Thursday, 6 November 2014

IBM BPM - BPMConfig, Response Files and Escape Characters

This follows on from these two posts: -



This time around, I am using the BPMConfig command to create a BPM 8.5.5 Deployment Environment: -

/opt/IBM/WebSphere/AppServer/bin/BPMConfig.sh -create -de /mnt/hgfs/SoftwareLibrary/ResponseFiles/Advanced-PC-ThreeClusters-DB2.properties

which keeps failing with: -

/opt/IBM/WebSphere/AppServer/bin/BPMConfig.sh -create -de /mnt/hgfs/SoftwareLibrary/ResponseFiles/Advanced-PC-ThreeClusters-DB2.properties 
Logging to file /opt/IBM/WebSphere/AppServer/logs/config/BPMConfig_20141106-213359.log.
Validating the profile registry.
[]
Configuring the deployment manager.
Creating the deployment manager profile.
The following validation errors were present with the command line arguments: 
signingCertDN: Enter only one value for the signingCertDN parameter.
importSigningCertKS: importSigningCertKS cannot be empty.
importSigningCertKSType: importSigningCertKSType cannot be empty.
importSigningCertKSAlias: importSigningCertKSAlias cannot be empty.
CWMCB0003E: A profile was not created for Dmgr01.
The 'BPMConfig.sh -create -de /mnt/hgfs/SoftwareLibrary/ResponseFiles/Advanced-PC-ThreeClusters-DB2.properties' command failed. For more information, see the log file /opt/IBM/WebSphere/AppServer/logs/config/BPMConfig_20141106-213359.log.

and: -

...
2014-11-06 21:38.48.231 com.ibm.bpm.config.util.scripting.InvocationHelper.invokeCommand(): Result of executing /opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -templatePath BPM/BpmDmgr -profileName Dmgr01 -profilePath /opt/IBM/WebSphere/AppServer/profiles/Dmgr01 -cellName PCCell1 -nodeName Dmgr -hostName bpm855.uk.ibm.com -serverType DEPLOYMENT_MANAGER -enableAdminSecurity true -adminAliasName CellAdminAlias -adminUserName wasadmin -adminPassword ******** -personalCertDN cn=bpm855.uk.ibm.com,ou=bpm85Cell,ou=bpm85Node1,o=IBM,c=US -signingCertDN cn=bpm855.uk.ibm.com,ou=Root Certificate,ou=bpm85Cell,ou=bpm85Node1,o=IBM,c=US -personalCertValidityPeriod 15 -signingCertValidityPeriod 25 -keyStorePassword ******** -winserviceCheck false: 1
2014-11-06 21:38.48.231 com.ibm.bpm.config.util.scripting.InvocationHelper.invokeShellScript(): RETURN 1
2014-11-06 21:38.48.231 com.ibm.bpm.config.BPMConfig.invokeShellScript(): RETURN Result of execution: 1
2014-11-06 21:38.48.237 com.ibm.bpm.config.BPMConfig.main(): CWMCB0003E: A profile was not created for Dmgr01.
com.ibm.bpm.config.util.ConfigException: CWMCB0003E: A profile was not created for Dmgr01.

...

This is because I'm using the following line: -

bpm.dmgr.profileOptions=-personalCertDN "cn=bpm855.uk.ibm.com\\,ou=bpm85Cell\\,ou=bpm85Node1\\,o=IBM\\,c=US" -signingCertDN "cn=bpm855.uk.ibm.com\\,ou=Root Certificate\\,ou=bpm85Cell\\,ou=bpm85Node1\\,o=IBM\\,c=US" -personalCertValidityPeriod 15 -signingCertValidityPeriod 25 -keyStorePassword passw0rd

bpm.de.node.1.profileOptions=-personalCertDN "cn=bpm855.uk.ibm.com\\,ou=bpm85Cell\\,ou=bpm85Node1\\,o=IBM\\,c=US" -signingCertDN "cn=bpm855.uk.ibm.com\\,ou=Root Certificate\\,ou=bpm85Cell\\,ou=bpm85Node1\\,o=IBM\\,c=US" -personalCertValidityPeriod 15 -signingCertValidityPeriod 25 -keyStorePassword passw0rd

in my response file - Advanced-PC-ThreeClusters-DB2.properties - to override the defaults that BPMConfig uses when it creates a profile, as described here: -


Long story short, this was again down to the use of escape characters, which differs from my prior experience ( as per the previous blog posts ).

After much trial and error, I tested this hypothesis by manually executing the manageProfiles command using the exception listed above: -

/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -templatePath BPM/BpmDmgr -profileName Dmgr01 -profilePath /opt/IBM/WebSphere/AppServer/profiles/Dmgr01 -cellName PCCell1 -nodeName Dmgr -hostName bpm855.uk.ibm.com -serverType DEPLOYMENT_MANAGER -enableAdminSecurity true -adminAliasName CellAdminAlias -adminUserName wasadmin -adminPassword passw0rd -personalCertDN "cn=bpm855.uk.ibm.com,ou=bpm85Cell,ou=bpm85Node1,o=IBM,c=US" -signingCertDN "cn=bpm855.uk.ibm.com,ou=Root Certificate,ou=bpm85Cell,ou=bpm85Node1,o=IBM,c=US" -personalCertValidityPeriod 15 -signingCertValidityPeriod 25 -keyStorePassword passw0rd -winserviceCheck false: 1

which now completes with: -

INSTCONFSUCCESS: Success: Profile Dmgr01 now exists. Please consult /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/logs/AboutThisProfile.txt for more information about this profile.

The solution ?

In this case, I did NOT need to use the escape characters ( \ or \\ ) but I did need to use double-quotes ( "" ) to wrap up the certificate Distinguished Names.

Another lesson learned.

"Every day is a school day!"

No comments: