Definitely worth a read ….
Geeking in technology since 1985, with IBM Development, focused upon Docker and Kubernetes on the IBM Z LinuxONE platform In the words of Dr Cathy Ryan, "If you don't write it down, it never happened". To paraphrase one of my clients, "Every day is a school day". I do, I learn, I share. The postings on this site are my own and don’t necessarily represent IBM’s positions, strategies or opinions. Remember, YMMV https://infosec.exchange/@davehay
Friday, 31 May 2013
Kevin Grigorenko's IBM WebSphere SWAT Blog - IBM Java on Linux
This is an excellent series of articles from a great blog: -
Thursday, 23 May 2013
Driving IBM Installation Manager via the Command Line
One of my ISSW colleagues drew my attention to this.
$ /opt/IBM/InstallationManager/eclipse/tools/imcl uninstall com.ibm.websphere.ND.v70 com.ibm.websphere.XML.v10 com.ibm.ws.WBPMSTD_7.5.1001.20120915_1227
It's possible to use IBM Installation Manager, via the command-line, to perform a complete uninstallation of a set of WebSphere-based products, without needing to generate and use a response file.
So here's me uninstalling IBM BPM 7.5.1.0, plus it's underlying co-requisites: -
Remove the WAS Profiles
$ /opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -deleteAll
Uninstall BPM, XML Feature Pack and WAS ND
$ /opt/IBM/InstallationManager/eclipse/tools/imcl uninstall com.ibm.websphere.ND.v70 com.ibm.websphere.XML.v10 com.ibm.ws.WBPMSTD_7.5.1001.20120915_1227
Uninstall IIM
$ /opt/IBM/InstallationManager/eclipse/tools/imcl uninstall com.ibm.cic.agent_1.6.2000.20130301_2248
Sweet :-)
Tuesday, 14 May 2013
The "You have been automatically logged out for security reasons" error is seen with IBM Business Process Manager (BPM)
Another one thanks to the @IBM_BPM service on Twitter: -
Problem(Abstract)
When you submit a coach or run an exposed service you might see the error message: "You have been automatically logged out for security reasons. Unfortunately, because of this we are unable to save your information at this time. Please run this task again to save your information."
Cause
There are several reasons why this error is thrown by IBM Business Process Manager. This document provides a list of all of the possible reasons and resolutions.
The possible causes of the error are:
When you submit a coach or run an exposed service you might see the error message: "You have been automatically logged out for security reasons. Unfortunately, because of this we are unable to save your information at this time. Please run this task again to save your information."
Cause
There are several reasons why this error is thrown by IBM Business Process Manager. This document provides a list of all of the possible reasons and resolutions.
The possible causes of the error are:
• You are using a process application that was imported from WebSphere Lombardi Edition V7.x and it contains the old system toolkit dependencies.
• The CoachDesigner.xsl file, coach_designer.css file, or both files in your process application are not the stock files.
• You attempt to run the same task and submit the same coach from several browser windows.
• You might have a general Jave™Script syntax error in your coach in a custom HTML block.
• You have changed the URLs in IBM Business Process Manager configuration files after adding a front-end web server.
• You have configured IBM Business Process Manager to work with your Load Balancer.
• The IBM Business Process Manager server is not in the list of trusted sites for Microsoft Internet Explorer
Want to know more ? Then read the Technote in full here: -
Monday, 13 May 2013
What is important when monitoring IBM Business Process Manager at the infrastructure level?
Again, this popped up in my Twitter stream of consciousness, thanks to @IBM_BPM : -
For monitoring to work, agents must be installed on the server that will communicate with a tool for generating alerts and record values. Usually the client already has the tools for monitoring the infrastructure but they do not know what metrics are important to collect for IBM Business Process Manager, what the thresholds are, and what action to take in case an incident happens. Therefore, you need the IBM professional at the customer site to provide this kind of information and so you can customize your dashboards with the information provided.
Normally, because the IBM Business Process Manager is based on the WebSphere Application Server, we always get the same metrics as used on the application server. To ensure the smooth operation of servers and anticipate potential problems, monitoring is important.
In my customer engagements, I am often asked the following questions:
• What metrics should we use to monitor the infrastructure for our IBM Business Process Manager environment?
