Oracle Password Change

Oracle Accounts

Controls Software Accounts

The following table lists the UNIX Oracle accounts used by Controls Software:

 

Account
Instance
Machine
AIDADEV SLACPROD slac-oracle03
AIDAPROD SLACPROD slac-oracle03
AIDAPROD_SNAP SLACPROD slac-oracle03
CD SLACDEV slac-oracle02
CD SLACPROD slac-oracle03
ELOG_OWNER MCCO mccora2
ELOG_READER MCCO mccora2
ELOG_WRITER MCCO mccora2
ERRLOG_OWNER MCCO mccora2
ERRLOG_OWNER SLACDEV slac-oracle02
IRMISDB SLACDEV slac-oracle02
IRMISDB SLACPROD slac-oracle03
IRMIS_RO SLACDEV slac-oracle02
IRMIS_RO SLACPROD slac-oracle03
JROCK MCCO mccora2
NLCDEV SLACDEV slac-oracle02
NLCDEV SLACPROD slac-oracle03
NLCPROD SLACDEV slac-oracle02
NLCPROD SLACPROD slac-oracle03
PVUDB SLACDEV slac-oracle02
PVUDB SLACPROD slac-oracle03
PVU_QUERY SLACPROD slac-oracle03
SCORE MCCO mccora2
SCORE SLACDEV slac-oracle02

 

External accounts that impact the Controls Software group

AIDAPROD_SNAP

The AIDAPROD_SNAP Oracle account (associated with the SLACPROD instance) is owned by SCCS and they are responsible for password changes. George Crane, Ian MacGregor, and Andrea Chan of SCCS have been requested to notify members of the Controls Software group well in advance of a password change to this account. When the password is changed for this account, the Controls Software group will need to recreate aidaprod.slacdev.slac.stanford.edu dblinks in the SCORE account for the SLACDEV and MCCO Oracle instances.

EPICS_MON_USER

The EPICS_MON_USER Oracle account (associated with the SLACDEV, SLACPROD, and MCCO instances) is owned by SCCS and they are responsible for password changes. George Crane, Ian MacGregor, and Andrea Chan of SCCS have been requested to notify members of the Controls Software group well in advance of a password change to this account. Multiple High-Level Applications group applications, including SCORE, use this account to interact with Oracle. When the password is changed for this account, the Controls Software group will need to change multiple Java database properties files.

Aida Password Change Procedure

All processes that connect directly to any of the Aida Oracle accounts (aidadev, aidaprod, or aida) must be stopped before the Oracle passwords are changed. This avoids the situation of processes trying to login to Oracle accounts using invalid passwords. If several unsuccessful logins are attempted to an Oracle account, Oracle will lock the account unless the Oracle DBA has temporarily disabled this account locking mechanism. If an Oracle account is locked, a request must be made to the Oracle DBA to unlock the account. There are four processes that connect directly to the Aida Oracle account aidaprod and therefore must be stopped before the Oracle passwords are changed: (1) the AidaWeb application, (2) the DpRdbServer process, (3) the DpModelServer process, and (4) the DaNameServer process. In addition it is important to minimize the length of time that the three aidalist scripts (LCLS, FACET, and PEPII) do not have the current Oracle password for these accounts embedded in them. This is because users may invoke these scripts at any time and possibly cause the two Aida Oracle accounts to become locked if they are run several times with embedded passwords that are not current.

Before doing any thing, at the beginning record the current status -

This is an example. This is record as of 05/17/2012 for future reference -

Before doing anything, at the beginning record the current status –

$ ssh  lcls-uwd

divekar@lcls-uwd $ cd /afs/slac.stanford.edu/g/lcls/vol9/package/aida/common/script

divekar@lcls-uwd $  ./aidaDpServerStatusLCLS.bash

 

$ ssh  lcls-uwd

divekar@lcls-uwd $ cd /afs/slac.stanford.edu/g/cd/soft/ref/package/aida/common/script
divekar@lcls-uwd $ ./aidaDpServerStatus.bash

 

Status recorded as of 05/17/2012 -

$ ssh lcls-uwd

$ cd /afs/slac.stanford.edu/g/lcls/vol9/package/aida/common/script

$ ./aidaDpServerStatusLCLS.bash

 

