txkRunSSHSetup.pl script is failing while doing enable ssh (password less connectivity) in R12.2 EBS

By September 18, 2018 8 min read Oracle - ERP

Issue:

txkRunSSHSetup.pl script failing while doing enable ssh between primary and secondary nodes

Error:

perl $AD_TOP/patch/115/bin/txkRunSSHSetup.pl enablessh -contextfile=<CONTEXT_FILE> -hosts=h1,h2,h3$
******************
hostname{600}$ perl /opt/mis/apps/oraApps/TWO_TASK/fs2/EBSapps/appl/ad/12.0.0/patch/115/bin/txkRunSSHSetup.pl 
enablessh \
> -contextfile=/opt/mis/apps/oraApps/TWO_TASK/fs2/inst/apps/TWO_TASK_nodename/appl/admin/TWO_TASK_node
name.xml \
> -hosts=nodename,ebsdev2app2,ebsdev2db1
Enter SSH User password for the OS user ebappldev:
Log: /opt/mis/apps/oraApps/TWO_TASK/fs2/inst/apps/TWO_TASK_nodename/logs/appl/rgf/TXK/enablessh.log
SSH equivalence setup successful.
***************************
nodename{605}$ view /opt/mis/apps/oraApps/TWO_TASK/fs2/inst/apps/TWO_TASK_nodename/logs/appl/rgf/
TXK/enablessh.log
"/opt/mis/apps/oraApps/TWO_TASK/fs2/inst/apps/TWO_TASK_nodename/logs/appl/rgf/TXK/enablessh.log" 
[Read only] 66 lines, 4657 characters
Obfuscated password present
-e ^[[1mThis script will setup SSH Equivalence from the host 'nodename' to specified remote hosts. ^[[0m
ORACLE_HOME = /opt/mis/apps/oraApps/TWO_TASK/fs2/FMW_Home/Oracle_EBS-app1
JAR_LOC = /opt/mis/apps/oraApps/TWO_TASK/fs2/FMW_Home/Oracle_EBS-app1/oui/jlib
SSH_LOC = /opt/mis/apps/oraApps/TWO_TASK/fs2/FMW_Home/Oracle_EBS-app1/oui/jlib
Checking if the remote hosts are reachable.
ClusterLogger - log file location: /local/mnt/usr2/ebappldev/Logs/remoteInterfaces2018-09-07_12-11-25-AM.log
Failed Nodes : nodename ebsdev2app2 ebsdev2db1
Remote host reachability check succeeded.
All hosts are reachable. Proceeding further...

NOTE :
As part of the setup procedure, this script will use ssh and scp to copy
files between the local host and the remote hosts. You may be prompted for
the password during the execution of the script.
AS PER SSH REQUIREMENTS, THIS SCRIPT WILL SECURE THE USER HOME DIRECTORY
AND THE .ssh DIRECTORY BY REVOKING GROUP AND WORLD WRITE PRIVILEDGES TO THESE
directories.
ClusterLogger – log file location: /local/mnt/usr2/ebappldev/Logs/remoteInterfaces2018-09-07_12-11-26-AM.log
java.lang.UnsatisfiedLinkError: /opt/mis/apps/oraApps/TWO_TASK/fs2/FMW_Home/Oracle_EBS-app1/oui/lib/solaris/liboraInstaller.so: ld.so.1: java: fatal: /opt/mis/apps/oraApps/TWO_TASK/fs2/FMW_Home/Oracle_EBS-app1/oui/lib/solaris/liboraInstaller.so: wrong ELF class: ELFCLASS64 (Possible cause: architecture word width mismatch)
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1968)

FIX:

As per Doc ID 1983782.1 5.2 Technology Stack Known Issues

On the Oracle Solaris and HP/UX platforms, a current limitation with the txkRunSSHSetup.pl utility precludes the usage of its “enable”, “disable”, and “verify” functions.

  • Related bug: 20464636
  • Workaround: Instead of the txkRunSSHSetup.pl utility, use a native platform solution to set up and configure password less ssh login between the application tier nodes. This should be done in conjunction with the guidelines in the Principles subsection of the Set Up Secure Shell on Application Tier Nodes section in Chapter 3, Patching Procedures, of Oracle E-Business Suite Maintenance Guide (Part No. E22954).

We need to use native method to setup ssh between primary and secondary application nodes by following below doc.
https://docs.oracle.com/cd/E26401_01/doc.122/e22954/T202991T531065.htm
The sequence is as follows:

  1. The following command initiates creation of the key pair:

$ ssh-keygen -t rsa
Note: The <Enter> key should be pressed instead of a passphrase being entered.

  1. The private key is saved in <User Home Dir>/.ssh/id_rsa.

Important: As this read-only file is used to decrypt all correspondence encrypted with the public key, its contents must not be shared with anyone.

  1. The public key is saved in <User Home Dir>/.ssh/id_rsa.pub.
  2. The contents of the public key are then copied to the <User Home Dir>/.ssh /authorized_keys file on the systems you subsequently wish to ssh to without being prompted for a password.

The following example demonstrates the steps:

  1. $ ssh-keygen -t rsa
  2. Generating public/private rsa key pair.
  3. Enter file in which to save the key (/u01/user2/.ssh/id_rsa):<Enter>
  4. Enter passphrase:<Enter>
  5. Enter same passphrase again:<Enter>
  6. Your identification has been saved in /u01/user2/.ssh/id_rsa.
  7. Your public key has been saved in /u01/user2/.ssh/id_rsa.pub.
  8. The key fingerprint is: 16:d0:e2:dd:37:2f:8e:d5:59:3e:12:9d:2f:12:1e:5a
  9. $ scp -pr /u01/user2/.ssh/id_rsa.pub \
  • user2@system1:/u01/user2/.ssh/authorized_keys
  • user2@system1’s password:<password>
  • pub 100% 398 0.4KB/s 00:00
  • $ ssh user2@system1

Once this has been done for the relevant operating system account on all nodes – that is, ssh can log in from the primary node to each secondary node without entering a password – so you are ready to run adop on multiple application tier nodes. It must be run on at least the master (admin) node: from there, it will attempt to contact all the other application tier nodes that are part of the same Oracle E-Business Suite instance and will run the required steps remotely on those nodes.