Why I created a blog

Its been many years since I first created this blog. It has remained true to Essbase and related information over those years. Hopefully it has answered questions and given you insight over those years. I will continue to provide my observations and comments on the ever changing world of EPM. Don't be surprised if the scope of the blog changes and brings in other Hyperion topics.


Tuesday, March 2, 2021

Installing Essbase 21c on Marketplace

 I'm the first to admin I don't know my NIC from my VPN, I'm not an infrastructure person, never claimed to be, never wanted to be. With that said, I decided to install Essbase21c on Marketplace. I have done the 19c install so I figured I could do it and compare the process.  

Overall the process was pretty straightforward, yet I was able to mess it up in multiple ways. In some cases, I missed steps, in others, I didn't quite understand what was being said. I'm not going to go through the entire install, bu just highlight some of the issues I had. They may not be in the order they occurred, because I had to go back to fix some if them. 

I think my first mistake was using the same dynamic group I used for my 19c install. I did not think I needed to make any changes to it, but I had to go into it and add the container OCID  in the rules. (This caused me to spend a lot of time trying to figure out why my build did not work).  The cause was that I had created a different container for 21c to reside in and did not point the dynamic group to that container. I thought that was all done in the policies.

One of the things I like is they simplified the process for creating the secrets in the Vault. You no longer need to  run a script to encrypt the secrets. With that said, There is an error in the documentation, It misses the step where you have to create a key in your vault. 


This is necessary to create the secrets. 

 I had a couple of problems with  the secrets. First, it tells you to create a secret for the IDCS application client secret. I didn't get what that meant and got it wrong. What they want you to do is go into the confidential application you created and get it's secret, then you put that into a secret so it can be encrypted.  a secret within a secret. 

 

The next problem I had (out of order) was in creating the Essbase (weblogic) administrator's password.  At first, I thought I was doing ok, knowing that passwords should be complex, I had upper case, lower case, numbers and an exclamation point !  as my special character. The password was pretty long.  I got errors for an invalid password.  So I though, ok, it does not like the exclamation point, so I used a different password with a @ in it. Still no luck. I was looking through the trpubleshooting section and found:

Essbase System Admin password should start with a letter and length should be between 8 and 30 characters, and should contain at least one number, and optionally, any number of the special characters ($ # _). For example, Ach1z0#d.

 So apparently only threes special character are allowed  $,#, and _   I changed my ! to # and fixed that issue. (after trying to build multiple times)

My next issue was having a space in front of one of the OCID entries in the teraform script.. Just like Essbase itself, it did not like a  name starting with a space. That was hard to find and took me a little while. 

The final issue I have (still have) is I've not yet created the certificate for the environment (I'm actually going to re-point the 19c certificate to the new environment so   the users don't have to change their connections.  When I say I am going to do that, I mean I'm going to ask my older smarter brother to do that as he is an infrastructure geek.  What is the issue? Well Firefox does not like the certificate that comes with Essbase and gives you the following screen

 

In 19c, I could go into advanced options and accept the risk, here I can't. I know that means I can't connect to the instance, well, thinks quickly, I switched to Chrome In Chrome, I get 

 

and when I click on advanced 

 

and am able to connect. According to development, This is an isolated case as they typically test with Firefox. I'm not sure if it is my version of Firefox or a setting I have turned on.

 

One thing that changed in the the later versions on the 19c terafrom install is that a lot of what happens on the server is no longer shown in the stack job in Resource Manager. the last line of the log tells you 

*********************
Oracle Essbase stack has been provisioned and is continuing configuration in the background.
It may take up to 20 minutes for configuration to complete.
********************* 

What is this background process? not much, just the entire creation Essbase on the server. , the connecting of security and data volumes.  If you are having issues, you will want to remote onto the server (I use putty) change your id from opc to oracle  (sudo su - oracle), then  go to the directory /var/log. In that directory, you will find the essbase-init.log.  Looking at that will give you information about the build process. 

I do like some of the changes in the teraform script, I can now select the time zone for my server (although some of the cities they listed were pretty esoteric and I've never heard of) I was looking for a major Texas city and could not find one, so I settled for Chicago. I did not try to use a Bastion host or make Essbase private, but this is not a production environment either.  In trying to figure out what issues were, I did end up using a load balancer. At least that protests me a little bit. 

So what o do I think of the install? I did have issues, but most of them were self-inflicted. Overall, if I had followed the directions better, I would have only had a couple of the problems. and if I do it again, I could install an environment in an hour or two. I'm pretty happy with it.