slcDbStatus = 0

slcHistStatus = 1

slcMagnetStatus = 0

slcUtilStatus = 0

slcKlysStatus = 0

slcModelStatus = 0

AidaSlcDpServerStatus Exit Code:  2

Old : AIDA:AIDA:LCLSMODEL:STATUS     Missing

New : AIDA:AIDA:LCLSMODEL:STATUS     Missing

Old : AIDA:AIDA:LCLSKLYS:STATUS      Running

New : AIDA:AIDA:LCLSKLYS:STATUS      Running

Old : AIDA:AIDA:LCLSMOSC:STATUS      Running

New : AIDA:AIDA:LCLSMOSC:STATUS      Running

Old : AIDA:AIDA:LCLSUTIL:STATUS      Running

New : AIDA:AIDA:LCLSUTIL:STATUS      Running

Old : AIDA:AIDA:LCLSMGNT:STATUS      Running

New : AIDA:AIDA:LCLSMGNT:STATUS      Running

SLC History server not functioning

Old : AIDA:AIDA:LCLSHIST:STATUS      Missing

New : AIDA:AIDA:LCLSHIST:STATUS      Missing

Old : AIDA:AIDA:LCLSDB:STATUS        Running

New : AIDA:AIDA:LCLSDB:STATUS        Running

lclsChannelAccessStatus = 0

lclsChannelArchiverStatus = 0

klysStatus = 0

rdbStatus = 0

modelStatus = 0

facetChannelArchiverStatus = 0

AidaUnixDpServerStatus Exit Code:  0

Old : ARCHSRV:FACET:ARCH:STATUS      Running

New : ARCHSRV:FACET:ARCH:STATUS      Running

Old : DAEMON4:LCLS:MODEL:STATUS      Running

New : DAEMON4:LCLS:MODEL:STATUS      Running

Old : DAEMON4:LCLS:RDB:STATUS        Running

New : DAEMON4:LCLS:RDB:STATUS        Running

Old : DAEMON4:LCLS:KLYS:STATUS       Running

New : DAEMON4:LCLS:KLYS:STATUS       Running

Old : ARCHSRV:LCLS:ARCH:STATUS       Running

New : ARCHSRV:LCLS:ARCH:STATUS       Running

Old : DAEMON4:LCLS:ACCESS:STATUS     Running

New : DAEMON4:LCLS:ACCESS:STATUS     Running

slcDbStatus = 0

slcHistStatus = 1

slcMagnetStatus = 0

slcUtilStatus = 0

slcKlysStatus = 0

slcModelStatus = 0

 

 

$ ssh lcls-uwd

$ cd /afs/slac.stanford.edu/g/cd/soft/ref/package/aida/common/script

divekar@lcls-uwd $ ./aidaDpServerStatus.bash

slcDbStatus = 0

slcHistStatus = 0

slcBpmStatus = 0

slcMagnetStatus = 0

slcUtilStatus = 0

slcMoscStatus = 0

slcKlysStatus = 0

slcModelStatus = 0

AidaSlcDpServerStatus Exit Code:  0

Old : AIDA:AIDA:MODEL:STATUS         Running

New : AIDA:AIDA:MODEL:STATUS         Running

Old : AIDA:AIDA:KLYS:STATUS          Running

New : AIDA:AIDA:KLYS:STATUS          Running

Old : AIDA:AIDA:MOSC:STATUS          Running

New : AIDA:AIDA:MOSC:STATUS          Running

Old : AIDA:AIDA:UTIL:STATUS          Running

New : AIDA:AIDA:UTIL:STATUS          Running

Old : AIDA:AIDA:MGNT:STATUS          Running

New : AIDA:AIDA:MGNT:STATUS          Running

Old : AIDA:AIDA:BPM:STATUS           Running

New : AIDA:AIDA:BPM:STATUS           Running

Old : AIDA:AIDA:HIST:STATUS          Running

New : AIDA:AIDA:HIST:STATUS          Running

Old : AIDA:AIDA:DB:STATUS            Running

New : AIDA:AIDA:DB:STATUS            Running

lclsChannelAccessStatus = 0

nonLclsChannelAccessStatus = 0

lclsChannelArchiverStatus = 0

nlctaChannelArchiverStatus = 0

pepiiChannelArchiverStatus = 0

rdbStatus = 0

modelStatus = 0

facetChannelArchiverStatus = 0

AidaUnixDpServerStatus Exit Code:  0

Old : MCCAS0:FACET:ARCH:STATUS       Running

New : MCCAS0:FACET:ARCH:STATUS       Running

Old : MCCAS0:AIDA:MODEL:STATUS       Running

New : MCCAS0:AIDA:MODEL:STATUS       Running

Old : MCCAS0:AIDA:RDB:STATUS         Running

New : MCCAS0:AIDA:RDB:STATUS         Running

Old : MCCAS0:PEPII:ARCH:STATUS       Running

New : MCCAS0:PEPII:ARCH:STATUS       Running

Old : CS04:NLCTA:ARCH:STATUS         Running

New : CS04:NLCTA:ARCH:STATUS         Running

Old : MCCAS0:LCLS:ARCH:STATUS        Running

New : MCCAS0:LCLS:ARCH:STATUS        Running

Old : MCCAS0:PEPII:ACCESS:STATUS     Running

New : MCCAS0:PEPII:ACCESS:STATUS     Running

Old : MCCAS0:LCLS:ACCESS:STATUS      Running

New : MCCAS0:LCLS:ACCESS:STATUS      Running

slcDbStatus = 0

slcHistStatus = 0

slcBpmStatus = 0

slcMagnetStatus = 0

slcUtilStatus = 0

slcMoscStatus = 0

slcKlysStatus = 0

slcModelStatus = 0

AidaSlcDpServerStatus Exit Code:  0

Old : AIDA:AIDA:MODEL:STATUS         Running

New : AIDA:AIDA:MODEL:STATUS         Running

Old : AIDA:AIDA:KLYS:STATUS          Running

New : AIDA:AIDA:KLYS:STATUS          Running

Old : AIDA:AIDA:MOSC:STATUS          Running

New : AIDA:AIDA:MOSC:STATUS          Running

Old : AIDA:AIDA:UTIL:STATUS          Running

New : AIDA:AIDA:UTIL:STATUS          Running

Old : AIDA:AIDA:MGNT:STATUS          Running

New : AIDA:AIDA:MGNT:STATUS          Running

Old : AIDA:AIDA:BPM:STATUS           Running

New : AIDA:AIDA:BPM:STATUS           Running

Old : AIDA:AIDA:HIST:STATUS          Running

New : AIDA:AIDA:HIST:STATUS          Running

Old : AIDA:AIDA:DB:STATUS            Running

New : AIDA:AIDA:DB:STATUS            Running

lclsChannelAccessStatus = 0

nonLclsChannelAccessStatus = 0

lclsChannelArchiverStatus = 0

nlctaChannelArchiverStatus = 0

pepiiChannelArchiverStatus = 0

rdbStatus = 0

modelStatus = 0

facetChannelArchiverStatus = 0

AidaUnixDpServerStatus Exit Code:  0

Old : MCCAS0:FACET:ARCH:STATUS       Running

New : MCCAS0:FACET:ARCH:STATUS       Running

Old : MCCAS0:AIDA:MODEL:STATUS       Running

New : MCCAS0:AIDA:MODEL:STATUS       Running

Old : MCCAS0:AIDA:RDB:STATUS         Running

New : MCCAS0:AIDA:RDB:STATUS         Running

Old : MCCAS0:PEPII:ARCH:STATUS       Running

New : MCCAS0:PEPII:ARCH:STATUS       Running

Old : CS04:NLCTA:ARCH:STATUS         Running

New : CS04:NLCTA:ARCH:STATUS         Running

Old : MCCAS0:LCLS:ARCH:STATUS        Running

New : MCCAS0:LCLS:ARCH:STATUS        Running

Old : MCCAS0:PEPII:ACCESS:STATUS     Running

New : MCCAS0:PEPII:ACCESS:STATUS     Running

Old : MCCAS0:LCLS:ACCESS:STATUS      Running

New : MCCAS0:LCLS:ACCESS:STATUS      Running

 

Following was performed from flora machine. As per Greg White this can be performed from

any host in the “tersk” cluster, eg tersk02. Generally any SLAC public network host, that is running Solaris, as are all tersk hosts.

Modify and install app/pvudb_load script (uses getPwd)

Note - No need to follow this step since Bob has already converted pvudb_load to use getPwd.

    

  1. source /afs/slac/g/cd/soft/dev/script/ENVS.csh
  2. printenv CVSROOT
  3. rm -rf  ~/work/*
  4. cd ~work
  5. cvs co app/pvudb_load
  6. Checkout the app/pvudb_load directory from the SLAC Controls Software (non-LCLS) CVS repository.
  7. Modify the load_pvs file by searching for instances of the old password and replacing them with the new password.
  8. Perform a "cvs commit" to submit this changed file to the CVS repository.
  9. Perform a "gmaketst", "gmakedev", and "gmakenew" of the $CD_SOFT/ref/app/pvudb_load directory to move the load_pvs executable script to the "new" executable script directory. This may be done before the Oracle passwords are changed since the load_pvs script is only invoked just before midnight each day (on the slcs2 machine).

Following was performed from flora machine. As per Greg White this can be performed from

any host in the “tersk” cluster, eg tersk02. Generally any SLAC public network host, that is running Solaris, as are all tersk hosts.

