Wednesday, 31 October 2018

Eclipse Luna on macOS Mojave - Not working, now working

I've just deployed Eclipse Luna on my Mac, which is running macOS 10.14.1 Mojave: -

tar xvzf /Volumes/DaveHaySSD/Software/Eclipse/eclipse-jee-luna-SR2-macosx-cocoa-x86_64.tar.gz 

...
x eclipse/
x eclipse/artifacts.xml
x eclipse/features/

x eclipse/Eclipse.app/Contents/
x eclipse/Eclipse.app/Contents/Info.plist
x eclipse/Eclipse.app/Contents/MacOS/
x eclipse/Eclipse.app/Contents/MacOS/eclipse
x eclipse/Eclipse.app/Contents/MacOS/eclipse.ini
x eclipse/Eclipse.app/Contents/Resources/
x eclipse/Eclipse.app/Contents/Resources/Eclipse.icns
x eclipse/dropins/
x eclipse/.eclipseproduct
x eclipse/epl-v10.html

...

When I launch it: -

./eclipse 

or: -

./eclipse -data ~/Documents/workspace.odm

it starts up OK but I can't navigate Eclipse using mouse or keyboard: -


I suspected that this MAY be the new Mojave security feature: -


but to no avail.

Thankfully, this was soluble / solvable.

I was starting Eclipse by hand from where I'd extracted it: -

cd /Users/davidhay/eclipse
./eclipse

org.eclipse.m2e.logback.configuration: The org.eclipse.m2e.logback.configuration bundle was activated before the state location was initialized.  Will retry after the state location is initialized.

but didn't see any exceptions.

When I dug into the folder further: -

cd /Users/davidhay/eclipse
ls -al

total 568
drwxr-xr-x@  14 davidhay  staff     448 31 Oct 14:40 .
drwxr-xr-x+  70 davidhay  staff    2240 31 Oct 14:16 ..
-rw-r--r--@   1 davidhay  staff      60 28 Jan  2015 .eclipseproduct
drwxr-xr-x@   3 davidhay  staff      96 19 Feb  2015 Eclipse.app
-rw-r--r--@   1 davidhay  staff  254883 19 Feb  2015 artifacts.xml
drwxr-xr-x@  14 davidhay  staff     448 31 Oct 14:40 configuration
drwxr-xr-x@   2 davidhay  staff      64 19 Feb  2015 dropins
lrwxr-xr-x@   1 davidhay  staff      34 19 Feb  2015 eclipse -> Eclipse.app/Contents/MacOS/eclipse
-rw-r--r--@   1 davidhay  staff   12638 28 Jan  2015 epl-v10.html
drwxr-xr-x@ 163 davidhay  staff    5216 19 Feb  2015 features
-rw-r--r--@   1 davidhay  staff    9013 28 Jan  2015 notice.html
drwxr-xr-x@   4 davidhay  staff     128 19 Feb  2015 p2
drwxr-xr-x@ 845 davidhay  staff   27040 19 Feb  2015 plugins
drwxr-xr-x@   3 davidhay  staff      96 19 Feb  2015 readme

so I tried this: -

cd /Users/davidhay/eclipse/Eclipse.app/Contents/MacOS
./eclipse 

org.eclipse.m2e.logback.configuration: The org.eclipse.m2e.logback.configuration bundle was activated before the state location was initialized.  Will retry after the state location is initialized.
org.eclipse.m2e.logback.configuration: Logback config file: /Users/davidhay/Documents/workspace.odm/.metadata/.plugins/org.eclipse.m2e.logback.configuration/logback.1.5.1.20150109-1820.xml
org.eclipse.m2e.logback.configuration: Initializing logback

or: -

./eclipse -data ~/Documents/workspace.odm

org.eclipse.m2e.logback.configuration: The org.eclipse.m2e.logback.configuration bundle was activated before the state location was initialized.  Will retry after the state location is initialized.
org.eclipse.m2e.logback.configuration: Logback config file: /Users/davidhay/Documents/workspace.odm/.metadata/.plugins/org.eclipse.m2e.logback.configuration/logback.1.5.1.20150109-1820.xml
org.eclipse.m2e.logback.configuration: Initializing logback


and all is now working, keyboard and mouse-wise.

