Thursday, 28 February 2013

Slightly strange problem with the Integrated Solutions Console of WebSphere Application Server Network Deployment 8.0.0.5

My colleague, Simmo, hit a problem earlier today with the Integrated Solutions Console (ISC) in a newly built WAS 8.0.0.5 Deployment Manager profile.

When he logged in, he saw the normal navigation tree on the left-hand side, but nothing much on the right-hand side, apart from the Welcome pane - "Integrated Solutions Console provides a common administrative console for multiple products…".

When he clicked on the WebSphere Application Server link within the Welcome pane, he saw: -

SRVE0190E: File not found: /secure/layouts. 

Also, in the Deployment Manager's SystemOut.log, he saw exceptions such as: -

[2/28/13 4:35:03:769 PST] 00000019 SystemOut     O In DefinitionsXmlParser parse Exception occurred org.xml.sax.SAXParseException: The value of attribute "value" associated with an element type "put" must not contain the '<' character.
[2/28/13 4:35:03:823 PST] 00000019 servlet       E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0014E: Uncaught service() exception root cause action: java.io.FileNotFoundException: SRVE0190E: File not found: /JDBCProvider.content.main

[2/28/13 4:35:06:651 PST] 00000019 SystemOut     O In DefinitionsXmlParser parse Exception occurred org.xml.sax.SAXParseException: The value of attribute "name" associated with an element type "putList" must not contain the '<' character.
[2/28/13 4:35:06:692 PST] 00000019 servlet       E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0014E: Uncaught service() exception root cause action: java.io.FileNotFoundException: SRVE0190E: File not found: /DataSource.content.main


etc.

He found this old Technote from 2005: -


which provides an iFix ( for WAS 7.0 ! ), and also provided a local fix: -

Relink the console-defs.idx in the config root and install root.

Note: these commands should be entered on one line

$ rm <config_root>/systemApps/isclite.ear/isclite.war/WEB-INF/console-defs.idx
$ ln -s <install_root>/systemApps/isclite.ear/isclite.war/WEB-INF/console-defs.idx <config_root>/systemApps/isclite.ear/isclite.war/WEB-INF/console-defs.idx

He did this, and restarted the DM, but to no avail.

However, the Technote also included a temporary fix: -

run iscdeploy -restore

which, thankfully, did the job.

To achieve this, he ran: -

$ <install_root>/bin/iscdeploy.sh -restore 

restarted the DM again, and … job done :-)

Well done, Simmo.

Sunday, 24 February 2013

Top 5 authorization security considerations in Business Process Management

All users are not created equally. Authorization is the process of ensuring that a user (or other computer system) has permission to perform a given act. IBM Business Process Manager defines a very fine-grained authorization model. Getting this model right – ensuring that only the right people have access to certain resources – is key to securing your Business Process Management environment. Using excerpts from J Keith Wood and Jens Engelke's new IBM Redbooks publication IBM Business Process Manager Security: Concepts and Guidance, here's the top 5 authorization security concerns we are seeing in Business Process Management today.


IBM Business Process Manager V8.0 Performance and Tuning Best Practices

Abstract

This IBM® Redpaper™ publication provides performance tuning tips and best practices for IBM Business Process Manager (BPM) V8.0 (all editions) and IBM Business Monitor V8.0. These products represent an integrated development and runtime environment based on a key set of service-oriented architecture (SOA) and business process management technologies. Such technologies include Service Component Architecture (SCA), Service Data Object (SDO), Business Process Execution Language for Web services (BPEL), and Business Processing Modeling Notation (BPMN).

Both IBM BPM and Business Monitor build on the core capabilities of the IBM WebSphere® Application Server infrastructure. As a result, BPM solutions benefit from tuning, configuration, and best practices information for WebSphere Application Server and the corresponding platform Java Virtual Machines (JVMs).

This paper targets a wide variety of groups, both within IBM (development, services, technical sales, and others) and customers. For customers who are either considering or are in the early stages of implementing a solution incorporating BPM and Business Monitor, this document proves a useful reference. The paper is useful both in terms of best practices during application development and deployment and as a reference for setup, tuning, and configuration information.

This paper introduces many of the issues influencing the performance of each product and can serve as a guide for making rational first choices in terms of configuration and performance settings. Similarly, customers who have already implemented a solution using these products might use the information presented here to gain insight into how their overall integrated solution performance might be improved.

Table of contents

Chapter 1. Overview
Chapter 2. Architecture best practices
Chapter 3. Development best practices
Chapter 4. Performance tuning and configuration
Chapter 5. Initial configuration settings

Due out on 29 March 2013


Friday, 22 February 2013

More on IBM BPM Theming via WebDAV

So I posted about BPM 8.0.1 and WebDAV yesterday, and was pleased as punch to find that the WebDAV support in Mac OS X was so smooth.

Imagine my surprise to find that it's not quite as easy with Windows :-(

My colleague was trying, and struggling, to get WebDAV working on her Windows 2008 Server VM, hosting BPM, and also with Windows 7 on her desktop.

In both cases, using Windows Explorer etc. to attempt to map a connection to the BPM server via WebDAV, she was getting a particularly useless exception - 

So, where I'd use a URL such as: -


she had to use a Windows-like URL of: -

\\bpm801.uk.ibm.com:8443\mum\mycontenthandler\mm\dav\filestore

but this merely failed with: -

0x80004005: Unspecified error

which is really helpful - NOT !

Googling around led me to various "solutions" including hacking the registry !!

Sadly none of them worked, so I gave up on Windows Explorer etc. and instead downloaded Cyberduck.

That worked a treat - for the record, here're the settings that we used ( this was running on the BPM server itself, hence the use of localhost ): -

 


Enjoy :-)

Thursday, 21 February 2013

IBM Business Process Manager - Theming and Scheming

So, in the past, I've written about theming using WebSphere Portal via the excellent WebDAV interface.

Imagine my surprise when one of my colleagues mentioned that IBM BPM also has the same functionality.

I'm running, as I may have mentioned before, IBM BPM Advanced 8.0.1 on WAS 8.0.0.5, all on a Linux platform.

However, my desktop is, as I may have mentioned before (!), an Apple Mac.

Therefore, WebDAV is very much out of the box, on both sides of the fence.

So, with my BPM server all up and running ( I have four clusters, for the record ), with the front-end access being "gated" by IBM HTTP Server and the WebSphere Plugin, I checked that my Process Center was running: -



as well as the Process Admin UI: -



I then did the same thing with the WebDAV client.

On the Mac, this is as simple as opening Finder: -


choosing Go -> Connect to Server


Entering the relevant WebDAV URL


The actual URL is: -


and clicking Connect


Once I authenticated ( remember this is a WAS admin user rather than a BPM account such as tw_admin ), this is what I see: -



etc.

That's much better than mucking about on a file system, isn't it ?

10 New Theming Powers in WebSphere Portal 8.0.0.1

I saw this on Cody Burleson's blog, and wanted to re-share it here, even though I don't work with WebSphere Portal as much as I did when I was with ISSC ( now being an ISSW kid instead ): -

As you may know by now, WebSphere Portal 8.0.0.1 released recently with a handful of exciting new features. With them are ten new concepts related to theming, which have been documented in the WebSphere Portal family wiki.

Knowledge is power, so feast your brain on these brand new articles from the IBM doc team…

Theme Concepts

• Adding new content categories from an outside component

Modules

• Overriding dynamic spots with a module

Styles and Layout

• Adding new styles or layouts from an outside component
• Relative width CSS classes for theme layouts

Menus

• Adding a menu item with a module

Mobile

• Mobile navigation
• Using standard portal pages with mobile devices
• Relative width CSS classes for theme layouts
• Device classes for developers
• Define a resource for a specific device class

Wednesday, 20 February 2013

WASX7017E and ADMC0008E seen when federating LDAP into an IBM BPM Advanced 8.0.1 environment

Can you say "Doh!" ? In my case, I can/did, as the problem was clearly between the chair and the keyboard.

I saw this exception earlier today: -

WASX7017E: Exception received while running file "add_ldap.py"; exception information: java.lang.NullPointerException: java.lang.NullPointerException

whilst trying to federate an LDAP ( IBM Bluepages, for the record ) into my IBM BPM 8.0.1 environment, using a Jython script.

I also saw: -

[20/02/13 13:26:11:100 GMT] 00000025 GenericSerial E   ADMC0008E: The system failed to marshall the object of type com.ibm.websphere.management.cmdframework.provider.CommandResultImpl: com.sun.jndi.ldap.LdapCtx

( in SystemOut.log )

This Technote: -


although for WebSphere Portal pointed me at the answer: -

Cause

Invalid LDAP objects

What I mean to say is that the Technote forced me to compare/contrast this most recent invocation of a previously working script with my notes.

Almost immediately I realised that all the parameters were identical APART from the LDAP bind user ID.

This was the snippet of Jython that was failing: -

AdminTask.addIdMgrLDAPServer('[-id '+repositoryID+' -host '+ldapHost1+' -port '+ldapPort1+' -bindDN '+bindDN+' -bindPassword '+bindPassword+' -referal ignore -sslEnabled false -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter]')

When I checked, the property bindDN was the only difference between the working and failing invocation.

Therefore, I was attempting to bind to LDAP with a DN that DOES NOT EXIST :-)

Sadly, none of the WAS logs showed the specific LDAP exception, which was a shame - I'd expect to have seen "No such DN" or equivalent.

I know I could have enabled WAS tracing using trace strings such as: -

com.ibm.ws.security.*=all:com.ibm.ws.wim.*=all:com.ibm.websphere.wim.*=all:com.ibm.ws.wsspi.wim.*=all

as per the Technote.

Still, all's that ends well.

Monday, 18 February 2013

Performance tuning considerations when IBM Business Process Manager (BPM) is running in a virtual machine

Saw this: -


on Twitter today: -


Problem(Abstract)

Running IBM Business Process Manager in a virtual machine is supported. However, there are some additional considerations when running servers in a virtual machine (VM) environment.

Resolving the problem

When you are running a Java Platform, Enterprise Edition (Java EE) application in a virtual machine (VM) there are additional considerations. These considerations are performance-related changes.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

Saturday, 16 February 2013

Breaking in the new TV

I'm the proud recipient of an Apple TV ( TV ), thanks to my family and an early birthday present.

It's a thing of beauty, and very very easy to set up.

I plugged it into my telly via HDMI, added some power and c'est voila.

It automagically picked up my wireless, so I entered the WPA2 key, and we're all up and running.

The built-in apps are pretty neat, although it'd be nice to have some UK content, along with the US-centric stuff such as MLB.tv ( whatever that is ) and WSJ ( Wall Street Journal ).

However, Vimeo is rather lovely, fewer cat videos than YouTube.

The main reason for the purchase was to allow me to play my own content, and also stream various UK TV services such as BBC iPlayer, 4oD, Five, ITV Player etc.

This is very easy using the TV's built-in AirPlay service, which allows one to use the nadger as a wireless display and a set of speakers.

I started by connecting the MacBook up to the telly, using AirPlay, before going to the next level and doing the same thing with the iPhone.

One thing that did catch me out with AirPlay on both the iPhone and the iPads was the fact that I could hear the audio from the iDevice, but not see the video.

Being a techie, I started by updating the TV's software to the latest version, which made no difference.

It took me a few minutes to realise that, whilst I'd enabled AirPlay, I'd not clicked on the Mirroring button: -


Did I feel silly ?

Oh yes :-)

In other related news, Apple also have a rather useful Remote app that allows one to drive the TV ( and other iDevices ) from an iPhone or iPad.

Given how small the remote is: -


that's a pretty useful thing to have - I can imagine losing the remote quite easily :-)

So I know that it's possible to "crack" the TV ( aka Jail Breaking ), but I'm not yet ready for that, especially as I have the Raspberry Pi and Raspbmc to play with :-)

More to follow ….


Friday, 15 February 2013

SPNEGO and Connections 4 CR1 or CR2 - remember this!!

I spotted this on Robert Farstad's blog this AM, and wanted to share it: -


From Connections 4.0.0 to 4.0.1 or 4.0.2, the SPNEGO the Filter-criteria has changed.

So if your Connections SSO solution does not work after upgrading your 4.0.0 environment, check the filter.

The values are now:


request-url!=noSPNEGO;request-url!=/mobile;request-url!=/nav;request-url!=/bundles/js;request-url!=/static;request-url!=/activities/oauth;request-url!=/blogs/oauth;request-url!=/dogear/oauth;request-url!=/communities/calendar/oauth;request-url!=/communities/service/atom/oauth;request-url!=/communities/service/opensocial/oauth/;request-url!=/communities/recomm/oauth;request-url!=/connections/opensocial/oauth;request-url!=/connections/opensocial/anonymous/rest;request-url!=/connections/opensocial/common;request-url!=/connections/opensocial/gadgets;request-url!=/connections/opensocial/ic;request-url!=/connections/opensocial/rpc;request-url!=/connections/opensocial/social;request-url!=/connections/opensocial/xrds;request-url!=/connections/opensocial/xpc;request-url!=/connections/resources/web;request-url!=/connections/resources/ic;request-url!=/files/oauth;request-url!=/forums/oauth;request-url!=/homepage/oauth;request-url!=/metrics/service/oauth;request-url!=/moderation/oauth;request-url!=/news/oauth;request-url!=/news/follow/oauth;request-url!=/profiles/oauth;request-url!=/wikis/oauth;request-url!=/search/oauth;request-url!=/connections/core/oauth/;request-url!=/resources;request-url!=/oauth2/endpoint/

Definitely worth bearing in mind.

Thursday, 14 February 2013

WebSphere Application Server - Dynamic Cache ( DynaCache ) in a Clustered Environment

For the IBM BPM project on which I'm currently engaged, we're looking at the use of DynaCache across a clustered WAS 8 environment.

Knowing a little about DC, I wanted to read up further, especially with regard to the cache's behaviour across a multi-node cluster.

Here's a few useful items: -


<snip>
Think of DynaCache as a sophisticated Java™ Hashtable.

The code used to provide the in-memory cache services extends the Java Dictionary class, which is the abstract parent of Hashtable. You configure DynaCache to store objects, and later, based on some data matching rules, DynaCache retrieves those objects and serves them from its cache. Caching rules are stored in a configuration file called cachespec.xml. Single or multiple caches are supported. Caches are stored in the JVM heap memory and DynaCache supports overflow to disk if enabled and when required.

The system administrator has some degree of control over what is placed in memory and what (if anything) overflows to disk via configuration settings. DynaCache also calls a least recently used (LRU) algorithm during the item selection process for memory-based item eviction or overflow. The LRU algorithm consults with a user-specified cache entry priority number before the evictee is chosen. Higher numbered items stay in memory longer.

Disk offload of cache entries from memory occurs when the memory cache fills up or when the server is in the process of performing a normal, administrator-directed shut down and the "FlushToDiskOnStop" property is enabled. Upon a server restart, requests for cache entries are fulfilled by reloading the saved disk data into memory.
</snip>



<snip>
So friends, here in one of my assignment we are using dynacache to share object across application.

I posted my query on IBM developer works asking for how DynaCache works in cluster environment and i got one reply, so just thought of sharing on my blog.

DynaCache behaviour in clustered environment is somewhat different and need to take special attention.

Fist, if you don't have data replication domain setup in cluster environment each node has its own copy of the dynacache and which may cause issues in case of fail over or in case when objects are shared between diff application.

To use the your dynacache as global object across the cluster , you need create one data replication domain for the all nodes in the cluster and enable the data replication service.

To enable data replication service of dynacache, please refer to 
Configuring cache replication article in infocenter
</snip>


<snip>
Use this task to improve performance by configuring the data replication service (DRS) to replicate data from the dynamic cache service across the consumers in a replication domain.
</snip>


<snip>
With replication, data is generated one time and copied or replicated to other servers in the cluster, saving time and resources. Caching in a cluster has additional concerns. In particular, the same data can be required and generated in multiple places. Also, the permission the resources need to generate the cached data can be restricted, preventing access to the data.

Cache replication deals with these concerns by generating the data one time and copying it to the other servers in the cluster. It also aids in cache consistency. Cache entries that are not needed are removed or replaced.
</snip>


<snip>
Use this task to configure a data replication domain to transfer data, objects, or events for session manager, dynamic cache, or stateful session beans. Data replication domains use the data replication service (DRS), which is an internal product component that performs replication services, including replicating data, objects, and events among application servers.
</snip>

Configuring DynaCache

The dynamic cache service consolidates caching activities to improve application performance. By caching the response from servlets, web services, Java(TM) Server Pages (JSP) files, and WebSphere(R) Application Server commands, the application server does  not have to perform the same computations and back-end queries multiple times.

Create the Replication Domain

Via the WAS Integrated Solutions Console (ISC), navigate to Environment > Replication domains )

Configure Dynacache

Via the WAS Integrated Solutions Console (ISC), navigate to Application servers > PCSR011.AppTarget ( your server name goes here ) > Dynamic cache service.



*UPDATE* I neglected to mention an excellent article on DynaCache, written by a former colleague of mine, Gab Telerman,  that's also worth a read: -

Using DynaCache to improve the performance of your WebSphere Process Server or WebSphere ESB solution

In addition, Gab also recommended that I take a look at the jsCache toolkit on IBM Blueworks ....

Wednesday, 13 February 2013

More fun n' games with DB2 - yet another (l)user error - SQL0355N The column "DESCRIPTION", as defined, is too large to be logged. SQLSTATE=42993

So I'm seeing: -
...
CREATE TABLE BPM_TASK_INDEX ( "TASK_ID" DECIMAL(12,0) NOT NULL, "MAJOR_EVENT_DATETIME" TIMESTAMP, "MINOR_EVENT_DATETIME" TIMESTAMP, "TASK_DATA" BLOB(2G), "DELETED_DATETIME" TIMESTAMP )
DB21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:
SQL0355N  The column "TASK_DATA", as defined, is too large to be logged.  
SQLSTATE=42993

...

...
CREATE TABLE LSW_UCA ( "UCA_ID" CHAR(36) NOT NULL, "PROCESS_REF" CHAR(36) NOT NULL, "SCHED_TYPE" DECIMAL(12,0), "SCHED_EVENT_NAME" VARCHAR( 320), "QUEUE" DECIMAL(12,0), "IS_ENABLED" CHAR(1), "SHARED_SYMBOL_TABLE_ID" DECIMAL(12,0), "MONTH_LIST" VARCHAR( 96), "FREQ_TYPE" DECIMAL(12,0), "DAY_LIST" VARCHAR( 312), "HOUR_LIST" VARCHAR( 192), "MINUTE_LIST" VARCHAR( 480), "NAME" VARCHAR( 256) NOT NULL, "DESCRIPTION" CLOB(2G), "UCA_EVENT_TYPE_REF" DECIMAL(2,0), "VARIABLE_REF" CHAR(36), "IMPLEMENTATION_TYPE" VARCHAR( 320), "GUID" VARCHAR( 512) NOT NULL, "VERSION_ID" CHAR(36) NOT NULL, "LAST_MODIFIED" TIMESTAMP NOT NULL, "LAST_MODIFIED_BY_USER_ID" DECIMAL(12,0) NOT NULL )
DB21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:
SQL0355N  The column "DESCRIPTION", as defined, is too large to be logged.  
SQLSTATE=42993

...

...
CREATE TABLE LSW_USER_ATTRIBUTE_DEF ( "USER_ATTRIBUTE_ID" CHAR(36) NOT NULL, "CLASS_REF" CHAR(36) NOT NULL, "STORAGE_SOURCE" DECIMAL(12,0) DEFAULT 0 NOT NULL, "STORAGE_PROVIDER" DECIMAL(12,0), "STORAGE_PROVIDER_ATTRIBUTE" VARCHAR( 1020), "STORAGE_SERVICE" DECIMAL(12,0), "VALUES_SOURCE" DECIMAL(12,0), "VALUES_SERVICE" DECIMAL(12,0), "NAME" VARCHAR( 256) NOT NULL, "DESCRIPTION" CLOB(2G), "GUID" VARCHAR( 512) NOT NULL, "VERSION_ID" CHAR(36) NOT NULL, "LAST_MODIFIED" TIMESTAMP NOT NULL, "LAST_MODIFIED_BY_USER_ID" DECIMAL(12,0) NOT NULL )
DB21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:
SQL0355N  The column "DESCRIPTION", as defined, is too large to be logged.  
SQLSTATE=42993

etc. when creating database tables for Process Server via: -

$ db2 -tvf createTable_ProcessServer.sql

as part of an IBM BPM Advanced 8.0.1 installation.

A quick Google brings me to this: -


which says, in part: -

I performed many installations of IBM BPM7.5, 8.0 and the following are the best practices i learnt the hard way.

1. Install the DB4 (FP4) that comes bundled with the installables

2. DB2 installations creates a OS user bpmadmin(by default). Once the WAS platform is installed via a windows admin login, i re-login as bpmadmin and create the profiles using PMT. I figured out this to be the best way to get quick results.

I've installed on windows 32/64 bit m/cs and created/augmented profiles using PMT without any problems following the above approach. Also, i could install Lombardi 7.2, BPM 7.5 and BPM 8.0 on the same m/c successfully.

BTW, i came across the perfDW message bus corruption issues (perf db getting corrupt), but that will be a separate thread topic :-).

I checked the version of DB2 on my server: -

$ db2level

DB21085I  Instance "db2inst1" uses "64" bits and DB2 code release "SQL09070" 
with level identifier "08010107".
Informational tokens are "DB2 v9.7.0.0", "s090521", "LINUXAMD6497", and Fix 
Pack "0".
Product is installed at "/opt/ibm/db2/V9.7".


You can guess the rest - IBM BPM 8.0.1 requires DB2 9.7.0.5 or later, almost certainly for a very good reason :-)

I upgraded DB2 to 9.7.0.5: -

( as db2inst1 )

$ db2stop

02/13/2013 15:06:53     0   0   SQL1064N  DB2STOP processing was successful.
SQL1064N  DB2STOP processing was successful.

( as dasusr1 )

$ db2admin stop

SQL4410W  The DB2 Administration Server is not active.

( as root )

$ mkdir /tmp/db2
$ cd /tmp/db2
$ tar xvzf /mnt/hgfs/DaveHay/Software/DB2V9/Linux/v9.7fp5_linuxx64_universal_fixpack.tar.gz 

universal/
universal/db2/
universal/db2/linuxamd64/
universal/db2/linuxamd64/utilities/
universal/db2/linuxamd64/utilities/db2IdentifyType1/
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/db2fupdt
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/db2IdentifyType1_v8_32
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/disp_msg
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/db2IdentifyType1_v9_64
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/db2IdentifyType1_v8_64
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/db2IdentifyType1_v9_32
universal/db2/linuxamd64/utilities/db2IdentifyType1/bin/db2langdir

universal/doc/sk_SK/release.txt
universal/doc/it_IT/
universal/doc/it_IT/release.txt
universal/db2ls
universal/installFixPack
universal/db2ckupgrade


cd universal/
./installFixPack 

DBI1073E  The -b <baseInstallPathOfDB2> is required for the installer
      script installFixPack.


Enter full path name for the install directory -

------------------------------------------------
/opt/ibm/db2/V9.7
DBI1017I  installFixPack is updating the DB2 product(s) installed in
      location /opt/ibm/db2/V9.7.


DB2 installation is being initialized.

 Total number of tasks to be performed: 39 
Total estimated time for all tasks to be performed: 1432 

Task #38 end 

Task #39 start
Description: Updating existing DB2 instances 
Estimated time 60 second(s) 
Task #39 end 

The execution completed successfully.

For more information see the DB2 installation log at
"/tmp/installFixPack.log.35600".


$ /opt/ibm/db2/V9.7/instance/db2iupdt db2inst1

DBI1070I  Program db2iupdt completed successfully.

( as db2inst1 )

$ db2level

DB21085I  Instance "db2inst1" uses "64" bits and DB2 code release "SQL09075" 
with level identifier "08060107".
Informational tokens are "DB2 v9.7.0.5", "s111017", "IP23292", and Fix Pack 
"5".
Product is installed at "/opt/ibm/db2/V9.7".


$ db2start

02/13/2013 16:22:10     0   0   SQL1063N  DB2START processing was successful.
SQL1063N  DB2START processing was successful.

$ db2 -tvf createDatabase.sql

create database BPMDB automatic storage yes  using codeset UTF-8 territory US pagesize 32768

connect to BPMDB

   Database Connection Information

 Database server        = DB2/LINUXX8664 9.7.5
 SQL authorization ID   = DB2INST1
 Local database alias   = BPMDB


grant dbadm on database to user db2inst1
DB21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:
SQL0554N  An authorization ID cannot grant a privilege or authority to itself. 
SQLSTATE=42502

UPDATE DB CFG FOR BPMDB USING LOGFILSIZ 4096 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

UPDATE DB CFG FOR BPMDB USING LOGSECOND 64 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

connect reset
DB20000I  The SQL command completed successfully.

$ db2 connect to bpmdb

   Database Connection Information

 Database server        = DB2/LINUXX8664 9.7.5
 SQL authorization ID   = DB2INST1
 Local database alias   = BPMDB


$ db2 -tvf createTable_ProcessServer.sql

CREATE TABLE LSW_METRIC ( "METRIC_ID" CHAR(36) NOT NULL, "UNIT" DECIMAL(12,0) NOT NULL, "ROLLUP_METRIC_REF" CHAR(36), "ROLLUP_MULTIPLIER" DECIMAL(20,8), "XML_DATA" BLOB(2G), "NAME" VARCHAR( 256) NOT NULL, "DESCRIPTION" CLOB(2G), "GUID" VARCHAR( 512) NOT NULL, "VERSION_ID" CHAR(36) NOT NULL, "LAST_MODIFIED" TIMESTAMP NOT NULL, "LAST_MODIFIED_BY_USER_ID" DECIMAL(12,0) NOT NULL )
DB20000I  The SQL command completed successfully.

ALTER TABLE LSW_METRIC ADD CONSTRAINT "NAME" CHECK (CHARACTER_LENGTH("NAME",CODEUNITS16) <= 64)  ENFORCED ENABLE QUERY OPTIMIZATION
DB20000I  The SQL command completed successfully.

ALTER TABLE LSW_METRIC ADD CONSTRAINT "GUID" CHECK (CHARACTER_LENGTH("GUID",CODEUNITS16) <= 128)  ENFORCED ENABLE QUERY OPTIMIZATION
DB20000I  The SQL command completed successfully.

CREATE TABLE LSW_SLA ( "SLA_ID" CHAR(36) NOT NULL, "ITEM_TYPES" DECIMAL(12,0) NOT NULL, "XML_DATA" BLOB(2G) NOT NULL, "PARTICIPANT_REF" CHAR(36), "NAME" VARCHAR( 256) NOT NULL, "DESCRIPTION" CLOB(2G), "GUID" VARCHAR( 512) NOT NULL, "VERSION_ID" CHAR(36) NOT NULL, "LAST_MODIFIED" TIMESTAMP NOT NULL, "LAST_MODIFIED_BY_USER_ID" DECIMAL(12,0) NOT NULL )
DB20000I  The SQL command completed successfully.

ALTER TABLE LSW_SLA ADD CONSTRAINT "NAME" CHECK (CHARACTER_LENGTH("NAME",CODEUNITS16) <= 64)  ENFORCED ENABLE QUERY OPTIMIZATION
DB20000I  The SQL command completed successfully.

...
INSERT INTO LSW_USR_GRP_MEM_XREF("USER_ID", "GROUP_ID") VALUES (9, 4)
DB20000I  The SQL command completed successfully.

INSERT INTO LSW_USR_GRP_MEM_XREF("USER_ID", "GROUP_ID") VALUES (9, 11)
DB20000I  The SQL command completed successfully.

INSERT INTO LSW_USR_GRP_MEM_XREF("USER_ID", "GROUP_ID") VALUES (9, 15)
DB20000I  The SQL command completed successfully.

INSERT INTO LSW_USR_GRP_MEM_XREF("USER_ID", "GROUP_ID") VALUES (9, 16)
DB20000I  The SQL command completed successfully.


PS I dropped the database and recreated to ensure consistency, and avoid duplicate object errors.

So, the moral of the story, get your fix packs right …..

(L)user error when attempting to import a Deployment Environment into an IBM BPM Advanced 8.0.1 configuration

Whilst using a response file to import a Deployment Environment ( for Process Center ) into my newly minted IBM BPM Advanced 8.0.1 configuration, I saw this exception: -

WASX7209I: Connected to process "dmgr" on node PCDMNODENode using SOAP connector;  The type of process is: DeploymentManager
INFO: Importing the topology file /stage/inst/scripts/responseFiles/../PCDeployEnv.resp as deployment environment PCDeployEnv
INFO: Generating the artifacts for the deployment environment PCDeployEnv
WASX7017E: Exception received while running file "/stage/inst/scripts/createDepEnv.py"; exception information: com.ibm.wbiserver.nd.topology.exceptions.WBINDException: com.ibm.wbiserver.nd.topology.exceptions.WBINDException: Topology PCDeployEnv is not ready to be configured as its status is null


with this corresponding message in the Deployment Manager's SystemOut.log: -

[13/02/13 14:36:53:528 GMT] 0000001c WBITopologyCm W com.ibm.wbiserver.nd.topology.commands.WBITopologyCmdMgr validate CWLDB9025E: Deployment environment PCDeployEnv is invalid. Reason Role AppTarget's base runtime WPS is not supported by Node PCNODE1's runtime [].

Knowing that both Deployment Manager and Node profiles were of the right "type" : -

$ cat /opt/IBM/WebSphere/AppServer/properties/profileRegistry.xml

<?xml version="1.0" encoding="UTF-8"?><profiles>
    <profile isAReservationTicket="false" isDefault="true" name="PCDMNODE" path="/opt/IBM/WebSphere/AppServer/profiles/PCDMProfile" template="/opt/IBM/WebSphere/AppServer/profileTemplates/management">
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/BusinessSpace/dmgr.bspace"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/BPM/base/profileTemplates/dmgr.bpm"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/dmgr.wbicore"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/dmgr.bpc"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/dmgr.wbiserver"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/BPM/dmgr.procctr"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/BPM/dmgr.procctr.adv"/>
    </profile>
    <profile isAReservationTicket="false" isDefault="false" name="PCNODE1" path="/opt/IBM/WebSphere/AppServer/profiles/PCN1Profile" template="/opt/IBM/WebSphere/AppServer/profileTemplates/managed">
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/BusinessSpace/managed.bspace"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/BPM/base/profileTemplates/managed.bpm"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/managed.wbicore"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/managed.bpc"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/managed.wbiserver"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/BPM/managed.procctr"/>
        <augmentor template="/opt/IBM/WebSphere/AppServer/profileTemplates/BPM/managed.procctr.adv"/>
    </profile>

I knew the error must be somewhere else.

I looked back through my notes and, lo and behold, I'd forgotten to add ( federate ) my node into the DM-managed cell :-)

Can you say "Doh!" ?

Once I added the node into the cell ( using addNode.sh ) and removed the partially imported Deployment Environment, I re-ran my script to import the DE, and it went in like Flynn: -

WASX7209I: Connected to process "dmgr" on node PCDMNODENode using SOAP connector; The type of process is: DeploymentManager
INFO: Importing the topology file /stage/inst/scripts/responseFiles/../PCDeployEnv.resp as deployment environment PCDeployEnv
INFO: Generating the artifacts for the deployment environment PCDeployEnv

with corresponding happy messages in the DM's SystemOut.log: -

[13/02/13 14:44:20:965 GMT] 0000003e InstallSchedu I   ADMA5013I: Application RemoteAL61 installed successfully.
[13/02/13 14:44:54:517 GMT] 0000003f InstallSchedu I   ADMA5013I: Application REST Services Gateway installed successfully.
[13/02/13 14:45:48:713 GMT] 00000040 InstallSchedu I   ADMA5013I: Application IBM_BPM_Portal_PCSR01.AppTarget installed successfully.
[13/02/13 14:45:59:760 GMT] 00000041 InstallSchedu I   ADMA5013I: Application IBM_BPM_ProcessAdmin_PCSR01.AppTarget installed successfully.
[13/02/13 14:46:28:742 GMT] 00000042 InstallSchedu I   ADMA5013I: Application IBM_BPM_Teamworks_PCSR01.AppTarget installed successfully.
[13/02/13 14:46:36:421 GMT] 00000043 InstallSchedu I   ADMA5013I: Application IBM_BPM_WebAPI_PCSR01.AppTarget installed successfully.
[13/02/13 14:46:50:038 GMT] 00000044 InstallSchedu I   ADMA5013I: Application IBM_BPM_Help_PCSR01.AppTarget installed successfully.
[13/02/13 14:46:52:117 GMT] 00000045 InstallSchedu I   ADMA5013I: Application IBM_BPM_Repository_PCSR01.AppTarget installed successfully.
[13/02/13 14:47:00:841 GMT] 00000046 InstallSchedu I   ADMA5013I: Application IBM_BPM_PerformanceDW_PCSR01.Support installed successfully.
[13/02/13 14:47:06:796 GMT] 00000047 InstallSchedu I   ADMA5013I: Application mm.was_PCSR01.WebApp installed successfully.
[13/02/13 14:47:09:217 GMT] 00000048 InstallSchedu I   ADMA5013I: Application HumanTaskManagementWidgets_PCSR01.WebApp installed successfully.
[13/02/13 14:47:12:388 GMT] 00000049 InstallSchedu I   ADMA5013I: Application BSpaceHelp_PCSR01.WebApp installed successfully.


