Tuesday, 15 August 2017

IBM DataPower Gateway - SSH now working

Today has been a day for DataPower: -




So I'm not yet sure why this works, but I was struggling to get SSH to work against an IBM DataPower Gateway Docker image/container.

Whilst the configuration looked OK: -



the service would refuse to become active, instead frustratingly staying as disabled ( 0x0034000d ).

This meant that, whilst I could connect to the DataPower via the web admin interface: -


having previously enabled it: -

configure; web-mgmt 0 9090 9090;

thanks to this: -


I wasn't able to SSH into the box.

Thankfully, I could still attach to the serial terminal using docker attach: -

docker ps -a

CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                                                                                                      NAMES
14cffe1113a3        ibmcom/datapower    "/bin/drouter"      9 minutes ago       Up 23 seconds       0.0.0.0:5554->5554/tcp, 0.0.0.0:8000-8010->8000-8010/tcp, 0.0.0.0:9022->9022/tcp, 0.0.0.0:9090->9090/tcp   idg

docker attach 14cffe1113a3

login: admin
Password: *****

Welcome to IBM DataPower Gateway console configuration. 
Copyright IBM Corporation 1999-2017 

Version: IDG.7.6.0.0 build 289959 on Jul 20, 2017 1:16:22 PM
Serial number: 0000001

Notice: startup config contains errors.
idg# 


I tried various things, but to no avail.

I then started wondering whether the problem might be related to the fact that I'm running the Docker container as a non-root user, and whether the underlying OS was therefore preventing me from starting a service on a port less than 1024.

For the record, this is kinda Unix 101, one cannot run any service on, say, ports 22 or 80 or 443, unless one is running as root.

It's for that reason that I always configure my web servers ( IBM HTTP Server ) to run on ports 8080 and 8443, because who wants to run a web server as root ? Clue: NOBODY

So I changed the SSH configuration: -

configure terminal
ssh 0.0.0.0 9022
write memory

and then changed my startup script from this: -

docker run -it \
   -v $PWD/config:/drouter/config \
   -v $PWD/local:/drouter/local \
   -e DATAPOWER_ACCEPT_LICENSE=true \
   -e DATAPOWER_INTERACTIVE=true \
   -p 9090:9090 \
   -p 9022:22 \
   -p 5554:5554 \
   -p 8000-8010:8000-8010 \
   --name idg \
   ibmcom/datapower


to this: -

docker run -it \
   -v $PWD/config:/drouter/config \
   -v $PWD/local:/drouter/local \
   -e DATAPOWER_ACCEPT_LICENSE=true \
   -e DATAPOWER_INTERACTIVE=true \
   -p 9090:9090 \
   -p 9022:9022 \
   -p 5554:5554 \
   -p 8000-8010:8000-8010 \
   --name idg \
   ibmcom/datapower


In other words. I'm mapping port 9022 within the container to port 9022 within the host.

Once I did this, I was able to SSH into the box: -

ssh -p 9022 localhost

14cffe1113a3
Unauthorized access prohibited.
login: 
admin
Password: *****

Welcome to IBM DataPower Gateway console configuration. 
Copyright IBM Corporation 1999-2017 

Version: IDG.7.6.0.0 build 289959 on Jul 20, 2017 1:16:22 PM
Serial number: 0000001

Notice: startup config contains errors.
idg# 

and the SSH service looks nice n' happy: -


No comments: