Tuesday, 3 March 2020

PAM says "No"

I saw this yesterday: -

Mar  2 11:19:32 korath sudo: pam_tally2(sudo:auth): user bloggsj (12024) tally 51, deny 5
Mar  2 11:19:32 korath sudo: pam_unix(sudo:auth): auth could not identify password for [bloggsj]
Mar  2 11:19:32 korath sudo:    bloggsj : 1 incorrect password attempt ; TTY=pts/0 ; PWD=/var/bloggsj ; USER=root ; COMMAND=/bin/bash

after changing a user's password.

He was trying/failing to run sudo bash even though he was in the right group, and was using the right password ....

Assuming that Pluggable Authentication Module (PAM) was getting in the way, I checked the PAM Tally: -

pam_tally --user=bloggsj

and even reset it: -

pam_tally --user=bloggsj --reset

but to no avail.

Then I re-read the message: -

Mar  2 11:19:32 korath sudo: pam_tally2(sudo:auth): user bloggsj (12024) tally 51, deny 5

Yep, the offending module is pam_tally2 !

Once I did the needful: -

pam_tally2 --user=bloggsj --reset

all was good.

For the record: -

https://xkcd.com/149/

Monday, 2 March 2020

WebSphere User Group Spring Roadshow - 24 April 2020 @ IBM South Bank

From the department of my old team/job/love in IBM Cloud, we have: -

WebSphere User Group Spring Roadshow

We know that real-world applications are complicated, and that a "Hello World" example just doesn't cut it when compared to the enterprise-grade applications you develop and manage every day. That's why we've put together an in-depth experience to help you explore how you can transform your application from an on-prem monolith to a streamlined containerized cloud implementation.

Join us for a hands-on lab where you will take a fully-fledged application running in a traditional WebSphere ND environment all the way to a containerized solution running on OpenShift using Cloud Pak for Applications. 

In this lab, we will look at both operational modernization and application modernization.

  •  Operational modernization focuses on containerizing applications as-is and is the suggested approach for applications that are just too complex to change. We will do this using the traditional WebSphere base container image
  • Application modernization focuses on what changes can be made to applications to modernize aspects of them for optimal use on the cloud. For the application modernization portion we will use Open Liberty images to containerize those updated applications. 

Both types of containers will then be deployed to Red Hat OpenShift. We will explore some of the dashboards available in OpenShift to perform common application administration tasks. Finally, we will use Application Navigator to manage your whole portfolio of applications, whether running on-prem or in the cloud.

Friday 24 April 2020 ( 0900-1400 GMT )

9.00 Registration & Breakfast
9.30 Welcome & Introduction
10.00 Workshop
13.00 Networking lunch

14.00 Close

IBM South Bank
76/78 Upper Ground, South Bank, London SE1 9PZ


Wednesday, 26 February 2020

Just Announced - IBM Hyper Protect Virtual Servers

This is upon what my team and I have been working for the past few months, and I'm proud that we've announced it today: -

IBM Hyper Protect Virtual Servers is a software solution that is designed to protect your mission-critical workloads with sensitive data from both internal and external threats. This offering provides developers with security throughout the entire development lifecycle.
  • All images are signed and securely built with a trusted CI/CD (Continuous Integration, Continuous Delivery) flow
  • Infrastructure providers will not have access to your sensitive data, but can still manage images through APIs
  • Validate the source used to build images at any time – no backdoor can be introduced during the build process
This offering aligns with the IBM Cloud Hyper Protect Services portfolio for on-premises deployment to IBM Z®and IBM LinuxONE™servers.

IBM Hyper Protect Virtual Servers

Securely build, deploy and manage mission-critical applications for hybrid multicloud environments on IBM® Z® and LinuxONE systems.

Solution Brief

Thursday, 23 January 2020

What's been eating my disk ?

I'm sure I've posted this before, but repetition is the most sincere form of .... something deep and meaningful.

Want to see what's eating your disk in a particular file-system ?

Try: -

du -hs * | sort -h

against, say, /home to see who is eating your disk, especially in terms of specific user's home directories etc.

Wednesday, 22 January 2020

Sigh, Jenkins, I was holding it wrong ...

I've created a Jenkins Pipeline that clones a GitHub repository and ... SHOULD ... execute a bunch o' instructions in a Jenkinsfile in the top-level of the repo ....

SHOULD being the operative word ...

The Pipeline runs, clones the repo, even showing up the most recent Commit message ... and then reports: -

Finished: SUCCESS

What was I doing wrong ?

Yeah, you guessed it ...

When I created the Pipeline, I neglected to choose Pipeline script from SCM, which allows me to specify the Script Path as Jenkinsfile



Which meant that there was NOTHING for the Pipeline to do, apart from clone the GitHub repo ....

Friday, 17 January 2020

Run Linux on IBM Z Docker Containers Inside z/OS

Whilst this isn't upon which I'm currently working, it's definitely of interest and relevance: -

 Everybody knows that Linux* runs on IBM Z*, but what if you could build a hybrid workload consisting of native z/OS software and Linux on Z software, both running in the same z/OS* image?

Starting from z/OS V2R4, with an exciting new feature named IBM z/OS Container Extensions (zCX), you have a new way to run Linux on IBM Z Docker containers in direct support of z/OS workloads on the same z/OS system. It builds much more flexibility into operations on IBM Z by modernizing and extending z/OS applications.

“With zCX, customers will be able to access the most recent development tools and processes available in Linux on the Z ecosystem, giving developers the flexibility to build new, cloud-native containerized apps and deploy them on z/OS without requiring Linux or a Linux partition,” says Ross Mauri, general manager for IBM (ibm.co/2W04VWW).

See the zCX website (ibm.co/2JaDzWe) if you are interested in more details. 

 Run Linux on IBM Z Docker Containers Inside z/OS 

Tuesday, 14 January 2020

docker create - or ... one learns something every day ....

I was looking for a simple way to "peer" inside a newly-built Docker image, without actually starting a container from that image ...

Specifically, I wanted to look at the content of a configuration file - /etc/ssh/sshd_config - to check some security settings.

Thankfully, the internet had the answer - as per usual

Extract file from docker image?

and this worked for me: -

Use the docker create command to create a container without actually creating (instantiating) a container


docker create debian:jessie

This returns the ID of the created container: -

7233e5c0df37bd460cc4d13b98f1f0b4d2d04677ea3356ad178af3a4af6484e5

Use the container ID to copy the required file to, say, /tmp

docker cp 7233e5c0df37bd460cc4d13b98f1f0b4d2d04677ea3356ad178af3a4af6484e5:/etc/ssh/sshd_config /tmp

Check out the copied file

cat /tmp/sshd_config

Delete the container

docker rm 7233e5c0df37bd460cc4d13b98f1f0b4d2d04677ea3356ad178af3a4af6484e5

Job done!

Obviously, I could've been even more elegant: -

export CONTAINER=`docker create debian:jessie`
docker cp $CONTAINER:/etc/ssh/sshd_config /tmp
cat /tmp/sshd_config
docker rm $CONTAINER

Nice !

PAM says "No"

I saw this yesterday: - Mar  2 11:19:32 korath sudo: pam_tally2 (sudo:auth): user bloggsj (12024) tally 51, deny 5 Mar  2 11:19:32 korath...