Problems installing IBM Business Process Manager Advanced 8.0.1

So, during my scripted installation of IBM BPM 8.0.1 today, my installation failed with: -

CRIMA1154E ERROR: Error installing.

  CRIMC1029E ERROR:   Adding file com.ibm.websphere.WAS.server_014_all.all_8.0.5.201210222356 to repository /opt/IBM/InstallationManager/eclipsecache failed.

    CRIMC1085E ERROR:     Resumable download failed for: /mnt/hgfs/DaveHay/BPM/fixes/Base/files/com.ibm.websphere.WAS.server_014_all.all_8.0.5.201210222356.file.

      ERROR:       Encountered 2 times: Failed to retrieve 'file com.ibm.websphere.WAS.server_014_all.all_8.0.5.201210222356'.

        ERROR:         Downloading '/mnt/hgfs/DaveHay/BPM/fixes/Base/files/com.ibm.websphere.WAS.server_014_all.all_8.0.5.201210222356.file' to '/opt/IBM/InstallationManager/eclipsecache/tmp/cicdip_wasadmin/v/md5/2f4d2cbf07d9b100072fd9b33178ed67_md5~6e854ee99153c8bee3e1322d7ba0c586'.

        ERROR:         Table of contents digests differs from digest of downloaded file.

        ERROR:         'md5' digest values do not match: [2f4d2cbf07d9b100072fd9b33178ed67] (Actual) vs [027451badad73fb376e793f2689f5a1a] (Expected).   



resulting in some of IHS installing, but nothing else.

I'm using a single response file to have IBM Installation Manager 1.6 install IHS, WAS Plugin, WAS and BPM.

I confirmed that my repository was in good order: -

$ /opt/IBM/InstallationManager/eclipse/tools/imcl -silent -nosplash listAvailablePackages -repositories /mnt/hgfs/DaveHay/BPM/install/repository/repos_64bit/

com.ibm.bpm.ADV.V80_8.0.1000.20121102_2136
com.ibm.websphere.ND.v80_8.0.3.20120320_0536
com.ibm.ws.DB2EXP97.linuxia64_9.7.3.20120504_0255

before re-reading the error message above.

It looked like there was some problem with the WAS fixes element of the installation.

Reading this IBM Technote: -


appeared to confirm that.

Therefore, I deleted the contents of the appropriate directory: -

$ cd /mnt/hgfs/DaveHay/BPM/fixes/Base
rm -Rf *

and unzipped the WAS 8.0.0.5 Base fix packs again: -

unzip ../../../Software/WAS80FP5/8.0.0-WS-WAS-FP0000005-part1.zip
unzip ../../../Software/WAS80FP5/8.0.0-WS-WAS-FP0000005-part1.zip

This time around, the installation went through without a problem: -

Modified com.ibm.websphere.IHS.v80_8.0.5.20121022_1902 in the /opt/IBM/HTTPServer directory.
Installed com.ibm.websphere.ND.v80_8.0.5.20121022_1902 to the /opt/IBM/WebSphere/AppServer directory.
Installed com.ibm.bpm.ADV.V80_8.0.1000.20121102_2136 to the /opt/IBM/WebSphere/AppServer directory.
Installed com.ibm.websphere.PLG.v80_8.0.5.20121022_1902 to the /opt/IBM/HTTPPlugins directory.


( IHS was modified rather than installed because the previous failed installations had already laid down all/some of the required directory structure )

Tuesday, 12 February 2013

Compatibility of IBM Business Process Manager (BPM) and IBM WebSphere Portal releases

I saw this on Twitter earlier today: -



Question

Which configuration combinations are supported to use the Coach portlets or other business process integration portlets from IBM Business Process Manager Advanced Version 7.5.x or 8.0.x with WebSphere Portal? What are the required prerequisites?

Cause

WebSphere Portal can be installed on IBM WebSphere Application Server Version 6.1, 7.0, or 8.0.

Answer

The following matrix covers which configurations are supported in a two-cell configuration.


Sunday, 10 February 2013

MacBook Pro with Retina Display - Sometimes slow to wake ...

On rare occasions, I've noticed that my MBPr ( aka MBP:TNG ) is slow to wake up from standby.

By slow, I mean that it can take a whole 10 seconds for it to be ready to receive my password :-) Compared to previous Windows machines, 10 seconds is still lightning fast but I'm a purist !

A quick Google search brought me to this blog post: -


where the author ( E R Walter ) explains that one can use the pmset command to regulate the interval before the Mac goes properly to sleep, writing RAM ( all 16 GB of it ) out to disk to conserve power: -

What is actually happening is that these new MacBook Pro's (and recent MacBook Air's) have a new powersaving mode which Apple calls standby. Standby mode kicks in after the laptop has been in normal sleep mode for about an hour. When that happens, the contents of RAM are written to the hard drive and the RAM is powered down to further extend battery life. In theory, the laptop will last up to 30 days in standby mode. The trade off is that, when waking up, it takes a long time to reload 16 GB of RAM from the hard drive (even with SSD).

Note that if the laptop sleeps for less than an hour, then it will wake up nearly instantly. I've seen this myself in cases where I close the lid briefly while walking between meetings. This fact is the key to my workaround. It turns out that this 1 hour delay is configurable.

Following his advice, I checked the current interval with pmset -g: -

$ pmset -g

Active Profiles:
Battery Power -1*
AC Power -1
Currently in use:
 standbydelay         4200
 standby              1
 halfdim              1
 hibernatefile        /var/vm/sleepimage
 darkwakes            0
 gpuswitch            2
 disksleep            10
 sleep                60
 autopoweroffdelay    14400
 hibernatemode        3
 autopoweroff         1
 ttyskeepawake        1
 displaysleep         2
 acwake               0
 lidwake              1


which means that the Mac will go to sleep after 4,200 seconds ( 70 minutes ).

