New post

#System Administration

12

System administration refers to the management of one or more hardware and software systems.

Documentation on InterSystems system administration.

I have two instances of IRIS, one is Production and another one is Staging (both managed by Docker) and I want to set up a full daily recover of the Staging server from a full backup of the Production server. I know how to do this manually using the DBREST utility, as well as how to make a copy of the database by making a full copy of the durable directory (however this option requires a full stop of the Production-database). What is the best way to automatically restore all databases from a full backup using scripting?

0 1
0 43

I have created a class file that I want to execute daily to gather Metrics (Message Header, Space Available, etc..) and write the data into a Cache table. Now that I have written the class I want to add it to the Task Scheduler within Ensemble to run every morning. How do I go about getting the class file created as a Task within the Task Scheduler? The Documentation isn't as clear cut for creating custom tasks as one would expect.

0 8
0 677

Hi,

I recently had a company-enforced OS upgrade, and ever since going from mac OS 14.x to 15.x, I am currently having issues with SSL in IRIS.

An ARM (M3 pro) machine running OS 15.2, with the latest Docker Desktop (at the time of writing, 4.37.0). The Docker container runs IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.1.2 (Build 574_0_22161U). This container has not changed.

1 3
0 181

Hello,

I was just trying to get to the bottom of a TLS config - we have an interface with a TLS config that has had 'Server certificate verification' set to 'On', however the cert file specified either did not exist or contained a cert that was expired.

Does anyone know what the behavior is for this typically? I would expect this to not allow traffic on the interface, however this has been working fine for a few years now with an invalid cert specified for 'Server certificate verification' and set to 'On'.

0 0
0 78

Hi,

In a customer project we started enforcing the "Inactivity Limit" as defined in System-Wide Security Parameters. The customer would expect accounts to become Disabled after they have been inactive for the specified amount of days. However, that doesn't happen; it seems the Inactivity Limit is only established after logging in.

Furthermore, the account inactivity only starts being applied after the first login. Can you confirm that?

Lastly, for accounts that have been manually Disabled, and have an expired password, we see the following weird behavior:

0 0
0 81

I am developing locally on my IRIS instance using VSCode and client-side editing approach. How can I automatically export a single .cls file/a whole package to a remote TEST/PREPROD server using a script or command line and recompile the unit remotely? Are there any more simple and straightforward ways than CI/CD explained in the series of articles by Eduard?

0 3
0 121
Question
· Sep 25, 2018
Wireshark with ensemble

Hi,

We see a lot of TCPIP connection error for few of the components not sure if it is a network glitch at the source/target or is it with us. And most of the times these errors are very transient and vanish on their own and the connection gets re established and the messages get processed. Here is the error we mostly see

ERROR <Ens>ErrTCPTerminatedReadTimeoutExpired: TCP Read timeout (30) expired waiting for terminator SegTerminatorAscii=13, on |TCP|50007|10620, data received =''

or

1 3
1 1.6K
Question
· Sep 25, 2024
LDAP Authentication Question

I am trying to track down a problem we saw this morning with our TEST environment. We had a momentary issue where InterSystems HealthShare Health Connect could not connect correctly to LDAP. When we tried to login and could not connect to LDAP, the system would Delete our users.

the Test LDAP function would return a "Can't contact LDAP server". I went through the Certificates, made sure they had the correct permissions and were not expired.

0 2
0 143

Currently we are exploring how we can allocate additional disk space to our current environment as we have seen a significant increase in growth of our Database files. Currently we have 3 namespaces, all with 1 IRIS.dat each that contains both the Global and Routines.

Since we have started down the route of everything within a single IRIS.dat file for each namespace, is it logical as we see growth to be able to split the current IRIS.dat for each namespace into a separate IRIS.dat for global and a IRIS.dat with for routines for each namespace in a Mirror environment?

1 4
0 194

I have a few routines in ^rINDEX that are missing in ^ROUTINE. At least some of those routines lack a timestamp, probably Date and Time Modified in ^rINDEX. It causes D %RO crash when such a routine is referenced by a routine range, since "" is an illegal $ZDTH value.

Healthy entry (note the timestamp): ^rINDEX("ABC,"INT") = $lb("2021-06-15 15:08:38.846885",) ;The second argument is sometimes present and sometimes not, likely the routine size.

Unhealthy entry (note an empty timestamp): ^rINDEX("DEF,"INT") = $lb("",21)

0 3
0 129

We are constantly running into issues where there are billions of Orphaned messages in our system that cause problems, and we have to manually run a cleanup to fix performance issues.

In the following article about orphaned messages... https://community.intersystems.com/post/ensemble-orphaned-messages it mentions either programmatically eliminating the Orphaned messages or using a Utility like Demo.Util.CleanupSet in ENSDEMO.

0 7
2 854

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

0 8
0 1.5K

We're looking to create a quick and simple test to see if all firewalls are open on 1972 between a linux based web server VM and a VM running InterSystems IRIS. Does anyone have any ideas for a quick command that can be run from UNIX console that will provide confirmation that traffic is able to get to 1972 on an IRIS machine?

BTW - I don't think it makes any difference but the IRIS machine is running Windows

0 19
0 583

Has anyone noticed weird behavior when upgrading to HealthShare Health Connect 2024.1?

Wednesday I upgraded our TEST environment from IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2022.1.4 (Build 812_0_22913U) [HealthConnect:3.5.0-1.m1] [HealthConnect:3.5.0-1.m1] to IRIS for UNIX (Red Hat Enterprise Linux 8 for x86-64) 2024.1 (Build 267_2U) [HealthConnect:3.5.0-1.m1].

Some of our Business Processes have been throwing...

1 2
0 198

Hello community,

I guess this one will be easy to answer, but trial and error took me too long meanwhile, so I thought it might better to ask the experts.

I would like to get rid of %all rights for routine use at our productive environment. The things, that we have to do in routine are:

- Open productions and start / stop components
- Read messages and message logs
- Search and resend messages
- Deploy new Applications
- Edit settings and default settings
- Read database tables

0 2
0 179

Let's say I have an InterSystems IRIS instance with 6 Namespaces:

  • Foo1
  • Foo2
  • Foo3
  • Foo4
  • Foo5
  • Bar

And the number of Foo# namespaces can increase at any time for a number of reasons. I need to ensure that they all have identical configuration globals stored in a DB called CONFIG, so I do the following in my configuration file:

[Map.%ALL]
Global_SYS=%DEFAULTDB
Global_SYS("CommonConfig")=CONFIG
Global_SYS("CommonOtherSettings")=CONFIG
Global_SourceControl=CONFIG

1 9
0 291

I am trying to setup a OAuth2.0 configuration to connect to a server within our Network using OAuth2.0. My previous attempt worked, however forgot to capture the steps before I had whipped the System so please bear with me.

I have an SSL/TLS Client configuration setup as we use the setup for our LDAP configuration.

When I go through the following steps within the Terminal, I am getting the following error...

0 7
0 364

We have messages that are in a queued state for various reasons and when we do a manual shutdown of the instance, they are moved to a Suspended state. I thought I saw in the documentation somewhere a setting to make sure these messages stay in a queued state and not suspend them. Can someone confirm and point me in the correct location for that documentation, as I am trying to ensure that if we do have to manually shutdown a instance, someone doesn't have to remember to go back in and check for suspended messages and resubmit them?

Thanks

0 4
1 463
Question
· Dec 14, 2023
LDAP Logging

I am trying to troubleshoot an issue with LDAP and a specific user. Besides what is in the Audit Database is there another way to look to see the LDAP functionality that is being called and the response, like there is with OAuth and the ISCLOG? The Audit Log is returning a failure (Unexpected - /api/atelier login failure | InterSystems Developer Community) for this particular user, and I want to get proof that it might be something with the LDAP and not IRIS.

Thanks

Scott

0 6
0 407

We recently went through an Audit of our Security Policies and Procedures when it comes to IRIS. As a result of that Audit, we need to make adjustments to the way that Security is setup within IRIS. I have already done my changes on our TEST and DEVELOPMENT environments, but now I am trying to plan out how do we make these changes in Production.

These changes include moving away from the PWS, setting up Apache/Web Gateway, moving to LDAP instead of using Delegated Authentication, updating Web Applications, updating Resources, updating Services, etc...

1 4
0 170