Bypassing a Load Balancer

Load balancers are fantastic devices but sometimes we need to get around them.  I can’t count the times I have needed or wanted to test/diagnosis the functionality of each PIA instance individually, especially when fighting what might appear at first as an intermittent or random issue.  When we have multiple PeopleSoft PIA instances behind a load balancer or reverse proxy we set the virtual addressing URL in the web profile to be that of the URL to the load balancing device.  If we try to hit SERVER-A or SERVER-B directly the URL is rewritten back to SERVER-LB.   The following are some tips that may help you establish a connection to a specific PIA instance rather than the load balancer. Continue reading

SSL and Weblogic

As previously mentioned, I was doing an analysis of how PeopleSoft and Weblogic utilize SSL which was spawned by the announcement of POODLE.  I’m going to review my findings for Weblogic 10.3.6.x and then duplicate the analysis to see if anything is changed with Weblogic 12.1.2.  Weblogic 10.3.6.x is supported for any PeopleTools 8.50 – 8.53 installations.  If you are on an older release of Weblogic 10.3 you should upgrade your Weblogic. Continue reading

PeopleSoft and POODLE

POODLE has been a fairly common topic with security teams recently since Google announced the vulnerability.

There is plenty of reading available on the POODLE attack so I’m not going to go into too much detail but I’ll give a short description.  POODLE is a man-in-the-middle attack which uses an attackers ability to force the protocol of the server/client communication to fall back.  When the attacker can force the downgrade of the protocol to SSLv3 they can attack the weaknesses of that protocol.  SSLv3 has been around for a really long time, since 1996, and has been superseded by multiple versions of TLSv1.x.  TLSv1.2 is the latest version available and TLSv1.3 is currently in draft status.  As these new TLS versions were released they were implemented in new servers and applications, however for interoperability all the old protocols were also left active.

So are you vulnerable? As a PeopleSoft Admin/User/Developer do you need to worry about this?  Well, that depends.  Continue reading

Setup AWStats on IIS

AWStats is a great tool for parsing web server access logs of any kind.  If you are not familiar with it, I recommend checking out the Live Demo to see what kind of data it can provide. I’ve been using it for a long time to provide stats on all sorts of different websites and applications (including PeopleSoft). It’s just another great tool for in any Admin’s toolbox.  Normally I run it on Linux but recently I setup AWStats on IIS which was actually pretty painless.  Here is what I did.

What you need:
IIS, Perl, AWStats Continue reading

Webserver detected with incorrect Version of JDK

Now that PeopleTools 8.53 is out, I’ve seen people that are doing PIA installs posting about this problem a few places.

The only  reason I’ve seen so far for this error is the value for JAVA_HOME is not properly set in $WL_HOME/wlserver_10.3/common/bin/commEnv.sh.  This is set when performing the install of Weblogic.  Fix this and try to install PIA again.

To fix it, look at commEnv file, and find where JAVA_HOME is set.  Double check that it’s the right location to the JDK 7 location.  PeopleTools 8.53 now requires JDK 7 and it is available with the rest of the PeopleTools downloads on Oracle’s Edelivery site.  However, the version provided on edelivery is an rpm and by default will install to /usr/java.  If you are like me, you may want to install this JDK for Weblogic at a specific location.  If that’s the case, I recommend skipping the JDK rpm from edelivery and grab the JDK tarball from the OTN download site.  Download the tar.gz version and do what you want with it.  If you do not have root access this will be helpful too as the rpm installer will want you to be root.  If you do want to use the rpm you can use the – -prefix  (2 dashes without a space) option to install to another location. You’ll still need to be root and it will still place some things in /etc.

I still prefer just extracting the tarball.  There is something to be said about the simplicity of it.  If you:

  1. install the tarball
  2. export JAVA_HOME=/path/to/jdk
  3. install Weblogic with $JAVA_HOME/bin/java -jar /path/to/wls1036_generic.jar -whatever -other -options you want
  4. source psconfig.sh and run $PS_HOME/setup/PsMpPIAInstall/setup.sh

You should have no problems, it worked fine for me on OEL 5.8.  If you used the RPM and are still having problems.  Try running as root

/usr/sbin/alternatives --config java

Which will change system wide the default version of java used.  But you shouldn’t have this problem if you used my method above.

Hope this helps.

Reload Web Profile

Today I’m writing about a simple trick I use when I need to reload web profiles.  This is documented several places, but I’ve referenced reloading the web profile this way in previous posts so I’m adding it here.

PeopleSoft has the ability to reload the web profile on the fly through a command to the psp servlet.  That command is conveniently, ReloadConfig.  The command is specified on the URL like this ?cmd=ReloadConfig. The command itself is case insensitive.  You could use ?cmd=reloadconfig just as easily as ?cmd=RELOADCONFIG (cmd itself IS case sensitive).

webprofileIn order to use this feature you must have the auditPWD value defined on the custom properties of the currently used Web Profile.  The default password is “dayoff” and this feature is delivered enabled on the DEV and TEST Web Profiles.

Putting it all together we get a URL Query String like this. ?cmd=ReloadConfig&pwd=dayoff

The command can be specified anywhere after the site name.  I most commonly just specify it directly after the site name like this.

http://psweb1.testdomain.com:8080/psp/ps/?cmd=reloadconfig&pwd=dayoffReload Config Complete

Once you run the command you’ll get a message back indicating the Config was reloaded and it will list the number of active sessions impacted.

Another command I use is ViewConfig which allows you to view the Web Profile config, I don’t use this one all that often, but I have used it in the past.  It’s specified the same way

http://psweb1.testdomain.com:8080/psp/ps/?cmd=viewconfig&pwd=dayoff

There’s are a few other commands available as well, however I’ve not used them nearly as much.  There is a purge command which clears web cache, but it only purges in memory cache on the web server.  It will not clear disk cache that the web server has built.