a non-default folder.  Follow the steps below AFTER patch P04 has been applied (with the workaround when affected) on the Domain Node:
  1. Copy the file aveksa-log4j.properties from the Domain Node's folder: 
    $AVEKSA_HOME/wildfly/domain/servers/img-server-1/configuration/
    to the following location on the Host Node: 
    $AVEKSA_HOME/wildfly/domain/servers/img-server-2/configuration/
  2. On the Host Node, modify the following line in the file /etc/init.d/aveksa_server: 
    JAVA_OPTS="$JAVA_OPTS -Daveksahome=\"${AVEKSA_HOME}\""
    Line after modification: 
    JAVA_OPTS="$JAVA_OPTS -Daveksahome=\"${AVEKSA_HOME}\" -DLog4jContextSelector=org.apache.logging.log4j.core.selector.BasicContextSelector"
  3. Restart ACM on the Host Node: 
    acm restart
  4. Follow the above steps #1 through #3 on all remaining Host Nodes. Note that the folder path in step #1 for the additional Host Nodes will differ slightly, for example, "img-server-2" in the path may appear as "img-server-3" or "img-server-4", etc.

Related Articles

Trending Articles

Don't see what you're looking for?