Friday, 30 December 2016

Red Hat Enterprise Linux 7.3 - Setting the Hostname

In the past, I've always used the hostname command to set … the hostname of a Red Hat Enterprise Linux 6.X box, and edited /etc/sysconfig/network but things they've a-changed ….

In RHEL 7.3, we now use the systemd-hostnamed command.

From this: -


</snip>
 NetworkManager now controls the host name using systemd-hostnamed

With this update, NetworkManager uses the systemd-hostnamed service to read and write the static host name, which is stored in the /etc/hostname file. Due to this change, manual modifications done to the /etc/hostname file are no longer picked up automatically by NetworkManager; users should change the system host name through the hostnamectl utility. Also, the use of the HOSTNAME variable in the /etc/sysconfig/network file is now deprecated. (BZ#1367916)
</snip>

Check the current hostname

hostnamectl 

   Static hostname: rhel72.uk.ibm.com
Transient hostname: bpm857.uk.ibm.com

         Icon name: computer-vm
           Chassis: vm
        Machine ID: 6bbac592627f45f5b36fcba08aa95fb3
           Boot ID: 6ca7b1f7d3ff4235940bb8765daf0adb
    Virtualization: vmware
  Operating System: Red Hat Enterprise Linux Server 7.3 (Maipo)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.3:GA:server
            Kernel: Linux 3.10.0-514.2.2.el7.x86_64
      Architecture: x86-64


Set the new hostname

hostnamectl set-hostname bpm857.uk.ibm.com

Reboot

reboot

Check the current hostname

hostnamectl 

   Static hostname: bpm857.uk.ibm.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 6bbac592627f45f5b36fcba08aa95fb3
           Boot ID: 9c1fe5e5fc324be48a5e52217ffd2496
    Virtualization: vmware
  Operating System: Red Hat Enterprise Linux Server 7.3 (Maipo)
       CPE OS Name: cpe:/o:redhat:enterprise_linux:7.3:GA:server
            Kernel: Linux 3.10.0-514.2.2.el7.x86_64
      Architecture: x86-64



VMware Fusion, Red Hat Enterprise Linux 7.3 and the Case of the Missing VMware Tools

So, having built out a new VM comprising Red Hat Enterprise Linux 7.3 ( aka Maipo ), I was startled to realise that VMware Tools was missing.

Because, of course, I'd forgotten to install them.

However, things got more tricky, as VMware themselves say: -

Open VM Tools is the open source implementation of VMware Tools and consist of a suite of virtualization utilities that improves the functionality, administration, and management of virtual machines on VMware hypervisors. VMware recommends using the Open VM Tools redistributed by the operating system vendors. To use Open VM Tools:

VMware Tools in a Red Hat Enterprise Linux 7 Guest

This, therefore, is what I did: -

yum install -y open-vm-tools

Loaded plugins: langpacks, product-id, rhnplugin, search-disabled-repos, subscription-manager
This system is receiving updates from RHN Classic or Red Hat Satellite.
Resolving Dependencies
--> Running transaction check
---> Package open-vm-tools.x86_64 0:10.0.5-2.el7 will be installed
--> Processing Dependency: fuse for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libfuse.so.2(FUSE_2.5)(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libfuse.so.2(FUSE_2.6)(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libmspack.so.0()(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libdnet.so.1()(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libfuse.so.2()(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libicuuc.so.50()(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libicudata.so.50()(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Processing Dependency: libicui18n.so.50()(64bit) for package: open-vm-tools-10.0.5-2.el7.x86_64
--> Running transaction check
---> Package fuse.x86_64 0:2.9.2-7.el7 will be installed
---> Package fuse-libs.x86_64 0:2.9.2-7.el7 will be installed
---> Package libdnet.x86_64 0:1.12-13.1.el7 will be installed
---> Package libicu.x86_64 0:50.1.2-15.el7 will be installed
---> Package libmspack.x86_64 0:0.5-0.4.alpha.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================================================
 Package                                         Arch                                     Version                                              Repository                                              Size
============================================================================================================================================================================================================
Installing:
 open-vm-tools                                   x86_64                                   10.0.5-2.el7                                         rhel-x86_64-server-7                                   513 k
Installing for dependencies:
 fuse                                            x86_64                                   2.9.2-7.el7                                          rhel-x86_64-server-7                                    85 k
 fuse-libs                                       x86_64                                   2.9.2-7.el7                                          rhel-x86_64-server-7                                    93 k
 libdnet                                         x86_64                                   1.12-13.1.el7                                        rhel-x86_64-server-7                                    31 k
 libicu                                          x86_64                                   50.1.2-15.el7                                        rhel-x86_64-server-7                                   6.9 M
 libmspack                                       x86_64                                   0.5-0.4.alpha.el7                                    rhel-x86_64-server-7                                    64 k

Transaction Summary
============================================================================================================================================================================================================
Install  1 Package (+5 Dependent packages)

Total download size: 7.6 M
Installed size: 26 M
Downloading packages:
(1/6): fuse-2.9.2-7.el7.x86_64.rpm                                                                                                                                                   |  85 kB  00:00:00     
(2/6): fuse-libs-2.9.2-7.el7.x86_64.rpm                                                                                                                                              |  93 kB  00:00:00     
(3/6): libdnet-1.12-13.1.el7.x86_64.rpm                                                                                                                                              |  31 kB  00:00:00     
(4/6): libicu-50.1.2-15.el7.x86_64.rpm                                                                                                                                               | 6.9 MB  00:00:12     
(5/6): libmspack-0.5-0.4.alpha.el7.x86_64.rpm                                                                                                                                        |  64 kB  00:00:00     
(6/6): open-vm-tools-10.0.5-2.el7.x86_64.rpm                                                                                                                                         | 513 kB  00:00:01     
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                       392 kB/s | 7.6 MB  00:00:19     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : libmspack-0.5-0.4.alpha.el7.x86_64                                                                                                                                                       1/6 
  Installing : libdnet-1.12-13.1.el7.x86_64                                                                                                                                                             2/6 
  Installing : libicu-50.1.2-15.el7.x86_64                                                                                                                                                              3/6 
  Installing : fuse-libs-2.9.2-7.el7.x86_64                                                                                                                                                             4/6 
  Installing : fuse-2.9.2-7.el7.x86_64                                                                                                                                                                  5/6 
  Installing : open-vm-tools-10.0.5-2.el7.x86_64                                                                                                                                                        6/6 
  Verifying  : open-vm-tools-10.0.5-2.el7.x86_64                                                                                                                                                        1/6 
  Verifying  : fuse-2.9.2-7.el7.x86_64                                                                                                                                                                  2/6 
  Verifying  : fuse-libs-2.9.2-7.el7.x86_64                                                                                                                                                             3/6 
  Verifying  : libicu-50.1.2-15.el7.x86_64                                                                                                                                                              4/6 
  Verifying  : libdnet-1.12-13.1.el7.x86_64                                                                                                                                                             5/6 
  Verifying  : libmspack-0.5-0.4.alpha.el7.x86_64                                                                                                                                                       6/6 

Installed:
  open-vm-tools.x86_64 0:10.0.5-2.el7                                                                                                                                                                       

Dependency Installed:
  fuse.x86_64 0:2.9.2-7.el7          fuse-libs.x86_64 0:2.9.2-7.el7          libdnet.x86_64 0:1.12-13.1.el7          libicu.x86_64 0:50.1.2-15.el7          libmspack.x86_64 0:0.5-0.4.alpha.el7         

Complete!

Having configured the VM to support Shared Folders and share a local ( to the Mac ) folder with the VM: -


I was then able to use the vmware-hgfsclient command: -

vmware-hgfsclient 

which returns: -

Repo

and then mount the remote folder ( Repo ) to the local folder ( /mnt ): -

vmhgfs-fuse -o allow_other .host:/Repo /mnt/

The mount command shows this: -

vmhgfs-fuse on /mnt type fuse.vmhgfs-fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)

Interestingly, the folder does NOT auto mount on reboot, which is different to the way that things used to work with VMware Fusion and older versions of Red Hat :-(

However, that was easily fixed by appending this: -

.host:/Repo /mnt fuse.vmhgfs-fuse allow_other,uid=1000,gid=1000,auto_unmount,defaults 0 0

to the /etc/fstab file, to ensure auto mounting post-reboots.

For the record, this is the guest: -

cat /etc/redhat-release 

Red Hat Enterprise Linux Server release 7.3 (Maipo)

uname -r

3.10.0-514.2.2.el7.x86_64

and this is the host: -

WebSphere Application Server 8.5.5 - Fixpack 11 Released

Latest fix packs for WebSphere Application Server

Red Hat Enterprise Linux 7.3 - Setting up a YUM Repository

Well, I've done this for most other RH-based distros over the years: -

so here goes for RHEL 7.3: -

Mount the RHEL ISO

mount /dev/cdrom  /mnt

Install the required RPMs

rpm -ivh /mnt/Packages/deltarpm-3.6-3.el7.x86_64.rpm 

rpm -ivh /mnt/Packages/python-deltarpm-3.6-3.el7.x86_64.rpm 

rpm -ivh /mnt/Packages/createrepo-0.9.9-23.el7.noarch.rpm

Install the GPG Key

rpm --import /mnt/RPM-GPG-KEY-redhat-release

Setup the Target Directory

mkdir /var/repo
mkdir /var/repo/rhel72
cd /var/repo/rhel72/


Copy the RPMs from the ISO

cp -R /mnt/Packages/* .

Create the Repository

cd ..
createrepo .


Update YUM to reflect the newly added Respository

mv /etc/yum.repos.d /etc/yum.repos.original

mkdir /etc/yum.repos.d

cd /etc/yum.repos.d/

vi server.repo

inserting: -

[server]
gpgcheck=1
name=rhel72
baseurl=file:///var/repo


Unmount the ISO

umount /mnt

Validate the Repository

yum list

Install an RPM from the Repository

yum install -y telnet

Job done

Thursday, 29 December 2016

SSH with Passwords - And there's more

Following on from my earlier post: -



this is my first walk-through of the setup required to enable password-less authentication on Red Hat Enterprise Linux, using my own public/private key pair

Update my public key to the target server - on my Mac client

scp ~/.ssh/id_rsa.pub root@rhel66:~

root@rhel66's password: 
id_rsa.pub 100%  417     1.3MB/s   00:00    

Add the public key to the list of authorised keys for the target user - root - on the target server

cat id_rsa.pub >> ~/.ssh/authorized_keys

Update the SSHD Configuration to support passwordless authentication - on the target server

vi /etc/ssh/sshd_config 

appending: -

HostKey /etc/ssh/ssh_host_rsa_key
PermitRootLogin without-password
PubkeyAuthentication yes
PasswordAuthentication no
RSAAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Restart SSHD - on the target server

service sshd restart

Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

Access server using my private key - on my Mac client

ssh -i ~/.ssh/id_rsa root@rhel66

Enter passphrase for key '/Users/davidhay/.ssh/id_rsa': 
Last login: Thu Dec 29 16:26:43 2016 from 192.168.153.1


Note that, although I didn't present a password for the target root user, I *did* enter a passphrase for my personal key - security is important

Validate - on the target server

uname -a

Linux rhel66.uk.ibm.com 2.6.32-642.11.1.el6.x86_64 #1 SMP Wed Oct 26 10:25:23 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux

cat /etc/redhat-release 

Red Hat Enterprise Linux Server release 6.8 (Santiago)

whoami 

root

With thanks to this: -


for some all-important inspiration.

OpenSSL - Tripped and fell on macOS

I was tinkering with a script that I'd written to test HTTPS endpoints: -

test.sh 

(echo -ne "GET /DecisionService/ws/HelloWorldProject/1.0/HelloWorld?WSDL HTTP/1.0\r\nHost: example.com\r\n\r\n" ; cat) | openssl s_client -connect localhost:443

Specifically it gets a WSDL from an HTTPS endpoint, but that's not important right now.

When I ran it on a macOS Sierra box: -

(echo -ne "GET /index.html HTTP/1.0\r\nHost: example.com\r\n\r\n" ; cat) | openssl s_client -connect spapc.uk.ibm.com:8443

I saw this: -

CONNECTED(00000003)
33208:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.30.2/src/ssl/s23_clnt.c:618:


The target box is running IBM HTTP Server, and is configured only support TLS 1.2, as per this: -

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 8443
<VirtualHost *:8443>
SSLProtocolEnable TLSv12
SSLProtocolDisable SSLv2 SSLv3 TLSv10 TLSv11

SSLEnable
</VirtualHost>
KeyFile /opt/ibm/HTTPServer/BPM/ssl/keystore.kdb
SSLDisable


and I was seeing this: -

[Thu Dec 29 15:52:11 2016] [warn] [client 10.0.0.1] [7fd354031c20] [4204] SSL0222W: SSL Handshake Failed, No ciphers specified (no shared ciphers or no shared protocols).  [10.0.0.1:50171 -> 10.41.0.148:8443] [15:52:11.000508812] 0ms

in the IHS error_log.

Alas, it seems that the openssl client on macOS doesn't support TLS 1.2, only 1.0, as per this: -

openssl s_client -connect

usage: s_client args

 -host host     - use -connect instead
 -port port     - use -connect instead
 -connect host:port - who to connect to (default is localhost:4433)
 -verify depth - turn on peer certificate verification
 -cert arg     - certificate file to use, PEM format assumed
 -certform arg - certificate format (PEM or DER) PEM default
 -key arg      - Private key file to use, in cert file if
                 not specified but cert file is.
 -keyform arg  - key format (PEM or DER) PEM default
 -pass arg     - private key file pass phrase source
 -CApath arg   - PEM format directory of CA's
 -CAfile arg   - PEM format file of CA's
 -reconnect    - Drop and re-make the connection with the same Session-ID
 -pause        - sleep(1) after each read(2) and write(2) system call
 -showcerts    - show all certificates in the chain
 -debug        - extra output
 -msg          - Show protocol messages
 -nbio_test    - more ssl protocol testing
 -state        - print the 'ssl' states
 -nbio         - Run with non-blocking IO
 -crlf         - convert LF from terminal into CRLF
 -quiet        - no s_client output
 -ign_eof      - ignore input eof (default when -quiet)
 -no_ign_eof   - don't ignore input eof
 -ssl2         - just use SSLv2
 -ssl3         - just use SSLv3
 -tls1         - just use TLSv1
 -dtls1        - just use DTLSv1
...