Modify and install common/tool script

  1. source /afs/slac/g/cd/soft/dev/script/ENVS.csh
  2. printenv CVSROOT
  3. rm -rf  ~/work/*
  4. cd ~work
  5. cvs co common/tool
  6. Checkout the common/tool directory from the SLAC Controls Software (non-LCLS) CVS repository.
  7. Modify the run_pmu_load.sh file by searching for instances of the old password and replacing them with the new password.
  8. Perform a "cvs commit" to submit this changed file to the CVS repository.
  9. Perform a "gmaketst", "gmakedev", and "gmakenew" of the $CD_SOFT/ref/common/tool directory to move the run_pmu_load.sh executable script to the "new" executable script directory. This may be done before the Oracle passwords are changed since the run_pmu_load.sh script is only invoked after a DBINSTALL (the run_pmu_load.sh script is invoked on the slcs2 machine by the VMS script slcdb2oracle.submit).

           divekar@flora01 $ cd $CD_SOFT/ref/common/tool/

           divekar@flora01 $ gmaketst common/tool

           divekar@flora01 $ gmakedev common/tool

           divekar@flora01 $ gmakenew common/tool

 

Modify the package/aida/common/script scripts

  1. source /afs/slac/g/cd/soft/dev/script/ENVS.csh
  2. printenv CVSROOT
  3. rm -rf  ~/work/*
  4. cd ~work
  5. cvs co package/aida/common/script
  6. Checkout the package/aida/common/script directory from the SLAC Controls Software (non-LCLS) CVS repository.
  7. Search for the old password in all of the files in the package/aida/common/script directory to identify the files that need to be modified. At least the following files need to be modified by replacing the old password with the new password for one or more instances:
    1. aidalist
    2. slc_hist_populate_aida_database.sh
    3. slc_magnet_populate_aida_database.sh
    4. archiver_populate_aida_database.sh (Note - uses getPwd)
    5. lcls_ca_populate_aida_database.sh (Note - uses getPwd)
    6. slc_klystron_populate_aida_database.sh
    7. slc_utility_populate_aida_database.sh
    8. aida_validate_and_sync_instances.sh  (Note - uses getPwd)
  8. Perform a "cvs commit" to submit these changed files to the CVS repository.

Stop the Aida web application

  1. Enter the following web page for the Oracle Enterprise Manager Application Server Control for

    https://mccas2.slac.stanford.edu/em

     Login as appadmin
  2. Press the OK button for the Website Certified by an Unknown Authority popup.
  3. Press the OK button for the Security Error: Domain Name Mismatch popup.
  4. Login using the account appadmin (password: Get it from Ken or Judith).
  5. On the "View By" pulldown menu, select "Applications".
  6. Select the "aidaweb" web link.
  7. Press the Stop button.
  8. Press any Next buttons on subsequent web pages that follow until the stop operation is complete.
  9. Select the "logout" web link.

Modify the DpRdbServer Oracle password and stop the DpRdbServer DEV and PROD processes

Note: Converted to use getPwd by Bob.

    

  1. Checkout the package/aida/edu/stanford/slac/aida/dp/dpRdb directory from the SLAC Controls Software (non-LCLS) CVS repository.
  2. Modify the DpRdbI_impl.java file by searching for the old password and replace the old password with the new password.
  3. Perform a "cvs commit" to submit this changed file to the CVS repository.
  4. cd $CD_SOFT/ref/package/aida/edu/stanford/slac/aida/dp/dpRdb
  5. Perform the following command: source $CD_SCRIPT/aidaSetEnvDev.csh DEV
  6. javac DpRdbI_impl.java
  7. Perform the following commands to stop the DEV and PROD DpRdbServer processes:
    1. aidamanager DpRdbServer kill dev
    2. aidamanager DpRdbServer kill prod

Modify the DpModelServer Oracle password and stop the DEV and PROD DpModelServer processes

Note: Converted to use getPwd by Bob

  1. Checkout the package/aida/edu/stanford/slac/aida/dp/dpModel directory from the SLAC Controls Software (non-LCLS) CVS repository.
  2. Modify the DpModelI_impl.java file by searching for the old password and replace the old password with the new password.
  3. Perform a "cvs commit" to submit this changed file to the CVS repository.
  4. cd $CD_SOFT/ref/package/aida/edu/stanford/slac/aida/dp/dpModel
  5. Perform the following command: source $CD_SCRIPT/aidaSetEnvDev.csh DEV
  6. javac DpModelI_impl.java
  7. Perform the following commands to stop the DEV and PROD DpModelServer processes:
    1. aidamanager DpModelServer kill dev
    2. aidamanager DpModelServer kill prod

Modify the DaNameServer Oracle password and stop the DEV and PROD DaNameServer processes

  1. Checkout the package/aida/edu/stanford/slac/aida/sys/daNameServer directory from the SLAC Controls Software (non-LCLS) CVS repository.
  2. Modify the DaNameServerI_impl.java file by searching for the old password and replace the old password with the new password.
  3. Perform a "cvs commit" to submit this changed file to the CVS repository.
  4. cd $CD_SOFT/ref/package/aida/edu/stanford/slac/aida/sys/daNameServer
  5. Perform the following command: source $CD_SCRIPT/aidaSetEnvDev.csh DEV
  6. javac DaNameServerI_impl.java
  7. Perform the following commands to stop the DEV and PROD DaNameServer processes:
    1. aidamanager DaNameServer kill dev
    2. aidamanager DaNameServer kill prod

Build the production Aida code

  1. cd $CD_SOFT/ref/package/aida
  2. source $AIDASCRIPT/aidaSetEnvDev.csh DEV
  3. addUserRefWrite
  4. aidamake all
  5. removeUserRefWrite

Stop the LCLS Aida processes

  1. Login to lcls-prod02 as yourself.
  2. ssh lcls-daemon4 -l laci
  3. cd /etc/init.d
  4. ./st.DpTestServer stop
  5. ./st.DpTestHistServer stop
  6. ./st.DpCaLclsServer stop
  7. ./st.DpCaServer stop
  8. ./st.DpModelServer stop
  9. ./st.DpRdbServer stop
  10. ./st.DpKlysServer stop
  11. ./st.DaServer stop
  12. ./st.DaNameServer stop

Copy the built production aida.jar and aidaprod.jar files for use by the LCLS Aida Java processes

  1. Login to lcls-prod02 as yourself.
  2. ssh lcls-builder -l softegr
  3. pick the number corresponding to your account
  4. cd /usr/local/lcls/physics/package/aida/lib
  5. scp /afs/slac.stanford.edu/g/cd/soft/ref/package/aida/lib/aida.jar from lcls-prod02 to the current directory
  6. scp /afs/slac.stanford.edu/g/cd/soft/ref/package/aida/lib/aidadp.jar from lcls-prod02 to the current directory

Make and install the LCLS aidalist script

  1. Login to lcls-prod02 as yourself.
  2. ssh lcls-builder -l softegr
  3. pick the number corresponding to your account
  4. cvs co tools/script
  5. cd tools/script
  6. Modify the aidalist file by searching for the old password and replace the old password with the new password.
  7. cvs commit
  8. cd /usr/local/lcls/tools/script
  9. cvs update aidalist

Install the FACET aidalist script

  1. Login to lcls-prod02 as yourself.
  2. ssh facet-builder -l fsoftegr
  3. pick the number corresponding to your account
  4. cd /usr/local/facet/tools/script
  5. cp /usr/local/lcls/tools/script/aidalist .

Install the package/aida/common/script scripts, including the PEPII aidalist script

  1. Do following from a flora machine.
  2. Perform a "gmaketst", "gmakedev", and "gmakenew" of the $CD_SOFT/ref/package/aida/common/script directory to move these executable scripts to the "new" executable script directory.

Change Oracle passwords

Change the Oracle passwords for the aidadev and aidaprod accounts:
  1. source $CD_SOFT/ref/script/oracle_env.csh
  2. setenv TWO_TASK SLACPROD
  3. Use sqlplus to login to the aidadev account: sqlplus aidadev/password where password is the old password.
  4. In sqlplus, enter the following command: password. Follow the directions to set the new password.
  5. In sqlplus, enter the following command: exit.
  6. Use sqlplus to login to the aidaprod account: sqlplus aidaprod/password where password is the old password.
  7. In sqlplus, enter the following command: password. Follow the directions to set the new password.
  8. In sqlplus, enter the following command: exit.
  9. setenv TWO_TASK MCCQA
  10. Use sqlplus to login to the aida account: sqlplus aida/password where password is the old password.
  11. In sqlplus, enter the following command: password. Follow the directions to set the new password.
  12. In sqlplus, enter the following command: exit.
  13. setenv TWO_TASK MCCO
  14. Use sqlplus to login to the aida account: sqlplus aida/password where password is the old password.
  15. In sqlplus, enter the following command: password. Follow the directions to set the new password.
  16. In sqlplus, enter the following command: exit.

Start the LCLS Aida processes

  1. Login to lcls-prod02 as yourself.
  2. ssh lcls-daemon4 -l laci
  3. cd /etc/init.d
  4. ./st.DaNameServer start
  5. ./st.DaServer start
  6. ./st.DpTestServer start
  7. ./st.DpTestHistServer start
  8. ./st.DpCaLclsServer start
  9. ./st.DpCaServer start
  10. ./st.DpModelServer start
  11. ./st.DpRdbServer start
  12. ./st.DpKlysServer start

Restart the DEV and PROD DaNameServer processes

Perform the following commands to start the DEV and PROD DaNameServer processes:
  1. aidamanager DaNameServer start dev
  2. aidamanager DaNameServer show dev
  3. aidamanager DaNameServer start prod
  4. aidamanager DaNameServer show prod

Restart the DEV and PROD DpRdbServer processes

Perform the following commands to start the DEV and PROD DpRdbServer processes:
  1. aidamanager DpRdbServer start dev
  2. aidamanager DpRdbServer show dev
  3. aidamanager DpRdbServer start prod
  4. aidamanager DpRdbServer show prod

Restart the DEV and PROD DpModelServer processes

Perform the following commands to start the DEV and PROD DpModelServer processes:
  1. aidamanager DpModelServer start dev
  2. aidamanager DpModelServer show dev
  3. aidamanager DpModelServer start prod
  4. aidamanager DpModelServer show prod

Rebuild the Aida web application

  1. Login to lcls-prod02 as yourself.
  2. ssh lcls-builder -l softegr
  3. pick the number corresponding to your account
  4. cvs co physics/web/aidaweb
  5. cd physics/web/aidaweb
  6. cd WebContent/WEB-INF/classes/edu/stanford/slac/aidaweb/impl
  7. rm AidaNamesDirectory.class
  8. rm AidaParameter*.class
  9. cd /home/softegr/rdh/physics/web/aidaweb/src/edu/stanford/slac/aidaweb/impl
  10. Modify the AidaParameter.java file by searching for the old password and replace the old password with the new password.
  11. cvs commit
  12. cd /usr/local/lcls/physics/web/aidaweb/src/edu/stanford/slac/aidaweb/impl
  13. cvs update AidaParameter.java
  14. cd /home/softegr/rdh/physics/web/aidaweb
  15. Build a new aidaweb.war file containing the new password by performing the following command: ant
  16. Copy the new aidaweb.war file to a scratch AFS personal area (which can be accessed from the lcls-prod02 machine) for later use in copying to web accessable area. For example: scp aidaweb.war rdh@lcls-prod02:/afs/slac.stanford.edu/u/cd/rdh/temp
  17. Logout from the lcls-builder machine.
  18. Use some mechanism (e.g., WinSCP3) to copy the new aidaweb.war file from the scratch AFS personal area to a web accessable area (e.g., the C drive on a PC). The PC area C:\temp could be used, for example.

Redeploy the Aida web application

  1. NOTE: The following procedure did not successfully redeploy the aidaweb.war file on 3/9/2009 using an Internet Explorer browser and the source directory C:\temp. It did work using the Mozilla Firefox browser and the source directory V:\CD\soft\DropBox on cd-server1\RDH.
  2. Enter the following web page for the Oracle Enterprise Manager Application Server Control for

    https://mccas2.slac.stanford.edu/em

     Login as appadmin
  3. Press the OK button for the Website Certified by an Unknown Authority popup.
  4. Press the OK button for the Security Error: Domain Name Mismatch popup.
  5. Login using the account appadmin (password: Ask Ken or Judith).
  6. On the "View By" pulldown menu, select "Applications".
  7. Select the "aidaweb" web link.
  8. Press the Redeploy button.
  9. On the web page that follows, use the Browse button associated with the selected "Archive is present on local host" radio button to specify the web accessable location of the new aidaweb.war file. For example, if the new aidaweb.war file was copied to the C:\temp directory on the PC where the web browser is being run, the Browse button can be used to specify the file path C:\temp\aidaweb.war.
  10. Press the Next button.
  11. Press any Next buttons on subsequent web pages that follow until the redeploy operation is complete.
  12. Select the "logout" web link.
  13. Test the aidaweb application "List Names" feature, which uses the changed Oracle password. Select the "AidaWeb" link on the Aida home page, enter "BPMS:IA20:%" in the AidaWeb Home Page text field and select the "List Names" button. The result should be a list of Aida "instance/attribute" pairs.

Operations E-log Password Change Procedure

All web pages and processes that connect directly to either of the two Operations E-log Oracle accounts, elog_reader and elog_writer, must be stopped before the Oracle passwords are changed. This avoids the situation of web pages or processes trying to login to Oracle accounts using invalid passwords. If several unsuccessful logins are attempted to an Oracle account, Oracle will lock the account unless the Oracle DBA has temporarily disabled this account locking mechanism. If an Oracle account is locked, a request must be made to the Oracle DBA to unlock the account. Therefore, the procedure calls for stopping the E-log Tcl/tk programs (which should not be running anywhere but the MCC Control Room), the E-log loader process, the E-log cron job (which includes the elog_notifier script), and the Operations E-log web server (to prevent web pages to connect to Oracle accounts) before the rest of the procedure is executed.

