If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Install Cognos Gateway on Linux server using CHROOT

Started by cwillard, 06 Dec 2013 08:00:54 AM

Previous topic - Next topic

cwillard

I am looking for information on installing the Cognos gateway on a Linux server using CHROOT.  We have setup CHROOT, copied all the directories from the server root into the CHROOT, and then installed Cognos.  We are also running Apache from within the CHROOT, have installed Java in it and have updated the JAVA_HOME, LD_LIBRARY_PATH and PATH variables to point to the correct locations in CHROOT.  When we run the cogconfig.sh -s command and it appears to complete correctly but then we find the following error message in the log,

1     ERROR [main] - LogIPFControl::initCAMCrypto() - Cannot create CAM signing session.
CAM-CRP-1114 Unable to find the Certificate Authority self-signed certificate with alias 'ca' in the keystore '/chroot/httpd/etc/httpd/cognos_gateway/configuration/signkeypair/jCAKeystore'.
   at com.cognos.accman.jcam.crypto.misc.KeyStoreReader.getCACertificate(KeyStoreReader.java:590)
   at com.cognos.accman.jcam.crypto.misc.Configuration.isCAKeyPairValid(Configuration.java:1442)
   at com.cognos.accman.jcam.crypto.CAMFactory.initialize(CAMFactory.java:155)
   at com.cognos.indications.LogIPFControl.initCAMCrypto(LogIPFControl.java:526)
   at com.cognos.indications.LogIPFControl.initialize(LogIPFControl.java:147)
   at com.cognos.crconfig.CRConfigConsole.begin(CRConfigConsole.java:68)
   at CRConfig.main(CRConfig.java:201)
2     WARN  [main] - LogIPFControl::initialize() - initCAMCrypto() failed, return false.

When we try to access the assigned URL with get the Cognos Splash screen followed an error message saying it can not connect to the content manager.  We have tested the install outside of CHROOT, and on a different server and it works correctly.

Any information on what we need to do different when using CHROOT would be appreciated.

Grim

"Honorary Master of IBM Links"- MFGF
Certified IBM C8 & C10 Admin, Gamer, Geek and all around nice guy.
<-Applaud if my rant helped! 8)

cwillard

Java is installed inside CHROOT with Cognos. The bouncy file was copied from the respective Cognos directory to the same directory under the installed Java directory.

Grim

Hmmm...
Have you tried turfing the crypto keys and regen'ing them?

If that doesn't work, try an "strace" to see where it might be failing.
"Honorary Master of IBM Links"- MFGF
Certified IBM C8 & C10 Admin, Gamer, Geek and all around nice guy.
<-Applaud if my rant helped! 8)

cwillard

We have tried regenerating the keys after the initial installation and have also tried changing the key local key storage from true to false in the Cogconfig file.  The error is always the same.

Because the install works fine when installed outside CHROOT we are confident it is a permissions issue.  Is there a good resource on the required permissions for installing and running Cognos on Linux? Most of what we have found online touches on it but it does not give a great deal of detail.

We have not tried strace and will investigate that further.

Thanks,
Chris

Grim

Found this...
http://danielsnider.wordpress.com/2011/02/02/chroot-tips/

He said he had to copy some files to the chroot. I think the "strace" path would help you to determine the files that it needs. Then you have to identify whether those files are a security risk.
"Honorary Master of IBM Links"- MFGF
Certified IBM C8 & C10 Admin, Gamer, Geek and all around nice guy.
<-Applaud if my rant helped! 8)

cwillard

We determined the issue was caused by the domain name not resolving correctly.  Everything works using IP address.  It appears to be an extension or library that was not included inside CHROOT do to security policies.