If I compare this to a RHEL 6.6 box, I can see that TLS 1.2 *is* supported by later versions of the openssl client: -

openssl s_client -connect

 -ssl2         - just use SSLv2
 -ssl3         - just use SSLv3
 -tls1_2       - just use TLSv1.2
 -tls1_1       - just use TLSv1.1
 -tls1         - just use TLSv1

 -dtls1        - just use DTLSv1


On the Mac, I have this version of openssl : -

openssl version

OpenSSL 0.9.8zh 14 Jan 2016

whereas on RHEL, I have this version: -

openssl version

OpenSSL 1.0.1e-fips 11 Feb 2013

In other words, a more recent version but an older date :-(

For the record, when I run my test on the RHEL box, it does what I'd expect :-)

So, c'mon, Apple, please update openssl :-)

More on SSH and PKI - Setting the appropriate permissions on your private key files

Following my earlier post: -


it's worth noting that Linux will attempt to help you out by warning you if your private key files have inappropriately weak permissions, as per this example: -

ssh-keygen -y -e -f ~/Downloads/foobar.cer 

which returns: -

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/davidhay/Downloads/foobar.cer' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/Users/davidhay/Downloads/foobar.cer": bad permissions


This is what the file looks like post-download: -

ls -al ~/Downloads/foobar.cer 

-rw-r--r--@ 1 davidhay  staff  1683 29 Dec 11:08 /Users/davidhay/Downloads/foobar.cer



Once I change it to 400: -

chmod 400 ~/Downloads/foobar.cer 

which means: -



or: -

-r--------@ 1 davidhay  staff  1683 29 Dec 11:08 /Users/davidhay/Downloads/foobar.cer

all is well

ssh-keygen -y -e -f ~/Downloads/foobar.cer 

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by 
dave@mac"
AAAAB3NzaC1yc7EAAAAAAQABAAABAQAAutYt3P7YNNOWG6Ve/xTpeNnkNwAARBzb0jiA7/
A7XT5x0xOVXrwrlefIU6ZFBfR1QLc54xCWPk7j77u4ZfsUE57+rSfFFHAm3T7/H5GVW7Ct
tS7mB/UoiXJtfOo9uNHNSrSOOqAQKAtAAprKzghREhoroIeb65TkzpA6cfAAmcE+ySCTNS
li7sALtAnBwCwFJGQUBKot77Xce1q04uhr9sYknOvRAVmTaihYAeaSgLh+UTAIeJ4/AABP
7+gAyuHK6pPJ9WEyUGHh3HAUio8o3uAx8VoZfnE+Y79y5XIpWT6+xrSG4XskRjPAy+9JsR
bsm3jS3qi08T649/aLL67A
---- END SSH2 PUBLIC KEY ——



PKI - Using Public and Private Keys to access Linux via SSH

foobars ever, I have been on a voyage of discovery, learning how to access a remote Red Hat box ( RHEL 7.2 ) via SSH without passwords.

Long story short, this RHEL box is actually hosted on KVM using Open Stack, but that's not important right now.

My client is macOS Sierra, which is good to know, but not totally relevant to my voyage.

Having created the box using OpenStack, which means that I have my own public/private key pair associated with the box at build time, I wanted to add a second user into the mix.

I used the OpenStack web UI to create a second public/private key pair, which resulted in me downloading the private key in PEM format as a .CER file.

I validated this using the file command: -

file ~/Downloads/foobar.cer 

/Users/davidhay/Downloads/foobar.cer: PEM RSA private key

So, having the private key for the second user, I needed to ensure that the Red Hat box had the corresponding public key.

The OpenStack UI gives me the ability to view the newly created public key, via Compute -> Access & Security -> Key Pair Details, which returned the name, fingerprint and the public key.

The public key is returned as a string of text: -

ssh-rsa 2222B3Nz2C1yc2E2222D2Q2B222B2QCo23fBjN2DMrhlXsWb6J3+Wrdcy/j28EhylY+Uc8/DzmbCm1ycCEuCDUpBdldD+2YpTyjQkH8ot0r4DWQDCM52o/rw1wV58tZniO60jiwdEDYy6mO5oPdhib598UQs0Ny67dCRE7wW+2NVcrIs2F5DLWMnBxUlQcdxiiHmqDwZ/KF25SS9RvEuNDVhfd0+DkbnvWhtf2D12ODdeSMUJ2to+ztDDW+mf6tpDqQDwJRhITkn2dziDdDlpSkHSDZw4Q7QmkSNsuv9Tj1BWKFDfuIq+ns3SU6/sqi8QvIXc+KWRnk3893EJDYqBjNH5ut2itHjVnlMhx0Bh+Mpiilz/c5x Generated-by-Nova

In order to use this on the remote RHEL box, I merely needed to add that string into a file, authorized_keys, on the remote box, in the target user's home directory: -

/home/bob/.ssh/authorized_keys

( In this case, the target user is bob )

With this in place, I should simply be able to ssh into the target box using the private key: -

ssh -i ~/foobar/foobar.cer bob@bpm101

In other words, running the ssh command with the -i switch to assert an identity contained within the certificate ~/foobar/foobar.cer for the remote user bob on the remote host bpm101.

Alas, this failed with: -

Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

I turned on various levels of debug within the ssh command: -

ssh -v -i ~/foobar/foobar.cer bob@bpm101

which returned: -

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/davidhay/foobar/foobar.cer
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


ssh -vv -i ~/foobar/foobar.cer bob@bpm101

which returned: -

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/davidhay/foobar/foobar.cer
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


ssh -vvv -i ~/foobar/foobar.cer bob@bpm101

which returned: -

debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /Users/davidhay/foobar/foobar.cer
debug3: sign_and_send_pubkey: RSA SHA256:oIgBs7ffmebquR2tOmhRDF1lrCs/8VBmU03OyGyslCA
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).


all of which was useful, but not that revealing.

I also started digging into the SSH logs on the server: -

journalctl _COMM=sshd

Dec 29 10:11:24 bpm101.novalocal sshd[29765]: Connection closed by 10.1.1.1 [preauth]
Dec 29 10:26:02 bpm101.novalocal sshd[30604]: Connection closed by 10.1.1.1 [preauth]
Dec 29 10:27:45 bpm101.novalocal sshd[30684]: Connection closed by 10.1.1.1 [preauth]
Dec 29 10:30:12 bpm101.novalocal sshd[30834]: Connection closed by 10.1.1.1 [preauth]


So I was at my wit's end …..

Then, last night, I started to wonder how I could compare the newly created public AND private key.

The internet brought me this: -


This made reference to the ssh-keygen command, which can be used as follows: -

ssh-keygen -y -e -f foobar/foobar.cer

This inspects the private key ( foobar.cer ) and returns the corresponding public key: -

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by 
dave@mac"
AAAAB3NzaC1yc7EAAAAAAQABAAABAQAAutYt3P7YNNOWG6Ve/xTpeNnkNwAARBzb0jiA7/
A7XT5x0xOVXrwrlefIU6ZFBfR1QLc54xCWPk7j77u4ZfsUE57+rSfFFHAm3T7/H5GVW7Ct
tS7mB/UoiXJtfOo9uNHNSrSOOqAQKAtAAprKzghREhoroIeb65TkzpA6cfAAmcE+ySCTNS
li7sALtAnBwCwFJGQUBKot77Xce1q04uhr9sYknOvRAVmTaihYAeaSgLh+UTAIeJ4/AABP
7+gAyuHK6pPJ9WEyUGHh3HAUio8o3uAx8VoZfnE+Y79y5XIpWT6+xrSG4XskRjPAy+9JsR
bsm3jS3qi08T649/aLL67A
---- END SSH2 PUBLIC KEY ——


I compared this to the public key that I'd stored on the server: -

2222B3Nz2C1yc2E2222D2Q2B222B2QCo23fBjN2DMrhlXsWb6J3+Wrdcy/j28EhylY+Uc8/DzmbCm1ycCEuCDUpBdldD+2YpTyjQkH8ot0r4DWQDCM52o/rw1wV58tZniO60jiwdEDYy6mO5oPdhib598UQs0Ny67dCRE7wW+2NVcrIs2F5DLWMnBxUlQcdxiiHmqDwZ/KF25SS9RvEuNDVhfd0+DkbnvWhtf2D12ODdeSMUJ2to+ztDDW+mf6tpDqQDwJRhITkn2dziDdDlpSkHSDZw4Q7QmkSNsuv9Tj1BWKFDfuIq+ns3SU6/sqi8QvIXc+KWRnk3893EJDYqBjNH5ut2itHjVnlMhx0Bh+Mpiilz/c5x

which, of course, didn't match.

