Friday 31 October 2014

IBM Business Process Manager V8.5 Performance Tuning and Best Practices

IBM Business Process Manager V8.5 Performance Tuning and Best Practices

This IBM® Redbooks® publication provides performance tuning tips and best practices for IBM Business Process Manager V8.5.5 (all editions) and IBM Business Monitor V8.5.5. These products represent an integrated development and runtime environment based on a key set of service-oriented architecture (SOA) and business process management technologies. Such technologies include Service Component Architecture (SCA), Service Data Object (SDO), Business Process Execution Language (BPEL) for web services, and Business Processing Modeling Notation (BPMN).

Both IBM Business Process Manager and Business Monitor build on the core capabilities of the IBM WebSphere® Application Server infrastructure. As a result, Business Process Manager solutions benefit from tuning, configuration, and best practices information for WebSphere Application Server and the corresponding platform Java virtual machines (JVMs).

This book targets a wide variety of groups, both within IBM (development, services, technical sales, and others) and customers. For customers who are either considering or are in the early stages of implementing a solution incorporating Business Process Manager and Business Monitor, this document proves a useful reference. The book is useful both in terms of best practices during application development and deployment and as a reference for setup, tuning, and configuration information.

This book talks about many issues that can influence performance of each product and can serve as a guide for making rational first choices in terms of configuration and performance settings. Similarly, customers who already implemented a solution with these products can use the information presented here to gain insight into how their overall integrated solution performance can be improved.

This IBM Redbooks publication replaces the existing IBM Redpaper™ publication IBM Business Process Manager V8.0 Performance Tuning and Best Practices, REDP-4935.

Wednesday 29 October 2014

IBM Product Security Incident Response Blog


This page contains important information regarding security vulnerabilities that may affect IBM products and solutions. IBM PSIRT follows the NIST guidelines for determining the severity rating of the reported vulnerability - see "NVD Vulnerability Severity Ratings" for details. Please use this information to take the appropriate actions.

In our effort to serve you better, we recommend that you subscribe to RSS feed for notification of future IBM Security Bulletins and advisories posted on this blog.The short URL for this blog is www.ibm.com/blogs/PSIRT

Saturday 25 October 2014

IBM Business Process Manager Interactive Migration Guide

IBM Business Process Manager Interactive Migration Guide

This guide takes you through the steps for migrating to IBM Business Process Manager (IBM BPM) V8.5.5 from a previous version or another product.

The Interactive Migration Guide works best in supported versions of Firefox on Windows 7. To report problems with using this guide, use the feedback link. In most instances, the generated output is restricted to supported migration scenarios. However, it might be possible to generate an unsupported set of instructions. For information about supported migration scenarios, go to the IBM Support Portal.

The Interactive Migration Guide uses rules and considerations that are described in other topics in this information center. Each of those topics is accessible to screen readers, but the Interactive Migration Guide itself is not fully accessible. For fully accessible information, use the migration topics in the information center as an alternative to using the Interactive Migration Guide.

Friday 24 October 2014

OS X Yosemite: Spotlight keyboard shortcuts

Thanks for @jonmelll for helping me find this: -



IBM Integration Community - more ways to get in touch

Welcome to the IBM Integration Community !

Our community brings together the IBM Integration Bus development team, clients, business partners, and other IBMers for the purpose of learning, sharing, and engaging.

There are many sources of information about IBM Integration Bus such as the Infocenter, developerWorks, forums and the IBM support site. The IBM integration community provides a single point of access to these and other sources of information as well as provides content not available elsewhere.


On this site, you will find:
1.    White papers and articles that are not published anywhere else.
2.    Details of public events that members of the development team are attending.
3.    Links to the other product documentation, developerWorks, and support articles.
4.    News of product updates.
5.    A blog with posts from the leading IBM experts and thought leaders.

The community is also designed to enable you to communicate with the development team:
1.    You can ask questions and interact with developers and other customers by using the forums.
2.    You can submit requirements by using the Request for Enhancements (RFE) community.
3.    You can submit articles, videos, presentations and other material, sharing your experiences with the product.


The team who develop and support IBM Integration Bus are committed to provide easy access to comprehensive information, sharing our latest news and our experiences from customer adoptions of the product. We hope you find this site useful and look forward to your feedback and contributions on this new initiative, there is great value in us in IBM being able to share information & news with our clients, but our experience is also that even greater value can be achieved when we are joined by a variety of our clients in the discussion as we all learn from each other.


Wednesday 22 October 2014

Mac OS X - Want to know what file-type something is ?

I found a file in a folder: -

ls -al a

-rw-r--r--@ 1 hayd  staff  414720 20 Aug 18:41 a

No idea what it is, I tried renaming it to .PDF, .DOC, .TXT etc. but neither Finder, TextEdit, vi nor OpenOffice would open it.

Then I remembered ....

Mac OS X is just like Unix, in fact it IS Unix.

And we have the file command: -

file a

a: CDF V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Bob Slobb, Template: C:\Program Files\Microsoft Office\Visio11\1033\FOOBAR.VST, Name of Creating Application: Microsoft Visio

at which point, all becomes clear. It's a Visio drawing, which I can open in OmniGraffle.

A swift rename later: -

mv a a.vsd

and we're up and running.

Remember, folks, file is your friend

Tuesday 21 October 2014

IBM Notes, where do your temp files go to, my lovely

I think I've blogged this before, and will check later.

* UPDATE 21-10-2014 *

And here they are: -

 More on Lotus Notes and temporary directories

 Lotus Notes 8.5.3 on Apple Mac OSX - Where do your temp files go to, my lovely ?

* UPDATE 21-10-2014 *
Meantime, for the record, here is where IBM Notes locates its temporary files: -

/private/var/folders/8t/s52kgwtj4l16sp3nf0tl7f9c0000gn/T/TemporaryItems/notes

How did I find this ?




or: -


As can be seen, Working Directory has most of the location, which can then be further investigated using Finder: -

or Terminal: -


pwd

/private/var/folders/8t/s52kgwtj4l16sp3nf0tl7f9c0000gn/T/TemporaryItems/notes

ls -al IIB\ DB2\ Sample.rtf

-rw-r--r--@ 1 hayd  staff  1888 19 Sep 14:59 IIB DB2 Sample.rtf

Interim Fixes for 9.0.1.x IBM Notes, IBM Domino & IBM iNotes

Interim Fixes for 9.0.1.x IBM Notes, IBM Domino & IBM iNotes

This technote contains download information and SPR Fix Lists for Interim Fixes for 9.0.1.x versions of IBM Notes, IBM Domino, and IBM iNotes. Note that Interim Fixes are cumulative and contain all of the fixes from previous versions.

IBM Business Process Manager Interactive Installation and Configuration Guide

One of my IBM colleagues led me to discover this, when he asked for guidance on installing IBM BPM Standard 8.5.5 onto an existing installation of WebSphere Application Server (WAS): -

IBM Business Process Manager Interactive Installation and Configuration Guide

This guide takes you through the steps for installing and configuring IBM Business Process Manager (IBM BPM).

If you are migrating business data and applications from a previous version, use the Interactive Migration Guide instead of this guide. The Interactive Migration Guide generates instructions for a complete migration, including installing and configuring the product.

The Interactive Installation and Configuration Guide works best in supported versions of Firefox on Windows 7. To report problems with using this guide, use the feedback link. In most instances, the generated output is restricted to supported installation scenarios. However, it might be possible to generate an unsupported set of instructions. For information about supported installation scenarios, go to the IBM Support Portal or use the installation roadmaps.

The Interactive Installation and Configuration Guide uses installation and configuration rules and considerations that are described in other topics in this information center. Each of those topics is accessible to screen readers, but the Interactive Installation and Configuration Guide itself is not fully accessible. For fully accessible information, use the installation topics in the information center as an alternative to using the Interactive Installation and Configuration Guide
.

Monday 20 October 2014

IBM Security Bulletins - Padding Oracle On Downgraded Legacy Encryption (POODLE)

Saw these and thought of ... well, everyone: -


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in IBM WebSphere Application Server.


SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is enabled by default in the Apache based IBM HTTP Server.

IBM Tivoli Access Manager WebSEAL overview

IBM(R)Tivoli(R)Access Manager for e-business (Tivoli Access Manager) is a robust and secure centralized policy management solution for e-business and distributed applications. IBM Tivoli Access Manager WebSEAL is a high performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager protected Web object space. WebSEAL can provide single sign-on solutions and incorporate back-end Web application server resources into its security policy.

This overview chapter introduces you to the main capabilities of the WebSEAL server.

Topic Index:

• Introducing IBM Tivoli Access Manager and WebSEAL
• Understanding the Tivoli Access Manager security model
• Protecting the Web space with WebSEAL
• Planning and implementing the security policy
• Understanding WebSEAL authentication
• Understanding WebSEAL junctions

Sunday 19 October 2014

Interesting glitch with IBM Tivoli Access Manager 6.1.1 when creating Policy

This is what I was running: -

/opt/PolicyDirector/sbin/mgrsslcfg -config -f no

and this is what I was seeing: -

Aborted (core dumped)

which, I think you will agree, is less than helpful.

This is what I had installed: -

rpm -qa | grep -i 6.1.1

PDWebADK-PD-6.1.1-8.i386
PDAuthADK-PD-6.1.1-8.i386
PDAcld-PD-6.1.1-8.i386
PDlic-PD-6.1.1-0.i386
TivSecUtl-TivSec-6.1.1-2.i386
PDWPM-PD-6.1.1-8.i386
PDMgr-PD-6.1.1-8.i386
PDWebRTE-PD-6.1.1-8.i386
PDMgrPrxy-PD-6.1.1-8.i386
PDWeb-PD-6.1.1-8.i386
PDRTE-PD-6.1.1-0.i386
PDJrte-PD-6.1.1-8.i386


Note that the PDRTE component was back-level.

I thought I'd patched things up.

Once I applied the fix: -

rpm -Uvh /tmp/fixes/PDRTE-PD-6.1.1-8.i386.rpm

things started working better: -

/opt/PolicyDirector/sbin/mgrsslcfg -config -f no

Creating the SSL certificate.  This might take several minutes.
The SSL configuration of the Tivoli Access Manager policy server
has completed successfully.

The policy server's signed SSL certificate is base-64 encoded and
saved in text file "/var/PolicyDirector/keytab/pdcacert.b64."

This file is required by the configuration program on each machine
in your secure domain.

which is nice.

Saturday 18 October 2014

Installing IBM Tivoli Directory Server 6.3 on Red Hat Enterprise Linux 6.5


Mount the ISO

mount /dev/sr0 /media

mount: block device /dev/sr0 is write-protected, mounting read-only

Install ITDS

/media/ibm_im_64bit/tools/imcl -input installITDS63.rsp -acceptLicense

ERROR: Error during "install" phase:

  ERROR:   GLPINS005E The IBM Security Directory Server licenses cannot be installed.


with: -

 <message>Cannot run program "/opt/ibm/ldap/V6.3.1/tmp/license/idsLicense": java.io.IOException: error=2, No such file or directory</message>

in the IIM log ( /var/ibm/InstallationManager/logs/20141018_1816.xml ).

Read the Technote


...
Cause

The shebang line of the idsLicense script requires ksh
...

Install the missing ksh RPM

yum install ksh

Loaded plugins: product-id, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ksh.x86_64 0:20120801-10.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================
 Package               Arch                     Version                            Repository                Size
==================================================================================================================
Installing:
 ksh                   x86_64                   20120801-10.el6                    server                   756 k

Transaction Summary
==================================================================================================================
Install       1 Package(s)

Total download size: 756 k
Installed size: 1.7 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : ksh-20120801-10.el6.x86_64                                                                     1/1 
  Verifying  : ksh-20120801-10.el6.x86_64                                                                     1/1 

Installed:
  ksh.x86_64 0:20120801-10.el6                                                                                    

Complete!


Repeat the ITDS Installation

/media/ibm_im_64bit/tools/imcl -input installITDS63.rsp -acceptLicense

ERROR: Error during "install" phase:

  ERROR:   GLPINS009E An error occurred while uninstalling DB2 package.

  ERROR:   GLPINS008E An error occurred while installing GSKIT package.

Diagnose Further

view /var/ibm/InstallationManager/logs/20141018_1821.xml 

....
Output:  Aborting the current installation ...
  Run installation with the option "-f sysreq" parameter to force the installation.

Error:WARNING:
   The 32 bit library file libstdc++.so.6 is not found on the system.
   32-bit applications may be affected.
WARNING:
   The required library file libstdc++.so.5 is not found on the system.
WARNING:
DBT3534W  The db2prereqcheck utility determined that ASLR is set to ON and that this could cause issues with some tools.
WARNING:
   The 32-bit library file libpam.so is not found on the system.
   Check the following web site for the up-to-date system requirements
   of IBM DB2 9.7
   http://www.ibm.com/software/data/db2/udb/sysreqs.html
   http://www.software.ibm.com/data/db2/linux/validate  </message>
...

Install missing RPMs

yum install libstdc++.so.6
yum install libstdc++.so.5

Repeat the ITDS Installation

/media/ibm_im_64bit/tools/imcl -input installITDS63.rsp -acceptLicense

ERROR: Error during "install" phase:

  ERROR:   GLPINS009E An error occurred while uninstalling DB2 package.

  ERROR:   GLPINS008E An error occurred while installing GSKIT package.


Further Diagnosis

view /var/ibm/InstallationManager/logs/20141018_1824.xml

...
Output:  Aborting the current installation ...
  Run installation with the option "-f sysreq" parameter to force the installation.

Error:WARNING:
   The required library file libstdc++.so.5 is not found on the system.
WARNING:
DBT3534W  The db2prereqcheck utility determined that ASLR is set to ON and that this could cause issues with some tools.
WARNING:
   The 32-bit library file libpam.so is not found on the system.
   Check the following web site for the up-to-date system requirements
   of IBM DB2 9.7
   http://www.ibm.com/software/data/db2/udb/sysreqs.html
   http://www.software.ibm.com/data/db2/linux/validate  </message>
....

Install the 32-bit library that includes libstdc++.so.5

yum install compat-libstdc++-33

Validate that DB2 is now mostly happy

/media/ibm_db2/db2prereqcheck 

WARNING:
DBT3534W  The db2prereqcheck utility determined that ASLR is set to ON and that this could cause issues with some tools.
WARNING: 
   The 32-bit library file libpam.so is not found on the system. 


This is a known issue with older versions of DB2, as per this Technote: -


The "circumvention" is to do this: -

cd /lib
ln -s libpam.so.0 libpam.so

so we now get this: -

/media/ibm_db2/db2prereqcheck 

WARNING:
DBT3534W  The db2prereqcheck utility determined that ASLR is set to ON and that this could cause issues with some tools.

Repeat the ITDS Installation

/media/ibm_im_64bit/tools/imcl -input installITDS63.rsp -acceptLicense

ERROR: Error during "install" phase:

  ERROR:   GLPINS008E An error occurred while installing GSKIT package.

So, whilst DB2 is OK, we've got to look at GSKIT.

Debug

view /var/ibm/InstallationManager/logs/20141018_1906.xml

...
Error:  package gskcrypt32-8.0-14.26.i386 is already installed
        package gskssl32-8.0-14.26.i386 is already installed</message>
...
 <message>com.ibm.security.directoryserver.installer.components.InstallGSKIT : Error occured while executing command: /bin/rpm -Uhv /media/ibm_gskit/gskcrypt32-8*.rpm /media/ibm_gskit/gskssl32-8*.rpm</message>
...

Validate what GSK components are installed

rpm -qa | grep -i gsk

gskcrypt64-8.0-14.26.x86_64
gskssl32-8.0-14.26.i386
gskssl64-8.0-14.26.x86_64
gskcrypt32-8.0-14.26.i386


Uninstall GSK

rpm -e `rpm -qa | grep -i gsk`

Repeat the ITDS Installation

/media/ibm_im_64bit/tools/imcl -input installITDS63.rsp -acceptLicense

Installed com.ibm.cic.agent_1.7.0.20130828_2012 to the /opt/IBM/InstallationManager/eclipse directory.
Installed com.ibm.security.directoryserver.v631_6.3.1.0 to the /opt/ibm/ldap/V6.3.1 directory.

Pour a G&T

Huzzah :-)

Response File - installlITDS63.rsp

<?xml version="1.0" encoding="UTF-8"?>
<agent-input>
<server>
<repository location='/media/ibm_im_64bit/'/>
<repository location='/media/ibm_sds'/>
</server>

<profile id='IBM Installation Manager' installLocation='/opt/IBM/InstallationManager/eclipse' kind='self'>
<data key='eclipseLocation' value='/opt/IBM/InstallationManager/eclipse'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.arch' value='x86_64'/>
<data key='cic.selector.nl' value='de,ru,ko,el,lt,en,it,pt_BR,fr,hu,es,zh,cs,ar,zh_TW,zh_HK,ja,sl,pl,da,tr'/>
</profile>

<profile id='IBM Security Directory Server' installLocation='/opt/ibm/ldap/V6.3.1'>
<data key='eclipseLocation' value='/opt/ibm/ldap/V6.3.1'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.arch' value='x86_64'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.nl' value='en'/>
<data key='user.db2.user.password,com.ibm.security.directoryserver.v631' value=''/>
<data key='user.db2.username,com.ibm.security.directoryserver.v631' value=''/>
<data key='user.db2.user.domain,com.ibm.security.directoryserver.v631' value=''/>
<data key='user.use.existing.db2,com.ibm.security.directoryserver.v631' value='false'/>
<data key='user.db2.executable.path,com.ibm.security.directoryserver.v631' value='/media/ibm_db2'/>
<data key='user.use.existing.db2.installpath,com.ibm.security.directoryserver.v631' value=''/>
<data key='user.renter.db2.user.password,com.ibm.security.directoryserver.v631' value=''/>
<data key='user.use.existing.gskit,com.ibm.security.directoryserver.v631' value='false'/>
<data key='user.gskit.executable.path,com.ibm.security.directoryserver.v631' value='/media/ibm_gskit'/>
<data key='user.jdk.executable.path,com.ibm.security.directoryserver.v631' value='/media/ibm_jdk/ibm-java-16sr14-linux-64.tar'/>
</profile>
<install modify='false'>
<offering id='com.ibm.cic.agent' version='1.7.0.20130828_2012' profile='IBM Installation Manager' features='agent_core,agent_jre' installFixes='none'/>
<offering id='com.ibm.security.directoryserver.v631' version='6.3.1.0' profile='IBM Security Directory Server' features='main.feature.db2,main.feature.gskit,main.feature.jdk,main.feature.javaclient,main.feature.server,main.feature.cclient' installFixes='none'/>
</install>
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/IBM/IBMIMShared'/>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
<preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
<preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>

VMware - Where the X is my X ?

On a freshly minted VM of Red Hat Enterprise Linux 6.6 on VMware Fusion 7.0.0, I am trying to resolve a problem with a GUI application failing with a rather nice exception: -

java: cairo-misc.c:380: _cairo_operator_bounded_by_source: Assertion `NOT_REACHED' failed.

As part of my problem determination regime, I want to check whether the problem only occurs when tunnelling X11 from my Mac, via SSH, to the RHEL VM.

Therefore, I wanted to use X11 within the VMware terminal itself.

When I type startx, I get : -

-bash: startx: command not found

which makes sense since I didn't explicitly install X11 when I first built the VM.

Therefore, I need to install X11: -

yum install gdm

Some seventy RPMs later, I've got: -

Installed:
  gdm.i686 1:2.30.4-64.el6                                                                                        


so I again try startx: -

...
xauth:  creating new authority file /root/.serverauth.3966
xauth: (argv):1:  bad display name "tameb.uk.ibm.com:0" in "list" command
xauth: (stdin):1:  bad display name "tameb.uk.ibm.com:0" in "add" command
...

...
Loading extension GLX
(EE) 
Fatal server error:
(EE) no screens found(EE) 
(EE) 
...

which isn't too nice :-(

I go to check the video adapter: -

lspci | grep VGA

00:0f.0 VGA compatible controller: VMware SVGA II Adapter

at which point the penny drops.

I forgot to install VMware Tools ....

Having done this, alas, I got the same issue - no screens found :-(

Having rebooted, I tried running the VMware configuration utility again: -

vmware-config-tools.pl

taking the defaults: -

...
Distribution provided drivers for Xorg X server are used.

Skipping X configuration because X drivers are not included.

...

which made me think.

I checked to see what VMware drivers were available in the Yum repository: -

yum list | grep -i vmware

xorg-x11-drv-vmware.i686               13.0.1-9.el6                      server 

and installed the ( assume to be ) missing driver: -

yum install xorg-x11-drv-vmware.i686

Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package xorg-x11-drv-vmware.i686 0:13.0.1-9.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================================
 Package                            Arch                Version                       Repository             Size
==================================================================================================================
Installing:
 xorg-x11-drv-vmware                i686                13.0.1-9.el6                  server                 33 k

Transaction Summary
==================================================================================================================
Install       1 Package(s)

Total download size: 33 k
Installed size: 53 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : xorg-x11-drv-vmware-13.0.1-9.el6.i686                                                          1/1 
  Verifying  : xorg-x11-drv-vmware-13.0.1-9.el6.i686                                                          1/1 

Installed:
  xorg-x11-drv-vmware.i686 0:13.0.1-9.el6                                                                         

Complete!


That did the trick, I can now start X11: -

xauth:  creating new authority file /root/.serverauth.2222


X.Org X Server 1.15.0
Release Date: 2013-12-27
X Protocol Version 11, Revision 0
Build Operating System: x86-022 2.6.18-371.11.1.el5 
Current Operating System: Linux tameb.uk.ibm.com 2.6.32-504.el6.i686 #1 SMP Tue Sep 16 01:56:19 EDT 2014 i686
Kernel command line: ro root=/dev/mapper/vg_tameb-lv_root rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=uk LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=vg_tameb/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=129M@0M rd_LVM_LV=vg_tameb/lv_root rd_NO_DM rhgb quiet
Build Date: 03 September 2014  11:17:40AM
Build ID: xorg-x11-server 1.15.0-22.el6 
Current version of pixman: 0.32.4
Before reporting problems, check https://www.redhat.com/apps/support/
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Sat Oct 18 09:29:20 2014
(==) Using system config directory "/usr/share/X11/xorg.conf.d"
Initializing built-in extension Generic Event Extension
Initializing built-in extension SHAPE
Initializing built-in extension MIT-SHM
Initializing built-in extension XInputExtension
Initializing built-in extension XTEST
Initializing built-in extension BIG-REQUESTS
Initializing built-in extension SYNC
Initializing built-in extension XKEYBOARD
Initializing built-in extension XC-MISC
Initializing built-in extension SECURITY
Initializing built-in extension XINERAMA
Initializing built-in extension XFIXES
Initializing built-in extension RENDER
Initializing built-in extension RANDR
Initializing built-in extension COMPOSITE
Initializing built-in extension DAMAGE
Initializing built-in extension MIT-SCREEN-SAVER
Initializing built-in extension DOUBLE-BUFFER
Initializing built-in extension RECORD
Initializing built-in extension DPMS
Initializing built-in extension Present
Initializing built-in extension X-Resource
Initializing built-in extension XVideo
Initializing built-in extension XVideo-MotionCompensation
Initializing built-in extension SELinux
Initializing built-in extension XFree86-VidModeExtension
Initializing built-in extension XFree86-DGA
Initializing built-in extension XFree86-DRI
Initializing built-in extension DRI2
Loading extension GLX
gnome-session[2324]: WARNING: Unable to find provider 'gnome-panel' of required component 'panel'
gnome-session[2324]: WARNING: Unable to find provider 'nautilus' of required component 'filemanager'
GNOME_KEYRING_SOCKET=/tmp/keyring-fG4etF/socket
SSH_AUTH_SOCK=/tmp/keyring-fG4etF/socket.ssh
GNOME_KEYRING_PID=2358


I seem to have no keyboard or mouse support within the VMware console itself.

This gave me a pointer: -


and had me check what I had installed in terms of Xorg.

Xorg -version

X.Org X Server 1.15.0
Release Date: 2013-12-27
X Protocol Version 11, Revision 0
Build Operating System: x86-022 2.6.18-371.11.1.el5 
Current Operating System: Linux tameb.uk.ibm.com 2.6.32-504.el6.i686 #1 SMP Tue Sep 16 01:56:19 EDT 2014 i686
Kernel command line: ro root=/dev/mapper/vg_tameb-lv_root rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=uk LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=vg_tameb/lv_swap SYSFONT=latarcyrheb-sun16 crashkernel=129M@0M rd_LVM_LV=vg_tameb/lv_root rd_NO_DM rhgb quiet
Build Date: 03 September 2014  11:17:40AM
Build ID: xorg-x11-server 1.15.0-22.el6 
Current version of pixman: 0.32.4
Before reporting problems, check https://www.redhat.com/apps/support/
to make sure that you have the latest version.


rpm -qa | grep -i xorg

xorg-x11-xauth-1.0.2-7.1.el6.i686
xorg-x11-font-utils-7.2-11.el6.i686
xorg-x11-xinit-1.0.9-14.el6.i686
xorg-x11-apps-7.7-6.el6.i686
xorg-x11-server-Xorg-1.15.0-22.el6.i686
xorg-x11-utils-7.5-6.el6.i686
xorg-x11-drv-vmware-13.0.1-9.el6.i686
xorg-x11-drv-ati-firmware-7.3.99-2.el6.noarch
xorg-x11-fonts-Type1-7.2-9.1.el6.noarch
xorg-x11-server-utils-7.7-2.el6.i686
xorg-x11-proto-devel-7.7-9.el6.noarch
xorg-x11-xkb-utils-7.7-4.el6.i686
xorg-x11-server-common-1.15.0-22.el6.i686
xorg-x11-drv-wacom-0.23.0-4.el6.i686


This led me to install mouse and keyboard drivers for Xorg: -

yum install xorg-x11-drv-vmmouse.i686
yum install xorg-x11-drv-keyboard.i686

but I was still finding that the same problem persisted.

I checked the logs: -

cat /var/log/Xorg.0.log

...
[  3403.228] (EE) Failed to load module "evdev" (module does not exist, 0)
[  3403.228] (EE) No input driver matching `evdev'
[  3403.228] (EE) config/hal: NewInputDeviceRequest failed (15)
[  3411.917] (II) vmware(0): Terminating Xv video-stream id:0
[  3412.022] (EE) Server terminated successfully (0). Closing log file.
...

and installed the missing evdev driver: -

yum install xorg-x11-drv-evdev

Hurrah, now I have a working mouse and keyboard within the X11 console session :-)


Thursday 16 October 2014

Storing transaction and compensation logs in a relational database for high availability and disaster recovery in IBM Business Process Manager

This is especially relevant for me right now, as I'm involved in not one, not two, but three projects where HA *AND* DR are both in scope for IBM BPM etc.

Learn how to leverage the latest WebSphere® Application Server feature by configuring an IBM® Business Process Manager transaction and compensation logs into a relational database for high availability and disaster recovery purposes. This content is part of the IBM Business Process Management Journal.

IBM BPM 8.5.0.1 Advanced - More about BPM > PDW Communication

On the back of: -


for the record, this is what I changed: -

Add cell-level configuration file 101Custom.xml

cd /opt/ibm/WebSphereProfiles/Dmgr02/config/cells/PSCell1/nodes/AppSrv02Node/servers/AppClusterMember1/process-server/config

vi 101Custom.xml

Contains: -

<properties>
<!-- Added by Dave Hay, IBM, to disable Process Server to Performance Data Warehouse communication - 18/09/2014 -->
        <common>
                <performance-server-communication>
                        <enabled merge="replace">false</enabled>
                </performance-server-communication>
        </common>
</properties>

Synchronise Node from Cell-level configuration

/opt/ibm/WebSphereProfiles/Dmgr02/bin/wsadmin.sh -lang jython -user wasadmin -password <<removed>> -c "AdminNodeManagement.syncActiveNodes()"

Start Process Server Deployment Environment

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -start -profile Dmgr02 -de PSDeployEnv -username deAdmin -password <<removed>>

Validate new configuration for PDW

view /opt/ibm/WebSphereProfiles/AppSrv02/config/cells/PSCell1/nodes/AppSrv02Node/servers/AppClusterMember1/process-server/TeamWorksConfiguration.running.xml

Now contains: -

...
    <performance-server-communication>
      <enabled>false</enabled>

...

I also needed to update the cluster template version of this file, so that new cluster members would get the same configuration.

Therefore, I have placed a copy of 101Custom.xml here: -

/opt/ibm/WebSphereProfiles/Dmgr02/config/cells/PSCell1/nodes/AppSrv02Node/servers/AppClusterMember1/process-server/config/101Custom.xml

Just thought you ought to know ....

ACID - it's all about transactionality ...

Atomicity

Atomicity requires that each transaction be "all or nothing": if one part of the transaction fails, the entire transaction fails, and the database state is left unchanged. An atomic system must guarantee atomicity in each and every situation, including power failures, errors, and crashes. To the outside world, a committed transaction appears (by its effects on the database) to be indivisible ("atomic"), and an aborted transaction does not happen.

Consistency

The consistency property ensures that any transaction will bring the database from one valid state to another. Any data written to the database must be valid according to all defined rules, including constraints, cascades, triggers, and any combination thereof. This does not guarantee correctness of the transaction in all ways the application programmer might have wanted (that is the responsibility of application-level code) but merely that any programming errors cannot result in the violation of any defined rules.

Isolation

The isolation property ensures that the concurrent execution of transactions result in a system state that would be obtained if transactions were executed serially, i.e. one after the other. Providing isolation is the main goal of concurrency control. Depending on concurrency control method, the effects of an incomplete transaction might not even be visible to another transaction.

Durability

Durability means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors. In a relational database, for instance, once a group of SQL statements execute, the results need to be stored permanently (even if the database crashes immediately thereafter). To defend against power loss, transactions (or their effects) must be recorded in a non-volatile memory.

It's been too long - IBM Tivoli Access Manager for e-business ( WebSEAL ) ... and openLDAP - what can possibly go wrong ?

So I haven't installed/used IBM Tivoli Access Manager for e-business ( WebSEAL ) properly since ~2008, although I've worked with a number of clients utilising this secure reverse proxy access management solution.

Last night, I decided to rectify that, and install/configure TAMeB on a VM on my Mac.

Me being me, I decided not to bother with documentation or too many pre-requisites, so I downloaded the software ( plus fixes, taking me to version 6.1.1.8 ), and try and configure it against ... openLDAP. Last time around, I did the right thing and used a "real" user identity management solution, IBM Tivoli Directory Server.

So, after much hacking around, I got to a bit of a blocker.

As part of the installation, one is required to run the following command: -

./install_ammgr -console

to install AND configure TAM.

This, in part, runs the following command: -

/opt/PolicyDirector/sbin/PDMgr_config

This runs for a while and then fails with: -

Unable to verify the management domain location DN in the
LDAP server: (secAuthority=Default).
If the location does not exist on the server, create it,
otherwise specify a different location that does exist.


...

2014-10-15-21:20:23.563+01:00I----- 0x16B480C9 IRAapi ERROR rgy ira ira_domain.c 1424 0xf77e46c0
HPDRG0201E   Error code 0x22 was received from the LDAP server. Error text: "Invalid DN syntax".


Whist this was obviously an LDAP issue, I wasn't too sure precisely what the root cause was.

Thankfully, some digging about in various internal/external fora gave me these two life-saver commands: -

export LDAP_DEBUG=65535 
export LDAP_DEBUG_FILE=/tmp/ldap_debug_file 

Having run these inside the shell from which I then ran PDMgr_config, I got a nice trace log - /tmp/ldap_debug_file - which contained, in part: -

T-143694144:    +---------------------------------------------------------+
T-143694144:    |0000|30840000 01370201 07688400 00012E04|0....7...h......|
T-143694144:    |0010|31736563 41757468 6F726974 793D4465|1secAuthority=De|
T-143694144:    |0020|6661756C 742C6F75 3D757365 72732C64|fault,ou=users,d|
T-143694144:    |0030|633D756B 2C64633D 69626D2C 64633D63|c=uk,dc=ibm,dc=c|
T-143694144:    |0040|6F6D3084 000000F5 30840000 0086040B|om0.....0.......|
T-143694144:    |0050|6F626A65 6374636C 61737331 84000000|objectclass1....|
T-143694144:    |0060|73041073 65634175 74686F72 69747949|s..secAuthorityI|
T-143694144:    |0070|6E666F04 12654170 706C6963 6174696F|nfo..eApplicatio|
T-143694144:    |0080|6E537973 74656D04 07655379 7374656D|nSystem..eSystem|
T-143694144:    |0090|04116369 6D4C6F67 6963616C 456C656D|..cimLogicalElem|
T-143694144:    |00A0|656E7404 1763696D 4D616E61 67656453|ent..cimManagedS|
T-143694144:    |00B0|79737465 6D456C65 6D656E74 04116369|ystemElement..ci|
T-143694144:    |00C0|6D4D616E 61676564 456C656D 656E7404|mManagedElement.|
T-143694144:    |00D0|03746F70 30840000 001D040C 73656341|.top0.......secA|
T-143694144:    |00E0|7574686F 72697479 31840000 00090407|uthority1.......|
T-143694144:    |00F0|44656661 756C7430 84000000 14040776|Default0.......v|
T-143694144:    |0100|65727369 6F6E3184 00000005 0403362E|ersion1.......6.|
T-143694144:    |0110|30308400 00002604 0B696E73 74616C6C|00....&..install|
T-143694144:    |0120|44617465 31840000 00130411 32303134|Date1.......2014|
T-143694144:    |0130|31303135 32303430 32312E30 5A      |1015204021.0Z   |
T-143694144:    +---------------------------------------------------------+


and: -

T-143694144:    +---------------------------------------------------------+
T-143694144:    |OSet| Address = 08656C00  Length = 0016 |     ASCII      |
T-143694144:    +---------------------------------------------------------+
T-143694144:    |0000|02010769 110A0122 0400040A 696E7661|...i..."....inva|
T-143694144:    |0010|6C696420 444E                      |lid DN          |
T-143694144:    +---------------------------------------------------------+


This made me think, and look for references to secAuthority=Default online, from whence I found: -



both of which made me realise that TAMeB is looking for a particular suffix/object class, which, of course, doesn't exist, by default, in openLDAP.

Now I'm not sure whether I'll continue to hack around to make TAMeB work with openLDAP, or follow the path of least resistance and install ITDS .........

However, it's good to know about that LDAP debug string, as I'm SURE to need it again in the future ....

Wednesday 15 October 2014

IBM Integration Bus and WebSphere Service Registry and Repository

Looking at the integration between IIB and WSRR ( which runs on WAS 8.5.5 ), so have a nice new learning curve or two.

Here's a bit of ( for me ) pre-reading: -


Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 7 describes the configuration and behavior of the cache used by the Endpoint Lookup and Registry Lookup nodes, including how the cache supports efficient look-up of previously retrieved WSRR artifacts, and how to make this data available to production systems.

This is part of a series: -

Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 1 describes a number of IIB/WSRR integration scenarios, shows you how to configure IIB to communicate with WSRR using a number of different nodes, and describes resources that will be used in Parts 2 through 9 to demonstrate IIB/WSRR integration capabilities.

Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 2 describes the Enpoint Lookup and Registry Lookup nodes in detail.


Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 3 shows you how to use the Endpoint Lookup node to dynamically retrieve service metadata from WSRR and use this metadata to route service requests at run time, including the ability to route around problem endpoints when an error occurs.


Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 4 shows you how to use the Registry Lookup node to dynamically retrieve XSL transforms from WSRR and apply them to messages in a flow at runtime.

Integrating IBM Integration Bus with WebSphere Service Registry and Repository: Part 5: Performing SLA checks at runtime and registry lookup scenarios

Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 5 shows you how to use the Registry Lookup node to dynamically retrieve service metadata from WSRR, and use this metadata to check that a service consumer is authorized to invoke the target service.

Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 6 shows you how to use the Endpoint Lookup and Registry Lookup nodes to implement a message flow that can act as a service gateway in your SOA environment, analyzing the service request and then querying WSRR to determine how to route the request to the correct service provider.

Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 7 describes the configuration and behavior of the cache used by the Endpoint Lookup and Registry Lookup nodes, including how the cache supports efficient look-up of previously retrieved WSRR artifacts, and how to make this data available to production systems.


Combining IBM Integration Bus with WSRR lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 8 shows you how to use the HTTP Request node to dynamically retrieve service metadata from WSRR and use it to check that a service consumer is authorized to invoke the target service.

Combining IBM Integration Bus (IIB) with WebSphere Service Registry and Repository (WSRR) lets you dynamically retrieve service metadata from WSRR and use it to modify message flow behavior at runtime. This article series shows you how to integrate the two products, and provides samples that address several significant business problems. Part 9 shows you how to create and manage IIB Workload Management (WLM) policies in WSRR, and how to use the JMS Input node in a message flow to automatically synchronize policy changes with IIB.


Tuesday 14 October 2014

Using Jython to list ports within a WebSphere Application Server cell

To be 100% clear, I did NOT NOT NOT invent this script.

The script came from a rather nice chap called Steve Robinson, who's posted it on his site here: -


I've just happily used it with WebSphere Application Server 8.5.5.2, as part of a post-installation documentation exercise ( ensuring that the deliverable ties up with the up-front design ).

Here we go: -

/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -conntype NONE -f getports.jy 

WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
AppSrv01Node ORB_LISTENER_ADDRESS 2809
AppSrv01Node CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS 9900
AppSrv01Node CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS 9202
AppSrv01Node NODE_DISCOVERY_ADDRESS 9201
AppSrv01Node NODE_IPV6_MULTICAST_DISCOVERY_ADDRESS 9353
AppSrv01Node NODE_MULTICAST_DISCOVERY_ADDRESS 7272
AppSrv01Node SAS_SSL_SERVERAUTH_LISTENER_ADDRESS 5001
AppSrv01Node BOOTSTRAP_ADDRESS 5000
AppSrv01Node DCS_UNICAST_ADDRESS 9901
AppSrv01Node SOAP_CONNECTOR_ADDRESS 8878
AppSrv01Node IPC_CONNECTOR_ADDRESS 9629
AppSrv01Node XDAGENT_PORT 7062
AppSrv01Node OVERLAY_TCP_LISTENER_ADDRESS 11004
AppSrv01Node OVERLAY_UDP_LISTENER_ADDRESS 11003
AppSrv01Node BOOTSTRAP_ADDRESS 9810
AppSrv01Node SOAP_CONNECTOR_ADDRESS 8880
AppSrv01Node ORB_LISTENER_ADDRESS 9101
AppSrv01Node SAS_SSL_SERVERAUTH_LISTENER_ADDRESS 9404
AppSrv01Node CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS 9405
AppSrv01Node CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS 9406
AppSrv01Node WC_adminhost 9061
AppSrv01Node WC_defaulthost 9080
AppSrv01Node DCS_UNICAST_ADDRESS 9354
AppSrv01Node WC_adminhost_secure 9044
AppSrv01Node WC_defaulthost_secure 9443
AppSrv01Node SIP_DEFAULTHOST 5060
AppSrv01Node SIP_DEFAULTHOST_SECURE 5061
AppSrv01Node OVERLAY_UDP_LISTENER_ADDRESS 11007
AppSrv01Node OVERLAY_TCP_LISTENER_ADDRESS 11008
AppSrv01Node IPC_CONNECTOR_ADDRESS 9633
AppSrv01Node SIB_ENDPOINT_ADDRESS 7276
AppSrv01Node SIB_ENDPOINT_SECURE_ADDRESS 7286
AppSrv01Node SIB_MQ_ENDPOINT_ADDRESS 5558
AppSrv01Node SIB_MQ_ENDPOINT_SECURE_ADDRESS 5578
AppSrv01Node BOOTSTRAP_ADDRESS 9811
AppSrv01Node SOAP_CONNECTOR_ADDRESS 8881
AppSrv01Node ORB_LISTENER_ADDRESS 9102
AppSrv01Node SAS_SSL_SERVERAUTH_LISTENER_ADDRESS 9407
AppSrv01Node CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS 9408
AppSrv01Node CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS 9409
AppSrv01Node WC_adminhost 9062
AppSrv01Node WC_defaulthost 9081
AppSrv01Node DCS_UNICAST_ADDRESS 9355
AppSrv01Node WC_adminhost_secure 9045
AppSrv01Node WC_defaulthost_secure 9444
AppSrv01Node SIP_DEFAULTHOST 5062
AppSrv01Node SIP_DEFAULTHOST_SECURE 5063
AppSrv01Node OVERLAY_UDP_LISTENER_ADDRESS 11009
AppSrv01Node OVERLAY_TCP_LISTENER_ADDRESS 11010
AppSrv01Node IPC_CONNECTOR_ADDRESS 9634
AppSrv01Node SIB_ENDPOINT_ADDRESS 7278
AppSrv01Node SIB_ENDPOINT_SECURE_ADDRESS 7287
AppSrv01Node SIB_MQ_ENDPOINT_ADDRESS 5559
AppSrv01Node SIB_MQ_ENDPOINT_SECURE_ADDRESS 5579
AppSrv01Node WEBSERVER_ADDRESS 8443
AppSrv01Node WEBSERVER_ADMIN_ADDRESS 8008
Dmgr CELL_DISCOVERY_ADDRESS 7277
Dmgr WC_adminhost_secure 9043
Dmgr DCS_UNICAST_ADDRESS 9352
Dmgr XDAGENT_PORT 7060
Dmgr OVERLAY_UDP_LISTENER_ADDRESS 11005
Dmgr OVERLAY_TCP_LISTENER_ADDRESS 11006
Dmgr STATUS_LISTENER_ADDRESS 9420
Dmgr BOOTSTRAP_ADDRESS 9809
Dmgr IPC_CONNECTOR_ADDRESS 9632
Dmgr SOAP_CONNECTOR_ADDRESS 8879
Dmgr ORB_LISTENER_ADDRESS 9100
Dmgr SAS_SSL_SERVERAUTH_LISTENER_ADDRESS 9401
Dmgr CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS 9402
Dmgr CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS 9403
Dmgr WC_adminhost 9060
Dmgr DataPowerMgr_inbound_secure 5555

If you want the actual script, please visit Steve's site: -

Red Hat Enterprise Linux 6.5 - Creating a local Yum Repository

More of the same: -


but using RHEL 6.5.

Here's the shortened version: -

mount /dev/cdrom /mnt/

mount: block device /dev/sr0 is write-protected, mounting read-only

cat /etc/redhat-release

Red Hat Enterprise Linux Server release 6.5 (Santiago)

rpm -ivh /mnt/Packages/deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm

warning: /mnt/Packages/deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                ########################################### [100%]
   1:deltarpm               ########################################### [100%]

rpm -ivh /mnt/Packages/python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm 

warning: /mnt/Packages/python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                ########################################### [100%]
   1:python-deltarpm        ########################################### [100%]

rpm -ivh /mnt/Packages/createrepo-0.9.9-18.el6.noarch.rpm 

warning: /mnt/Packages/createrepo-0.9.9-18.el6.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                ########################################### [100%]
   1:createrepo             ########################################### [100%]

rpm --import /mnt/RPM-GPG-KEY-redhat-beta
rpm --import /mnt/RPM-GPG-KEY-redhat-release


mkdir /var/repo
mkdir /var/repo/rhel65
cd /mnt
cd /var/repo/rhel65/
cp -R /mnt/Packages/* .


cd /var/repo/
createrepo .

Spawning worker 0 with 3763 pkgs
Workers Finished
Gathering worker results

Saving Primary metadata
Saving file lists metadata
Saving other metadata
Generating sqlite DBs
Sqlite DBs complete

cd /etc/yum.repos.d/
vi server.repo 


[server]
gpgcheck=1
name=Red Hat Enterprise Linux 6.5
baseurl=file:///var/repo

 yum list

...
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Installed Packages
ConsoleKit.x86_64                      0.4.1-3.el6                       @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
ConsoleKit-libs.x86_64                 0.4.1-3.el6                       @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
MAKEDEV.x86_64                         3.24-6.el6                        @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
Red_Hat_Enterprise_Linux-Release_Notes-6-en-US.noarch
                                       5-2.el6                           @anaconda-RedHatEnterpriseLinux-201311111358.x86_64/6.5
...
yum-presto.noarch                      0.6.2-1.el6                         server                                                 
zenity.x86_64                          2.28.0-1.el6                        server                                                 
zlib.i686                              1.2.3-29.el6                        server                                                 
zlib-devel.i686                        1.2.3-29.el6                        server                                                 
zlib-devel.x86_64                      1.2.3-29.el6                        server                                                 
zsh.x86_64                             4.3.10-7.el6                        server        
...

umount /mnt
yum install xauth

Loaded plugins: product-id, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package xorg-x11-xauth.x86_64 1:1.0.2-7.1.el6 will be installed
--> Processing Dependency: libXmuu.so.1()(64bit) for package: 1:xorg-x11-xauth-1.0.2-7.1.el6.x86_64
--> Running transaction check
---> Package libXmu.x86_64 0:1.1.1-2.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package               Arch          Version                Repository     Size
================================================================================
Installing:
 xorg-x11-xauth        x86_64        1:1.0.2-7.1.el6        server         35 k
Installing for dependencies:
 libXmu                x86_64        1.1.1-2.el6            server         66 k

Transaction Summary
================================================================================
Install       2 Package(s)

Total download size: 101 k
Installed size: 216 k
Is this ok [y/N]: y
Downloading Packages:
--------------------------------------------------------------------------------
Total                                            29 MB/s | 101 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Warning: RPMDB altered outside of yum.
  Installing : libXmu-1.1.1-2.el6.x86_64                                    1/2 
  Installing : 1:xorg-x11-xauth-1.0.2-7.1.el6.x86_64                        2/2 
  Verifying  : libXmu-1.1.1-2.el6.x86_64                                    1/2 
  Verifying  : 1:xorg-x11-xauth-1.0.2-7.1.el6.x86_64                        2/2 

Installed:
  xorg-x11-xauth.x86_64 1:1.0.2-7.1.el6                                         

Dependency Installed:
  libXmu.x86_64 0:1.1.1-2.el6                                                   

Complete!

END OF LINE

IBM Tivoli Access Manager for e-Business - System Requirements

So I'm looking at IBM's WebSEAL secure reverse proxy solution for the first time in a while ( last time was ~2010 although I've worked with clients using WebSEAL since then ).

The world has moved on in that there's now an appliance solution, IBM Security Access Manager for Web, which appears to do much of what WebSEAL ( aka IBM Tivoli Access Manager for e-Business or TAMeB ) does.

In parallel, I'm going to download/install TAMeB, which is still available.

The current version is 6.1.1.8 for which the System Requirements can be found here: -


I'm specifically interested in the dependencies, including WebSphere Application Server ( 6.1 through 8.5.0 ) and DB2 Enterprise Server Edition ( 9.1 through 10.1 ) and Microsoft Active Directory ( 2003 through 2008 R2 ).

Guess what I'm off to do ?

Sunday 12 October 2014

A blast from the past - suspend and resume in Ubuntu Linux

It has been a rather long while since I last blogged about the fun involved in getting Ubuntu Linux to successfully suspend and, more importantly, resume on an IBM Thinkpad.

Lookng back it was just soooo 2011: -

Ubuntu 10.10 on Lenovo Thinkpad W500 - Problems with Suspend

and 2010: -


and then 2009: -


I inherited a Lenovo Thinkpad W510 when one of my colleagues left IBM, and it's been sitting in a cupboard for a few months now.

However, I pulled it out of the cupboard a few weeks back and installed Linux onto it ( first OpenSuSE 13.1 and then, on Friday, Ubuntu 14.04 ).

However, I did find that the laptop would fail to resume after a suspend ( typically initiated by my closing the lid ).

I dug into it a bit yesterday, and found the following: -

Xorg crashed with SIGABRT

which gave me a few pointers.

I dug around online, and found a suggestion to switch video drivers ( I have a nVidia GT216GLM ( aka Quadro FX 880M ) card in the W510 ).

This is what I had: -


and this is to what I moved: -


Having made the change, suspend and resume are, at least for now, working perfectly, which is nice ;-)

Even better, I'm running a Windows Server 2008 VM under VMware Workstation 10.1, which also recovers nicely after the resume.

Friday 10 October 2014

Problems with LDAPSearch against Active Directory 2008

So I was doing this: -

ldapsearch -h ad2008.uk.ibm.com -p 389 -D CN=ldapbind,CN=Users,DC=uk,DC=ibm -w passw0rd CN=ldapbind

but was seeing this: -

# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: CN=ldapbind
# requesting: ALL
#

# search result
search: 2
result: 32 No such object
text: 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of: ''

# numResponses: 1


Can you see what I did wrong ?

Yep, I forgot to add the base Distinguished Name: -

ldapsearch -h ad2008.uk.ibm.com -p 389 -D CN=ldapbind,CN=Users,DC=uk,DC=ibm -w passw0rd -b DC=uk,DC=ibm CN=ldapbind 

...
dn: CN=ldapbind,CN=Users,DC=uk,DC=ibm
distinguishedName: CN=ldapbind,CN=Users,DC=uk,DC=ibm

...

which is nice.

Tuesday 7 October 2014

WebSphere Application Server - Auditing Ports

So one of the core tenets of Java development is to re-use, not re-invent.

I had a requirement to report on the various TCP/IP ports being used by members of my various WAS 8.0 and 8.5 cells.

Steve Robinson came to the rescue with this: -

import java
lineSeparator = java.lang.System.getProperty('line.separator')

# get Nodes
NodeIDs = AdminConfig.getid('/Node:/')
arrayNodeIDs = NodeIDs.split(lineSeparator)

# get Ports
EndPointIDs = AdminConfig.getid('/EndPoint:/')
arrayEndPointIDs = EndPointIDs.split(lineSeparator)
NamedEndPointIDs = AdminConfig.getid('/NamedEndPoint:/')
arrayNamedEndPointIDs = NamedEndPointIDs.split(lineSeparator)

# print
for x in range(len(arrayNodeIDs)):
        for y in range(len(arrayEndPointIDs)):
                if arrayEndPointIDs[y].find(AdminConfig.showAttribute(arrayNodeIDs[x],'name')) > 0:
                        print AdminConfig.showAttribute(arrayNodeIDs[x],'name'),AdminConfig.showAttribute(arrayNamedEndPointIDs[y],'endPointName'),AdminConfig.showAttribute(arrayEndPointIDs[y],'port')
               

Monday 6 October 2014

"gzip: stdin: invalid compressed data--format violated "

I've seen this before, albeit not with Linux: -


This is what I was doing: -

tar xvzf /mnt/hgfs/Software/DB2V10/Product/DB2_ESE_10_Linux_x86-64.tar.gz

and this is what I saw: -

ese/db2/linuxamd64/FILES/
ese/db2/linuxamd64/FILES/BASE_CLIENT_R_10.1.0.0_linuxamd64_x86_64.tar.gz
ese/db2/linuxamd64/FILES/BASE_CLIENT_NR_10.1.0.0_linuxamd64_x86_64.tar.gz
ese/db2/linuxamd64/FILES/DB2_PRODUCT_MESSAGES_EN_10.1.0.0_linuxamd64_x86_64.tar.gz
ese/db2/linuxamd64/FILES/BASE_CLIENT_10.1.0.0_linuxamd64_x86_64.tar.gz

ese/db2/linuxamd64/FILES/BASE_CLIENT_10.1.0.0_linuxamd64_x86_64.tar.gz

gzip: stdin: invalid compressed data--format violated
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now

I'd already set up my ulimits but - and this is important - had not rebooted OR restarted my shell.

I needed to reboot anyway ( in order to disable SELinux ).

Once done .... it still didn't work :-(

I tried various combinations, none of which worked.

I then tried the same .TAR.GZ file on my Mac, which .... threw: -

x ese/db2/linuxamd64/FILES/BASE_CLIENT_10.1.0.0_linuxamd64_x86_64.tar.gz: gzip decompression failed
tar: Error exit delayed from previous errors.

proving that the problem was NOT with the ulimits, but may be with the common item - the archive.

Given that this archive had worked ~24 hours ago and given that the external USB drive from whence I was unpacking the file had been accidentally ejected from the Mac a wee while previously, I put two and two together, and ran the Mac's Disk Utility against the drive to repair files/permissions etc.

Once done, the process was smoother than a smooth thing in smooth land .....

"WARNING: CRIMA1218W A problem occurred during..." the installation of IBM Operational Decision Manager 8.6

And another one down :-)

I've been "struggling" with the installation of IBM Operational Decision Manager 8.6 ( Decision Center / Decision Server ) over the past 24 hours or so.

It was somewhat annoying, and I couldn't find an obvious solution.

This was what I was seeing: -

<entry num='369' time='1412536153289' elapsed='01:01.01' level='WARNING' thread='main'>
 <logger>com.ibm.cic.agent.core.antInstallAdapter.Util</logger>
 <class>com.ibm.cic.agent.internal.core.IMLoggerImpl</class>
 <method>warning</method>
 <message>WARNING: CRIMA1218W A problem occurred during the execution of the /home/wasadmin/var/ibm/InstallationManager/adapters/ant/Operational Decision Manager V8.6/com.ibm.websphere.odm.common.dc.ilmt_8.6.0.20140507_2330/update_ilmt_ear.xml file. The specified severity null is not valid.
  explanation: The severity value must be one of the following values: ERROR, WARNING, or INFO. If the severity value is not one of these values, then severity defaults to ERROR.
  userAction: Identify the package that has the issue by looking at the installation history. In Installation Manager, click File &gt; Installation History. In console mode, enter S: View Installation History. Contact IBM customer support.</message>
</entry>
<entry num='370' time='1412536153301' elapsed='01:01.02' level='ERROR' uid='CRIMA1217E' thread='main'>
 <logger>com.ibm.cic.agent.core.antInstallAdapter.ant.AntInstallOperation</logger>
 <method>doPerform</method>
 <message>
  <key>A problem occurred during the execution of the {0} file.
  ERROR: The following error occurred while executing this line:
/home/wasadmin/var/ibm/InstallationManager/adapters/ant/Operational Decision Manager V8.6/com.ibm.websphere.odm.common.dc.ilmt_8.6.0.20140507_2330/update_ilmt_ear.xml:143: The following error occurred while executing this line:
/home/wasadmin/var/ibm/InstallationManager/adapters/ant/Operational Decision Manager V8.6/com.ibm.websphere.odm.common.dc.ilmt_8.6
.0.20140507_2330/update_ilmt_ear.xml:268: The following error occurred while executing this line:
/home/wasadmin/var/ibm/InstallationManager/adapters/ant/Operational Decision Manager V8.6/com.ibm.websphere.odm.common.dc.ilmt_8.6
.0.20140507_2330/update_ilmt_ear.xml:305: Use a resource collection to copy directories. [/home/wasadmin/var/ibm/InstallationManag
er/adapters/ant/Operational Decision Manager V8.6/com.ibm.websphere.odm.common.dc.ilmt_8.6.0.20140507_2330/update_ilmt_ear.xml:254
]
A package has an issue that cannot be resolved by Installation Manager.
Identify the package that has the issue by looking at the installation history. In Installation Manager, click File &gt; Installation History. In console mode, enter S: View Installation History. Contact IBM customer support.</key>
  <arg>/home/wasadmin/var/ibm/InstallationManager/adapters/ant/Operational Decision Manager V8.6/com.ibm.websphere.odm.common.dc.ilmt_8.6.0.20140507_2330/update_ilmt_ear.xml</arg>
 </message>
</entry>
<entry num='371' time='1412536153302' elapsed='01:01.02' level='ERROR' thread='main'>
 <logger>com.ibm.cic.agent.core.antInstallAdapter.ant.AntInstallOperation</logger>
 <method>doPerform</method>
 <message href='ant/20141005_2009.log'>Invoking antfile "/home/wasadmin/var/ibm/InstallationManager/adapters/ant/Operational Decision Manager V8.6/com.ibm.websphere.odm.common.dc.ilmt_8.6.0.20140507_2330/update_ilmt_ear.xml".</message>
</entry>


using a response file, which I'd mainly adapted from the previous 8.5.0.1 version of IBM ODM.

The solution ?

Well, I went against my normal practice, and used the GUI ( IBM Installation Manager ) to install ODM, which ( quelle surprise ) worked a treat.

I did, however, tell IIM to create a response fie: -

/opt/IBM/InstallationManager/eclipseIBMIM -record foobar.rsp

which I then compared/contrasted against my own version.

This is what I had ( specifically for ODM ): -

<server>
<repository location='/tmp/Repo/IIM/'/>
<repository location='/tmp/Repo/WAS85/Base/Product/'/>
<repository location='/tmp/Repo/WAS85/Base/Fixes/'/>
<repository location='/tmp/Repo/WAS85/Supplements/Product/'/>
<repository location='/tmp/Repo/WAS85/Supplements/Fixes/'/>
<repository location='/tmp/Repo/ODM86/Product/DC'/>
<repository location='/tmp/Repo/ODM86/Product/DecisionServerRules'/>
</server>
<profile id='Operational Decision Manager V8.6' installLocation='/opt/IBM/WebSphere/ODM86'>
<data key='eclipseLocation' value='/opt/IBM/WebSphere/ODM86'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.arch' value='x86_64'/>
<data key='cic.selector.nl' value='en'/>
<data key='user.wodm_express' value='false'/>
<data key='user.wodm_was_home' value='/opt/IBM/WebSphere/AppServer'/>
</profile>
<offering id='com.ibm.websphere.odm.dc.v86' version='8.6.0.20140507_2334' profile='Operational Decision Manager V8.6' features='jdk,base,Decision Center' installFixes='none'/>
<offering id='com.ibm.websphere.odm.ds.rules.v86' version='8.6.0.20140507_2359' profile='Operational Decision Manager V8.6' features='com.ibm.wds.jdk.feature,base,com.ibm.wds.rules.studio.feature' installFixes='none'/>


and this is what the GUI generated for me: -

  <server>
    <repository location='/tmp/Repo/ODM86/Product/ProfileTemplateDC'/>
    <repository location='/tmp/Repo/ODM86/Product/ProfileTemplateRules'/>
    <repository location='/tmp/Repo/ODM86/Product/DecisionServerRules'/>
    <repository location='/tmp/Repo/ODM86/Product/DC'/>
    <repository location='/tmp/Repo/WAS85/Supplements/Fixes/'/>
    <repository location='/tmp/Repo/WAS85/Supplements/Product/'/>
    <repository location='/tmp/Repo/WAS85/Base/Fixes/'/>
    <repository location='/tmp/Repo/WAS85/Base/Product/'/>
  </server>
  <profile id='Operational Decision Manager V8.6' installLocation='/opt/IBM/WebSphere/ODM86'>
    <data key='eclipseLocation' value='/opt/IBM/WebSphere/ODM86'/>
    <data key='user.import.profile' value='false'/>
    <data key='cic.selector.os' value='linux'/>
    <data key='cic.selector.ws' value='gtk'/>
    <data key='cic.selector.arch' value='x86_64'/>
    <data key='cic.selector.nl' value='en'/>
    <data key='user.wodm_express' value='false'/>
    <data key='user.wodm_was_home' value='/opt/IBM/WebSphere/AppServer'/>
    <data key='user.lic.dsr' value=''/>
    <data key='user.prod.dsr' value=''/>
    <data key='user.lic.dc' value='full'/>
    <data key='user.wodm_admin_username' value='wasadmin'/>
    <data key='user.wodm_admin_password' value='passw0rd'/>
    <data key='user.confirm_password' value='passw0rd'/>

  </profile>
  <install modify='false'>
    <!-- Decision Center 8.6.0.0 -->
    <offering profile='Operational Decision Manager V8.6' id='com.ibm.websphere.odm.dc.v86' version='8.6.0.20140507_2334' features='jdk,base,Decision Center,Rule Solutions for Office,com.ibm.wdc.rules.samples.feature,Documentation' installFixes='none'/>
    <!-- Decision Center profile templates for WebSphere Application Server   8.6.0.0 -->
    <offering profile='Operational Decision Manager V8.6' id='com.ibm.websphere.odm.pt.dc.v86' version='8.6.0.20140508_0103' features='main.feature' installFixes='none'/>
  </install>

I've highlighted the most substantial differences.

Following the normal Dave Hay practice of "Make a change, test a change", I first added in: -

    <data key='user.wodm_admin_username' value='wasadmin'/>
    <data key='user.wodm_admin_password' value='passw0rd'/>
    <data key='user.confirm_password' value='passw0rd'/>

but to no avail.

I then added in the remaining three lines: -

    <data key='user.lic.dsr' value=''/>
    <data key='user.prod.dsr' value=''/>
    <data key='user.lic.dc' value='full'/>

and that cracked it.

I've run through the installation a few times since I found the solution: -

/opt/IBM/InstallationManager/eclipse/tools/imcl uninstallAll
rm -Rf /opt/IBM/WebSphere/
/opt/IBM/InstallationManager/eclipse/tools/imcl -input ~/installODM86.rsp -acceptLicense

and it appears to work OK.

I am, however, going to throw away this VM, and build a brand-new one, just to be sure, to be sure :-)

#LifeIsGood

*UPDATE*

And ... it worked :-)

/tmp/Repo/IIM8/userinstc -input installODM86.rsp -acceptLicense

Installed com.ibm.cic.agent_1.8.0.20140902_1503 to the /opt/IBM/InstallationManager/eclipse directory.
Installed com.ibm.websphere.odm.dc.v86_8.6.0.20140507_2334 to the /opt/IBM/WebSphere/ODM86 directory.
Installed com.ibm.websphere.odm.ds.rules.v86_8.6.0.20140507_2359 to the /opt/IBM/WebSphere/ODM86 directory.
Installed com.ibm.websphere.ND.v85_8.5.5002.20140408_1947 to the /opt/IBM/WebSphere/AppServer directory.
Installed com.ibm.websphere.IHS.v85_8.5.5002.20140408_1947 to the /opt/IBM/HTTPServer directory.
Installed com.ibm.websphere.PLG.v85_8.5.5002.20140408_1947 to the /opt/IBM/WebSphere/Plugins directory.


Visual Studio Code - Wow 🙀

Why did I not know that I can merely hit [cmd] [p]  to bring up a search box allowing me to search my project e.g. a repo cloned from GitHub...