Changes to Access Manager configuration not getting pushed to device

  • 3312379
  • 08-May-2007
  • 26-Apr-2012

Environment


Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Access Gateway

Situation

Customer had a setup with multiple path based multihomed children. All worked fine. The IP addresses of multiple back end web servers were changed. The IP addresses that were changed were the addresses of the backend servers used by the multihomed services. After applying the IP address changes and purging the cache, all browser requests for the service would end up going to the wrong Web server IP address ... the one that was configured prior to the changes. Broken links were seen all over the web pages.

Originally /dev went to a server called WEB01 (172.1.1.1) and /prod went to server WEB02 (172.18.2.23). The IP addresses of those two servers were swapped - so /dev was modified to go to WEB02 (172.18.2.23). The config as viewed through admin console reflects that setting correctly yet requests from browsers for the /dev URL got directed to WEB01 on (172.1.1.1).

Resolution

update the /var/novell/cfgdb/.current/config.xml to reflect the right settings.

When changes are made to the iManager interface and applied, the configuration information is sent across to /var/novell/cfgdb/vcdn/config.xml. When the services on the Linux Access Gateway detect this updated file, the changes are synchronized with the /var/novell/cfgdb/.current/config.xml file, which the proxy actually reads.

In the above scenario, the config.xml from the vcdn directory had the correct IP addresses for the various paths, but the config.xml file in the .current directory had the old addresses. As a result, the changes were never applied at the proxy.

Looking closely at the /var/log/ics_dyn.log file on the proxy, the following error message was thrown:

May 3 23:30:16 sedaag01 LINUX_AG: CMDSOCK : 0 : Completed Apply Command
May 3 23:30:16 sedaag01 LINUX_AG: VMController : 0 : Processing incoming event (4)
May 3 23:30:16 sedaag01 LINUX_AG: VMController : 0 : Processing incoming event (5)
May 3 23:30:16 sedaag01 LINUX_AG: CONMGR : 0 : Connection Established with peer (127.0.0.1), port(2843)
May 3 23:30:16 sedaag01 LINUX_AG: VMController : 0 : Allocate d a segment (973fcf60), data (97f1c099)
May 3 23:30:16 sedaag01 LINUX_AG: VMController : 0 : Less than zero
May 3 23:30:16 sedaag01 LINUX_AG: VMController : 0 : Read a FIN and less than zero
May 3 23:30:16 sedaag01 LINUX_AG: VMController : 0 : processing list for local recv (1)
ERROR: Error storing config.xml: Permission denied
ERROR: Failed to save the configuration as the startup. Try the 'manage-config diag .current' command, and then re-apply your configuration.
Success


The permissions denied message was thrown because the owner and permission of the file and .current directory were not as expected ie.

: -rw-rw---- 1 config admin 63990 May 3 23:50 .current/config.xml

It turns out that the customer had copied over an older config.xml when logged in as root and the updated could not be applied. Using the suggestion from the error above, we went into nash and ran the command

manage-config fix .current

And the permissions were restored and all worked fine.