Stop the Operations E-log Tcl/tk programs and the E-log web server

  1. Visit the MCC Control Room and request that all Operations E-log Tcl/tk programs be stopped.
  2. Verify that Operations E-log Tcl/tk programs are stopped by logging onto machine slcsun1 using the cddev account and performing the following command: /usr/ucb/ps awwx | grep -i elog
  3. Ask a system administrator of the Operations E-log web server machine (mccelog) to stop the E-log web server (e.g., run the /etc/init.d/httpd script with the "stop" parameter).
  4. Verify that the E-log web server is not running by verifying that the web page http://mccelog.slac.stanford.edu/elog/wbin/elog.php is not available.
  5. Visit the MCC Control Room and request that all Operations E-log Tcl/tk programs be stopped.

Stop the E-log loader process and the E-log cron job

  1. Logon to the mccelog machine using the cddev account: ssh mccelog -l cddev
  2. cd /mccelog/logxml/bin
  3. Find the process id of the E-log loader process: /usr/ucb/ps awwx | grep -i loader
  4. Use the previously found process id number to kill the E-log loader process: kill -9 process_id
  5. Stop the E-log cron job (which runs the elog_notifier script) with the follow command: crontab -r

Modify the /mccelog/logxml/bin scripts

  1. Logon to the mccelog machine using the cddev account: ssh mccelog -l cddev
  2. cd /mccelog/logxml/bin
  3. Modify the prod_desy_to_jlab_xml.pl file by searching for the old elog_writer password and replace the old password with the new password. Note that any special character in a password must be preceded by a backslash ("\") character.
  4. Modify the env.sh file (used by the E-log loader process and the elog_notifier script) by searching for the old elog_writer password (on the LOGGING_PASS line) and replace the old password with the new password.

Modify the production E-log web interface software

  1. Logon to the mccelog machine using the cddev account: ssh mccelog -l cddev
  2. cd /www/htdocs/elog/wbin
  3. Modify the globalvars.php file by searching for the old elog_reader password and replace the old password with the new password. Also search for the old elog_writer password and replace the old password with its new password. Note that the "$" special character in a password must be preceded by a backslash ("\") character (however, the "." and "~" special characters must not be proceded by a backslash).
  4. Modify the logXml.cgi file by searching for the old elog_reader password and replace the old password with the new password. Note that any special character in a password must be preceded by a backslash ("\") character.
  5. Modify the elog_http_xml_upload.php file by searching for the old elog_writer password (on the LOGGING_PASS line) and replace the old password with the new password. Note that the "$" special character in a password must be preceded by a backslash ("\") character (however, the "." and "~" special characters must not be proceded by a backslash).
  6. Modify the quick_login.php file by searching for the old elog_reader password and replace the old password with the new password. Note that the "$" special character in a password must be preceded by a backslash ("\") character (however, the "." and "~" special characters must not be proceded by a backslash).
  7. cd /www/htdocs/elog/wsbin
  8. Modify the login.php file by searching for the old elog_reader password and replace the old password with the new password. Note that the "$" special character in a password must be preceded by a backslash ("\") character (however, the "." and "~" special characters must not be proceded by a backslash).

Make and install the E-log Tcl/tk program

  1. Checkout the app/TclElog/script directory from the SLAC Controls Software (non-LCLS) CVS repository on a flora machine, for example.
  2. Modify the elog.tk file by searching for the old elog_reader password and replace the old password with the new password (there are three occurrances). Note that any special character in a password must be preceded by a backslash ("\") character.
  3. Perform a "cvs commit" to submit this changed file to the CVS repository.
  4. Perform a "gmaketst", "gmakedev", and "gmakenew" of the $CD_SOFT/ref/app/TclElog/script directory to move the load_pvs executable script to the "new" executable script directory.

Change Oracle passwords

Change the Oracle passwords for the elog_reader, elog_writer, and elog_owner accounts:
  1. source $CD_SOFT/ref/script/oracle_env.csh
  2. setenv TWO_TASK MCCO
  3. Use sqlplus to login to the elog_reader account: sqlplus elog_reader/password where password is the old password.
  4. In sqlplus, enter the following command: password. Follow the directions to set the new password.
  5. In sqlplus, enter the following command: exit.
  6. Use sqlplus to login to the elog_writer account: sqlplus elog_writer/password where password is the old password.
  7. In sqlplus, enter the following command: password. Follow the directions to set the new password.
  8. In sqlplus, enter the following command: exit.
  9. Use sqlplus to login to the elog_owner account: sqlplus elog_owner/password where password is the old password.
  10. In sqlplus, enter the following command: password. Follow the directions to set the new password.
  11. In sqlplus, enter the following command: exit.

Start the E-log loader process and the E-log cron job

  1. Logon to the mccelog machine using the cddev account: ssh mccelog -l cddev
  2. cd /mccelog/logxml/bin
  3. ./st.elog_loader
  4. Start the E-log cron job (which runs the elog_notifier script) with the follow command: crontab < crontab.mccelog

Start the E-log web server

  1. Ask a system administrator of the Operations E-log web server machine (mccelog) to start the E-log web server (e.g., run the /etc/init.d/httpd script with the "start" parameter).

Modify the development E-log web interface software

Besides the main development E-log web interface area (/www/htdocs/elog/dev), there are numerous subdirectories under this directory where individual developers have their own versions of E-log web interface files. The passwords for the elog_reader and elog_writer must be changed in all of these files that use the passwords for these Oracle accounts so that these Oracle accounts do not become locked from developers using these files.

  1. Logon to the mccelog machine using the cddev account: ssh mccelog -l cddev
  2. cd /www/htdocs/elog/dev
  3. Find and note the names of all of the files in this directory and its subdirectories that reference the elog_reader Oracle account:
  4. Find and note the names of all of the files in this directory and its subdirectories that reference the elog_writer Oracle account:
  5. Modify all of the files that reference the elog_reader or elog_writer Oracle accounts by searching for the old elog_reader and elog_writer passwords and replacing them with the associated new passwords. Use the same directions as specified in the "Modify the production E-log web interface software" section above to modify the associated development directory files (which have the same names but with the "dev_" prefix).

Check into CVS the modified E-log scripts and web interface software

  1. Login to the mccelog machine using your own account (not cddev).
  2. Change the present working directory to a scratch directory under your account.
  3. Copy the following changed files to this scratch directory:
    1. cp /mccelog/logxml/bin/prod_desy_to_jlab_xml.pl .
    2. cp /mccelog/logxml/bin/env.sh .
    3. cp /www/htdocs/elog/wbin/globalvars.php .
    4. cp /www/htdocs/elog/wbin/logXml.cgi .
    5. cp /www/htdocs/elog/wbin/elog_http_xml_upload.php .
    6. cp /www/htdocs/elog/wsbin/login.php .
  4. Logoff from the mccelog machine.
  5. Checkout the package/elog/script directory from the SLAC Controls Software (non-LCLS) CVS repository on a flora machine, for example.
  6. cd package/elog/script
  7. Copy the previously modified prod_desy_to_jlab_xml.pl and env.sh files from the scratch directory used previously to the current directory.
  8. cvs commit
  9. Checkout the package/elog/webapp directory from the SLAC Controls Software (non-LCLS) CVS repository.
  10. cd package/elog/webapp
  11. Copy the previously modified globalvars.php, logXml.cgi, elog_http_xml_upload.php, and login.php files from the scratch directory used previously to the current directory.
  12. cvs commit

Notes for other accounts

CD account

  1. $CD_REF/app/pvudb_load/load_pvs
  2. $CD_REF/common/report/make_plc_pv_list

IRMISDB account

$CD_SOFT, other afs

  1. $CD_REF/common/report/ioc_report_from_irmis.csh
  2. all scripts and db.properties in
    1. $CD_REF/ext/irmis/utils
    2. $CD_REF/ext/irmis/client_cleanup
    3. $CD_REF/ext/irmis/*/script

LCLS

 

  1. /usr/local/lcls/tools/irmis/script/*
  2. /usr/local/lcls/package/irmis/irmisV2_SLAC/db/src/crawlers/*/db.properties
  3. Build the /afs apps version with new password:
    1. ant clean, the cvs checkout deploy and build again
    2. ant deploy
    3. CVS commit
  4. After build:
    1. scp /afs/slac/package/epics/tools/irmisV2_SLAC/apps/deploy/* over to /afs/local/lcls/package/imris/irmisV2_SLAC/apps/deploy
    2. Similarly, winscp deploy/* to XP: groups(v:)\cd\soft\Projects\IRMIS\IRMIS_APP

JSP applications

  1. Change the password in JSP applications in Eclipse. These are not yet in CVS and currently are located only in Judy Rock's (jrock) Z: PC drive.
  2. Export to a ".war" file.
  3. Redeploy on mccas2.

IRMIS_RO account

  1. ~/work_lcls_irmis/pvClientQueries/getClientList.csh

PVUDB account

  1. $CD_REF/app/pvudb_load/load_pvs

PVU_QUERY account

  1. $CD_REF/app/pvudb_load/list_pv

NLCDEV and NLCPROD accounts

  1. $CD_REF/common/tool/run_pmu_load.sh
  2. $CD_REF/common/tool/run_slcdb_to_ora.sh

SCORE account

  1. /usr/local/lcls/physics/apps/score/script - Judy Rock
  2. SCORE gui (properties file) - Debbie Rogind
  3. SCORE APEX - Elie Grunhaus