If needed, I could change it to, say, 24 hours, using the following command: -

sudo pmset -a standbydelay 86400

However, given that I'm currently spending a lot of time travelling, the conservation of energy is more important than losing 10 seconds :-)

Therefore, I'm going to leave things as-is, but at least I know how to do it in the future …..

Friday, 8 February 2013

Secure in my CUPS

So I was struggling to add my newly purchased HP Desktop printer to my Ubuntu 10.04 ( old skool ) laptop.

Whenever I attempted to remove my old Canon and Kodak printers, or add the new HP printer, I was prompted to authenticate as root even though I was logged in as a non-root user, which is a pain as Ubuntu doesn't typically use the root account, instead allowing one to use sudo bash to achieve root.

I then tried to access CUPs via the web UI: -

https://localhost:631/admin

Similar issues there - I received the exception Forbidden when I tried to remove either of the two old printers, despite authenticating as my non-root user ( claire ).

When I checked the system messages: -

$ dmesg

I saw: -

E [08/Feb/2013:17:48:40 +0000] cupsdAuthorize: pam_authenticate() returned 7 (Authentication failure)!
E [08/Feb/2013:17:51:33 +0000] cupsdAuthorize: pam_authenticate() returned 7 (Authentication failure)!
E [08/Feb/2013:17:51:35 +0000] cupsdAuthorize: pam_authenticate() returned 7 (Authentication failure)!

When I checked the CUPS error log ( /var/log/cups/error_log ). I saw: -

E [08/Feb/2013:18:59:34 +0000] Returning HTTP Forbidden for CUPS-Delete-Printer (ipp://localhost/printers/Canon-iP4000) from localhost
E [08/Feb/2013:19:00:10 +0000] Returning HTTP Forbidden for CUPS-Delete-Printer (ipp://localhost/printers/Canon-iP4000) from localhost


Following this forum post: -


I checked the CUPS configuration for the relevant administration group: -

$ cat /etc/cups/cupsd.conf | grep SystemGroup

...SystemGroup lpadmin


and then checked the groups of which my user ( claire ) was a member: -

cat /etc/group | grep -i claire

lp:x:7:claire
admin:x:119:claire
claire:x:1000:


That explained it - claire needed to be a member of the lpadmin group.

That was easily fixed: -

$ usermod -G lp,admin,lpadmin claire

and then verified: -

$ cat /etc/group | grep -i claire

...
lp:x:7:claire
lpadmin:x:105:claire
admin:x:119:claire
claire:x:1000:


Having done that, all was well, and I was able to remove the Canon and Kodak printers.

Finally, I downloaded the required HP Linux Imaging and Printing (HPLIP) software for the new printer from the HPLIP site.

This is the link to what I ended up downloading: -


and this page takes one through the installation, using a terminal session ( of course !! ).

When I upgrade the Linux box to 12.10, I'll need to go back through the same set of steps …..

And now I have a lovely shiny new HP 3055a printer up and running.

This printer was recommended by Which? as being a good combination of function, price and affordability ( running costs ).

I bought it in Argos for £45 ( as I was in dire need of a working printer earlier this week ), but it's almost certainly cheaper online.

So far, so good, it was easy to set up, and has WiFi, which means that I can use AirPrint from my iPhone, iPad, Mac and … now the Ubuntu boxen.

Sweet :-)

*UPDATE*

As recommended by my Cat: -

One

Two

Tuesday, 5 February 2013

IBM Business Monitor is unable to publish cubes to IBM Cognos BI service

This is potentially of use, as it obviates the need to install a "thick" client on your IBM Business Monitor server for Cognos -> database connectivity.

I had previously blogged: -


about an issue whereby I needed to configure the JVM hosting my Cognos BI service ( the Support cluster member ) to use the 32-bit DB2 drivers.

Well, this IBM Technote: -


appears to provide an alternative, as it says, in part: -

For a IBM Business Monitor V8.0 system the cube publish may be changed to use Dynamic Query Mode which utilizes a JDBC connection and does not require a native database client on the IBM Cognos BI server system. The IBM Cognos BI server will need to have JVM argument set.

Follow these instructions to turn on Dynamic Query mode during publishing:
1. In the Administration Console select Servers
2. Expand Server Type and select WebSphere application servers
3. Click on the name of your server
4. Expand Java™ and Process Management and select Process Definition.
5. Under the Additional Properties section, click Java Virtual Machine.
6. Scroll down and locate the textbox for Generic JVM arguments.
7. add "-Dinit.dqm.enabled=true"

which suggests that we no longer need to have a bit-compatible database client installed, as Cognos uses WAS / JDBC to access the database.

For DB2, requiring a native driver is one thing, but for Oracle, there's a whole additional layer of complexity required to install an Oracle "thick" client, rather than simply deploying a JAR file.

The proof of the pudding will be in the eating …..

*UPDATE 16/7/2014*

My IBM colleague, RichardR, has pointed out that BAM 8.0.1.2 no longer requires the -Dinit.dqm.enabled=true setting. Thus far, my testing ( one time on a VM using Oracle ) appears to confirm that. I'll continue to test ...

 *UPDATE 16/7/2014*

Monday, 4 February 2013

Guide to properly setting up SSL within the IBM HTTP Server

This is an oldie but a goodie: -

The following information can be used as a guide for setting up the Secure Sockets Layer (SSL) within the IBM HTTP Server. This document covers information on setting up SSL virtualhosts, creating keyfiles, certificates along with how to protect access to directories and URLs to specific ciphers. Also, included is documentation on how to trace and record SSL traffic between a client browser and the Web server.


Thanks to IBM_AppServer on Twitter for sharing ….

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...