• What key metrics should I always look at to prevent the environment from becoming unavailable?
• Which actions should be taken in case the metric threshold is exceeded or when receiving an alert by running out of service?
Normally, because the IBM Business Process Manager is based on the WebSphere Application Server, we always get the same metrics as used on the application server. To ensure the smooth operation of servers and anticipate potential problems, monitoring is important.
Wednesday, 8 May 2013
Using the ITCAM for Applications BPM monitoring solution to identify slow Business Process Definitions
This came to my attention via the @IBM_BPM Twitter account: -
IBM Tivoli Composite Application Manager (ITCAM) for Applications incorporates a BPM monitoring solution that can help customers to track and identify these scenarios. In this paper, we look at one scenario: "BPM server has a long response time due to slow running Business Process Definitions (BPDs)" to illustrate best practice in detail. The solution can be used to address other scenarios easily, with minor changes.
IBM Business Process Manager (BPM) is a widely used, comprehensive BPM platform that gives you visibility and insight to manage business processes. One of the biggest challenges for BPM customers is tracking the health and performance of the BPM server and its processes, then identifying potential issues to improve the satisfaction of the end user. BPM customer business can be impacted by the following scenarios:
• BPM server takes a long time to complete transactions
• BPM server is unresponsive and cannot handle transactions
Tuesday, 7 May 2013
Top 6 mistakes in IBM Business Process Manager installations
Let's play a game of word association. What subject comes to mind with the words "engaging" and "terrifying"? Whatever you are thinking, I suspect it wasn't IT security. Yet those very words describe J Keith Wood and Jens Engelke's new IBM Redbooks publication. In it, they share their experiences of working with IBM customers around the world on securing IBM Business Process Manager solutions. Security pitfalls are everywhere and the stakes could not be higher.
This blog post is part of a series about common Business Process Manager security holes. In this post, we focus specifically on IBM Business Process Manager installation security. Much more information can be found in their Redbooks publication: IBM Business Process Manager Security: Concepts and Guidance.
This blog post is part of a series about common Business Process Manager security holes. In this post, we focus specifically on IBM Business Process Manager installation security. Much more information can be found in their Redbooks publication: IBM Business Process Manager Security: Concepts and Guidance.
1. Faith in your firewall
2. Failure to use SSL between Business Process Manager and the database server
3. Failure to encrypt data at rest
4. Failure to use SSL between Process Server and Process Center
5. Overuse of default BusinessProcess Manager accounts
6. Overuse of trust in certificate authorities
Wednesday, 1 May 2013
Verbose Garbage Collection logging in the WebSphere Liberty Profile
As part of an exercise to help a colleague, who was trying to work out how to enable verbose GC logging within the WAS Liberty Profile, I've just installed Liberty and the WAS Developer Tools onto my Mac.
/Users/hayd/Downloads/wlp/etc
Once I restarted my JVM: -
I used this excellent blog post: -
as inspiration, as well as an earlier blog post of mine: -
I downloaded Eclipse Indigo from the Eclipse site here into which I installed the WAS 8.5 Liberty Profile Developer Tools.
I also downloaded the Liberty code directly from here which resulted in: -
wlp-developers-8.5.0.2.jar
and installed it here: -
/Users/hayd/Downloads/wlp
I then referred to this IBM Technote: -
I then referred to this IBM Technote: -
Setting generic JVM arguments in the WebSphere Application Server V8.5 Liberty profile
which directs one to create a jvm.options file, containing the line: -
which directs one to create a jvm.options file, containing the line: -
-verbose:gc
There are two options for the location of this file - from the Technote: -
There are two options for the location of this file - from the Technote: -
Depending on your preferences, you might configure a single JVM or all Liberty JVMs with your options file.
To apply these settings to a single server, save jvm.options at:
${server.config.dir}/jvm.options
${server.config.dir}/jvm.options
To apply these changes to all Liberty JVMs, save jvm.options at:
${wlp.install.dir}/etc/jvm.options
This will take effect for all JVMs that do not have a locally defined jvm.options file.
${wlp.install.dir}/etc/jvm.options
This will take effect for all JVMs that do not have a locally defined jvm.options file.
I found that, for the second of these - {wlp.install.dir}/etc/ - I had to manually create the etc subdirectory here: -
/Users/hayd/Downloads/wlp/etc
Once I restarted my JVM: -
$ /Users/hayd/Downloads/wlp/bin/server stop MyInstance
$ /Users/hayd/Downloads/wlp/bin/server start MyInstance
I could see the Verbose GC data being logged: -
Launching MyInstance (wlp-1.0.2.cl0220130316-0213/websphere-kernel_1.0.2) on Java HotSpot(TM) 64-Bit Server VM, version 1.7.0_21-b12 (en_US)
[AUDIT ] CWWKE0001I: The server MyInstance has been launched.
[GC 24640K->6261K(94144K), 0.0080240 secs]
[GC 30901K->7789K(94144K), 0.0114560 secs]
[AUDIT ] CWWKZ0058I: Monitoring dropins for applications.
[GC 32429K->12040K(94144K), 0.0106580 secs]
[AUDIT ] CWWKT0016I: Web application available (default_host): http://localhost:9080/Pickle/*
[AUDIT ] CWWKZ0001I: Application Pickle started in 0.92 seconds.
[ERROR ] SRVE0164E: Web Application Pickle uses the context root /Pickle/*, which is already in use by Web Application Pickle. Web Application Pickle will not be loaded.
[AUDIT ] CWWKZ0001I: Application PickleEAR started in 0.70 seconds.
[AUDIT ] CWWKF0011I: The server MyInstance is ready to run a smarter planet.
here: -
/Users/hayd/Downloads/wlp/usr/servers/MyInstance/logs/console.log
I also tested placing the jvm.options file into the server.config.dir location instead: -
/Users/hayd/Downloads/wlp/usr/servers/MyInstance
and saw the same effect - verbose GC was enabled when I started the server.
Finally, this IBM Technote: -
Launching MyInstance (wlp-1.0.2.cl0220130316-0213/websphere-kernel_1.0.2) on Java HotSpot(TM) 64-Bit Server VM, version 1.7.0_21-b12 (en_US)
[AUDIT ] CWWKE0001I: The server MyInstance has been launched.
[GC 24640K->6261K(94144K), 0.0080240 secs]
[GC 30901K->7789K(94144K), 0.0114560 secs]
[AUDIT ] CWWKZ0058I: Monitoring dropins for applications.
[GC 32429K->12040K(94144K), 0.0106580 secs]
[AUDIT ] CWWKT0016I: Web application available (default_host): http://localhost:9080/Pickle/*
[AUDIT ] CWWKZ0001I: Application Pickle started in 0.92 seconds.
[ERROR ] SRVE0164E: Web Application Pickle uses the context root /Pickle/*, which is already in use by Web Application Pickle. Web Application Pickle will not be loaded.
[AUDIT ] CWWKZ0001I: Application PickleEAR started in 0.70 seconds.
[AUDIT ] CWWKF0011I: The server MyInstance is ready to run a smarter planet.
here: -
/Users/hayd/Downloads/wlp/usr/servers/MyInstance/logs/console.log
I also tested placing the jvm.options file into the server.config.dir location instead: -
/Users/hayd/Downloads/wlp/usr/servers/MyInstance
and saw the same effect - verbose GC was enabled when I started the server.
Finally, this IBM Technote: -
was also of use to me in determining the precise location of the wlp.install.dir and shared.config.dir locations
Subscribe to:
Posts (Atom)
Reminder - installing podman and skopeo on Ubuntu 22.04
This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman and skopeo on an Ubuntu box: - lsb_rel...
-
Why oh why do I forget this ? Running this command : - ldapsearch -h ad2012.uk.ibm.com -p 389 -D CN=bpmbind,CN=Users,DC=uk,DC=ibm,DC=com -w...
-
Error "ldap_sasl_interactive_bind_s: Unknown authentication method (-6)" on a LDAPSearch command ...Whilst building my mega Connections / Domino / Portal / Quickr / Sametime / WCM environment recently, I was using the LDAPSearch command tha...
-
Whilst building a new "vanilla" Kubernetes 1.25.4 cluster, I'd started the kubelet service via: - systemctl start kubelet.se...