Monday, 28 November 2016

Note to self - monitoring User Limits in GNU Linux

This came up last week, and is something that I need to keep an eye on.

These are some of the commands that one can/should use to monitor ulimit use on a Linux box: -

ps -eLf

ps -eTf

ps -Tp `pidof java`

top -H -p `pidof java`

pstree -p `pidof java`

for pid in $(pgrep java); do ls /proc/$pid/fd | wc -l; done


Friday, 25 November 2016

WebSphere Application Server - Managing Profiles and Server Names

This is in the context of managing profiles in WebSphere Application Server, using the manageprofiles.sh command.

A friend asked me how he could set the name of a specific server instance ( think JVM ) when he was creating a profile …

This is what I told him: -

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -profilePath /opt/ibm/WebSphere/AppServer/profiles/diesel -enableService false -nodeName chugger -serverName hst125 -profileName diesel -create -cellName trainsRcool -enableAdminSecurity false -hostName bpm857.uk.ibm.com -templatePath /opt/ibm/WebSphere/AppServer/profileTemplates/default

where I'm setting the following variants: -

-nodeName chugger

-serverName hst125

-profileName diesel

-cellName trainsRcool

So that's all good then ….

Apple Calendar - Dealing with Spam invitations

So I keep receiving spam calendar invitations to my Apple Calendar, on iOS and macOS, which is a nuisance.

Thankfully, I found this: -

<snip>
Log in to iCloud on the web, open your calendar, and go to ⚙ > Preferences. Under Advanced, you'll find an option to receive calendar invitations by email instead of straight into your calendar.
</snip>


<snip>
Ok so this works. Create a new calendar (Calendar/File/New Calendar) then open the bogus invite, you should see a drop down box; when you pull it down you'll see colour coded buttons for the original calendar/s and the new one - you can assign the invite to the new calendar by clicking on it (default name is 'new calendar'), then go to the sidebar (or click the top left button marked 'Calendars' if the sidebar isn't showing) and delete the new calendar. It takes a minute or two for the original calendar to update, but then it will be gone. And without replying to the invite! (I hammered all this out with an Apple online chat person, who at first told me to 'Decline' the invite, bad advice…)
</snip>

Q: How do I block spam calendar invites

which allowed me to do this: -


Note that I did NOT click on the default button, but instead chose Delete and Don't Notify.

Nice :-)

Friday, 18 November 2016

Windows 7 - An Update on Updates

Acting in my role as my family's IT Crowd representative, I ran an errand of mercy yesterday to help recover a Windows 7 PC that was failing to properly run up.

It was booting OK, but was tremendously slow, and it's owner was unable to access the internet ( aka Internet Explorer ).

The PC hadn't been booted up for a month or so, and there were a series of overlapping issues, one of which was that the Norton Anti-Virus tool was (a) out-of-date and (b) expired.

In parallel, Windows Update hadn't run in a while, and the PC believed that it had not been updated since July :-( even though updates were last checked for in September :-(

Long story short, I had to manually update Windows via four specific fixes ( Knowledge Base articles ) : -


Windows6.1-KB3102810-x86.msu


Windows6.1-KB3172605-x86.msu


windows6.1-kb3197868-x86_654e073e00c76a3a7dd01dee8fc2e4fb9a75c931.msu


windows6.1-kb3197869-x86_179db4ad840757eeaba21c1838938e5d61217c73.msu

In each case, I found that the trick was to: -

(a) Disable the network interface ( having downloaded the fix, obviously )
(b) Stop the Windows Update Service (WUS) via the Services Control Panel ( services.msc )
(c) Install the fix
(d) Reboot

Once I finally managed to get Windows to update ( and the first of the above four helped with that, as it actually patches WUS ), it's all up-and-running, and Windows seems fairly happy ( as does Norton AV, once I renewed the subscription ).

Now to run SpinRite ...

Tuesday, 15 November 2016

Cool your hot entities in IBM ODM Decision Server Insights

This was authored by two of my IBM colleagues, Nigel Crowther and Jonathon Carr


In any high-volume event processing system, such as Decision Server Insights in IBM® Operational Decision Manager (ODM), an entity instance referenced by thousands of events is a "hot entity." Hot entities slow down processing, becoming the sole consumer of events within the system. This situation effectively reduces an entire multi-processing grid to wait for a single thread to complete.

This tutorial aims to help Decision Server Insights architects and developers build solutions without hot entities. Learn the causes of hot entities and tips to avoid them.

Book Review - OpenStack in Action by Cody Bumgardner

This is another of my semi-regular book reviews for the British Computer Society, who kindly provided me with a free copy of this book, in ePub format.

OpenStack in Action by Cody Bumgardner

Whether you call it serendipity or just-in-time, the timing of the offer to review this book was perfect, in that I was looking at OpenStack, in order to better understand and position it to my clients and peers.

Therefore, this book ticked all the right boxes for me, in terms of allowing me to get a context and deeper understanding of OpenStack ( and the related DevStack offering ).

Initially, Cody introduces OpenStack and its API, positioning alongside virtualisation, hypervisors, containerisation and public/private/hybrid clouds. He makes the point that OpenStack is built out of a "stack" of services, including storage, networking, security and orchestration.

Having set the scene, the book immediately jumps into a "hands-on" phase, walking the reader through the installation, setup and use of DevStack, on a provided VM, or via a native, custom build on a Linux distribution such as Ubuntu.

This does assume that the reader has some familiarity with Linux, but is a fairly safe bet given the potential audience of the book. Equally, the use of the so-called "companion" VM does help, if the objective is merely to get some hands-on with DevStack, without actually building it.

Post-DevStack, Cody then describes how OpenStack can be driven, most logically using the command-line interface (CLI). This is a useful section in that it provides the context and introduces aspects such as tenants, users and roles.

My only critique of this section is that the page formatting, leastways in the ePub format that I was using, as the font/size used is rather small, meaning that it's somewhat hard to read the listings, where the actual CLI commands are displayed.

The book continues by joining together the OpenStack components, aka services, highlighting the inter-dependencies and the security model, and outlining the relationship between OpenStack and 3rd party solutions, such as storage and networking.

During the second half of the book, Cody dives even more deeply into the setup of the major OpenStack components; this compares and contrasts nicely to the DevStack setup, and this section is very "hands-on", in terms of commands, projected output, results etc.

Again, the assumption is that the reader is going to be deeply engaged in the build, as well as the use, of an OpenStack cloud. It's also fair to say that an understanding of Linux and TCP/IP networking would be of use here.

By the end of this hands-on section, the reader will have a much deeper level of expertise with OpenStack, in terms of understanding both WHAT and HOW it does what it does.

Finally, Cody walks through what one needs to consider when delivering OpenStack into production, again focusing upon networking, storage topologies, automated HA provisioning, and, perhaps most importantly, cloud orchestration using Heat and Ubuntu Juju.

For me, I wanted to get an introduction to, and the context of, OpenStack, and this book was perfect for that. It also provided me with a good opportunity get some hands-on experience with the product, both via DevStack and OpenStack itself.

As with all things, I'm usually ready to learn something when I need to learn something, and, as mentioned, the timing was perfect.

I now need to go and build something with OpenStack, ideally building upon what I already know.

So that's my next challenge ….

If you are looking to get an introduction into, and some hands-on with, OpenStack, as well as a more general deep-dive reference, then this is definitely the book for you.

Out of 10, I'd give this book a solid 9, and would recommend it to others.

WebSphere Application Server - Using Java to manage WAS via SOAP over HTTPS


This has come from a requirement to create a custom Java class to interact with the WAS Deployment Manager via SOAP over HTTPS.

The wrinkle comes because the target WAS cell is secured using: -
  • Transport Layer Security (TLS) 1.2
  • Strong ECDHE/GCM ciphers
  • Mutual Authentication
This is the relevant portion of the security.xml file: -

  <repertoire xmi:id="SSLConfig_1" alias="CellDefaultSSLSettings" managementScope="ManagementScope_1">
    <setting xmi:id="SecureSocketLayer_1" clientAuthentication="true" securityLevel="CUSTOM" enabledCiphers="SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384" jsseProvider="IBMJSSE2" sslProtocol="TLSv1.2" keyStore="KeyStore_1" trustStore="KeyStore_2" trustManager="TrustManager_2" keyManager="KeyManager_1"/>
  </repertoire>

And this is the code that I'm using to prove the concept: -

import java.util.*;
import javax.management.ObjectName;
import com.ibm.websphere.management.configservice.*;
import com.ibm.websphere.management.*;
import com.ibm.websphere.management.exception.ConnectorException;
 
class adminclient  {
    public static void main(String[] args) throws ConnectorException {

String hostName = args[0];
String soapPort = args[1];

        Properties connectProps = new Properties();
        connectProps.setProperty(AdminClient.CONNECTOR_TYPE, AdminClient.CONNECTOR_TYPE_SOAP);
        connectProps.setProperty(AdminClient.CONNECTOR_HOST, hostName);
        connectProps.setProperty(AdminClient.CONNECTOR_PORT, soapPort);
        connectProps.setProperty(AdminClient.CONNECTOR_SECURITY_ENABLED, "true");
        connectProps.setProperty(AdminClient.CACHE_DISABLED, "false");
 
        AdminClient adminClient = null;
        try {
                adminClient = AdminClientFactory.createAdminClient(connectProps);
        }
 
        catch (Exception e) {
                System.out.println("Exception creating admin client: " + e);
                e.printStackTrace();
        }

try {
ConfigService configService = new ConfigServiceProxy(adminClient);
Session session = new Session();

ObjectName[] servers = configService.resolve(session, "Server");
System.out.println("Number of servers: " + servers.length);
for (ObjectName server : servers) {
System.out.println(server.getKeyProperty("_Websphere_Config_Data_Display_Name"));
}
}

catch (Exception e) {
System.err.println("An exception " + e + " occurred.");
}
    }


To use this code, we set up two configuration files - soap.client.props and ssl.client.props - both of which were copied from the WAS configuration: -

soap.client.props

com.ibm.SOAP.securityEnabled=false
com.ibm.SOAP.authenticationTarget=BasicAuth
com.ibm.SOAP.loginUserid=wasadmin
com.ibm.SOAP.loginPassword=passw0rd
com.ibm.SOAP.loginSource=prompt
com.ibm.SOAP.krb5ConfigFile=
com.ibm.SOAP.krb5CcacheFile=
com.ibm.SOAP.krb5Service=
com.ibm.SOAP.requestTimeout=180
com.ibm.ssl.alias=DefaultSSLSettings

ssl.client.props

com.ibm.ssl.defaultAlias=DefaultSSLSettingscom.ibm.ssl.performURLHostNameVerification=false
com.ibm.ssl.validationEnabled=false
com.ibm.security.useFIPS=false
com.ibm.jsse2.checkRevocation=false
com.ibm.security.enableCRLDP=false
com.ibm.ssl.alias=DefaultSSLSettings
com.ibm.ssl.protocol=TLSv1.2
com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustManager=IbmPKIX
com.ibm.ssl.keyManager=IbmX509
com.ibm.ssl.contextProvider=IBMJSSE2
com.ibm.ssl.enableSignerExchangePrompt=gui
com.ibm.ssl.enabledCipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
com.ibm.ssl.keyStore=/home/wasadmin/key.p12
com.ibm.ssl.keyStorePassword=WebAS
com.ibm.ssl.keyStoreType=PKCS12
com.ibm.ssl.keyStoreProvider=IBMJCE
com.ibm.ssl.keyStoreFileBased=true

com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
com.ibm.ssl.trustStore=/home/wasadmin/trust.p12
com.ibm.ssl.trustStorePassword=WebAS
com.ibm.ssl.trustStoreType=PKCS12
com.ibm.ssl.trustStoreProvider=IBMJCE
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.trustStoreReadOnly=false
Note that the latter references: -
  1. the security settings, including TLS 1.2 and the two ECDHE/GCM ciphers
  2. a pair of PKCS12 ( .p12 ) files, copied from the Deployment Manager
In the case of the .p12 files, the first ( key.p12 ) contains a personal certificate, signed by the Deployment Manager, which is used to authenticate to the Deployment Manager ( hence Mutual Authentication or Client Authentication ).

The second .p12 file ( trust.p12 ) contains the WAS cell's signer certificate, which allows the client code to decrypt what's returned from the DM.

Finally, this is how I compiled the code: -

source /opt/ibm/WebSphereProfiles/Dmgr01/bin/setupCmdLine.sh
javac -cp /opt/ibm/WebSphere/AppServer/runtimes/com.ibm.ws.admin.client_8.5.0.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ws.security.crypto.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ffdc.jar adminclient.java

( the first command updates the Linux shell to use the WAS Java SDK etc. )

and this is how I execute the code: -

java -Dcom.ibm.SSL.ConfigURL=file:/home/wasadmin/ssl.client.props -Dcom.ibm.SOAP.ConfigURL=file:/home/wasadmin/soap.client.props -cp /opt/ibm/WebSphere/AppServer/runtimes/com.ibm.ws.admin.client_8.5.0.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ws.security.crypto.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ffdc.jar:/home/wasadmin adminclient bpm857.uk.ibm.com 8879

and this is what it returns: -

Nov 15, 2016 7:29:58 AM com.ibm.ws.management.connector.interop.JMXClassLoader
WARNING: Could not find tmx4jTransform.jar in null/etc/tmx4jTransform.jar - Interoperability to older versions of WebSphere is disabled
Nov 15, 2016 7:29:58 AM com.ibm.ws.ssl.config.SSLConfigManager
INFO: CWPKI0027I: Disabling default hostname verification for HTTPS URL connections.
Nov 15, 2016 7:29:58 AM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Nov 15, 2016 7:29:59 AM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Number of servers: 5
dmgr
MEClusterMember1
SupClusterMember1
AppClusterMember1
nodeagent


Not the most exciting class - it's just a list of nodes - but it allows me to prove the plumbing.

Sidebar - having enabled Mutual Authentication (MA), I've now locked myself out of the Deployment Manager via a web browser, as my browser doesn't have a personal certificate that WAS trusts. Therefore, I see this: -



which is nice :-)

Repost - Using "IBM Pattern Modeling and Analysis Tool for Java Garbage Collector" to Analyze IBM Business Process Manager JVM Memory Usage and Garbage Collections

I'm reposting this: -


As you know IBM Business Process Manager is built upon Java technology whose performance is highly impacted by garbage collection. Usually IBM Business Process Manager would recommend to use generational concurrent garbage collection strategy (-Xgcpolicy:gencon) which is well suited to an application that creates many short-lived objects, you can read this section in the product documentation to better understand this policy: Generational Concurrent Garbage Collector.
 
Analyzing the textual verbose GC information recorded in native_stderr.log is the typical way to understand the garbage collection behavior. By default verbose GC is not enabled, here is a guide regarding how to enable it: Enabling verbose garbage collection (verboseGC) in WebSphere Application Server. Besides reading the detail verbose garbage collection information directly, IBM Pattern Modeling and Analysis Tool for Java Garbage Collector is a powerful tool you can leverage. The previous link is an article that will provide you with some scenarios as well as examples how to better use this tool.

because it's something that I'm going to need quite soon, and definitely worth reading.


Friday, 11 November 2016

Aide Memoire - Tinkering with WS-Security and IBM BPM Advanced 8.5.7

This is an ongoing Work-in-Progress, as I strive to understand how WS-Security works, specifically in terms of sending SOAP requests into IBM BPM Advanced 8.5.7.

My server code is very very simple; merely a SCA Export, with a Web Service / SOAP Binding, connecting into a SCA/BPEL component. The BPEL code includes a Java snippet which then converts the incoming Business Object into UTF-8 and outputs it to the log.

In order to set WS-Security headers on the SOAP request ( my client is SoapUI ), I'm adding a Digital Signature and a Timestamp, the former via a self-signed certificate held in a Java keystone on the client.

This: -


was extremely useful in helping me set up SoapUI.

Things aren't quite working as expecting, with some rather interesting messages appearing in the WAS SystemOut.log, including: -

Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS6810E: The runtime can not identify the key corresponding to the identifier [CN=davehay.uk.ibm.com,DC=UK,DC=IBM,DC=COM:540918370]. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@c2b4f517
CWWSS6521E


Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6001E: Key object was not obtained. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@2bcbf774

Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@41a64fd1

So now I'm looking at trace strings, including: -

*=info:com.ibm.websphere.wssecurity.*=all:com.ibm.ws.webservices.wssecurity.*=all:com.ibm.wsspi.wssecurity.*=all:com.ibm.ws.wssecurity.*=all:com.ibm.xml.soapsec.*=all:com.ibm.ws.webservices.trace.*=all:com.ibm.ws.websvcs.trace.*=all:com.ibm.ws.webservices.multiprotocol.AgnosticService=all:com.ibm.ws.websvcs.utils.SecurityContextMigrator=all

thanks to this: -




This got me further, and made me realise how little I actually understand about this aspect of WAS, specifically Policy Sets and Bindings.

For the record, this is where I am now: -

Caused by: com.ibm.wsspi.wssecurity.core.SoapSecurityException: security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS6809E: The X509 certificate owned by CN=davehay.uk.ibm.com, DC=UK, DC=IBM, DC=COM, which is created from the binary in the message is different from the X509 certificate owned by CN=Bob, O=IBM, C=US, which is acquired from the keystore Path: C:\IBM\WebSphere\AppServer\profiles\AppSrv01//etc/ws-security/samples/enc-receiver.jceks. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@9c0b4f13

Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS6809E: The X509 certificate owned by CN=davehay.uk.ibm.com, DC=UK, DC=IBM, DC=COM, which is created from the binary in the message is different from the X509 certificate owned by CN=Bob, O=IBM, C=US, which is acquired from the keystore Path: C:\IBM\WebSphere\AppServer\profiles\AppSrv01//etc/ws-security/samples/enc-receiver.jceks. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@9c0b4f13

which makes me think that the self-signed certificate that I'm using to sign my SOAP request needs to be in the WAS trust store.

However, the question is WHICH STORE ?

Given that I'm seeing reference to enc-receiver.jceks which is inherited from the WAS 6 WS-Security Samples code makes me think :-)

Watch this space :-)

Thursday, 10 November 2016

IBM Installation Manager - Files for Rollback

Purely as a matter of interest, I wanted to see where IBM Installation Manager (IIM) keeps the binary files that one might choose to use to rollback an installation.

The amount of space being used can be inferred by driving IIM in command-line mode: -

/opt/ibm/InstallationManager/eclipse/tools/imcl -C

=====> IBM Installation Manager

Select:
     1. Install - Install software packages
     2. Update - Find and install updates and fixes to installed software packages
     3. Modify - Change installed software packages
     4. Roll Back - Revert to an earlier version of installed software packages
     5. Uninstall - Remove installed software packages

Other Options:
     L. View Logs
     S. View Installation History
     V. View Installed Packages
        ------------------------
     P. Preferences
        ------------------------
     A. About IBM Installation Manager
        ------------------------
     X. Exit Installation Manager

----->
p

=====> IBM Installation Manager> Preferences

Select:
     1. Repositories
     2. Appearance
     3. Files for Rollback
     4. SSL/TLS
     5. HTTP/FTP Proxy
     6. Passport Advantage
     7. Secure Storage
     8. Updates

     R. Return to Main Menu
-----> [1]
3

Searching for saved files.
.

=====> IBM Installation Manager> Preferences> Files for Rollback

To roll back to a previous version of a package, Installation Manager must access files for that version. Select this option to save locally the files for rollback. If you do not want to save the files locally, Installation Manager must access them from the media or repositories that were used to install the package.

     1. [X] Save files for rollback

Select "Delete Saved Files" to remove any files that were saved for rollback during previous installations. If you delete the files and want to roll back to a previous version, Installation Manager must access the files from the media or repositories that were used to install the package.

Size of saved files: 3.13 GB.

     D. Delete Saved Files

     R. Restore Defaults
     A. Apply Changes and Return to Preferences Menu
     P. Temporarily Keep Changes and Return to Preferences Menu


Having seen that 3.13 GB was being retained, I then dug through the file-system to see precisely WHERE.

I followed a hunch that they were in the Installation Manager Shared (IMShared) directory.

I used this command: -

du -h /opt/ibm/IMShared/

which returned: -

552K /opt/ibm/IMShared/atoc/nq
560K /opt/ibm/IMShared/atoc
699M /opt/ibm/IMShared/native
264K /opt/ibm/IMShared/extra/preserve/IBM WebSphere Application Server V8.5
8.0K /opt/ibm/IMShared/extra/preserve/Operational Decision Manager V8.7
16K /opt/ibm/IMShared/extra/preserve/Web Server Plug-ins for IBM WebSphere Application Server V8.5
12K /opt/ibm/IMShared/extra/preserve/IBM HTTP Server V8.5
304K /opt/ibm/IMShared/extra/preserve
8.0K /opt/ibm/IMShared/extra/trackex/atoc
16K /opt/ibm/IMShared/extra/trackex
324K /opt/ibm/IMShared/extra
2.5G /opt/ibm/IMShared/files
3.2G /opt/ibm/IMShared/


and: -

du -h /opt/ibm/IMShared/files/

2.5G /opt/ibm/IMShared/files/

and then cleared down the rollback files: -

/opt/ibm/InstallationManager/eclipse/tools/imcl -C

...
-----> D
Cleaning up saved files.

=====> IBM Installation Manager> Preferences> Files for Rollback

To roll back to a previous version of a package, Installation Manager must access files for that version. Select this option to save locally the files for rollback. If you do not want to save the files locally, Installation Manager must access them from the media or repositories that were used to install the package.

     1. [X] Save files for rollback

Select "Delete Saved Files" to remove any files that were saved for rollback during previous installations. If you delete the files and want to roll back to a previous version, Installation Manager must access the files from the media or repositories that were used to install the package.

Size of saved files: 0.0 KB.


     R. Restore Defaults
     A. Apply Changes and Return to Preferences Menu
     P. Temporarily Keep Changes and Return to Preferences Menu
...

Now, when I check: -

du -h /opt/ibm/IMShared/

28K /opt/ibm/IMShared/atoc/nq
36K /opt/ibm/IMShared/atoc
40K /opt/ibm/IMShared/native
264K /opt/ibm/IMShared/extra/preserve/IBM WebSphere Application Server V8.5
8.0K /opt/ibm/IMShared/extra/preserve/Operational Decision Manager V8.7
16K /opt/ibm/IMShared/extra/preserve/Web Server Plug-ins for IBM WebSphere Application Server V8.5
12K /opt/ibm/IMShared/extra/preserve/IBM HTTP Server V8.5
304K /opt/ibm/IMShared/extra/preserve
8.0K /opt/ibm/IMShared/extra/trackex/atoc
16K /opt/ibm/IMShared/extra/trackex
324K /opt/ibm/IMShared/extra
344K /opt/ibm/IMShared/files
752K /opt/ibm/IMShared/

I can see that we've "saved" roughly 3.1 GB :-)

Tuesday, 8 November 2016

Synology NAS - From My Mac, Via SSH

I'm definitely NOT new to this party, but I was remarkably impressed with how easy it was to setup SSH between my Mac and my Synology NAS, avoiding the need for me to use my password each and every time I log in.

I followed this: -


and this: -


This is what I did on the Mac: -

ssh-keygen -t rsa

to generate a public/private key pair.

I then used this: -

pbcopy < ~/.ssh/id_rsa.pub

to copy the public key to the clipboard.

On the NAS, I did this: -

vi /etc/ssh/sshd_config 

amending it to read: -

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

and then this: -

touch .ssh/authorized_keys
chmod 700 .ssh/
chmod 644 .ssh/authorized_keys 


and then this: -

vi .ssh/authorized_keys 

to add the previously copied Mac public key.

I was then able to access the NAS without a password: -

ssh root@nas

and verified access: -

uname -a

Linux DiskStation 3.2.40 #8451 SMP Wed Aug 17 05:11:00 CST 2016 armv7l GNU/Linux synology_armadaxp_ds414

The first time out of the gate, I was prompted for the passphrase for the Mac public key, but that's as expected.


Thursday, 3 November 2016

DB2 on Windows - Ready for the next time

A few weeks back, I helped a friend resolve an issue with IBM Integration Designer (IID) on Windows, whereby he found that the DB2 component, intrinsic to the IID Integration Test Environment (ITE), was failing to start.

Long story short, even though he'd installed IID and the ITE with a user ID that had administration privileges, the DB2 user - db2admin - wasn't able to start the required DB2 services.

We proved this by attempting to start the DB2 services via the Services Control Panel ( services.msc ) whilst logged in as that user, but with no joy.

Equally, DB2 commands such as db2start and db2admin start failed.

I failed … to capture the messages etc. at the time, which is b-a-d.

However, the problem was resolved by ensuring that the db2admin user was manually made part of the db2admins group, as per this: -

Adding your user ID to the DB2ADMNS and DB2USERS user groups (Windows)

Next time I see this, I need to (a) document the problem and (b) document the solution :-)

SSH and "Too many authentication failures" - a new one on me

Having created a new user on an Ubuntu 16.04 boxen, I started seeing this: - Received disconnect from 192.168.3.123 port 22:2: Too many au...