Nice :-)

IBM ODM - WASX7025E: Error found in String ""; cannot create ObjectName

Following on from earlier posts, I'm now building a Decision Server cluster: -

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/createODMDecisionServerCluster.sh -clusterPropertiesFile /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/odm/ODMDecisionServerCluster.properties -adminUsername wasadmin -adminPassword passw0rd

which almost immediately failed: -

Starting the cluster creation process, more traces are available in /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/logs/odm

Creating ODM Decision Server cluster creation, please wait ...
ODM Decision Server cluster fail, please check /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/logs/odm


I checked the logs: -

cat  /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/logs/odm/step1-createODMDecisionServerCluster.log

...
WASX7017E: Exception received while running file "/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/odm/createODMDecisionServerCluster.py"; exception information: com.ibm.ws.scripting.ScriptingException: WASX7025E: Error found in String ""; cannot create ObjectName.
...

I checked the source property file: -

cat /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/odm/ODMDecisionServerCluster.properties

#
#   Licensed Materials - Property of IBM
#   5725-B69 5655-Y17 5655-Y31
#   Copyright IBM Corp. 1987, 2018. All Rights Reserved.
#
#   Note to U.S. Government Users Restricted Rights:
#   Use, duplication or disclosure restricted by GSA ADP Schedule
#   Contract with IBM Corp.
#

#
# Cluster base configuration 
#
cluster.name=DecisionServerCluster
virtualhost.name=default_host
res.console.server.name=RulesMgrSrv
# Specify a comma separated list of nodes to add in the cluster
cluster.member.nodes=Node1
res.console.node=Dmgr

cluster.servers.maxHeapSize=4096
cluster.servers.initialHeapSize=1096

# These JVM options are recommanded settings for better performance.
# You may have at lest 6 CPU cores to be able to enable it.
# To apply this recommandation please uncomment the following line
#cluster.servers.jvm.args=-Xgcpolicy:gencon -Xgcthreads6

#
# Database configuration
#   Supported database type:
#       - DB2
#       - Oracle
#       - MSSQL
#       - PostgreSQL
#
database.type=DB2
database.jdbcDriverPath=/opt/ibm/WebSphere/AppServer/universalDriver/lib/db2jcc4.jar;/opt/ibm/WebSphere/AppServer/universalDriver/lib/db2jcc_license_cu.jar
database.name=RESDB
database.hostname=workflow.uk.ibm.com
database.port=60006
database.user=db2user1
database.password=passw0rd

and realised where I'd gone wrong.

I had: -

res.console.node=Dmgr

whereas I should've had: -

res.console.node=Node1

as per this: -



Once I fixed it, all was well: -

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/createODMDecisionServerCluster.sh -clusterPropertiesFile /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/odm/ODMDecisionServerCluster.properties -adminUsername wasadmin -adminPassword passw0rd

Starting the cluster creation process, more traces are available in /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/logs/odm

Creating ODM Decision Server cluster creation, please wait ...
Configuring ODM Decision Server datasource ...
Installing ODM Decision Server eXecution Unit ...
Installing ODM Decision Server RES Console ...
Installing ODM Decision Server HTDS in your cluster ...
Installing ODM Decision Server SSP in your cluster ...
Starting up your ODM Decision Server cluster ...
ODM Decision Server cluster statup invoked, it may make take a while before your cluster should be available.
Creating ODM Decision Server cluster configuration completed.




IBM ODM and RAR - An Update

As an update to my earlier post: -


I uninstalled all of the ODM components: -

/opt/ibm/InstallationManager/eclipse/tools/imcl uninstall com.ibm.websphere.odm.pt.rules.v89_8.9.2001.20180723_1243

/opt/ibm/InstallationManager/eclipse/tools/imcl uninstall com.ibm.websphere.odm.pt.dc.v89_8.9.2001.20180723_1240

/opt/ibm/InstallationManager/eclipse/tools/imcl uninstall com.ibm.websphere.odm.ds.rules.v89_8.9.2001.20180723_1224

/opt/ibm/InstallationManager/eclipse/tools/imcl uninstall com.ibm.websphere.odm.dc.v89_8.9.2001.20180723_1215

and cleaned up the ODM directory: -

rm -Rf /opt/ibm/ODM89/*

and removed the WAS profiles: -

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -deleteAll

and cleaned up the WAS profiles directory: -

rm -Rf /opt/ibm/WebSphere/AppServer/profiles/*

and then reinstalled the binaries: -

/opt/ibm/InstallationManager/eclipse/tools/imcl -input /mnt/ResponseFiles/installODM8921.rsp -acceptLicense

Installed com.ibm.websphere.odm.dc.v89_8.9.2001.20180723_1215 to the /opt/ibm/ODM89 directory.
Installed com.ibm.websphere.odm.ds.rules.v89_8.9.2001.20180723_1224 to the /opt/ibm/ODM89 directory.
Installed com.ibm.websphere.odm.pt.rules.v89_8.9.2001.20180723_1243 to the /opt/ibm/ODM89 directory.
Installed com.ibm.websphere.odm.pt.dc.v89_8.9.2001.20180723_1240 to the /opt/ibm/ODM89 directo
ry.

and re-checked: -

ls -al /opt/ibm/ODM89/executionserver/applicationservers/WebSphere85/

total 139280
drwxr-xr-x 2 wasadmin wasadmins     4096 Oct 31 11:04 .
drwxr-xr-x 3 wasadmin wasadmins       24 Oct 31 11:04 ..
-rw-r--r-- 1 wasadmin wasadmins 14674397 Jul 20 18:23 jrules-res-htds-WAS85.ear
-rw-r--r-- 1 wasadmin wasadmins 30996584 Jul 20 18:23 jrules-res-management-WAS85.ear
-rw-r--r-- 1 wasadmin wasadmins  2136520 Jul 20 18:23 jrules-res-mdb-WAS85.jar
-rw-r--r-- 1 wasadmin wasadmins  1559934 Jul 20 18:23 jrules-res-session-ejb3-WAS85.jar
-rw-r--r-- 1 wasadmin wasadmins 26111541 Oct 31 11:04 jrules-res-xu-WAS85.rar
-rw-r--r-- 1 wasadmin wasadmins 67130079 Jul 20 18:23 jrules-ssp-WAS85.ear


and then re-ran the augmentation steps : -

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -augment -templatePath /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/ -profileName Dmgr01 -odmHome /opt/ibm/ODM89

INSTCONFSUCCESS: Profile augmentation succeeded.

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -augment -templatePath /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisioncenter/management/ -profileName Dmgr01 -odmHome /opt/ibm/ODM89

INSTCONFSUCCESS: Profile augmentation succeeded.

so that's all good then :-)

RAR - Why does my profile augmentation fail ?

During a build of an IBM Operational Decision Manager (ODM) Rules 8.9.2.1 environment, I was trying ( and failing ) to augment an existing WebSphere Application Server (WAS) profile - the Deployment Manager - Dmgr01 - with ODM Decision Server (RES) capabilities: -

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -augment -profileName Dmgr01 -templatePath /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/ -odmHome /opt/ibm/ODM89/

simply returned: -

...
/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -augment -profileName Dmgr01 -templatePath /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/ -odmHome /opt/ibm/ODM89/
INSTCONFFAILED: Profile augmentation failed. For more information, consult /opt/ibm/WebSphere/AppServer/logs/manageprofiles/Dmgr01_augment.log.



I checked the log file: -

view /opt/ibm/WebSphere/AppServer/logs/manageprofiles/Dmgr01_augment.log

which showed: -

...
<record>
  <date>2018-10-31T09:47:29</date>
  <millis>1540979249438</millis>
  <sequence>599</sequence>
  <logger>com.ibm.ws.install.configmanager.actionengine.ant.utils.ANTLogToCmtLogAdapter</logger>
  <level>WARNING</level>
  <class>com.ibm.ws.install.configmanager.actionengine.ant.utils.ANTLogToCmtLogAdapter</class>
  <method>messageLogged</method>
  <thread>1</thread>
  <message>wsadmin task failed with return code :105</message>
</record>

...
<record>
  <date>2018-10-31T09:47:24</date>
  <millis>1540979244994</millis>
  <sequence>576</sequence>
  <logger>com.ibm.ws.install.configmanager.actionengine.ant.utils.AntTaskToLogToConfigManagersLogFiles</logger>
  <level>INFO</level>
  <class>/opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/actions/decisionServerSanityCheck.ant:7: </class>
  <method>decisionServerSanityCheck</method>
  <thread>1</thread>
  <message>Calling decisionServerSanityCheck.py with ODM_HOME=/opt/ibm/ODM89/</message>
</record>

...
<record>
  <date>2018-10-31T09:47:24</date>
  <millis>1540979244994</millis>
  <sequence>577</sequence>
  <logger>com.ibm.ws.install.configmanager.actionengine.ant.utils.AntTaskToLogToConfigManagersLogFiles</logger>
  <level>INFO</level>
  <class>/opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/actions/decisionServerSanityCheck.ant:9: </class>
  <method>decisionServerSanityCheck</method>
  <thread>1</thread>
  <message>${WSADMIN_EXECUTABLE} -conntype NONE -f /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/actions/scripts/decisionServerSanityCheck.py /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/actions/scripts /opt/ibm/ODM89/</message>
</record>

...
<record>
  <date>2018-10-31T09:47:29</date>
  <millis>1540979249457</millis>
  <sequence>664</sequence>
  <logger>com.ibm.ws.install.configmanager.ConfigManager</logger>
  <level>WARNING</level>
  <class>com.ibm.ws.install.configmanager.ConfigManager</class>
  <method>executeAllActionsFound</method>
  <thread>1</thread>
  <message>Fatal configuration action failed: com.ibm.ws.install.configmanager.actionengine.ConfigAction-/opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/actions/decisionServerSanityCheck.ant</message>
</record>
<record>
  <date>2018-10-31T09:47:29</date>
  <millis>1540979249457</millis>
  <sequence>665</sequence>
  <logger>com.ibm.ws.install.configmanager.ConfigManager</logger>
  <level>SEVERE</level>
  <class>com.ibm.ws.install.configmanager.ConfigManager</class>
  <method>launch</method>
  <thread>1</thread>
  <message>ConfigManager action execution failed on a fatal action</message>
</record>
<record>
  <date>2018-10-31T09:47:29</date>
  <millis>1540979249457</millis>
  <sequence>666</sequence>
  <logger>com.ibm.ws.install.configmanager.ConfigManager</logger>
  <level>INFO</level>
  <class>com.ibm.ws.install.configmanager.ConfigManager</class>
  <method>launch</method>
  <thread>1</thread>
  <message>Returning with return code: INSTCONFFAILED</message>
</record>
<record>
  <date>2018-10-31T09:47:29</date>
  <millis>1540979249457</millis>
  <sequence>667</sequence>
  <logger>com.ibm.wsspi.profile.WSProfile</logger>
  <level>SEVERE</level>
  <class>com.ibm.wsspi.profile.WSProfile</class>
  <method>doAugment</method>
  <thread>1</thread>
  <message>Augmentation of profile Dmgr01 at path /opt/ibm/WebSphere/AppServer/profiles/Dmgr01 using profile template /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management failed.</message>
</record>



I dug into the Deployment Manager logs further, and found this: -

cat  /opt/ibm/WebSphere/AppServer/logs/manageprofiles/Dmgr01/odm/decisionServerSanityCheck.wsadmin.log

which was WAY more useful: -

...
WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
WASX7303I: The following options are passed to the scripting environment and are available as arguments that are stored in the argv variable: "[/opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/actions/scripts, /opt/ibm/ODM89]"
Processing sanatiy check before augmentation
ERROR: The specified ODM_HOME does not look correct, unable to find jrules-res-xu-WAS85.rar!
Traceback (most recent call last):
  File "<string>", line 41, in ?
RuntimeError: ERROR: The specified ODM_HOME does not look correct!
WASX7017E: Exception received while running file "/opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/actions/scripts/decisionServerSanityCheck.py"; exception information: com.ibm.bsf.BSFException: exception from Jython:
Traceback (innermost last):
  File "<string>", line 87, in ?
RuntimeError: An error occur during sanity checks



This is what I have installed: -

/opt/ibm/InstallationManager/eclipse/tools/imcl listInstalledPackages -features -long

/opt/ibm/InstallationManager/eclipse : com.ibm.cic.agent_1.8.9001.20180709_1302 : IBM® Installation Manager : 1.8.9.1 : 
/opt/ibm/WebSphere/AppServer : com.ibm.websphere.ND.v85_8.5.5014.20180802_1018 : IBM WebSphere Application Server Network Deployment : 8.5.5.14 : com.ibm.sdk.6_64bit,ejbdeploy,embeddablecontainer,thinclient
/opt/ibm/ODM89 : com.ibm.websphere.odm.dc.v89_8.9.2001.20180723_1215 : Decision Center : 8.9.2.1 : Decision Center,com.ibm.wbdm.dts.was.feature
/opt/ibm/ODM89 : com.ibm.websphere.odm.ds.rules.v89_8.9.2001.20180723_1224 : Decision Server Rules : 8.9.2.1 : com.ibm.wds.rules.res.feature,com.ibm.wds.rules.res.was.feature
/opt/ibm/ODM89 : com.ibm.websphere.odm.pt.dc.v89_8.9.2001.20180723_1240 : Decision Center profile templates for WebSphere Application Server   : 8.9.2.1 : 
/opt/ibm/ODM89 : com.ibm.websphere.odm.pt.rules.v89_8.9.2001.20180723_1243 : Decision Server Rules profile templat
es for WebSphere Application Server  : 8.9.2.1 : 

and yet this is what I have in terms of WAS85 artefacts for the RES: -

ls /opt/ibm/ODM89/executionserver/applicationservers/WebSphere85/

-rw-r--r-- 1 wasadmin wasadmins 14674397 Jul 20 18:23 jrules-res-htds-WAS85.ear
-rw-r--r-- 1 wasadmin wasadmins 30996584 Jul 20 18:23 jrules-res-management-WAS85.ear
-rw-r--r-- 1 wasadmin wasadmins  2136520 Jul 20 18:23 jrules-res-mdb-WAS85.jar
-rw-r--r-- 1 wasadmin wasadmins  1559934 Jul 20 18:23 jrules-res-session-ejb3-WAS85.jar
-rw-r--r-- 1 wasadmin wasadmins 67130079 Jul 20 18:23 jrules-ssp-WAS85.ear


Note the absence of said RAR file.

I dug around within the source media, and found this: -

./disk1/ProfileTemplateRules/native/com.ibm.websphere.odm.rules.res.was_8.9.1000.20171018-1755.zip

which I unzipped to a temporary directory: -

unzip ./disk1/ProfileTemplateRules/native/com.ibm.websphere.odm.rules.res.was_8.9.1000.20171018-1755.zip -d /tmp/snafu

Archive:  ./disk1/ProfileTemplateRules/native/com.ibm.websphere.odm.rules.res.was_8.9.1000.20171018-1755.zip
   creating: /tmp/snafu/executionserver/
   creating: /tmp/snafu/executionserver/applicationservers/
   creating: /tmp/snafu/executionserver/applicationservers/WebSphere85/
  inflating: /tmp/snafu/executionserver/applicationservers/WebSphere85/jrules-res-htds-WAS85.ear  
  inflating: /tmp/snafu/executionserver/applicationservers/WebSphere85/jrules-res-management-WAS85.ear  
  inflating: /tmp/snafu/executionserver/applicationservers/WebSphere85/jrules-res-mdb-WAS85.jar  
  inflating: /tmp/snafu/executionserver/applicationservers/WebSphere85/jrules-res-session-ejb3-WAS85.jar  
  inflating: /tmp/snafu/executionserver/applicationservers/WebSphere85/jrules-res-xu-WAS85.rar  
  inflating: /tmp/snafu/executionserver/applicationservers/WebSphere85/jrules-ssp-WAS85.ear  


I then grabbed the missing RAR - jrules-res-xu-WAS85.rar - and placed it here: -

/opt/ibm/ODM89/executionserver/applicationservers/WebSphere85/

-rw-r--r-- 1 wasadmin wasadmins 14674397 Jul 20 18:23 jrules-res-htds-WAS85.ear
-rw-r--r-- 1 wasadmin wasadmins 30996584 Jul 20 18:23 jrules-res-management-WAS85.ear
-rw-r--r-- 1 wasadmin wasadmins  2136520 Jul 20 18:23 jrules-res-mdb-WAS85.jar
-rw-r--r-- 1 wasadmin wasadmins  1559934 Jul 20 18:23 jrules-res-session-ejb3-WAS85.jar
-rw-r--r-- 1 wasadmin wasadmins 25865277 Oct 31 10:50 jrules-res-xu-WAS85.rar
-rw-r--r-- 1 wasadmin wasadmins 67130079 Jul 20 18:23 jrules-ssp-WAS85.ear


This time around, the augmentation succeeds: -

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -augment -profileName Dmgr01 -templatePath /opt/ibm/WebSphere/AppServer/profileTemplates/odm/decisionserver/management/ -odmHome /opt/ibm/ODM89/

INSTCONFSUCCESS: Profile augmentation succeeded.

Now I need to work out what happened during the binary installation …….

Tuesday, 30 October 2018

"The Soap RPC call can't be unmarshalled" - during IBM ODM 8.9.2.1 cluster creation

I saw this: -

...
java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
        at java.lang.reflect.Method.invoke(Method.java:508)
        at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234)
        at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:96)
        at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:77)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
        at java.lang.reflect.Method.invoke(Method.java:508)
        at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587)
        at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198)
        at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
        at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
        at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369)
        at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
        at java.lang.reflect.Method.invoke(Method.java:508)
        at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340)
        at org.eclipse.core.launcher.Main.basicRun(Main.java:282)
        at org.eclipse.core.launcher.Main.run(Main.java:981)
        at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:411)
        at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:173)
Caused by: java.lang.reflect.UndeclaredThrowableException
        at com.sun.proxy.$Proxy3.getAttribute(Unknown Source)
        at com.ibm.ws.management.AdminClientImpl.getAttribute(AdminClientImpl.java:153)
        at com.ibm.ws.scripting.CommonScriptingObject.connectToAdminService(CommonScriptingObject.java:130)
        at com.ibm.ws.scripting.CommonScriptingObject.<init>(CommonScriptingObject.java:104)
        at com.ibm.ws.scripting.AdminControlClient.<init>(AdminControlClient.java:170)
        at com.ibm.ws.scripting.AbstractShell.createControlClient(AbstractShell.java:1289)
        at com.ibm.ws.scripting.AbstractShell.run(AbstractShell.java:2245)
        at com.ibm.ws.scripting.WasxShell.main(WasxShell.java:1172)
        ... 26 more
Caused by: [SOAPException: faultCode=SOAP-ENV:ServerException; msg=The Soap RPC call can&apos;t be unmarshalled.]


and: -

[30/10/18 19:49:53:173 GMT] 000000c3 LTPAServerObj E   SECJ0369E: Authentication failed when using LTPA. The exception is com.ibm.websphere.wim.exception.PasswordCheckFailedException: CWWIM4513E  The password match failed for the 'wasadmin' principal name..
...

whilst creating an ODM Decision Center cluster: -

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/createODMDecisionCenterCluster.sh -adminUsername wasadmin -adminPassword passw0rd -clusterPropertiesFile /opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/odm/ODMDecisionCenterCluster.properties

I knew that the credentials that I was using were A-OK: -

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -username wasadmin -password passw0rd

WASX7209I: Connected to process "dmgr" on node Dmgr using SOAP connector;  The type of process is: DeploymentManager
WASX7031I: For help, enter: "print Help.help()"



Thankfully we have this: -


and I established that APAR RS03063 is shipped via a fix pack to the ODM Profile Templates: -


Once I downloaded and installed this, all was well.

NB I did have to drop/recreate the WAS profiles etc. so it was a bit of a "nuke n' pave"

IBM Operational Decision Manager - JSF a-no-no

I saw this: -

...
[30/10/18 14:56:55:795 GMT] 000000b0 ServletWrappe E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0014E: Uncaught service() exception root cause Faces Servlet: com.ibm.websphere.servlet.error.ServletErrorReport: com.ibm.ws.jsp.JspCoreException: Unable to convert string &#39;#{ManagerBean.localeStr}&#39; to class javax.el.ValueExpression for attribute locale: java.lang.IllegalArgumentException: Property Editor not registered with the PropertyEditorManager
        at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:732)

...
Caused by: com.ibm.ws.jsp.JspCoreException: Unable to convert string '#{ManagerBean.localeStr}' to class javax.el.ValueExpression for attribute locale: java.lang.IllegalArgumentException: Property Editor not registered with the PropertyEditorManager

whilst attempting to log into a newly built IBM Operational Decision Manager (ODM) Rules environment, specifically the Decision Center ( aka the Rule Team Server ) : -


For the record, I'm running ODM 8.9.2.1 on WAS ND 8.5.5.14 and IBM Java 8: -

/opt/ibm/InstallationManager/eclipse/tools/imcl listInstalledPackages -features

com.ibm.cic.agent_1.8.9001.20180709_1302 : 
com.ibm.websphere.ND.v85_8.5.5014.20180802_1018 : com.ibm.sdk.6_64bit,ejbdeploy,embeddablecontainer,thinclient
com.ibm.websphere.odm.dc.v89_8.9.2001.20180723_1215 : Decision Center,com.ibm.wbdm.dts.was.feature
com.ibm.websphere.odm.ds.rules.v89_8.9.2001.20180723_1224 : com.ibm.wds.rules.res.feature,com.ibm.wds.rules.res.was.feature


This IBM developerWorks Answer: -


had the … answer 

It looks like it's a disparity between the version of Java Server Faces (JSF) that ODM uses and either WAS or Java.

The solution is to reconfigure the underlying Java Enterprise Edition (JEE) web applications ( Web Archives / WAR files ) to load their via own class loader first ( parent last ) rather than the default of using the WAS class loader.

Apart from that, it was also necessary to override session management and clear down the WAS temp folder at the profile root: -

ls /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/temp/Node1/DecisionCenterClusterMember1/ILOG_Rule_Team_Server/

decisioncenter.war  teamserver.war

As it's my own VM, I simply chose to nuke the entire temp folder: -

rm -Rf ls /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/temp

but that's definitely a YMMV case.

Once I did all of the above, and restarted the Decision Center cluster, all was good :-)

IBM Operational Decision Manager 8.9.2.1 - Missing a feature

I'm building a VM comprising the latest IBM Operational Decision Manager (ODM) Rules, namely 8.9.2.1.

As part of my build, I'm adding the Decision Center component to an existing WebSphere Application Server (WAS) cell.

And, as such, I needed a particular EAR file

jrules-teamserver-WAS85.ear

I looked here: -

ls -al /opt/ibm/ODM89/teamserver/applicationservers/WebSphere85

but it was completely empty.

