Tuesday, 15 August 2017

IBM DataPower Gateway on Docker - Remember the memory

I've been seeing a few interesting exceptions with an IBM DataPower Gateway Docker image, including: -

20170815T101929.233Z [0x81000029][system][error] : tid(8175): Execution of webgui:///clixform.xsl stopped: file:///drouter/webgui/clixform.xsl:3530: Stack overflow
20170815T101929.233Z [0x8100000f][system][critic] : tid(8175): Failed to save configuration to 'config:///auto-startup.cfg'
20170815T101929.234Z [0x8100003c][mgmt][critic] domain(default): tid(8175): Domain configuration not saved.
20170815T101929.235Z [0x810000d2][cli][error] : tid(207): Saving configuration failed - The configuration could not be parsed.

and: -

20170815T102740.943Z [0x81000029][system][error] : tid(8175): Execution of webgui:///clixform.xsl stopped: Out of memory
20170815T102740.943Z [0x8100000f][system][critic] : tid(8175): Failed to save configuration to 'config:///auto-startup.cfg'
20170815T102740.944Z [0x8100003c][mgmt][critic] domain(default): tid(8175): Domain configuration not saved.
20170815T102740.944Z [0x810000d2][cli][error] : tid(207): Saving configuration failed - The configuration could not be parsed..


and, when I started the container, using this script: -

datapower.sh 

docker run -it \
   -v $PWD/config:/drouter/config \
   -v $PWD/local:/drouter/local \
   -e DATAPOWER_ACCEPT_LICENSE=true \
   -e DATAPOWER_INTERACTIVE=true \
   -p 9090:9090 \
   -p 9022:22 \
   -p 5554:5554 \
   -p 8000-8010:8000-8010 \
   --name idg \
   ibmcom/datapower

I saw this: -

20170815T102902.256Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T102902.514Z [0x804000fc][system][error] : Insufficient memory allocation. Required is 4000000 KB, but configured is 2046760 KB.
20170815T102902.514Z [0x804000fe][system][notice] : Container instance UUID: 0e839292-f45e-4ca0-be61-0603482240c4, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 1998.8MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T102902.531Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T102902.531Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T102902.918Z [0x8100006d][system][notice] : Executing system configuration.
20170815T102902.922Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
3da718e4a927
Unauthorized access prohibited.
20170815T102906.583Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T102912.809Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T102912.819Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T102912.828Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T102912.850Z [0x0034000d][mgmt][warn] ssh(SSH Service): tid(111): Object is disabled
20170815T102912.879Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T102912.879Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T102924.506Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T102924.518Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T102924.560Z [0x81000001][cli][error] : *** Unknown command or macro
20170815T102924.560Z [0x81000223][cli][error] : (startup-config:632): save-config overwrite
20170815T102924.566Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T102924.618Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.
20170815T102957.720Z [0x80e0047a][system][error] : tid(49): DataPower QuotaEnforcement task is not responding, restart in progress
20170815T103009.550Z [0x80e0047a][system][error] : tid(65): DataPower QuotaEnforcement task is not responding, restart in progress


This: -


gave me a clue as someone else had the same problem, and was advised to increase the default memory from 2 GB to 4 GB, as follows: -



I did this, and restarted the container: -

20170815T104708.843Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T104709.106Z [0x804000fe][system][notice] : Container instance UUID: a2c12305-548b-4133-98b7-b7323d224fc6, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 3947.4MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T104709.129Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T104709.130Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T104709.554Z [0x8100006d][system][notice] : Executing system configuration.
20170815T104709.557Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
1dc74c14aa4f
Unauthorized access prohibited.
20170815T104711.551Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T104717.650Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T104717.654Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T104717.659Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T104717.674Z [0x0034000d][mgmt][warn] ssh(SSH Service): tid(111): Object is disabled
20170815T104717.697Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T104717.697Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T104729.921Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T104729.927Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T104729.968Z [0x81000001][cli][error] : *** Unknown command or macro
20170815T104729.968Z [0x81000223][cli][error] : (startup-config:632): save-config overwrite
20170815T104729.971Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T104730.030Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.



Even better news … I can now log into the Web Management GUI: -


with the appropriate credentials, whereas I was being blocked before ( even though the same credentials worked on the serial interface ).

No comments: