After upgrading CA Performance Center(CAPC) running SSL to 2.7 GA, CAPC is inaccessible

book

Article ID: 36515

calendar_today

Updated On:

Products

CA Infrastructure Management CA Infrastructure Management CA Performance Management - Usage and Administration CA Performance Management - Data Polling

Issue/Introduction

Symptoms: 

    After upgrading CA Performance Center(CAPC) running SSL to 2.7 GA, CAPC is inaccessible

    After upgrading PC and SSO services are setup to run on 8181 and 8381.

    The /opt/CA/PerformanceCenter/InstallLogs/Performance_Center_Install_<timestamp>.log for CAPC
    has the following errors:

        Looking up jetty keystore name (default 'keystore')
        Checking if '/opt/CA/PerformanceCenter/PC/start.d' exists
        Found jetty 8 configuration
        Parsing '/opt/CA/PerformanceCenter/PC/etc/jetty-ssl.xml'
        Exception while parsing jetty keystore name: www.eclipse.org
        Found keystore name: 'keystore'
        Setting keystore name 'keystore' to variable JETTY_SSL_KEYSTORE_NAME
        Setting truststore name 'keystore' to variable JETTY_SSL_TRUSTSTORE_NAME
        Setting ssl enabled =  'false' to variable JETTY_SSL_ENABLED

Environment:  
   
    Linux
    Upgrading to PM 2.7
    SSL configured
    CAPC does not have access to the internet

Cause:

    Problem Ticket: DE50760

    The r2.7 GA kit does not correctly parse the jetty-ssl.xml file, so it determines that SSL
    is not enabled and configures the system for HTTP.

    The CAPC machine does not have external access to load files from the internet.  The XML
    parser attempts to load the URL in the jetty-ssl.xml file to validate the xml and fails.

Workaround:

    If you have upgraded and are in the misconfigured state, manually configure SSL based on the
    2.7 online documentation.

PC:

https://docops.ca.com/ca-performance-management/2-7/en/administrating/single-sign-on/using-https-with-single-sign-on/set-up-https-for-ca-single-sign-on/configure-performance-center-to-use-https 

SSO:

https://docops.ca.com/ca-performance-management/2-7/en/administrating/single-sign-on/using-https-with-single-sign-on/set-up-https-for-ca-single-sign-on/update-single-sign-on-configuration-and-restart-the-services 


To verify if you may run into this issue and need to use the workaround above run:

cd /tmp
wget http://www.eclipse.org/jetty/configure.dtd

This will attempt to download the http://www.eclipse.org/jetty/configure.dtd file.

If this fails, you will need to re-apply the SSL configuration steps after upgrading as described in the 2.7 documentation referenced above.

Resolution:

This is currently scheduled to be fixed in the 2.7 February Maintenance Release.

 

Environment

Release: IMDAGG99000-2.6-Infrastructure Management-Data Aggregator
Component: