Tuesday, 15 August 2017

IBM DataPower Gateway on Docker - So far, now (mostly) so good

So this is how I pulled the image: -

docker pull ibmcom/datapower

resulting in this: -

docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ibmcom/datapower    latest              5d04824ab687        2 weeks ago         758MB


and this is how I started the container for the first time: -

docker run -it \
   -v $PWD/config:/drouter/config \
   -v $PWD/local:/drouter/local \
   -e DATAPOWER_ACCEPT_LICENSE=true \
   -e DATAPOWER_INTERACTIVE=true \
   -p 9090:9090 \
   -p 9022:22 \
   -p 5554:5554 \
   -p 8000-8010:8000-8010 \
   --name idg \
   ibmcom/datapower

resulting in this: -

docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                                                                                    NAMES
961a7cb4adf0        ibmcom/datapower    "/bin/drouter"      About an hour ago   Up 2 minutes        0.0.0.0:5554->5554/tcp, 0.0.0.0:8000-8010->8000-8010/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9022->22/tcp   idg


and this is how I start the image, having previously stopped it ( using the shutdown command ): -

docker start 961a7cb4adf0

and this is how I monitor the logs: -

docker logs 961a7cb4adf0 -f

20170815T115344.287Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T115344.298Z [0x804000fe][system][notice] : Container instance UUID: 69106364-39ba-4935-af9d-4012ef3b7208, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 3947.4MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T115344.309Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T115344.310Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T115344.663Z [0x8100006d][system][notice] : Executing system configuration.
20170815T115344.665Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
961a7cb4adf0
Unauthorized access prohibited.
20170815T115346.129Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T115352.235Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T115352.242Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T115352.249Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T115352.295Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T115352.295Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T115352.304Z [0x81000484][mgmt][warn] : Removed the object 'ProductInsights' with value of 'ProductInsights' from the startup configuration script.
20170815T115352.304Z [0x81000243][cli][error] : required property host is missing
20170815T115352.305Z [][cli][error] : (startup-config:601): exit
20170815T115403.515Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T115403.521Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T115404.567Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T115404.622Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.


I still haven't quite cracked SSH, but that's just a matter of time :-)

I've validated the configuration re SSH: -

cat ~/config/auto-startup.cfg |grep -i ssh

acl "ssh"
ssh "0.0.0.0" "22"
metadata "ssh-password-metadata"
  meta-item "variable" "password" "var://context/INPUT/ssh/password"
  meta-item "variable" "publickey" "var://context/INPUT/ssh/publickey"
  meta-item "variable" "username" "var://context/INPUT/ssh/username"
%if% available "sshdomainclientprofile"
sshdomainclientprofile
  ciphers CHACHA20-POLY1305_AT_OPENSSH.COM
  ciphers AES128-GCM_AT_OPENSSH.COM
  ciphers AES256-GCM_AT_OPENSSH.COM
%if% available "sshserverprofile"
sshserverprofile
  ciphers CHACHA20-POLY1305_AT_OPENSSH.COM
  ciphers AES128-GCM_AT_OPENSSH.COM
  ciphers AES256-GCM_AT_OPENSSH.COM


so it'll be sorted shortly :-)

No comments: