Tuesday, 15 August 2017

IBM DataPower Gateway on Docker - So far, now (mostly) so good

So this is how I pulled the image: -

docker pull ibmcom/datapower

resulting in this: -

docker images

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
ibmcom/datapower    latest              5d04824ab687        2 weeks ago         758MB


and this is how I started the container for the first time: -

docker run -it \
   -v $PWD/config:/drouter/config \
   -v $PWD/local:/drouter/local \
   -e DATAPOWER_ACCEPT_LICENSE=true \
   -e DATAPOWER_INTERACTIVE=true \
   -p 9090:9090 \
   -p 9022:22 \
   -p 5554:5554 \
   -p 8000-8010:8000-8010 \
   --name idg \
   ibmcom/datapower

resulting in this: -

docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                                                                                    NAMES
961a7cb4adf0        ibmcom/datapower    "/bin/drouter"      About an hour ago   Up 2 minutes        0.0.0.0:5554->5554/tcp, 0.0.0.0:8000-8010->8000-8010/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9022->22/tcp   idg


and this is how I start the image, having previously stopped it ( using the shutdown command ): -

docker start 961a7cb4adf0

and this is how I monitor the logs: -

docker logs 961a7cb4adf0 -f

20170815T115344.287Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T115344.298Z [0x804000fe][system][notice] : Container instance UUID: 69106364-39ba-4935-af9d-4012ef3b7208, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 3947.4MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T115344.309Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T115344.310Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T115344.663Z [0x8100006d][system][notice] : Executing system configuration.
20170815T115344.665Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
961a7cb4adf0
Unauthorized access prohibited.
20170815T115346.129Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T115352.235Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T115352.242Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T115352.249Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T115352.295Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T115352.295Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T115352.304Z [0x81000484][mgmt][warn] : Removed the object 'ProductInsights' with value of 'ProductInsights' from the startup configuration script.
20170815T115352.304Z [0x81000243][cli][error] : required property host is missing
20170815T115352.305Z [][cli][error] : (startup-config:601): exit
20170815T115403.515Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T115403.521Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T115404.567Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T115404.622Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.


I still haven't quite cracked SSH, but that's just a matter of time :-)

I've validated the configuration re SSH: -

cat ~/config/auto-startup.cfg |grep -i ssh

acl "ssh"
ssh "0.0.0.0" "22"
metadata "ssh-password-metadata"
  meta-item "variable" "password" "var://context/INPUT/ssh/password"
  meta-item "variable" "publickey" "var://context/INPUT/ssh/publickey"
  meta-item "variable" "username" "var://context/INPUT/ssh/username"
%if% available "sshdomainclientprofile"
sshdomainclientprofile
  ciphers CHACHA20-POLY1305_AT_OPENSSH.COM
  ciphers AES128-GCM_AT_OPENSSH.COM
  ciphers AES256-GCM_AT_OPENSSH.COM
%if% available "sshserverprofile"
sshserverprofile
  ciphers CHACHA20-POLY1305_AT_OPENSSH.COM
  ciphers AES128-GCM_AT_OPENSSH.COM
  ciphers AES256-GCM_AT_OPENSSH.COM


so it'll be sorted shortly :-)

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...