Tuesday, 15 August 2017

IBM DataPower Gateway on Docker - Remember the memory

I've been seeing a few interesting exceptions with an IBM DataPower Gateway Docker image, including: -

20170815T101929.233Z [0x81000029][system][error] : tid(8175): Execution of webgui:///clixform.xsl stopped: file:///drouter/webgui/clixform.xsl:3530: Stack overflow
20170815T101929.233Z [0x8100000f][system][critic] : tid(8175): Failed to save configuration to 'config:///auto-startup.cfg'
20170815T101929.234Z [0x8100003c][mgmt][critic] domain(default): tid(8175): Domain configuration not saved.
20170815T101929.235Z [0x810000d2][cli][error] : tid(207): Saving configuration failed - The configuration could not be parsed.

and: -

20170815T102740.943Z [0x81000029][system][error] : tid(8175): Execution of webgui:///clixform.xsl stopped: Out of memory
20170815T102740.943Z [0x8100000f][system][critic] : tid(8175): Failed to save configuration to 'config:///auto-startup.cfg'
20170815T102740.944Z [0x8100003c][mgmt][critic] domain(default): tid(8175): Domain configuration not saved.
20170815T102740.944Z [0x810000d2][cli][error] : tid(207): Saving configuration failed - The configuration could not be parsed..


and, when I started the container, using this script: -

datapower.sh 

docker run -it \
   -v $PWD/config:/drouter/config \
   -v $PWD/local:/drouter/local \
   -e DATAPOWER_ACCEPT_LICENSE=true \
   -e DATAPOWER_INTERACTIVE=true \
   -p 9090:9090 \
   -p 9022:22 \
   -p 5554:5554 \
   -p 8000-8010:8000-8010 \
   --name idg \
   ibmcom/datapower

I saw this: -

20170815T102902.256Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T102902.514Z [0x804000fc][system][error] : Insufficient memory allocation. Required is 4000000 KB, but configured is 2046760 KB.
20170815T102902.514Z [0x804000fe][system][notice] : Container instance UUID: 0e839292-f45e-4ca0-be61-0603482240c4, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 1998.8MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T102902.531Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T102902.531Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T102902.918Z [0x8100006d][system][notice] : Executing system configuration.
20170815T102902.922Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
3da718e4a927
Unauthorized access prohibited.
20170815T102906.583Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T102912.809Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T102912.819Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T102912.828Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T102912.850Z [0x0034000d][mgmt][warn] ssh(SSH Service): tid(111): Object is disabled
20170815T102912.879Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T102912.879Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T102924.506Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T102924.518Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T102924.560Z [0x81000001][cli][error] : *** Unknown command or macro
20170815T102924.560Z [0x81000223][cli][error] : (startup-config:632): save-config overwrite
20170815T102924.566Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T102924.618Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.
20170815T102957.720Z [0x80e0047a][system][error] : tid(49): DataPower QuotaEnforcement task is not responding, restart in progress
20170815T103009.550Z [0x80e0047a][system][error] : tid(65): DataPower QuotaEnforcement task is not responding, restart in progress


This: -


gave me a clue as someone else had the same problem, and was advised to increase the default memory from 2 GB to 4 GB, as follows: -



I did this, and restarted the container: -

20170815T104708.843Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T104709.106Z [0x804000fe][system][notice] : Container instance UUID: a2c12305-548b-4133-98b7-b7323d224fc6, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 3947.4MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T104709.129Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T104709.130Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T104709.554Z [0x8100006d][system][notice] : Executing system configuration.
20170815T104709.557Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
1dc74c14aa4f
Unauthorized access prohibited.
20170815T104711.551Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T104717.650Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T104717.654Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T104717.659Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T104717.674Z [0x0034000d][mgmt][warn] ssh(SSH Service): tid(111): Object is disabled
20170815T104717.697Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T104717.697Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T104729.921Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T104729.927Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T104729.968Z [0x81000001][cli][error] : *** Unknown command or macro
20170815T104729.968Z [0x81000223][cli][error] : (startup-config:632): save-config overwrite
20170815T104729.971Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T104730.030Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.



Even better news … I can now log into the Web Management GUI: -


with the appropriate credentials, whereas I was being blocked before ( even though the same credentials worked on the serial interface ).

No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...