Friday, 31 July 2009

IBM HTTP Server as a Reverse Proxy for IBM Lotus Quickr Services for Lotus Domino 8.2

Two of my French colleagues, Xavier Defossez and Vincent Perrin, have put together an excellent article covering the use and configuration of IHS as a reverse proxy solution.

The article is here on the Quickr Wiki ( try saying that quickly ): -


Enjoy!

Thursday, 30 July 2009

WebSphere Portlet Factory 6.1.2 and Rational Application Developer 7.5 Together

Helping a client deploy WebSphere Portlet Factory and Rational
Application Developer together, I thought it'd be helpful to provide
screenshots of the deployment configuration screens for WebSphere
Application Server and WebSphere Portal; these screens are seen when a
new WPF project is created, and are used to map to the underlying WAS/ WP test environment: -

*UPDATE* Although I've not yet tried this, I'm told that RAD 7.5 fixpack 3 *MAY* cause some conflicts with WPF - I'll try this at some point hopefully soon ( on a VMware so that I can roll back ) and post an update here once I know more *UPDATE*

Sunday, 19 July 2009

Lotus Connections 2.0.1 and WebSphere Portal 6.1 Together

This is one of many work-in-progress documents, but I wanted to share some screenshots of an integration that I've just built on a single server: -

Activities and Blogs and Communities


Add a little Dogear


With a little user-driven customisation...


In my particular case, I'm using a Domino 8.5 server for LDAP, webmail and SMTP, and have shared a LTPA token across all three servers ( Domino plus two separate profiles of WAS 6.1 ).

I've still got more to do, especially around the portal UI, as well as adding in the Web Application Integrator portlet, but this is a good starter for 10.

The Connections integration is currently achieved using the Lotus Connections Portlets for IBM Websphere Portal portlet: -


and this document was useful in setting it up.


I noticed that some of the fonts were a bit on the large side, and found this post: -


which may be of use. Will try it and report back ...

I also haven't yet got the Business Card tags working but, again, I will ...

IBM WebSphere Portal and Lotus Web Content Management search: Essentials and best practices

A good article covering the essentials of Portal and WCM search on the wiki here: -

Thursday, 16 July 2009

HTTP 501 Not Implemented when attempting to administrator Sametime 8.0.2

Whilst documenting my mega Connections/Domino/Portal/Sametime/Quickr demo, I noticed that I was unable to access the Sametime Configuration web UI ( http://foobar.com/stconfig.nsf ), but received the exception: -

HTTP 501 Not Implemented

when I tried.

As per usual, I Google'd around, and found reference to this Technote: -

Sametime: Unable to Administer the Server when Web SSO is Disabled


and followed the third circumvention: -

<snip>
Workaround #3

1. Open the servlet.properties file found in the Lotus\Domino\Data directory (using a text editor such as Notepad).
2. Locate the line that begins with: servlet.admin.initArgs=Statistics.Servlet
3. Follow the line to the end where you will find a parameter called:

      "LoginURL=/stconfig.nsf?Login"

4. Delete it.

Example:

Delete what is in bold below, including the comma before the parameter:

servlet.admin.initArgs=Statistics.Servlet.Name=stats,XML.File.Path=admin_web_site.xml,Servlet.Resource.Relative.URL=/servlet/auth/admin,Static.Resource.Relative.URL=/sametime/stadmin,Static.Resource.Relative.Path=/domino/html/sametime/stadmin,Language.Resource.Relative.Path=strings/,Default.Language.Suffix=en,AccessControl.Roles=[SametimeAdmin];[SametimeMonitor];[DatabaseAdmin],ServletURL=admin,LoginURL=/stconfig.nsf?Login

5. Save the changes

6. Type tell http restart on the Domino Server console for the settings to take effect. 
</snip>

Apart from (stupidly) killing the HTTP server WHILST logged in via the Web Administrator client ( I ran tell http quit rather than tell http restart on my Linux-based server ), this worked a treat.

Interesting to see that this Technote was written in 2004, and pertains to ST 3 whereas I'm using ST 8.0.2 :-)

Wednesday, 15 July 2009

Excellent new blog from IBM's Java team ....

Wanted to highlight some great work being done by the Java team at IBM Hursley Park, resulting in a new blog here: -


Here's an example of one of their most recent posts: -

<snip>
The team I'm in at the moment have been developing a tool - IBM Monitoring and Diagnostic Tools for Java - Health Center. The Health Center tool provides live diagnostic information about the VM, and helps you identify some bottlenecks that can occur in your application. This information is gathered with a low overhead, so there is almost no impact on your application.

The kind of information you can get from Health Center includes method profiling, GC details, locking information, class loading, and details about the JVM environment. Here's a screenshot of the profiling information to whet your appetite:

profiling_snippet.jpg

</snip>

Enjoy !

Sunday, 12 July 2009

Automagically starting Domino on Linux

Having created a very basic "hack" to automatically start Domino on Linux, I'm very pleased to see that someone else, Daniel Nashed, has done a FAR much better job here: -

 Domino on Unix/Linux Start Script 

Using Domino Web Administrator to register new users

<CAVEAT>

It's worth noting that (a) I'm NOT a Domino guru and (b) this may well
be a work-in-progress.

Therefore, please use extreme caution if you choose to follow this,
and let me know where I've gone wrong :-)

</CAVEAT>

It's been bugging me for a long while that I need to fire up the
Domino Administrator client each time I want to register new users,
when I'd much rather use the Web Administrator ( webadmin.nsf ).

Well, today, I finally managed to achieve my goal, and have documented
my steps as follows: -

a) Open Domino Administrator and log in as admin. user e.g. domadmin/ibm
b) Choose File -> Open Server and choose server to be managed e.g.
voyager/ibm
c) Choose Configuration -> Tools -> Certification -> Migrate Certifier
d) Navigate to server's cert.id on file system ( may need to copy it
from server to client )
e) Enter certifier password ( created when server first installed )
f) Select the server on which the certifier will run e.g. voyager/ibm
g) Note that ICL DB to be created e.g. icl`icl_1926.nsf
h) Choose to encrypt certifier ID with Locking ID and select domadmin/
ibm from the IBM directory
i) Note that the domadmin/ibm user has CAA and RA roles
j) Click Add
k) From IBM directory, choose to add server e.g. voyager/ibm
l) Again, note that voyager/ibm has CAA and RA roles
m) Click on OK
n) Ensure that ADMINP and CA tasks are started/running on Domino server
o) Check admin4.nsf DB for task Modify CA Configuration in Domino
Directory and ensure that it completed without errors

<CAVEAT>

It's worth noting that (a) I'm NOT a Domino guru and (b) this may well
be a work-in-progress.

Therefore, please use extreme caution if you choose to follow this,
and let me know where I've gone wrong :-)

</CAVEAT>

Saturday, 11 July 2009

Wierdness when creating DB2 Administration Server (DAS) on Red Hat Enterprise Linux 5

I've seen this a few times now, having spent quite a bit of time using DB2 UDB v9.1.0.5. I see warning messages related to /tmp when I attempt to create a DAS or instance using the command: -

[root@voyager tmp]# /opt/ibm/db2/V9.1/instance/dascrt -u dasusr1

which resulted in: -

SQL4406W  The DB2 Administration Server was started successfully.
-bash: /tmp/db2iexec.tmp.32030: Permission denied
/opt/ibm/db2/V9.1/instance/db2iexec: line 84: [: -ne: unary operator expected
DBI1070I Program dascrt completed successfully.  

This seems to relate to the executable (X) permissions of /tmp which, on my system shows as: -

drwxrwxr-x  8 185101 330209  4096 Jul 11 07:43 tmp

Therefore, I hacked the solution by changing the X bit for /tmp for ALL users/groups, using the command: -

chmod 777 /tmp

which then means that /tmp shows as: -

drwxrwxrwx   8 185101 330209  4096 Jul 11 08:38 tmp

Having done this, I was then able to create the DAS: -

[root@voyager tmp]# /opt/ibm/db2/V9.1/instance/dascrt -u dasusr1

resulting in: -

SQL4406W  The DB2 Administration Server was started successfully.
DBI1070I Program dascrt completed successfully.  

and the instance: -

[root@voyager ~]# /opt/ibm/db2/V9.1/instance/db2icrt -a SERVER -u db2fenc1 db2inst1

resulting in: -

DBI1070I Program db2icrt completed successfully.  

Thursday, 9 July 2009

EJPPG1009E when attempting to create/use Lotus Sametime Web Conferencing via a portlet

Having set up a oh-so-cool collaboration demo, consisting of Lotus Domino 8.5, Lotus Connections 2.0.1, Lotus Sametime 8.0.2 and Lotus Quickr 8.1.1, all delivered via WebSphere Portal 6.1.0.2, I was very sad to see that the e-meetings capability of Sametime did not appear to work.

Once a user created a new meeting, they were presented with a nice blank page, with the following exception ( along with others ) in SystemOut.log: -

[09/07/09 16:37:30:138 BST] 00000042 PortletContex E com.ibm.wps.pe.pc.legacy.impl.PortletContextImpl include EJPPG1009E: Resource ExecuteNewMeetingURI could not be found.

This turned out to be a misconfigured set of parameters in the Lotus Web Conferencing portlet, which was resolved by me logging in as the portal administrator ( wpsadmin ), and changing two parameters from: -

SametimeUserName1 = cn=wpsadmin,o=ibm
SametimePassword1 = true

from: -

SametimeUserName1 = cn=domadmin,o=ibm
SametimePassword1 = passw0rd

( where cn=domadmin,o=ibm is the Domino administrator of the domain in which the Sametime server is running )

This Technote is of some help: -


Wednesday, 8 July 2009

Mounting the mounting mountain

Couldn't work out why we were unable to mount an EXT3 partition as a non-root user on Ubuntu *AND* write to it.

It turned out that, although /etc/fstab was OK, with the following line: -

/dev/sdb1 /media/mynewdrive ext3 defaults 0 0

and the non-root user had permission to write to the top-level mount point ( /media ) and the subdirectory ( /media/mynewdrive ), the same permissions did not extend to the file system on the drive.

The solution was to: -

a) Mount the drive as root ( sudo mount -a )
b) Change the permissions for the filesystem e.g. chmod -R 777 /media/mynewdrive

This sets the RWX permissions for the entire file system AND the mountpoints.

We were then able to unmount the drive ( sudo umount /media/mynewdrive ) and then remount it ( sudo mount -a ) and write to a file ( touch /media/mynewdrive/foobar ).

As the final acid test, we rebooted to ensure that the drive automatically mounted - according to: -


the defaults value in /etc/fstab are: -

rw
suid
dev
exec
auto
nouser
async

As with all things, DON'T DO THIS IF YOU ARE NOT SURE WHAT YOU'RE DOING or YOU'RE NOT SURE WHAT THE IMPACT WOULD BE or IT IS NOT YOUR DRIVE.

JNDI - Getting access to the namespace on WebSphere Application Server 6.1

Am trying to connect the Lotus Connections business card service ( part of Profiles ) to the Lotus Connections Multi-service portlet, following various documentation sources, including: -


and: -


Part of the setup involves setting up a Resource Provider/URL using Java Naming Directory Interface (JNDI). Having set it up in the WAS administration console, I wanted to see whether it appeared within the JNDI namespace.

For many years, WebSphere Application Server has had the command: -

dumpNameSpace

which, on my Linux box, I can run as follows: -

/opt/IBM/WebSphere/AppServer/profiles/wp_profile/bin/dumpNameSpace.sh

However, this fails with an exception: -

Getting the initial context
ERROR: Could not get the initial context or unable to look up the starting context. Exiting.
Exception received: javax.naming.ServiceUnavailableException: A communication failure occurred while attempting to obtain an initial context with the provider URL: "corbaloc:iiop:localhost:2809".  Make sure that any bootstrap address information in the URL is correct and that the target name server is running.  A bootstrap address with no port specification defaults to port 2809. 
....

This is because the command looks for the default JNDI bootstrap listening on port 2809 ( corbaloc:iiop:localhost:2809 ) whereas, on my server ( running WebSphere Portal Server 6.1.0.2 on WebSphere Application Server 6.1.0.2 ), the bootstrap is listening on port 10031.

Therefore, I needed to run the command as follows: -

 ./dumpNameSpace.sh -url corbaloc:iiop:localhost:10031 > /root/dumpNameSpace.out

I chose to create an output file, in order that I can go and search for the appropriate JNDI variable


Tuesday, 7 July 2009

Lotus Connections not starting ? LDAP OK ? Check DB2 ...

I couldn't work out why my beloved Connections 2.0.1 server was refusing to start this morning. I knew that LDAP was OK, because I was logged into Portal, which shares the same Domino 8.5 directory.

I stopped/started WAS, but to no avail. However, when I looked at SystemErr.log and SystemOut.log, the error became clear: -

[07/07/09 09:40:15:393 BST] 00000024 SystemErr     R Exception in thread "Timer-7" java.lang.RuntimeException: com.ibatis.dao.client.DaoException: com.ibm.websphere.ce.cm.StaleConnectionException: [ibm][db2][jcc][t4][2043][11550] Exception java.net.ConnectException: Error opening socket to server localhost/127.0.0.1 on port 60,000 with message: Connection refused.DSRA0010E: SQL State = null, Error Code = -4,499

In my particular case, DB2 UDB was installed on the same box, and we'd performed a shutdown/restart over the weekend, in order to take a backup.

Despite my best intentions, DB2 wasn't set to autostart ( see here ), so .... quelle surprise, it hadn't automatically started, as the error message clearly indicates.

Once I started DB2 and started WAS ( again ), all was well :-)

Sunday, 5 July 2009

Lesson to self - read and reread your own blog posts

Having just spent 30 minutes wondering why the WebSphere Application Server 6.1.0.25 command: -

[root@voyager ~]# . /opt/IBM/WebSphere/AppServer/bin/setupCmdLine.sh 

kept failing to run, with: -

dirname: invalid option -- b
Try `dirname --help' for more information.

I remembered that, when WebSphere Portal is in the mix, that the script that I needed to run is: -

[root@voyager ~]# . /opt/IBM/WebSphere/wp_profile/bin/setupCmdLine.sh 

instead.

I suspect that this is always the case with WebSphere Application Server 6.1, which has introduced the concept of profiles.

It was even more galling when I looked back in time to a blog posting from about 15 months ago: -


Can you say 'D'oh' ? I bet you can ...

Disabling Firewall on Red Hat Enterprise Linux 5

*WARNING* only do this if you really really know what you are doing *WARNING*
*WARNING* if in doubt, check with your network or Linux administrator *WARNING*

In order to access my portal demo from outside the VMware in which it is running, I needed to disable the firewall on my Red Hat Enterprise Linux Server release 5.2 (Tikanga) server.

This service ( known as IPTables ) can be temporarily stopped using the command: -

[root@voyager ~]# service iptables stop

( other subcommands are available; start|stop|restart|condrestart|status|panic|save )

and permanently disabled using the command: -

[root@voyager ~]# chkconfig iptables off

Given that I'm at runlevel 3 ( multiuser, no X11 ), I could have run the command as: -

[root@voyager ~]# chkconfig --level 3 iptables off

which would leave it running for other runlevels ( 2/3/4/5 are the defaults.

The current setting can be checked as follows: -

[root@voyager ~]# chkconfig --list | grep iptables

*WARNING* only do this if you really really know what you are doing *WARNING*
*WARNING* if in doubt, check with your network or Linux administrator *WARNING*

Saturday, 4 July 2009

IBM Software Brand Catalogs

Are you looking for IBM's Portlet Catalog ? If so, please note that it appears to have moved from it's old URL of http://catalog.lotus.com to a new URL of http://www-01.ibm.com/software/brandcatalog/portal - which is nice.

Of course, it may just be that the redirector site is down but .....

Thursday, 2 July 2009

Fun when running DB2 CLP scripts

Having spent some time with DB2 and Linux recently, I hit a problem today whereby I was attempting to execute a SQL script from the DB2 command line ( CLP ) using the command: -

db2 -tvf createDb.sql

This worked perfectly for five out of six databases. However, the sixth database did not create, and I noticed that the script ran through rather too quickly ( even for my blindingly fast VMware ESX / Red Hat environment ).

When I looked at the output from the command, I saw: -

SQL0104N  An unexpected token "CONNECT" was found following "<identifier>".  
Expected tokens may include:  "RESTRICTIVE".  SQLSTATE=42601

B21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:

etc.

When I dug into the script ( createDb.sql ), I noticed that the commands were, for some strange reason, separated by the AT (@) character than, as I'd normally expect, the semi-colon (;) character.

Rather than hacking the script, my guru/colleague, RobT, showed me how to override the DB2 -tvf command to force it to use a different separator, as follows: -

db2 -td@ -vf createDb.sql

which did the trick.

Easy when you know, or know someone who knows how :-)

Wierdness when installing Lotus Quickr Services for WebSphere Portal 8.1.0

During this project, I hit a really really strange problem whereby an installation of Quickr Services for WebSphere Portal ( aka QS4WP ) completed successfully BUT did not allow me to log on, or use the site.

When I dug into the logs ( SystemOut.log ), I saw the following exception: -

[30/06/09 15:38:16:859 BST] 0000000a ApplicationMg W WSVR0100W: An error occurred initializing, portletWiring_web_app_12ljiwqp
com.ibm.ws.exception.ConfigurationWarning: Failed to open /opt/IBM/Quickr/PortalServer/installedApps/portletWiring_web_app_12ljiwqp.ear
[30/06/09 15:38:16:865 BST] 0000000a ApplicationMg W WSVR0100W: An error occurred initializing, Portlet_Manager_12ljj1sr
com.ibm.ws.exception.ConfigurationWarning: Failed to open /opt/IBM/Quickr/PortalServer/installedApps/Portlet_Manager_12ljj1sr.ear

etc.

When I checked the disk location ( /opt/IBM/Quickr/PortalServer/installedApps/portletWiring_web_app_12ljiwqp.ear ) of one of the affected applications, the directory structure was intact BUT the sequence of characters that comprise the file name were completely different.

After a number of uninstalls/reinstalls, I decided to take a different approach, and look at the source images that I was using for the installation itself.

I'd started with a complete set of images, which I had downloaded last year. Some of these were failing to unpack, and I was seeing various CRC errors. Therefore, I'd downloaded replacements for SOME of the images.

I think that this was the root cause of the problem - given that IBM packages Quickr ( and its constituent products, WebSphere Portal Server and Lotus Web Content Management ) as archived installations - in essence, IBM installs the products, ZIPs up the file system and then delivers it in the various installation media IL-3, IL-4 etc.

I performed a completely fresh download of Quickr, ran the installation, and all was well.

As a matter of interest, the current working installation DOES have the aforementioned file path ( /opt/IBM/Quickr/PortalServer/installedApps/portletWiring_web_app_12ljiwqp.ear ) which would seem to confirm my opinion, which is nice.

In conclusion, don't mix and match downloaded images, especially where archive installations are concerned.

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...