Tuesday, 31 May 2016

IBM HTTP Server, Global Security Toolkit and CTGSK3039W

I have written about this before: -



but I continue to learn.

This time around, I'm trying to create a Certificate Request using a different Signature Algorithm, SHA256WithECDSA, as follows: -

/opt/IBM/HTTPServer/bin/gskcapicmd -certreq -create -db /opt/IBM/HTTPServer/ssl/keystore.kdb -pw passw0rd -label bpm856.uk.ibm.com -dn cn=bpm856.uk.ibm.com,dc=uk,dc=ibm,dc=com -file /home/wasadmin/bpm856.uk.ibm.com_ihs.req -size 2048 -sigalg SHA256WithECDSA -san_dnsname bpm856.uk.ibm.com

but I see this: -

CTGSK3039W Certificate request "bpm856.uk.ibm.com" could not be created.

I added a trace string to my command: -

/opt/IBM/HTTPServer/bin/gskcapicmd -certreq -create -db /opt/IBM/HTTPServer/ssl/keystore.kdb -pw passw0rd -label bpm856.uk.ibm.com -dn cn=bpm856.uk.ibm.com,dc=uk,dc=ibm,dc=com -file /home/wasadmin/bpm856.uk.ibm.com_ihs.req -size 2048 -sigalg SHA256WithECDSA -san_dnsname bpm856.uk.ibm.com -trace foobar.trc

I don't know precisely how to view the resulting trace file, but I was able to view it using view : -

Ngskkmmutex.cpp^@^@^@µ^@^@^@aGSKKM_RequestMutex(int mutexNum)^@0020465245440001574DEC020247001030303030374637443442303645373230^@^@^@<80>WMì^B^@^@<96>_^@^@^@^A@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^@^@^@^@aGSKKM_RequestMutex(int mutexNum)^@0020465245440001574DEC020247001030303030374637443442303645373230^@^@^@<80>WMì^B^@^@<96>_^@^@^@^A^@^@^@^A^@^@^@^C^@^@^@^Kgskkmdb.cpp^@^@^@·^@^@^@rERROR: sizeof(GSKKM_DB_HANDLE) < sizeof(aDBEntry)^@0020465245440001574DEC020247001030303030374637443442303645373230^@^@^@<80>WMì^B^@^@<96>_^@^@^@^A<80>^@^@^@^@^@^@^D^@^@^@^Lgskkmapi.cpp^@^@"º^@^@^@OGSKKM_Strdup()^@0020465245440001574DEC020247001030303030374637443442303645373230^@^@^@<80>WMì^B^@^@<96>_^@^@^@^A@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^@^@^@^@OGSKKM_Strdup()^@0020465245440001574DEC020247001030303030374637443442303645373230^@^@^@<80>WMì^B^@^@<96>_^@^@^@^A<80>^@^@^@^@^@^@^D^@^@^@^Lgskkmapi.cpp^@^@"º^@^@^@OGSKKM_Strdup()^@0020465245440001574DEC020247001030303030374637443442303645373230^@^@^@<80>WMì^B^@^@<96>_^@^@^@^A@^@^@^@^@^@^@^D^@^@^@^@^@^@^@^@^@^@^@OGSKKM_Strdup()^@0020465245440001574DEC020247001030303030374637443442303645373230^@^@^@<80>WMì^B^@^@<96>_^@^@^@^A<80>^@^@^@^@^@^@^D^@^@^@^Lgskkmapi.cpp^@^@"º^@^@^@OGSKKM_Strdup()^@0020465245440001574DEC020247001030303030374637443442303645373230

Working on the assumption that there MIGHT be a problem with the Key Size ( which I'd specified as 2048 bits, I made an assumption that 2048 may be too big for that particular Signature Algorithm.

I tested my hypothesis by switching to a 512-bit key: -

/opt/IBM/HTTPServer/bin/gskcapicmd -certreq -create -db /opt/IBM/HTTPServer/ssl/keystore.kdb -pw passw0rd -label bpm856.uk.ibm.com -dn cn=bpm856.uk.ibm.com,dc=uk,dc=ibm,dc=com -file /home/wasadmin/bpm856.uk.ibm.com_ihs.req -size 512 -sigalg SHA256WithECDSA -san_dnsname bpm856.uk.ibm.com

which worked a treat.

I validated the Certificate Request thusly: -

openssl req -in bpm856.uk.ibm.com_ihs.req -text -noout

Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: DC=com, DC=ibm, DC=uk, CN=bpm856.uk.ibm.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (521 bit)
                pub: 
                    04:01:05:be:47:ad:3f:81:aa:fe:95:21:ba:5c:5f:
                    8a:e7:37:ba:8c:80:2d:d1:73:e9:ff:00:7c:e0:f1:
                    0d:46:3a:4c:84:b1:27:63:32:99:2c:33:f1:35:66:
                    22:5d:f2:9d:7e:f1:54:70:f8:d8:f6:f0:90:cc:4d:
                    a8:41:a8:7a:9e:65:96:01:f0:fe:68:63:6d:55:34:
                    ce:d7:ad:20:a3:e0:3f:1c:af:4b:25:84:30:4f:5d:
                    06:d5:86:60:d1:51:bd:65:77:bd:07:08:49:c4:dd:
                    1b:23:83:73:a2:ab:11:6b:3d:e8:4e:17:6b:c7:97:
                    a0:56:86:05:88:72:dc:0c:81:11:78:8e:1c
                ASN1 OID: secp521r1
        Attributes:
        Requested Extensions:
            X509v3 Subject Alternative Name: 
                DNS:bpm856.uk.ibm.com
    Signature Algorithm: ecdsa-with-SHA256
         30:81:88:02:42:00:8c:2b:3c:b5:5d:65:2e:68:92:e9:38:8e:
         01:e2:01:5c:9b:81:12:ae:d7:57:fc:bf:bb:0e:fa:07:da:4f:
         ea:f4:da:4e:47:5a:37:99:4c:6f:70:44:af:90:db:ac:0b:6b:
         7a:14:7b:57:ce:d4:be:81:c8:66:4a:40:79:03:9d:8e:6f:02:
         42:01:9d:65:ba:29:2f:84:f8:18:ca:c1:6c:e5:c7:f5:99:3b:
         aa:53:04:3f:47:3b:1f:fa:3a:cd:fa:57:42:c7:0c:81:63:ec:
         67:0c:b0:96:7e:3e:c2:76:f6:12:f8:72:e9:99:21:38:52:df:
         a4:42:1a:36:e1:17:fb:74:3a:da:34:11:d9


which is nice.

Monday, 30 May 2016

DB2 on Windows - SQL1042C An unexpected system error occurred

I see this on Windows: -


When I tried to start DB2: -

db2start

I saw this: -

ADM12026W  The DB2 server has detected that a valid license for the product "DB2 Express Edition" has not been registered.
DB2 : The service has returned a service-specific error code.

SQL1022C  There is not enough memory available to process the command.  SQLSTATE=57011

I checked, and, yep, I have no license :-(

db2licm -l

Product name:                     "DB2 Express Edition"
License type:                     "License not registered"
Expiry date:                      "License not registered"
Product identifier:               "db2exp"
Version information:              "10.5"
Max number of Value Units:        "200"
Max amount of memory (GB):        "64"

Thankfully I had a license key downloaded: -

-rw-r--r--@  1 davidhay  staff  3056932 30 May 16:58 DB2_Exp_Ed_PVU_QS_Activation_V10.5.zip

which I unzipped to find: -

30/05/2013  03:14    <DIR>          .
30/05/2013  03:14    <DIR>          ..
30/05/2013  03:14               903 db2exp_c.lic
30/05/2013  03:14               905 sam32.lic
30/05/2013  03:14    <DIR>          UNIX
30/05/2013  03:14    <DIR>          Windows
               2 File(s)          3,474 bytes
               4 Dir(s)  209,877,737,472 bytes free


db2licm -a db2exp_c.lic

LIC1402I  License added successfully.

LIC1426I  This product is now licensed for use as outlined in your License Agreement.  USE OF THE PRODUCT CONSTITUTES ACCEPTANCE OF THE TERMS OF THE IBM LICENSE AGREEMENT, LOCATED IN THE FOLLOWING DIRECTORY: "C:\IBM\SQLLIB\license\en"

db2licm -l

Product name:                     "DB2 Express Edition"
License type:                     "CPU Option"
Expiry date:                      "Permanent"
Product identifier:               "db2exp"
Version information:              "10.5"
Max number of Value Units:        "200"
Max amount of memory (GB):        "64"
Enforcement policy:               "Soft Stop"

That solved the license problem ….

The SQL1042C problem was slightly more difficult - I suspect it was due to the fact that I'd switched my Windows 2008 R2 VM from a standalone server to an Active Directory domain controller and/or changed the hostname ….

Still, the license trick worked ….

Wednesday, 25 May 2016

Book Review - Swift Essentials Second Edition by Dr Alex Blewitt

This is the latest in my series of relatively infrequent book reviews for the British Computer Society: -

Swift Essentials Second Edition by Dr Alex Blewitt

https://www.packtpub.com/application-development/swift-essentials-second-edition

As a non-developer, I was broadly aware of Apple's announcement of Swift at their World-Wide Developers Conference (WWDC) in 2014, and had picked up enough to know that Swift was being actively promoted as an alternative to Objective C for iOS and OS X application development.

However, in late 2015, when Apple announced that they were also contributing Swift to the open-source community, which had the added benefit of enabling Swift to be used on the Linux platform, alongside the Apple OS ecosystem, my interest was truly piqued.

Finally, in early 2016, I was hooked in by the announcement of the IBM Swift Sandbox, allowing one to tinker with the language via a web browser, without necessarily needing to install the Apple Xcode development environment on Mac OS X.

Pulling this all together, I was keen to read more about Swift, so the opportunity to read and review this book, Swift Essentials, Second Edition, was a boon.

The author, Dr Alex Blewitt, has written what is, to me, the perfect mixture of a textbook and a tutorial, providing a complete introduction to the language, even for those of us with little previous experience in the Apple development ecosystem.

The book is aimed at those intending to use Swift, either via the open-source Linux implementation or Apple's own Xcode IDE, and assumes no prior experience with iOS or OS X development. However, it does assume that the reader has some prior application development knowledge, most logically with C/C++ or Java.

Having briefly introduced the language, Dr Blewitt fairly quickly launches into an explanation of how Swift data types - integers, floating point, strings, variables and collections. He then uses this as a foundation upon which he builds up the basic structure of a programming language - loops, iterations, functions and error handling.

From there, progress is swiftly made through the command-line interpreters, application compilation and the Swift playground, the latter being a graphical prototyping environment, before launching into "proper" iOS and watchOS app development.

Dr Blewitt does accurately compare and contrast the open-source Linux and Apple XCode approaches to Swift development, making it clear that one does need Xcode in order to develop apps for iOS and watchOS development, whereas one can use the open-source version of the language to create applications for other OS platforms, including Linux and Windows.

To be realistic, I'm unlikely to be entering the world of mobile application development any time soon, but, if I did have such a requirement, this book would be essential as a go-to reference.

At around 250 pages, the book should serve as a perfect introduction to the language, whilst also acting as a good source of information for those wishing to dig deeper into Swift.

In summary, I found this book to be extremely useful as both a tutorial and a reference, and I would recommend it to anyone seeking to acquire more experience with Swift.

As a keen reader, I rate this book 9/10

For the record, I was kindly provided this book by BCS, at no cost to myself.

Friday, 13 May 2016

IBM WebSphere Application Server for Distributed Platforms, Version 8.5 - Scripting various types of applications

Found this whilst looking for Something Completely Different (TM) 


Example of the ToC

<snip>
Chapter 1. Scripting for data access resources
Configuring data access with wsadmin scripting
Configuring a JDBC provider using wsadmin
Configuring new data sources using wsadmin
Configuring new connection pools using wsadmin
Changing connection pool settings with the wsadmin tool
Configuring new data source custom properties using wsadmin
Configuring new Java 2 Connector authentication data entries using wsadmin
Configuring new WAS40 data sources using wsadmin scripting
Configuring new WAS40 connection pools using wsadmin scripting
Configuring custom properties for a Version 4.0 data source using wsadmin scripting
Configuring new J2C resource adapters using wsadmin scripting
Configuring custom properties for J2C resource adapters using wsadmin
Configuring new J2C connection factories using wsadmin scripting
Configuring new J2C activation specifications using wsadmin scripting
Configuring new J2C administrative objects using wsadmin scripting
Managing the message endpoint lifecycle using wsadmin scripting
Testing data source connections using wsadmin scripting
JDBCProviderManagement command group for AdminTask object

</snip>

Thursday, 12 May 2016

IBM BPM Advanced 8.5.7 - CWLLG1356E: At attempt failed to get the current user context

We saw this exception today: -

CWLLG1356E: At attempt failed to get the current user context. com.lombardisoftware.client.delegate.BusinessDelegateException: ObjectId password for authorization validation is null

after an automated ( via UrbanCode Deploy ) build of IBM BPM Advanced 8.5.7 ( specifically a Process Center ).

This happened when we hit the Process Center login page ( https://bpmpc.uk.ibm.com/ProcessCenter ), whilst already logged in ( to the Deployment Manager ) as wasadmin.

I jumped to a conclusion …. which was the RIGHT conclusion … and wondered whether the automation process had "forgotten" to bootstrap the Process Server database ( BPMDB ).

Once I did this … manually: -

<snip>
Bootstrap AppCluster DB - as wasadmin

/opt/IBM/WebSphere/AppServer/profiles/PCDmgr01/bin/bootstrapProcessServerData.sh -clusterName AppCluster

Bootstraping data into cluster AppCluster and logging into /opt/IBM/WebSphere/AppServer/profiles/PCDmgr01/logs/bootstrapProcesServerData.AppCluster.log

WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
'BootstrapProcessServerData admin command completed successfully.....'

</snip>

Job's a good 'un.

Good practice – Use the rolling upgrade option when you update IBM BPM

This came up in a Sametime chat earlier today …

In the context of an IBM BPM 8.5.6 Cumulative Fix update, which do we upgrade / patch first - Process Center or connected Process Server(s) ?

I thought - and was correct - that we should always start with the Process Servers before patching the Process Center.

My Polish colleague who has a mother who bakes exceedingly good cakes,  M, confirmed this: -


If you install IBM® Business Process Manager (BPM) fix packs V7.5.1.2, V8.0.1.2, V8.5.0.1, or upgrade to V8.5.5 or V8.5.6 from V8.5.0.1 or V8.5.5, you can use the rolling upgrade option. By using the rolling upgrade approach, you can incrementally upgrade one process server at a time, starting with test, then staging, and finishing with production. The final step is to upgrade your IBM Process Center and desktop tools.

It's worth also remembering that, very often, when one applies a major update ( Cumulative Fix, Fix Pack or Upgrade ) to Process Center, then the Process Designer tool MAY also be updated ( the release notes for the fix pack / upgrade will confirm this ).

Therefore, there's a good likelihood that your developers will need to download new copies of Process Designer, from Process Center once it's back up-and-running, and then reinstall PD on their desktops.

If you've only got one Process Center and lots of developers, this may well be an issue.

On a previous project, we mitigated this by patching our Sandpit environment to EXACTLY the same level as the Development environment, up-front, thus proving the patching strategy / approach. We then downloaded the updated Process Designer, tested that it connected to the Sandpit, and then shared the PD .ZIP file with our 60+ developers, many of whom were off-shore, via a different channel ( a secure file-share ).

That way, the developers could install the new copy of PD ( into an alternate directory ), wait until the Development environment was patched and back on-line, and then test new PD to "new" PC.

Once they were happy, they could uninstall the old PD ….

For the record, this also validated the approach: -


You can roll out maintenance incrementally in an IBM® Business Process Manager installation that consists of a Process Center and multiple Process Servers, allowing for the continued running of production applications during the upgrade and regression test period....
To perform a rolling upgrade, upgrade first the Process Servers and then the IBM Process Center and tools.
Note: A rolling upgrade can be performed only when applying fix packs, refresh packs, or interim fixes. It cannot be used for migration between major releases.

Saturday, 7 May 2016

Obtaining the WebSphere MQ classes for JMS

This pertains to my current project - debugging a SSL/TLS connection issue between WebSphere Application Server 8.5.5.8 and WebSphere MQ 8.0.0.4 …

How do I obtain just the WebSphere MQ classes for JMS JAR files? I want these JAR files to be used with the MQ Light Service in Bluemix, or to be deployed into a software management tool, or to be used with standalone client applications in my company.


Once I've debugged the problem - com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2400' ('MQRC_UNSUPPORTED_CIPHER_SUITE') - I'll write up the problem, solution and PD process.

IBM Integration Bus v10 Self-Enablement

I found this whilst searching for something completely different ….


Some IBM® Integration Bus V10 betaworks labs have been updated or are new for IIB 10.0.0.4. The latest list of labs can be found on the Resources > Integration Bus > Self-study labs page. Each lab comprises instruction guides as PDF files, and is usually accompanied by an archive file (.zip file) that you can use to complete the lab activities. These self study labs provide the opportunity to develop your skills in IBM Integration Bus.

Reminder - installing podman and skopeo on Ubuntu 22.04

This follows on from: - Lest I forget - how to install pip on Ubuntu I had reason to install podman  and skopeo  on an Ubuntu box: - lsb_rel...