Monday, 31 October 2016

IBM Java 1.8 on Linux - Nice and Silent

I'm tinkering with IBM UrbanCode Deploy (UCD) 6.2.2 on a Linux box, and needed to get IBM Java installed before starting out.

Following this: -

this is what I did: -

vi ~/ 


export _JAVA_OPTIONS="-Dlax.debug.level=3 -Dlax.debug.all=true"
export LAX_DEBUG=1
./ibm-java-sdk-8.0-3.12-x86_64-archive.bin -i silent -f 1>console.txt 2>&1

which resulted in IBM Java being installed in /opt/IBM/Java 

I'm doing this as a non-root user, ucdadmin, so needed to ensure that that user had read/write access to /opt/IBM.

For the record, this is what I have in console.txt post-installation: -

Checking for POSIX df.
Found POSIX df.
Checking tail options...
Using tail -n 1.
True location of the self extractor: /home/ucdadmin/ibm-java-sdk-8.0-3.12-x86_64-archive.bin
Creating installer data directory: /tmp/install.dir.20561
Creating installer data directory: /tmp/install.dir.20561/InstallerData /bin/sh:stdout [...Uninstaller Native Support is complete.]
Command.complete(): process completed with exit code: 0
Command.complete(): process '/bin/sh' complete

Finally, just to prove that Java is indeed installed: -

/opt/IBM/Java/bin/java -version

java version "1.8.0"
Java(TM) SE Runtime Environment (build pxa6480sr3fp12-20160919_01(SR3 FP12))
IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20160915_318796 (JIT enabled, AOT enabled)
J9VM - R28_Java8_SR3_20160915_0912_B318796
JIT  -
GC   - R28_Java8_SR3_20160915_0912_B318796_CMPRSS
J9CL - 20160915_318796)
JCL - 20160914_01 based on Oracle jdk8u101-b13

Friday, 28 October 2016

WebSphere Application Server 9 - Snooping About

I've blogged about SuperSnoop in the past: -

so this is just an aide memoire in the context of WebSphere Application Server (WAS) 9.

I've been tested scripted installations of WAS 9 on Linux, as per a previous post: -

Today I'm switching between WAS Base and WAS ND, so this is part of my testing process.

So here goes….

Start WSAdmin Scripting Tool

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/ -lang jython

Set Variable


Deploy SuperSnoop

AdminApp.install('/home/wasadmin/SuperSnoopWeb.war', '[ -nopreCompileJSPs -distributeApp -nouseMetaDataFromBinary -nodeployejb -appname SuperSnoopWeb_war -createMBeansForResources -noreloadEnabled -nodeployws -validateinstall warn -noprocessEmbeddedConfig -filepermission .*\.dll=755#.*\.so=755#.*\.a=755#.*\.sl=755 -noallowDispatchRemoteInclude -noallowServiceRemoteInclude -asyncRequestDispatchType DISABLED -nouseAutoLink -noenableClientModule -clientMode isolated -novalidateSchema -contextroot /SuperSnoop -MapModulesToServers [[ SuperSnoopWeb SuperSnoopWeb.war,WEB-INF/web.xml WebSphere:cell='+cellID+',node=localhostNode01,server=server1 ]] -CtxRootForWebMod [[ SuperSnoopWeb SuperSnoopWeb.war,WEB-INF/web.xml /SuperSnoop ]]]' )


Start SuperSnoop

AdminControl.invoke('WebSphere:name=ApplicationManager,process=server1,platform=proxy,node=localhostNode01,version=,type=ApplicationManager,mbeanIdentifier=ApplicationManager,cell='+cellID+',spec=1.0', 'startApplication', '[SuperSnoopWeb_war]')



Test via Chrome

Test via CLI

--2016-10-28 07:35:59--
Connecting to||:9443... connected.
WARNING: cannot verify's certificate, issued by `/C=US/O=IBM/OU=localhostNode01/OU=localhostNode01Cell/OU=Root Certificate/CN=localhost':
  Self-signed certificate encountered.
    WARNING: certificate common name `localhost' doesn't match requested host name `'.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `SuperSnoop'

    [ <=>                                                                                                                                                                                                                                   ] 67,139      --.-K/s   in 0.05s   

2016-10-28 07:35:59 (1.34 MB/s) - `SuperSnoop' saved [67139]

Check the WAS logs

tail -f /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/server1/SystemOut.log

[10/28/16 7:35:03:769 BST] 00000077 ServletWrappe I init SRVE0242I: [SuperSnoopWeb_war] [/SuperSnoop] [SuperSnoop]: Initialization successful.
[10/28/16 7:35:03:772 BST] 00000077 SystemOut     O SuperSnoop running
[10/28/16 7:35:04:909 BST] 00000083 SystemOut     O SuperSnoop running
[10/28/16 7:35:59:683 BST] 00000083 SystemOut     O SuperSnoop running

So that's all good then ….

Thursday, 27 October 2016

To unzip or not to unzip - Or the simplest solution is often the right solution

I was stressing as to why I couldn't expand a ZIP archive downloaded from IBM: -

-rw-r--r--  1 hayd  staff  1414823936 27 Oct 14:36 /Volumes/DaveHaySSD/Software/WAS9/Product/

which contains the WebSphere Application Server (WAS) Network Deployment V9.0 media.

This was what I was doing: -

unzip -d /tmp/WAS9

and this is what I was seeing: -

  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
unzip:  cannot find zipfile directory in one of or, and cannot find, period.

I saw this both on macOS Sierra and Red Hat Linux.

I checked the file type: -

file Zip archive data, at least v1.0 to extract

which looked OK.

I even tried Archive Utility: -

Can you guess what'd gone wrong ?

I'd downloaded the file on my MacBook Pro and then SCP'd it across my network to my Mac Mini.

At some point in the transition, the file got corrupted :-(

When I checked the file size on the original download: -

-rw-r--r--@    1 davidhay  staff  1633871835 27 Oct 14:27

it was rather different to the version on the Mac Mini: -

-rw-r--r--  1 hayd  staff  1414823936 27 Oct 14:36 /Volumes/DaveHaySSD/Software/WAS9/Product/

I checked this using the crc32 tool on the MacBook Pro, which returned: -


whereas crc32 on the Mac Mini returned: -


When I re-uploaded the file back to the Mini, it all looked OK: -

-rw-r--r--  1 hayd  staff  1633871835 27 Oct 15:06

and crc32 also looks good: -


and, more importantly, it expands without problems: -

unzip /Volumes/DaveHaySSD/Software/WAS9/Product/ 

Archive:  /Volumes/DaveHaySSD/Software/WAS9/Product/
   creating: Offerings/
   creating: atoc/
   creating: atoc/nq/

  inflating: readme/zh/TW/swg_info_common.css  
  inflating: readme/zh/TW/wasstyle_nlv.css  
  inflating: repository.config       
  inflating: repository.xml   

and, even better, installs OK :-)

WebSphere Application Server 9 - More from the command-line

Catching up with the latest version of WebSphere Application Server (WAS), namely version 9, on a Linux VM.

I followed this: -

 to download the product, plus the latest fixes from here: -

Specifically, I'm installing WAS 9 plus the latest fix pack, aka WAS

This is what I've have downloaded: -


-rwxrwxrwx 1 admin users  992220534 Sep  3 15:06
-rwxrwxrwx 1 admin users 1592381288 Oct  3 15:26
-rwxrwxrwx 1 admin users  205003961 Oct 27 11:49
-rwxrwxrwx 1 admin users  318279547 Oct 27 11:50


-rwxr-xr-x 1 admin users  147063684 Oct 27 11:49
-rwxr-xr-x 1 admin users 1042896813 Oct 27 11:49
-rwxr-xr-x 1 admin users  477282996 Oct 27 11:48

I then extracted these to /tmp: -


unzip /mnt/hgfs/Software/WAS9/Product/ -d /tmp/WAS
unzip /mnt/hgfs/Software/WAS9/Product/ -d /tmp/Java
unzip /mnt/hgfs/Software/WAS9/Product/ -d /tmp/IHS
unzip /mnt/hgfs/Software/WAS9/Product/ -d /tmp/Plugins


unzip /mnt/hgfs/Software/WAS9/Fixes/ -d /tmp/WASFP
unzip /mnt/hgfs/Software/WAS9/Fixes/ -d /tmp/JavaFP
unzip /mnt/hgfs/Software/WAS9/Fixes/ -d /tmp/IHSFP

validated the version of IBM Installation Manager installed: -

/opt/IBM/InstallationManager/eclipse/tools/imcl -version

Installation Manager (installed)
Version: 1.8.5
Internal Version: 1.8.5000.20160506_1125
Architecture: 64-bit

validated what I had available: -

/opt/IBM/InstallationManager/eclipse/tools/imcl listAvailablePackages -repositories /tmp/WAS,/tmp/IHS,/tmp/Plugins,/tmp/Java,/tmp/WASFP,/tmp/IHSFP,/tmp/JavaFP

/opt/IBM/InstallationManager/eclipse/tools/imcl listAvailablePackages -repositories /tmp/WAS,/tmp/IHS,/tmp/Plugins,/tmp/Java,/tmp/WASFP,/tmp/IHSFP,/tmp/JavaFP -features : core.feature,ejbdeploy,thinclient,embeddablecontainer,samples : core.feature : core.feature : : core.feature,ejbdeploy,thinclient,embeddablecontainer,samples : core.feature,ejbdeploy,thinclient,embeddablecontainer,samples : core.feature,ejbdeploy,thinclient,embeddablecontainer,samples : core.feature,thinclient : core.feature : core.feature :

and then installed it using a response file: -


<?xml version='1.0' encoding='UTF-8'?>
    <repository location='/tmp/Java' temporary='true'/>
    <repository location='/tmp/WAS' temporary='true'/>
    <repository location='/tmp/IHS' temporary='true'/>
    <repository location='/tmp/Plugins' temporary='true'/>
    <repository location='/tmp/WASFP' temporary='true'/>
    <repository location='/tmp/IHSFP' temporary='true'/>
    <repository location='/tmp/JavaFP' temporary='true'/>
  <profile id='IBM WebSphere Application Server V9.0' installLocation='/opt/IBM/WebSphere/AppServer'>
    <data key='cic.selector.arch' value='x86_64'/>
  <profile id='IBM HTTP Server V9.0' installLocation='/opt/IBM/HTTPServer'>
  <data key='eclipseLocation' value='/opt/IBM/HTTPServer'/>
    <data key='user.import.profile' value='false'/>
    <data key='cic.selector.os' value='linux'/>
    <data key='' value='gtk'/>
    <data key='cic.selector.arch' value='x86_64'/>
    <data key='user.ihs.allowNonRootSilentInstall' value='true'/>
    <data key='' value='none'/>
    <data key='user.ihs.httpPort' value='8080'/>
    <data key='user.ihs.installHttpService' value='false'/>
    <data key='' value='en'/>
  <profile id='Web Server Plug-ins for IBM WebSphere Application Server V9.0' installLocation='/opt/IBM/WebSphere/Plugins'>
    <data key='eclipseLocation' value='/opt/IBM/WebSphere/Plugins'/>
    <data key='user.import.profile' value='false'/>
    <data key='cic.selector.os' value='linux'/>
    <data key='' value='gtk'/>
    <data key='cic.selector.arch' value='x86_64'/>
    <data key='' value='en'/>
    <offering profile='IBM WebSphere Application Server V9.0' id='' version='' features='core.feature,ejbdeploy,thinclient,embeddablecontainer,samples'/>
    <offering profile='IBM WebSphere Application Server V9.0' id='' version='8.0.3000.20160526_1317' features=''/>
    <offering profile='IBM HTTP Server V9.0' id='' version='' features='core.feature'/>
    <offering profile='IBM HTTP Server V9.0' id='' version='8.0.3000.20160526_1317' features=''/>
    <offering profile='Web Server Plug-ins for IBM WebSphere Application Server V9.0' id='' version='' features='core.feature'/>
   <offering profile='Web Server Plug-ins for IBM WebSphere Application Server V9.0' id='' version='8.0.3000.20160526_1317' features=''/>
  <preference name='' value='/opt/IBM/IMShared'/>

/opt/IBM/InstallationManager/eclipse/tools/imcl -input installWAS9001.rsp -acceptLicense

Installed to the /opt/IBM/WebSphere/AppServer directory.
Installed to the /opt/IBM/WebSphere/AppServer directory.
Installed to the /opt/IBM/HTTPServer directory.
Installed to the /opt/IBM/HTTPServer directory.
Installed to the /opt/IBM/WebSphere/Plugins directory.
Installed to the /opt/IBM/WebSphere/Plugins directory.

Finally, I validated what was installed: -

/opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledPackages


Name            IBM SDK, Java Technology Edition, Version 8
ID              JAVA8
Build Level     pxa6480sr3-20160428_01
Build Date      04/28/16
Architecture    x86-64 (64 bit)

Name                  IBM WebSphere Application Server
ID                    BASE
Build Level           cf011636.02
Build Date            9/6/16
Architecture          x86-64 (64 bit)
Installed Features    WebSphere Application Server traditional
                      EJBDeploy tool for pre-EJB 3.0 modules
                      Embeddable EJB container
                      Sample applications
                      Stand-alone thin clients and resource adapters

/opt/IBM/HTTPServer/bin/apachectl -v

Server version: IBM_HTTP_Server/ (Unix)
Server built:   Jul 25 2016 13:31:50

/opt/IBM/HTTPServer/bin/apachectl -V

Server version: IBM_HTTP_Server/ (Unix)
Apache version: 2.4.12 (with additional fixes)
Server built:   Jul 25 2016 13:31:50
Build level:    RIHSX.IHS/webIHS1630.01
Server's Module Magic Number: 20120211:57
Server loaded:  APR 1.5.1, APR-UTIL 1.5.2
Compiled using: APR 1.5.1, APR-UTIL 1.5.2
Architecture:   64-bit
Operating System: Linux x86_64
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
Apache vulnerability fixes included:
  CVE-2009-1191  CVE-2009-1890  CVE-2009-3094  CVE-2009-3095
  CVE-2010-0434  CVE-2010-0425  CVE-2010-0408  CVE-2009-3555
  CVE-2010-1452  CVE-2010-1623  CVE-2011-3368  CVE-2011-3607
  CVE-2011-3192  CVE-2011-3348  CVE-2011-4317  CVE-2012-0021
  CVE-2012-0031  CVE-2012-0053  CVE-2012-0883  CVE-2012-2687
  CVE-2012-3502  CVE-2012-4558  CVE-2012-3499  CVE-2013-2249
  CVE-2013-1896  CVE-2013-4352  CVE-2013-6438  CVE-2014-0098
  CVE-2014-0963  CVE-2014-0231  CVE-2014-0118  CVE-2014-0226
  CVE-2014-3523  CVE-2014-0117  CVE-2013-5704  CVE-2014-8109
  CVE-2014-3581  CVE-2014-3583  CVE-2015-0253  CVE-2015-3185
  CVE-2015-3183  CVE-2015-1829  CVE-2014-8730  CVE-2015-0228
  CVE-2015-4947  CVE-2015-1283  CVE-2015-7420  CVE-2016-0201
  CVE-2016-0718  CVE-2016-5387  

Right, onto more stuff ….

Hmmm, macOS Sierra and XQuartz and X11

I've not dug too far into this, but something has changed in the world of X11 forwarding between macOS and Linux, since I upgraded my Macs to macOS Sierra.

In the past, as long as I had XQuartz installed: -

I was able to happily tunnel over X11 between macOS and Linux, using a command such as: -

ssh -X wasadmin@was9001

but, since the update to Sierra, I see this: -

ssh -X wasadmin@was9001

which returns: -

wasadmin@'s password: 
Warning: untrusted X11 forwarding setup failed: xauth key data not generated
Last login: Thu Oct 27 13:47:24 2016 from

and, from Linux: -


which returns this: -

xterm Xt error: Can't open display: 
xterm:  DISPLAY is not set

I did the needful and Google'd to find this: -

which said, in part: -

On MacOS Sierra, I use ssh -Y command , then x11 works, although got a Warning: No xauth data; using fake authentication data for X11 forwarding. client side no ~/.ssh/config file

so I tried this: -

ssh -Y wasadmin@was9001

which returns this: -

wasadmin@'s password: 
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Thu Oct 27 14:16:13 2016 from

and: -


which JUST WORKS :-)

For the record, I also don't have a config file in ~/.ssh either 

ls -al ~/.ssh/

total 16
drwx------   3 hayd  staff   102  7 Nov  2014 .
drwxr-xr-x+ 42 hayd  staff  1428 27 Oct 13:37 ..
-rw-r--r--   1 hayd  staff  7821 27 Oct 09:33 known_hosts

From the man page for ssh we have: -

     -X      Enables X11 forwarding.  This can also be specified on a per-host basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the ability to bypass file permissions on the remote host (for the user's X authorization database) can access the local X11 display through the forwarded connection.  An
             attacker may then be able to perform activities such as keystroke monitoring.

             For this reason, X11 forwarding is subjected to X11 SECURITY extension restrictions by default.  Please refer to the ssh -Y option and the ForwardX11Trusted directive in ssh_config(5) for more information.

     -x      Disables X11 forwarding.

     -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are not subjected to the X11 SECURITY extension controls.

so I guess that's the difference :-)

Tuesday, 25 October 2016

WebSphere Application Server and Network File System (NFS)

This came up in discussion today, so I thought I'd x-post some relevant links, as I know I'll need them again: -

NFS v4 is commonly used as a reliable storage for the following components of WebSphere Application Server:
The following table lists mount options that are required. They are not exclusive but other options should not negate these.

Option Description
-t nfs4 Forces NFS v4 to prevent any possibility of falling back to NFS v3.
-o hard,intr Soft mounts can lead to file corruption so hard mounts are required. intr allows a user to interrupt from the keyboard.

However, not all file systems provide the necessary file locking semantics, specifically that file locks are released when a server fails. For example, Network File System Version 4 (NFSv4) provides this release behavior, whereas Network File System Version 3 (NFSv3) does not.

NFSv4 releases locks held on behalf of a host in case that host fails. Peer recovery
can occur automatically without restarting the failed hardware. Therefore, this version
of NFS is better suited for use with automated peer recovery

NFSv3 holds file locks on behalf of a failed host until that host can restart. In this
context, the host is the physical machine running the application server that requested
the lock and it is the restart of the host, not the application server, that eventually
triggers the locks to release

If you use NFSv3 to support automatic peer recovery processing, it becomes necessary to disable file locking, as discussed previously in File locking for WebSphere Application Server recovery logs, This action, in turn, requires that additional measures be put in place to prevent system overloading or network partitioning that might lead to a peer recovery process being directed for an active server.
The most recent version of the NFS protocol, NFSv4, provides lease-based exclusive locks on files as does CIFS. NFSv3 locking is not lease-based and so is less effective in an environment where file ownership needs to be failed over in the event of a server crash. If NFSv3 is used with automated peer recovery, a systems administrator must consider additional configuration choices, which are detailed in Considerations for automated peer recovery. These considerations are not required for either manually-initiated peer recovery or when the file system is either NFSv4 or CIFS. This information is summarized in Table 1.

Redbook - Essentials of Cloud Application Development on IBM Bluemix

This newly published Redbook has been on my to-read list for a while now: -

This IBM® Redbooks® publication is based on the Presentations Guide of the course "Essentials of Cloud Application Development on IBM Bluemix" that was developed by the IBM Redbooks team in partnership with IBM Middle East and Africa (MEA) University Program.

This course is designed to teach university students the basic skills that are required to develop, deploy, and test cloud-based applications that use the IBM Bluemix® cloud services.

Share and Enjoy ( to coin someone else's phrase ! )

Redbook - Deliver Modern UI for IBM BPM with the Coach Framework and Other Approaches

One of my IBM colleagues shared this via Slack earlier: -

IBM® Coach Framework is a key component of the IBM Business Process Manager (BPM) platform that enables custom user interfaces to be easily embedded within business process solutions. Developer tools enable process authors to rapidly create a compelling user experience (UI) that can be delivered to desktop and mobile devices. IBM Process Portal, used by business operations to access, execute, and manage tasks, is entirely coach-based and can easily be configured and styled. A corporate look and feel can be defined using a graphical theme editor and applied consistently across all process applications. The process federation capability enables business users to access and execute all their tasks using a single UI without being aware of the implementation  or origin. Using Coach Framework, you can embed coach-based UI in other web applications, develop BPM UI using alternative UI technology, and create mobile applications for off-line working.

This IBM Redbooks® publication explains how to fully benefit from the power of the Coach Framework. It focuses on the capabilities that Coach Framework delivers with IBM BPM version 8.5.7. The content of this document, though, is also pertinent to future versions of the application.

Enjoy :-)

Monday, 24 October 2016

IBM SoftLayer - VPN Client showing "Incorrect username or password"

For context, I'm connecting to IBM SoftLayer using the ArraySSL VPN client, as per this: -

This is via a Mac running macOS Sierra 10.12.

Having pumped in the target SoftLayer service, and my credentials, I saw this: -

upon login.

This baffled me for a time, especially as I couldn't find any reference to a Login Method called localdb.

To debug it, I started the VPN client from a command line: -


specifically so I could see the responses from the client in the Terminal console log: -

016-10-24 14:37:18.260: failed to login, wrong user or password, try again
2016-10-24 14:37:18.260: vpncallback: code 13, error 37
2016-10-24 14:37:18.260: UI sdk callback login,err is 37
2016-10-24 14:37:40.376: login callback isn't prcessed by upper layer.

This made me check (1) my sanity and (2) my VPN credentials.

I navigated to the SoftLayer dashboard: -

and, post authentication, updated my VPN password: -

Once I did this, and clicked the Save Changes button, and ensured that the newly entered VPN credentials were plugged in there.

Now I'm in like Flynn, which is nice :-)

Tuesday, 18 October 2016 Undefined variable HOST

I saw this today on a newly built ODM Rules box ( using Red Hat Enterprise Linux 6.6 )


[10/18/16 15:44:36:553 BST] 00000001 WsServerImpl  E   WSVR0100W: An error occurred initializing, Node1-DSServer [class] Undefined variable HOST
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
at java.lang.reflect.Method.invoke(
at org.eclipse.core.launcher.Main.invokeFramework(
at org.eclipse.core.launcher.Main.basicRun(
Caused by: Undefined variable HOST
... 37 more


[10/18/16 15:44:36:495 BST]     FFDC ProbeId:402 Undefined variable HOST

As ever, the internet had the answer: -

The solution was to ensure that my server's hostname was in /etc/hosts.   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 odmdemo

Once I did this, and restarted the application server JVM, we were Good To Go (TM)

Saturday, 15 October 2016

Increase logging with a custom policy for IBM DataPower in the API Connect assembly

This article has been written by two of my IBM colleagues, and is definitely worth a look: -

When you design and develop custom integration policies, you need to be alerted to any problems with your policies. By defining a custom logging policy to log the values of context variables, you can be quickly alerted to where policies might be malfunctioning so that you can correct any errors.

This tutorial describes a user-defined policy to assist with logging and error diagnosis in the API Connect assembly tool. In this policy, custom strings or context variables can be written directly to IBM® DataPower® logs at any point when running an API. By defining such policy, messages can be written at any priority level. And, when you combine API Connect with the capability of DataPower to selectively listen at different priorities, you get straightforward yet powerful logging and diagnosis when designing an API.

Sunday, 9 October 2016

Puppet - Encoding passwords

Following my earlier post: -

I've started to tinker with the password encoding used within my Puppet manifests, including: -


Examples I found include: -

openssl passwd

Verifying - Password: 

openssl passwd -1

Verifying - Password: 

openssl passwd -apr1

Verifying - Password: 

openssl passwd -apr1 -salt h0rseb4tt3ryst4pl3


openssl passwd -crypt passw0rd


openssl passwd -crypt -salt rq passw0rd


grub-crypt --sha-512

Retype password: 

and so on.

Source: -

Friday, 7 October 2016

Messing about with Puppet - It Begins

So, today I learned Puppet …. :-)

Well, to be more honest, I've started to tinker with Puppet, using it to … create a group and a user on a Linux server :-)

Initially, I started with a mixture of Linux boxes; one Ubuntu 16.04 and one Red Hat 6.6.

This may have led to my confusion ….

So I started again with a pair of Red Hat 6.6 boxes.

In both cases, I added the appropriate Red Hat Enterprise Linux 6 repository ( el-6 ): -

sudo gpg --keyserver --recv-key 7F438280EF8D349F
sudo gpg --list-key --fingerprint 7F438280EF8D349F

On the Puppetmaster server, I installed the Puppet Server binary: -

sudo yum install puppetserver

On the Puppet client, I installed the Puppet Agent binary: -

sudo yum install puppet-agent

and started the Puppet service: -

sudo service puppetserver start

Again, on the client, I setup the Puppet environment: -

vi /etc/puppetlabs/puppet/puppet.conf


started the agent: -

sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

and invoked the Puppet test: -

sudo /opt/puppetlabs/bin/puppet agent —test

Info: Caching certificate_revocation_list for ca
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for
Info: Applying configuration version '1475866304'

This generates a Certificate Request on the Puppet server, which I then signed: -

sudo /opt/puppetlabs/bin/puppet cert sign

Finally, I used the Puppet resource command to generate the syntax for group and user creation: -

sudo puppet resource -e group wasadmins
sudo puppet resource -e user wasadmin

to allow me to create a manifest: -

vi /etc/puppetlabs/code/environments/production/manifests/site.pp 

group { 'wasadmins':
  ensure => 'present',
  gid    => '506',

user { 'wasadmin':
  ensure           => 'present',
  home             => '/home/wasadmin',
  password         => '$6$wjKn96pk$2yZ.jzYYDTrlc7NhvdRprJ1MzkSKfjCK8.BcBe1Cnh1viIA7S98mlnHPEPk0NYdjPkT9bhaqOuxb5/QQq2cl9.',
  password_max_age => '99999',
  password_min_age => '0',
  shell            => '/bin/bash',
  uid              => '509',

  gid              => '506',
  comment          => 'wasadmin',
  groups           => 'wasadmins',

I re-ran the Puppet Agent test: -

sudo /opt/puppetlabs/bin/puppet agent —test

Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Info: Caching catalog for
Info: Applying configuration version '1475868429'
Notice: /Stage[main]/Main/Group[wasadmins]/ensure: created
Notice: /Stage[main]/Main/User[wasadmin]/ensure: created
Notice: Applied catalog in 0.07 seconds
Now to extend this to create ALL the users and groups, then install DB2 and IBM MQ and then ……...

As ever, I had plenty of references: -

Red Hat Enterprise Linux 6.6 - Creating a local Yum repo - really really fast

Just the best bits because I've written about this before: -

from whence one can infer the context.

mount /dev/cdrom /mnt/

cat /etc/redhat-release

Red Hat Enterprise Linux Server release 6.6 (Santiago)

rpm -ivh /mnt/Packages/deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
rpm -ivh /mnt/Packages/python-deltarpm-3.5-0.5.20090913git.el6.x86_64.rpm
rpm -ivh /mnt/Packages/createrepo-0.9.9-22.el6.noarch.rpm

rpm --import /mnt/RPM-GPG-KEY-redhat-beta
rpm --import /mnt/RPM-GPG-KEY-redhat-release

mkdir /var/repo
mkdir /var/repo/rhel66
cd /var/repo/rhel66/
cp -R /mnt/Packages/* .

cd /var/repo/
createrepo .

vi /etc/yum.repos.d/server.repo

name=Red Hat Enterprise Linux 6.6

yum list

umount /mnt

yum install -y xauth

Job done

IBM InterConnect 2017 Call for Speakers is here!

IBM InterConnect 2017 Call for Speakers is here!

Submit your paper for IBM InterConnect 2017 -- IBM's conference dedicated to the education and development skills needed to elevate your business with Cloud. This year's curriculum will focus on Cloud, Hybrid, Internet of Things, Cognitive, Security, Managed Services and much more. Tell us about your best practices, deliver implementation insights, or share your industry story!

Why speak at InterConnect 2017?

Selected speakers may be eligible to receive a full conference pass (one pass per session in breakout sessions only valued at $2,395). Additional speaker benefits include networking opportunities with over 20,000 attendees, including clients, business partners, industry experts, and IBMers; your company's name listed in the Program Guide; and your name and company's name listed on the online agenda.

Tuesday, 4 October 2016

Java on Windows - Why bitness matters

I kept seeing this: -

whilst trying to start Eclipse Juno which I'd downloaded as

I'm using a 64-bit version of Windows Server 2008 R2

I did wonder whether the problem was related to the version of Java installed: -

java -version

java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) Client VM (build 25.101-b13, mixed mode)

java -fullversion

java full version "1.8.0_101-b13"

so I headed over here: -

and grabbed the 64-bit version of Java: -

Once installed, I checked the Java version again: -

java -version

java version "1.8.0_101"
Java(TM) SE Runtime Environment (build 1.8.0_101-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.101-b13, mixed mode)

java -fullversion

java full version "1.8.0_101-b13"

and retried Eclipse: -

Job done :-)

Essentials of Cloud Application Development on IBM Bluemix

This course is designed to teach university students the basic skills that are required to develop, deploy, and test cloud-based applications that use the IBM Bluemix® cloud services.

After completing this course, you should be able to accomplish these tasks:

• Describe the factors that lead to the adoption of cloud computing.
• Describe infrastructure as a service, platform as a service, and software as a service.
• Define cloud computing.
• Describe IBM Bluemix.
• Describe the architecture of IBM Bluemix.
• Identify the runtimes and services that Bluemix offers.
• Explain how to get started with Bluemix.
• Describe Bluemix organizations, domains, spaces, and users.
• Create Bluemix applications.
• Use services in a Bluemix application.
• Set environmental variables that are used with Bluemix services.
• Deploy and run Bluemix applications.
• Describe how to create an IBM SDK for Node.js application that runs on Bluemix.
• Explain how to manage a Bluemix account with the Cloud Foundry CLI.[
• ]Describe how to integrate workstation development platforms with Bluemix.
• Manage application code and assets with IBM Bluemix DevOps services.
• Work with the Git repository that is used by DevOps services.
• Describe the characteristics of REST APIs.
• Describe the use of JSON as the preferred data format for REST APIs.
• dentify the data services that are available on Bluemix.
• Describe the features in Bluemix for developing mobile applications.
• Create a MobileFirst Services Starter application on Bluemix.
• Send push notifications from Bluemix and receive them on the mobile device emulator.