So, this time something about powerful security tool from IBM - Tivoli Security Policy Manager 7.1. This software let's you manage your security policies (surprisingly :) on various servers from single point of authoring and distribution (PAP, PDP). It can manage multiple policy enforcement points (PEPs) on the online and offline basis (online means pushing policies to PEPs on-the-go, while offline means that you can author policies on PAP and distribute them asynchronously, or even over portable memory (when your PEP is in DMZ or something like that). Above features are very well described on IBM pages, so let's cut this here.
The problem I had with installation was a bit surprising (believe me, I overcame numerous problems with this product before, that included temporarily giving up on installing TSPM 7.1 on 64bit Linux - which is possible only after adding 32bit compatibility libraries), so when this time it went smooth, up to some point, I was very disappointed to see it failed again.
Quick look in the log and voila:
AUDIT: ADFS0124
Nov 15, 2013 4:25:31 PM com.tivoli.am.fim.rte.config.impl.RuntimeConfigurationImpl putConfiguration
INFO: com.tivoli.am.fim.rte.config.exception.RuntimeConfigurationRepositoryException: +null
at com.tivoli.am.fim.rte.config.impl.RuntimeConfigurationImpl.putConfiguration(RuntimeConfigurationImpl.java:491)
at com.ibm.tspm.installer.platform.actions.ConfigReposUtils.putConfiguration(Unknown Source)
at com.ibm.tspm.installer.platform.actions.ConfigReposUtils.putConfiguration(Unknown Source)
at com.ibm.tspm.installer.platform.actions.ConfigReposUtils.pushFiles(Unknown Source)
at com.ibm.tspm.installer.platform.actions.ConfigReposUtils.install(Unknown Source)
at com.ibm.tspm.installer.platform.actions.ConfigReposUtils.run(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at com.ibm.cic.agent.core.commonNativeInstallAdapter.Invoke$InvokeRunnable.run(Invoke.java:189)
at java.lang.Thread.run(Thread.java:810)
Caused by: java.security.PrivilegedActionException: com.ibm.websphere.management.exception.RepositoryException: com.ibm.websphere.management.filetransfer.client.TransferFailedException: Error occurred during upload to: upload/cells/nullNode01Cell/rtss/security-services.xmi. Exception: java.net.UnknownHostException: null
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:4265)
at com.tivoli.am.fim.rte.config.impl.RuntimeConfigurationImpl.putConfiguration(RuntimeConfigurationImpl.java:487)
... 11 more
Caused by: com.ibm.websphere.management.exception.RepositoryException: com.ibm.websphere.management.filetransfer.client.TransferFailedException: Error occurred during upload to: upload/cells/nullNode01Cell/rtss/security-services.xmi. Exception: java.net.UnknownHostException: null
at com.ibm.ws.management.repository.client.JMXRemoteConfigRepositoryClient.upload(JMXRemoteConfigRepositoryClient.java:195)
at com.ibm.ws.management.repository.client.JMXRemoteConfigRepositoryClient.create(JMXRemoteConfigRepositoryClient.java:204)
at com.tivoli.am.fim.rte.config.impl.PrivilegedConfigCreateAction.run(PrivilegedConfigCreateAction.java:41)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:4253)
... 12 more
Caused by: com.ibm.websphere.management.filetransfer.client.TransferFailedException: Error occurred during upload to: upload/cells/nullNode01Cell/rtss/security-services.xmi. Exception: java.net.UnknownHostException: null
at com.ibm.ws.management.filetransfer.client.FileTransferClientImpl.uploadFile(FileTransferClientImpl.java:275)
at com.ibm.ws.management.repository.client.JMXRemoteConfigRepositoryClient.upload(JMXRemoteConfigRepositoryClient.java:189)
... 15 more
Why would it have problem with hostname when I'm installing locally? Of course! Quick glance on /etc/hosts revealed that only loopback address has been defined, so no hostname could be resolved to any ip address, except for localhost. What is this needed for? Behind the scenes of Installation Manager, there's some work done over wsadmin (WAS administrative client), which essentially needs network infrastructure working fine, that includes possibility to resolve system's own hostname. If that fails, wsadmin has no point to connect to.
Adding machine's own ip and hostname (both fully qualified and short) to /etc/hosts solved the issue.
Now, one interesting thing to add here is that problem can be seen even by looking oin WebSphere cell name. It is:
nullNode01Cell
and it is very wrong - it usually (by default, at least) should contain hostname - which in that case was missing and replaced by null. Of course you may fancy naming your machine "null" but that was not the case.
Ok, so good luck installing TSPM 7.1.