Environment
Novell Access Manager 3.1 Linux Access Gateway
Situation
Access Manager 3.1 SP3 platform running fine where Web Applications were accelerated through SLES9 based Linux Access Gateway (LAG) appliances. Next goal for the setup was to upgrade the LAGs from SLES9 to SLES11.
Reimaging/reimporting the LAG from SLES 9 to SLES 11 following the documentation was successful. For security purposes, all security channel updates for AGA-31-Updates were applied. After these security updates were applied some small changes were made to the proxy services. As soon as these changes were applied, all secondary addresses cease to be bound on the new SLES11 based LAG even though they still show in the Administration Console for the LAG node.
Rebooting had no effect. Making additional changes so that the cluster needs to be Updated with all configuration has no effect either. From the Troubleshooting screen, repushing the config has no effect. The info for the secondary IP addresses were still in the config (/var/novell/cfgdb/.current/config.xml), yet the LAG showed the following error in the ics_dyn log whilst coming up:
Reimaging/reimporting the LAG from SLES 9 to SLES 11 following the documentation was successful. For security purposes, all security channel updates for AGA-31-Updates were applied. After these security updates were applied some small changes were made to the proxy services. As soon as these changes were applied, all secondary addresses cease to be bound on the new SLES11 based LAG even though they still show in the Administration Console for the LAG node.
Rebooting had no effect. Making additional changes so that the cluster needs to be Updated with all configuration has no effect either. From the Troubleshooting screen, repushing the config has no effect. The info for the secondary IP addresses were still in the config (/var/novell/cfgdb/.current/config.xml), yet the LAG showed the following error in the ics_dyn log whilst coming up:
Apr 22 10:11:19 devnamag1 : AM#404550000: AMDEVICEID#ag-B59C29E9C30FB912-0:
AMAUTHID#svc: AMEVENTID#0.18.1: createListener for
service:0xaac9b7d4:ssreverse_1299094956958:rp_gulfaero-dev_devnamag1:192.168.218.46:443
UsedAs:100
Apr 22 10:11:19 devnamag1 : AM#104515000: AMDEVICEID#ag-B59C29E9C30FB912-0:
AMAUTHID#0: AMEVENTID#0: Could not add new local IP address
Apr 22 10:11:19 devnamag1 : AM#104515000: AMDEVICEID#ag-B59C29E9C30FB912-0:
AMAUTHID#0: AMEVENTID#0: Could not add the local IP address
Apr 22 10:11:19 devnamag1 : AM#104550000: AMDEVICEID#ag-B59C29E9C30FB912-0:
AMAUTHID#svc: AMEVENTID#0.18.1: Unable to open tcpListener
Apr 22 10:11:19 devnamag1 : AM#104550000: AMDEVICEID#ag-B59C29E9C30FB912-0:
AMAUTHID#svc: AMEVENTID#0.18.1: Listener creation failed, error = -1
Apr 22 10:11:19 devnamag1 : AM#404550000: AMDEVICEID#ag-B59C29E9C30FB912-0:
AMAUTHID#svc: AMEVENTID#0.18.1: Stop the service
0xaac9b7d4:'rp_golf-dev_devnamag1'
Resolution
Delete the /etc/sysconfig/network/ifcfg-eth-id-* file, and apply the config from Admin Console. As soon as we did this, the secondary IP addresses became pingable again and the services were accessible.
The security updates caused some symbolic links between the ifcfg-eth-id-<$MAC_ID> file and the corresponding ifcfg-eth0 to be broken. This in turn caused an issue with the ifcfg-eth0 file, where the same information would be written multiple times eg.
DEVICE=eth0
ONBOOT=yes
STARTMODE=onboot
NAME='Ethernet Network Card'
USERCONTROL='no'
IPADDR=192.168.218.62
BOOTPROTO=static
IPADDR_0=192.168.218.71
NETMASK_0=255.255.255.0
IPADDR_1=192.168.218.46
NETMASK_1=255.255.255.0
IPADDR_2=192.168.218.71
NETMASK_2=255.255.255.0
IPADDR_3=192.168.218.46
NETMASK_3=255.255.255.0
NETMASK=255.255.255.0
IPADDR_4=192.168.218.71
NETMASK_4=255.255.255.0
IPADDR_5=192.168.218.46
NETMASK_5=255.255.255.0
The issue is fixed in Access Manager 3.1 SP4
The security updates caused some symbolic links between the ifcfg-eth-id-<$MAC_ID> file and the corresponding ifcfg-eth0 to be broken. This in turn caused an issue with the ifcfg-eth0 file, where the same information would be written multiple times eg.
DEVICE=eth0
ONBOOT=yes
STARTMODE=onboot
NAME='Ethernet Network Card'
USERCONTROL='no'
IPADDR=192.168.218.62
BOOTPROTO=static
IPADDR_0=192.168.218.71
NETMASK_0=255.255.255.0
IPADDR_1=192.168.218.46
NETMASK_1=255.255.255.0
IPADDR_2=192.168.218.71
NETMASK_2=255.255.255.0
IPADDR_3=192.168.218.46
NETMASK_3=255.255.255.0
NETMASK=255.255.255.0
IPADDR_4=192.168.218.71
NETMASK_4=255.255.255.0
IPADDR_5=192.168.218.46
NETMASK_5=255.255.255.0
The issue is fixed in Access Manager 3.1 SP4