I updated the server's authorized-keys file: -

vi .ssh/authorized_keys 

adding: -

ssh-rsa AAAAB3NzaC1yc7EAAAAAAQABAAABAQAAutYt3P7YNNOWG6Ve/xTpeNnkNwAARBzb0jiA7/A7XT5x0xOVXrwrlefIU6ZFBfR1QLc54xCWPk7j77u4ZfsUE57+rSfFFHAm3T7/H5GVW7CttS7mB/UoiXJtfOo9uNHNSrSOOqAQKAtAAprKzghREhoroIeb65TkzpA6cfAAmcE+ySCTNSli7sALtAnBwCwFJGQUBKot77Xce1q04uhr9sYknOvRAVmTaihYAeaSgLh+UTAIeJ4/AABP7+gAyuHK6pPJ9WEyUGHh3HAUio8o3uAx8VoZfnE+Y79y5XIpWT6+xrSG4XskRjPAy+9JsRbsm3jS3qi08T649/aLL67A

Once I saved the file, I was then able to connect: -

ssh -i ~/foobar/foobar.cer bob@bpm101

without problems.

So, long story even shorter, in order to use SSH and public/private keys for authentication, the public key ( stored on the target server ) needs to match the private key ( stored on the client ).

Perhaps that's obvious :-)

It is now …..


Thursday, 22 December 2016

IBM API Connect - On Docker

Designed for organizations looking to streamline and accelerate their journey into the API economy, IBM API Connect is a comprehensive management solution that addresses all four aspects of the API lifecycle: create, run, manage and secure. This makes API Connect far more cost-effective than limited point solutions that focus on just a few lifecycle phases and can end up collectively costing more as organizations piece components together.

By installing IBM API Connect Docker images, you can run a complete IBM API Connect on-premises environment on your local machine.

 macOS Sierra and the stalled Xcode update

For some strange reason, Xcode decided not to update on my macOS Sierra box this AM, instead just sitting there in a "Waiting" state.

As ever, I jumped onto Google and found this: -


which says, in part: -

Copied from my answer in the developer forums:

Going to Applications in Finder and moving Xcode to the trash bin fixed the problem for me. As soon as I entered in my password to confirm moving Xcode to the trash, the App Store prompted me on whether or not I wanted to cancel the update or delete the app. I opted to delete Xcode, and the App Store immediately began downloading the update.

Once I did this, re-entered my Apple password within the Updates app, it just started working :-)


DB2 10.5 - Autostarting on Red Hat Enterprise Linux 7.2

I'm getting to grips with Red Hat Enterprise Linux (RHEL) 7.2, in the context of DB2, IBM BPM etc.

Question

Why does DB2 not autostart on Red Hat Enterprise Linux 7 

Cause

In Red Hat Enterprise Linux 7, systemd replaces upstart as the default init system. 

The DB2 fault monitor does not support the systemd init system.

so here we go: -

Check RHEL version

cat /etc/redhat-release 

Red Hat Enterprise Linux Server release 7.2 (Maipo)

Check DB2 version

/opt/ibm/db2/V10.5/bin/db2level

DB21085I  This instance or install (instance name, where applicable: 
"db2inst1") uses "64" bits and DB2 code release "SQL10058" with level 
identifier "0609010E".
Informational tokens are "DB2 v10.5.0.8", "s160901", "IP23993", and Fix Pack 
"8".
Product is installed at "/opt/ibm/db2/V10.5".


Checking what's in the inittab

cat /etc/inittab 

# inittab is no longer used when using systemd.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target
#
fmc:2345:respawn:/opt/ibm/db2/V10.5/bin/db2fmcd #DB2 Fault Monitor Coordinator

Removing the db2fmcd entry

( as root )

/opt/ibm/db2/V10.5/bin/db2fmcu -d

cat /etc/inittab

# inittab is no longer used when using systemd.
#
# ADDING CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# Ctrl-Alt-Delete is handled by /usr/lib/systemd/system/ctrl-alt-del.target
#
# systemd uses 'targets' instead of runlevels. By default, there are two main targets:
#
# multi-user.target: analogous to runlevel 3
# graphical.target: analogous to runlevel 5
#
# To view current default target, run:
# systemctl get-default
#
# To set a default target, run:
# systemctl set-default TARGET.target
#


Create db2fmcd.service file

vi /etc/systemd/system/db2fmcd.service

[Unit]
Description=DB2V105

[Service]
ExecStart=/opt/ibm/db2/V10.5/bin/db2fmcd
Restart=always

[Install]
WantedBy=default.target

Enable new service

systemctl enable db2fmcd
systemctl start db2fmcd

Reboot

reboot

Check what's running

ps -elf | grep -i db2

4 S dasusr1   1038     1  0  80   0 - 88040 poll_s 06:54 ?        00:00:00 /home/dasusr1/das/adm/db2dasrrm
4 S root      1403     1  0  80   0 - 300693 futex_ 06:54 ?       00:00:00 db2wdog 0 [db2inst1]
4 S db2inst1  1405  1403  0  80   0 - 383197 futex_ 06:54 ?       00:00:00 db2sysc 0
1 S root      1411  1403  0  80   0 - 300693 msgrcv 06:54 ?       00:00:00 db2ckpwd 0
1 S root      1412  1403  0  80   0 - 300693 msgrcv 06:54 ?       00:00:00 db2ckpwd 0
1 S root      1413  1403  0  80   0 - 300693 msgrcv 06:54 ?       00:00:00 db2ckpwd 0
4 S db2inst1  1423  1403  0  80   0 - 169326 SYSC_s 06:54 ?       00:00:00 db2acd 0 ,0,0,0,1,0,0,0,0000,1,0,995cf0,14,1e014,2,0,1,41fc0,0x210000000,0x210000000,1600000,20002,2,a8010
0 S db2inst1  1505  1403  0  80   0 - 127272 pipe_w 06:55 ?       00:00:00 db2vend (PD Vendor Process - 1) 0
4 S root      1511   984  0  80   0 - 28162 pipe_w 06:55 pts/0    00:00:00 grep --color=auto -i db2


netstat -aon | grep 60006

tcp6       0      0 :::60006                :::*                    LISTEN      off (0.00/0/0)

With thanks to this: -

Wednesday, 21 December 2016

Note to self - running commands via the Switch User command - su

For reference, as I know I'll need this again before too long …

This is how I can stop the DB2 Administration Server and DB2 instance without needing to explicitly log in as a DB2 user: -

su - -c "db2admin stop" dasusr1

su - -c "db2stop" db2inst1

So that's all good then :-)

Docker - Setting Environment Variables within the Container

Something on Slack prompted me to look into this today …

The requirement is to have the value of an environment variable passed from the host to the container, which I've POC'd below ( using WebSphere Liberty Profile ) on my Mac.

Set an environment variable

export FOOBAR="Hello World"

Validate the value of the environment variable

echo $FOOBAR

Hello World

Start a container from an existing image, passing in the environment variable

handle=`docker run -d -t -p 80:9080 -p 443:9443 -e FOOBAR --name WLP websphere-liberty:latest`

Check that the container is running

docker ps -a

CONTAINER ID        IMAGE                      COMMAND                  CREATED             STATUS              PORTS                                         NAMES
58fa4ffd7893        websphere-liberty:latest   "/opt/ibm/docker/dock"   4 seconds ago       Up 2 seconds        0.0.0.0:80->9080/tcp, 0.0.0.0:443->9443/tcp   WLP


Validate the variable created as a handle to the container ( makes subsequent commands easier )

echo $handle

58fa4ffd789332526e6f66b39c233a654cc4ae3e76b689721f41d0b11863be1e

Open a command prompt against the container

docker exec -i -t $handle /bin/bash

root@58fa4ffd7893:/#

Validate the value of the environment variable

echo $FOOBAR

Hello World


*UPDATE*

It transpires that I can also do this: -

handle=`docker run -d -t -p 80:9080 -p 443:9443 -e SNAFU="$FOOBAR" --name WLP websphere-liberty:latest`

where I'm setting a variable called SNAFU ( visible inside the container ) to the value of the external variable FOOBAR.

Job done :-)

With thanks to this: -


and this: -

Deploy an IBM Operational Decision Manager topology with Docker Compose

To be competitive, companies must build, deploy, and scale applications faster than before. With adoption of the continuous build and DevOps approaches, application architecture trends shift from a monolithic model to an assembly of microservices working together, potentially developed and operated by different teams.

Docker® is a popular open source technology to develop and deploy microservices as micro-containers. Each micro-container runs your microservice in isolation with an accelerated deployment, compared to deploying directly on the operating system or on hypervisor software.

With IBM® Operational Decision Manager (ODM), all lines of business in an organization can capture and automate their decision expertise to be applied to a large volume of data. IT and business users alike can manage the business decision logic that is used by operational systems within an organization. IBM ODM Standard covers all the authoring, test, simulation, deployment and operation tasks for your business policies (implemented as decision services).

You might wonder, "Can we leverage Docker technology when deploying IBM ODM?" For example, you might be interested in deploying IBM ODM Decision Center and Decision Server as micro-containers to support your DevOps lifecycle in an agile and automated way. More precisely, you can benefit from a simplified and accelerated deployment for your team's development and test stages. If you reproduce your IBM ODM environment through simulation, pre-production, and production phases, you benefit with repeatability in your deployment orchestration.

This tutorial focuses on how to prepare Docker images, instantiate micro-containers, and compose them to build an IBM ODM Standard topology, including the Decision Center and Decision Server Rules (the Rule Execution Server) components

Monday, 19 December 2016

IBM Business Process Manager 8.5.7 - Updated

I noticed that a new fix pack for IBM BPM 8.5.7 has been released a few days ago: -


as per this: -


With this update, you can 
• Optimize your business operations by using the leading Business Process Management platform at a low-cost entry point. For more information, see IBM Business Process Manager on Cloud Express offers a new opportunity to start automating business operations.
• Create much more when you use the web IBM Process Designer, including service flows and events.
• Collaborate on tasks directly from the IBM Process Portal by using IBM Sametime and IBM Connections.
• Integrate Watson cognitive services into your IBM BPM solutions by using the latest REST integration enhancements.
• Perform log analysis in the cloud for your existing IBM BPM on-premise deployment. For more information, see the blog.
• Use the IBM BPM default theme to style coaches created by using the Salient Process SPARK UI toolkit

IBM BPM V8.5.7 Cumulative Fix 2016.12 also offers new supported environments: 

• Ubuntu 16.04 on x86
• Safari on Apple iOS 10 for iPad and iPhone (Process Portal and coaches)
• Safari 9.1 for Mac OS (Process Portal and coaches)
• Microsoft Edge (now supported for web Process Designer)
• IBM DB2 11.1 Advanced Workgroup Server Edition (AWSE) is now available for download from IBM Passport Advantage for IBM BPM Standard and IBM BPM Advanced

Friday, 9 December 2016

IBM BPM - Upgrading and Adding Java 1.7.1 in one fell swoop - the latest BPM

Added to this: -


And, as promised, here's a similar set of steps, but with the the latest BPM 8.5.7 code: -


Starting Position

/opt/ibm/InstallationManager/eclipse/tools/imcl listInstalledPackages

com.ibm.cic.agent_1.8.5000.20160506_1125
com.ibm.bpm.ADV.v85_8.5.5000.20140604_1130
com.ibm.websphere.ND.v85_8.5.5010.20160721_0036
com.ibm.websphere.odm.ds.rules.v87_8.7.1001.20151006_2017
com.ibm.websphere.odm.pt.rules.v87_8.7.1001.20151007_0005
com.ibm.websphere.IHS.v85_8.5.5010.20160721_0036
com.ibm.websphere.PLG.v85_8.5.5010.20160721_0036

Start Deployment Environment

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -start -profile Dmgr01 -de De1

Logging to file /opt/ibm/WebSphere/AppServer/logs/config/BPMConfig_20161209-081938.log.
Starting cluster MECluster.
Starting cluster AppCluster.
Starting cluster SupCluster.
The 'BPMConfig.sh -start -profile Dmgr01 -de De1' command completed successfully.

Start IHS

/opt/ibm/HTTPServer/bin/apachectl -k start -f /opt/ibm/HTTPServer/BPM/conf/httpd.conf

Deploy Sample Application

Start WSAdmin - to AppClusterMember1 SOAP port

/opt/ibm/WebSphereProfiles/Dmgr01/bin/wsadmin.sh -port 8880 -lang jython -user wasadmin -password passw0rd

Deploy Snapshot

AdminTask.BPMInstallOfflinePackage('[-inputFile /home/wasadmin/BAMTST_V4.zip]')

Quit

quit

Validate BPM URLs

Process Portal


Process Admin


Instrumentation


Performance Admin


BPC Explorer


REST UI Tester


Start and Test a BPD

Run through a multi-activity BPD, and defer an activity for later

Stop Deployment Environment

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -stop -profile Dmgr01 -de De1

username:  wasadmin
password:  passw0rd
Stopping cluster SupCluster.
Stopping cluster AppCluster.
Stopping cluster MECluster.
The 'BPMConfig.sh -stop -profile Dmgr01 -de De1 -username wasadmin -password ********' command completed successfully.

Stop Node Agent

/opt/ibm/WebSphereProfiles/AppSrv01/bin/stopNode.sh -user wasadmin -password passw0rd

ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/AppSrv01/logs/nodeagent/stopServer.log
ADMU0128I: Starting tool with the AppSrv01 profile
ADMU3100I: Reading configuration for server: nodeagent
ADMU3201I: Server stop request issued. Waiting for stop status.
ADMU4000I: Server nodeagent stop completed.

Stop Deployment Manager

/opt/ibm/WebSphereProfiles/Dmgr01/bin/stopManager.sh -user wasadmin -password passw0rd

ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/Dmgr01/logs/dmgr/stopServer.log
ADMU0128I: Starting tool with the Dmgr01 profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3201I: Server stop request issued. Waiting for stop status.
ADMU4000I: Server dmgr stop completed.

Stop IHS

/opt/ibm/HTTPServer/bin/apachectl -k stop -f /opt/ibm/HTTPServer/BPM/conf/httpd.conf

List What's Available to Install

/opt/ibm/InstallationManager/eclipse/tools/imcl listAvailablePackages -repositories /mnt/hgfs/foo/,/mnt/hgfs/bar/repository/WBI/,/mnt/hgfs/plob/

com.ibm.websphere.IBMJAVA.v71_7.1.3040.20160720_1746
com.ibm.websphere.liberty.IBMJAVA.v71_7.1.3040.20160720_1746
com.ibm.bpm.ADV.v85_8.5.7000.20160301_1551
com.ibm.bpm.ADV.v85_8.5.700201609.20160928_1258
com.ibm.bpm.EXP.v85_8.5.700201609.20160928_1258
com.ibm.bpm.PS.v85_8.5.700201609.20160928_1258
com.ibm.bpm.STD.v85_8.5.700201609.20160928_1258

Create Response File for Upgrade

vi upgradeBPM855_to_857.rsp 

<?xml version='1.0' encoding='UTF-8'?>
<agent-input>
  <server>
    <repository location='/mnt/hgfs/foo' temporary='true'/>
    <repository location='/mnt/hgfs/bar/repository/WBI' temporary='true'/>
    <repository location='/mnt/hgfs/plob/' temporary='true'/>
  </server>
  <profile id='IBM WebSphere Application Server V8.5' installLocation='/opt/ibm/WebSphere/AppServer'>
    <data key='cic.selector.arch' value='x86'/>
  </profile>
  <install>
    <offering profile='IBM WebSphere Application Server V8.5' id='com.ibm.bpm.ADV.v85' version='8.5.700201609.20160928_1258' features='AdvancedProcessServer.NonProduction'/>
    <offering profile='IBM WebSphere Application Server V8.5' id='com.ibm.websphere.IBMJAVA.v71' version='7.1.3040.20160720_1746' features='com.ibm.sdk.7.1'/>
  </install>
  <preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/ibm/IMShared'/>
</agent-input>

Install Java 1.7.1 and BPM 8.5.7

/opt/ibm/InstallationManager/eclipse/tools/imcl -input upgradeBPM855_to_857.rsp -acceptLicense

Updated to com.ibm.bpm.ADV.v85_8.5.700201609.20160928_1258 in the /opt/ibm/WebSphere/AppServer directory.
Installed com.ibm.websphere.IBMJAVA.v71_7.1.3040.20160720_1746 to the /opt/ibm/WebSphere/AppServer directory.

Upgrade DB Schemas

/opt/ibm/WebSphere/AppServer/bin/DBUpgrade.sh -profileName Dmgr01

IBM Business Process Manager 8.5.7.201609 Upgrade

Executing Command: /opt/ibm/WebSphere/AppServer/bin/DBUpgrade.sh -profileName Dmgr01

Loading environment settings

Profile path: /opt/ibm/WebSphereProfiles/Dmgr01 
Whether it's ND environment: true 

Migration logs are saved under /opt/ibm/WebSphereProfiles/Dmgr01/logs.

Begin to set WCCM system properties.
End of setting WCCM system properties.

Start to generate database upgrade SQL scripts for source version: 8.5.5.0
Create upgrade SQL files for component PDW, SQL files created under /opt/ibm/WebSphereProfiles/Dmgr01/dbscripts/Upgrade/PSCell1.De1/DB2/PDWDB.db2user1
Create upgrade SQL files for component ProcessServer, SQL files created under /opt/ibm/WebSphereProfiles/Dmgr01/dbscripts/Upgrade/PSCell1.De1/DB2/BPMDB.db2user1
CWMCO6009I: The BPMGenerateUpgradeSchemaScripts command completed successfully.
Database upgrade SQL scripts was generated successfully.

Loading Process Server database info using JNDI jdbc/TeamWorksDB
Loading Performance database info using JNDI jdbc/PerformanceDB
Loading BPC database info using JNDI jdbc/BPEDB
Loading Common database info using JNDI jdbc/CommonDB
Loading Cell scoped database info using JNDI jdbc/WPSDB
Loading Business Space database info using JNDI jdbc/mashupDS

This action will permanently modify the data in your database (BPMDB.db2user1, PDWDB.db2user1, CMNDB.db2user1)! It is critical that you perform a backup of the database so that it can be restored if errors occur during the upgrade. Please confirm that the database has been backed up before continuing with the upgrade.
Please input [y/n]:
y
Your answer is "Yes". The upgrade will continue...
Checking upgrade prerequisites
Starting upgrade tool

IBM Business Process Manager V8.5.7.201609 Enterprise database upgrade program started.

Verifying the current database configuration.
Successfully connected to Process Server database.
Checked Process Server database, appears to be a valid Process Server database.
Successfully connected to Performance Data Warehouse database.
Checked Performance Data Warehouse database, appears to be a valid Performance Data Warehouse database.
Successfully connected to Cell scoped database.
Checked Cell scoped database, appears to be a valid Cell scoped database.
Successfully connected to Common database.
Checked Common database, appears to be a valid Common database.
Successfully connected to BPC database.
Checked BPC database, appears to be a valid BPC database.
Successfully connected to Business Space database.
Checked Business Space database, appears to be a valid Business Space database.

Executing upgrade step: Validating current database version and checking upgrade SQL scripts
Executing upgrade step: Add bpmAuthor and administrative security user to LSW_USR, LSW_USR_XREF and LSW_USR_GRP_MEM_XREF tables
Executing upgrade step: Remove old event manager instance if WLE7x and BPM75 are not in the same machine
*** Executing upgrade step: Upgrade from version 8.5.5 to 8.5.6. ***
Executing upgrade step: Upgrade 8.5.5 schema to 8.5.6 for database ProcessServerDatabase.
Executing upgrade step: Populating new columns in the LSW_BPD_INSTANCE table....
Executing upgrade step: Upgrade 8.5.5 schema to 8.5.6 for database PerfServerDatabase.
*** Executing upgrade step: Upgrade from version 8.5.6 to 8.5.7. ***
Executing upgrade step: Upgrade 8.5.6 schema to 8.5.7 for database ProcessServerDatabase.
Executing upgrade step: Remove the saved search admin from the process admin console..
Executing upgrade step: Updating PO data of client side human service items in LSW_PO_VERSIONS table..
Begin time: Fri Dec 09 16:13:29 GMT 2016
100% completed
End time: Fri Dec 09 16:13:30 GMT 2016
Executing upgrade step: Upgrade 8.5.6 schema to 8.5.7 for database PerfServerDatabase.
*** Executing upgrade step: Upgrade from version 8.5.7 to 8.5.7.201609. ***
Executing upgrade step: Upgrade 8.5.7 schema to 8.5.7.201609 for database ProcessServerDatabase.
Executing upgrade step: Adding a new environment variable type REST....
Executing upgrade step: Deleting duplicate Process Portal Favorites....
Executing upgrade step: Setting deprecated component SAP Guided Workflow to include string decprecated.
Executing upgrade step: Upgrade 8.5.7 schema to 8.5.7.201609 for database PerfServerDatabase.
Executing upgrade step: Deactivate the Process Portal process app
Successfully executed 7 upgrade steps.
Process Server database is now version 8.5.7.201609.
Performance Data Warehouse database is now version 8.5.7.201609.
Process Server and Performance Data Warehouse database upgrade completed successfully.

Executing upgrade step: Replace the recorded cell name at the BPC database.
Successfully executed 1 upgrade steps.
Advanced database upgrade completed successfully.

IBM Business Process Manager V8.5.7.201609 Enterprise database upgrade program finished.

Creating /opt/ibm/WebSphereProfiles/Dmgr01/logs/De1.DBUpgrade.success
All upgrade steps have been completed successfully.

Start Deployment Manager

/opt/ibm/WebSphereProfiles/Dmgr01/bin/startManager.sh

CWUPO0001I: Running configuration action detectNewProducts.ant
CWUPO0002I: Running long-running configuration action BPMConfigUpgrade.ant
CWUPO0002I: Running long-running configuration action BootstrapProcessServerData.ant
CWUPO0002I: Running long-running configuration action BPMToolkitUpgrade.ant
CWUPO0001I: Running configuration action ejb-deploy-clear-cache.ant
CWUPO0001I: Running configuration action clearOSGiCache.ant
CWUPO0001I: Running configuration action runiscdeploy.ant
CWUPO0001I: Running configuration action clearClassCache.ant
ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/Dmgr01/logs/dmgr/startServer.log
ADMU0128I: Starting tool with the Dmgr01 profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server dmgr open for e-business; process id is 46126

Start Node Agent

/opt/ibm/WebSphereProfiles/AppSrv01/bin/startNode.sh

CWUPO0001I: Running configuration action detectNewProducts.ant
CWUPO0002I: Running long-running configuration action BPMConfigUpgrade.ant
CWUPO0002I: Running long-running configuration action BootstrapProcessServerData.ant
CWUPO0002I: Running long-running configuration action BPMToolkitUpgrade.ant
CWUPO0001I: Running configuration action ejb-deploy-clear-cache.ant
CWUPO0001I: Running configuration action clearOSGiCache.ant
CWUPO0001I: Running configuration action runiscdeploy.ant
CWUPO0001I: Running configuration action clearClassCache.ant
ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/AppSrv01/logs/nodeagent/startServer.log
ADMU0128I: Starting tool with the AppSrv01 profile
ADMU3100I: Reading configuration for server: nodeagent
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server nodeagent open for e-business; process id is 47063

Start Deployment Environment

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -start -profile Dmgr01 -de De1

Logging to file /opt/ibm/WebSphere/AppServer/logs/config/BPMConfig_20161209-182749.log.
Starting cluster MECluster.
Starting cluster AppCluster.
Starting cluster SupCluster.
When the BPMConfig command is used to start a deployment environment, it invokes the processes that are used to start the associated clusters. If the command is successful in invoking the processes, it returns a message to report that the command completed successfully. However, to determine whether the cluster members were all started successfully, you need to check the log files of the cluster members. The log files are located in <profile_root>/logs.
The 'BPMConfig.sh -start -profile Dmgr01 -de De1' command completed successfully.

Regenerate and Propagate WebSphere Plugin Configuration

Start WSAdmin

/opt/ibm/WebSphereProfiles/Dmgr01/bin/wsadmin.sh -lang jython -user wasadmin -password passw0rd

Set Variables

cellID=AdminControl.getCell()

Generate and Propagate Plugin Configuration

AdminControl.invoke('WebSphere:name=PluginCfgGenerator,process=dmgr,platform=common,node=Dmgr,version=8.5.5.10,type=PluginCfgGenerator,mbeanIdentifier=PluginCfgGenerator,cell='+cellID+',spec=1.0', 'generate', '[/opt/ibm/WebSphereProfiles/Dmgr01/config '+cellID+' ihsNode1 BPM_webserver1 false]', '[java.lang.String java.lang.String java.lang.String java.lang.String java.lang.Boolean]')
AdminControl.invoke('WebSphere:name=PluginCfgGenerator,process=dmgr,platform=common,node=Dmgr,version=8.5.5.10,type=PluginCfgGenerator,mbeanIdentifier=PluginCfgGenerator,cell='+cellID+',spec=1.0', 'propagate', '[/opt/ibm/WebSphereProfiles/Dmgr01/config '+cellID+' ihsNode1 BPM_webserver1]', '[java.lang.String java.lang.String java.lang.String java.lang.String]')

Save and Sync

AdminConfig.save()
AdminNodeManagement.syncActiveNodes()

Quit

quit

Start IHS

/opt/ibm/HTTPServer/bin/apachectl -k start -f /opt/ibm/HTTPServer/BPM/conf/httpd.conf

Validate BPM URLs

Process Portal


Process Admin


Process Inspector


Instrumentation


Performance Admin


BPC Explorer


REST UI Tester


Validate in-flight BPD instance

Complete the second Activity of a multi-activity BPD instance

Stop Deployment Environment

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -stop -profile Dmgr01 -de De1

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -stop -profile Dmgr01 -de De1
Logging to file /opt/ibm/WebSphere/AppServer/logs/config/BPMConfig_20161209-185515.log.
User name of the deployment environment administrator: wasadmin
Password of the deployment environment administrator:          

 

Stopping cluster SupCluster.
Stopping cluster AppCluster.
Stopping cluster MECluster.
The 'BPMConfig.sh -stop -profile Dmgr01 -de De1 -username wasadmin -password ********' command completed successfully.

Stop Node Agent

/opt/ibm/WebSphereProfiles/AppSrv01/bin/stopNode.sh -user wasadmin -password passw0rd

ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/AppSrv01/logs/nodeagent/stopServer.log
ADMU0128I: Starting tool with the AppSrv01 profile
ADMU3100I: Reading configuration for server: nodeagent
ADMU3201I: Server stop request issued. Waiting for stop status.
ADMU4000I: Server nodeagent stop completed.

Stop Deployment Manager

/opt/ibm/WebSphereProfiles/Dmgr01/bin/stopManager.sh -user wasadmin -password passw0rd

ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/Dmgr01/logs/dmgr/stopServer.log
ADMU0128I: Starting tool with the Dmgr01 profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3201I: Server stop request issued. Waiting for stop status.
ADMU4000I: Server dmgr stop completed.

Validate Java 7.1

/opt/ibm/WebSphere/AppServer/java_1.7.1_64/jre/bin/java -version

java version "1.7.0"
Java(TM) SE Runtime Environment (build pxa6470_27sr3fp40ifix-20160711_01(SR3 FP40+IX90174))
IBM J9 VM (build 2.7, JRE 1.7.0 Linux amd64-64 Compressed References 20160406_298393 (JIT enabled, AOT enabled)
J9VM - R27_Java727_SR3_20160406_0942_B298393
JIT  - tr.r13.java_20160328_114186
GC   - R27_Java727_SR3_20160406_0942_B298393_CMPRSS
J9CL - 20160406_298393)
JCL - 20160421_01 based on Oracle jdk7u101-b14

Validate Java 6

/opt/ibm/WebSphere/AppServer/java/jre/bin/java -version

java version "1.6.0"
Java(TM) SE Runtime Environment (build pxa6460_26sr8fp26ifix-20160708_01(SR8 FP26+IX90174))
IBM J9 VM (build 2.6, JRE 1.6.0 Linux amd64-64 Compressed References 20160406_298378 (JIT enabled, AOT enabled)
J9VM - R26_Java626_SR8_20160406_0830_B298378
JIT  - tr.r11_20160328_114192
GC   - R26_Java626_SR8_20160406_0830_B298378_CMPRSS
J9CL - 20160406_298378)
JCL  - 20160507_01

Validate Java SDKs via WAS

/opt/ibm/WebSphere/AppServer/bin/managesdk.sh -listAvailable

CWSDK1003I: Available SDKs :
CWSDK1005I: SDK name: 1.7.1_64
CWSDK1005I: SDK name: 1.6_64
CWSDK1001I: Successfully performed the requested managesdk task.

/opt/ibm/WebSphere/AppServer/bin/managesdk.sh -listEnabledProfileAll

CWSDK1004I: Profile Dmgr01 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.6_64 
CWSDK1008I: Node Dmgr SDK name: 1.6_64
CWSDK1009I: Server dmgr SDK name: 1.6_64

CWSDK1004I: Profile AppSrv01 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.6_64 
CWSDK1008I: Node Node1 SDK name: 1.6_64
CWSDK1009I: Server nodeagent SDK name: 1.6_64
CWSDK1009I: Server MEClusterMember1 SDK name: 1.6_64
CWSDK1009I: Server SupClusterMember1 SDK name: 1.6_64
CWSDK1009I: Server AppClusterMember1 SDK name: 1.6_64

CWSDK1004I: Profile AppSrv02 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.6_64 
CWSDK1008I: Node Node1 SDK name: 1.6_64
CWSDK1009I: Server Node1-DSServer SDK name: 1.6_64
CWSDK1009I: Server ODM_webserver1 SDK name: 1.6_64
CWSDK1009I: Server nodeagent SDK name: 1.6_64

CWSDK1004I: Profile Dmgr02 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.6_64 
CWSDK1008I: Node Dmgr SDK name: 1.6_64
CWSDK1009I: Server dmgr SDK name: 1.6_64
CWSDK1001I: Successfully performed the requested managesdk task.

Switch BPM DM profile to use Java 7.1 SDK

/opt/ibm/WebSphere/AppServer/bin/managesdk.sh -enableProfile -profileName Dmgr01 -sdkName 1.7.1_64

CWSDK1017I: Profile Dmgr01 now enabled to use SDK 1.7.1_64.
CWSDK1001I: Successfully performed the requested managesdk task.

Start Deployment Manager

/opt/ibm/WebSphereProfiles/Dmgr01/bin/startManager.sh

CWUPO0001I: Running configuration action detectNewProducts.ant
ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/Dmgr01/logs/dmgr/startServer.log
ADMU0128I: Starting tool with the Dmgr01 profile
ADMU3100I: Reading configuration for server: dmgr
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server dmgr open for e-business; process id is 38405

Synchronise Node

/opt/ibm/WebSphereProfiles/AppSrv01/bin/syncNode.sh `hostname` 8879 -user wasadmin -password passw0rd

ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/AppSrv01/logs/syncNode.log
ADMU0128I: Starting tool with the AppSrv01 profile
ADMU0401I: Begin syncNode operation for node Node1 with Deployment Manager
           ibmbpmdemo: 8879
ADMU0016I: Synchronizing configuration between node and cell.
ADMU0402I: The configuration for node Node1 has been synchronized with
           Deployment Manager ibmbpmdemo: 8879

Switch Node Agent profile to use Java 7.1 SDK

/opt/ibm/WebSphere/AppServer/bin/managesdk.sh -enableProfile -profileName AppSrv01 -sdkName 1.7.1_64 -user wasadmin -password passw0rd -enableServers

CWSDK1024I: The node default SDK setting for federated profile AppSrv01 has been saved in the master configuration repository.
CWSDK1025I: A synchronization operation is required before configuration changes to federated profile AppSrv01 can be used.
CWSDK1017I: Profile AppSrv01 now enabled to use SDK 1.7.1_64.
CWSDK1001I: Successfully performed the requested managesdk task.

Synchronise Node

/opt/ibm/WebSphereProfiles/AppSrv01/bin/syncNode.sh `hostname` 8879 -user wasadmin -password passw0rd

ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/AppSrv01/logs/syncNode.log
ADMU0128I: Starting tool with the AppSrv01 profile
ADMU0401I: Begin syncNode operation for node Node1 with Deployment Manager
           ibmbpmdemo: 8879
ADMU0016I: Synchronizing configuration between node and cell.
ADMU0402I: The configuration for node Node1 has been synchronized with
           Deployment Manager ibmbpmdemo: 8879

Validate SDK Versions

/opt/ibm/WebSphere/AppServer/bin/managesdk.sh -listEnabledProfileAll

CWSDK1004I: Profile Dmgr01 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.7.1_64 
CWSDK1008I: Node Dmgr SDK name: 1.7.1_64
CWSDK1009I: Server dmgr SDK name: 1.7.1_64

CWSDK1004I: Profile AppSrv01 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.7.1_64 
CWSDK1008I: Node Node1 SDK name: 1.7.1_64
CWSDK1009I: Server MEClusterMember1 SDK name: 1.7.1_64
CWSDK1009I: Server SupClusterMember1 SDK name: 1.7.1_64
CWSDK1009I: Server AppClusterMember1 SDK name: 1.7.1_64
CWSDK1009I: Server nodeagent SDK name: 1.7.1_64

CWSDK1004I: Profile AppSrv02 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.6_64 
CWSDK1008I: Node Node1 SDK name: 1.6_64
CWSDK1009I: Server Node1-DSServer SDK name: 1.6_64
CWSDK1009I: Server ODM_webserver1 SDK name: 1.6_64
CWSDK1009I: Server nodeagent SDK name: 1.6_64

CWSDK1004I: Profile Dmgr02 :
CWSDK1006I: PROFILE_COMMAND_SDK = 1.6_64 
CWSDK1008I: Node Dmgr SDK name: 1.6_64
CWSDK1009I: Server dmgr SDK name: 1.6_64
CWSDK1001I: Successfully performed the requested managesdk task.

Start Node Agent

/opt/ibm/WebSphereProfiles/AppSrv01/bin/startNode.sh 

CWUPO0001I: Running configuration action detectNewProducts.ant
ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphereProfiles/AppSrv01/logs/nodeagent/startServer.log
ADMU0128I: Starting tool with the AppSrv01 profile
ADMU3100I: Reading configuration for server: nodeagent
ADMU3200I: Server launched. Waiting for initialization status.
ADMU3000I: Server nodeagent open for e-business; process id is 51545

Start Deployment Environment

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -start -profile Dmgr01 -de De1

Logging to file /opt/ibm/WebSphere/AppServer/logs/config/BPMConfig_20161209-192240.log.
Starting cluster MECluster.
Starting cluster AppCluster.
Starting cluster SupCluster.
When the BPMConfig command is used to start a deployment environment, it invokes the processes that are used to start the associated clusters. If the command is successful in invoking the processes, it returns a message to report that the command completed successfully. However, to determine whether the cluster members were all started successfully, you need to check the log files of the cluster members. The log files are located in <profile_root>/logs.
The 'BPMConfig.sh -start -profile Dmgr01 -de De1' command completed successfully.

Validate BPM URLs

Process Portal


Process Admin


Process Inspector


Instrumentation


Performance Admin


BPC Explorer


REST UI Tester


Start and Test a BPD

Run through a multi-activity BPD, and defer an activity for later

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...