I then looked back at what was available to install: -

/opt/ibm/InstallationManager/eclipse/tools/imcl listAvailablePackages -repositories /mnt/ODM892/Product/disk2/DC/repository.config,/mnt/ODM892/Fixpack/DS/updates/repository.config -features

com.ibm.websphere.odm.dc.v89_8.9.1000.20171018_1805 : Decision Center,com.ibm.wbdm.dts.wlp.feature,com.ibm.wbdm.dts.was.feature,com.ibm.wbdm.dts.tomcat.feature,com.ibm.wbdm.dts.jboss.feature,com.ibm.wbdm.dts.weblogic.feature,com.ibm.wdc.rules.samples.feature,Documentation,jdk,base
com.ibm.websphere.odm.dc.v89_8.9.0.20170123_1200 : Decision Center,com.ibm.wbdm.dts.wlp.feature,com.ibm.wbdm.dts.was.feature,com.ibm.wbdm.dts.tomcat.feature,com.ibm.wbdm.dts.jboss.feature,com.ibm.wbdm.dts.weblogic.feature,com.ibm.wdc.rules.samples.feature,Documentation,jdk,base
com.ibm.websphere.odm.dc.v89_8.9.2001.20180723_1215 : Decision Center,com.ibm.wbdm.dts.wlp.feature,com.ibm.wbdm.dts.was.feature,com.ibm.wbdm.dts.tomcat.feature,com.ibm.wbdm.dts.jboss.feature,com.ibm.wbdm.dts.weblogic.feature,com.ibm.wdc.rules.samples.feature,Documentation,jdk,base


and realised that, whilst I had the Decision Center and jdk and base but did NOT have com.ibm.wbdm.dts.was.feature 

I updated my response file: -

<server>
    <repository location='/mnt/ODM892/Product/disk1/DecisionServerRules/repository.config' temporary='true'/>
    <repository location='/mnt/ODM892/Fixpack/DC/updates/repository.config' temporary='true'/>
    <repository location='/mnt/ODM892/Product/disk2/DC/repository.config' temporary='true'/>
    <repository location='/mnt/ODM892/Fixpack/DS/updates/repository.config' temporary='true'/>
  </server>


  <install modify='false'>
    <offering profile='Operational Decision Manager V8.9' id='com.ibm.websphere.odm.dc.v89' version='8.9.2001.20180723_1215' features='Decision Center,com.ibm.wbdm.dts.was.feature,jdk,base' installFixes='none'/>
    <offering profile='Operational Decision Manager V8.9' id='com.ibm.websphere.odm.ds.rules.v89' version='8.9.2001.20180723_1224' features='com.ibm.wds.jdk.feature,com.ibm.wds.rules.res.feature,com.ibm.wds.rules.res.was.feature' installFixes='none'/>
  </install>


and re-ran the installation - this modifies what's already there, so there's little/no impact: -

/opt/ibm/InstallationManager/eclipse/tools/imcl -input /mnt/ResponseFiles/installODM8921.rsp -acceptLicense

Now I have the EAR file: -

ls -al /opt/ibm/ODM89/teamserver/applicationservers/WebSphere85

total 326336
drwxr-xr-x 2 wasadmin wasadmins        40 Oct 30 13:51 .
drwxr-xr-x 3 wasadmin wasadmins        24 Oct 30 13:51 ..
-rw-r--r-- 1 wasadmin wasadmins 334166718 Oct 30 13:51 jrules-teamserver-WAS85.ear


Yay!

WebSphere Application Server - TIOAOA

So I saw this: -

[30/10/18 12:49:51:057 GMT] 00000125 MBeanHelper   E   Could not invoke an operation on object: WebSphere:name=DataSourceCfgHelper,process=dmgr,platform=dynamicproxy,node=Dmgr,version=8.5.5.14,type=DataSourceCfgHelper,mbeanIdentifier=DataSourceCfgHelper,cell=workflowCell01,spec=1.0 because of an mbean exception: java.sql.SQLException: [jcc][t4][10262][11223][4.24.92] Unexpected Throwable caught: Class com/ibm/db2/jcc/t4/a illegally accessing "package private" member of class com/ibm/db2/jcc/t4/m. ERRORCODE=-4228, SQLSTATE=null DSRA0010E: SQL State = null, Error Code = -4,228

[30/10/18 12:50:23:130 GMT] 00000125 DSConfigurati W   DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the DataSource jdbc/ilogDataSource.  Encountered java.sql.SQLException: [jcc][t4][10262][11223][4.24.92] Unexpected Throwable caught: Class com/ibm/db2/jcc/t4/a illegally accessing "package private" member of class com/ibm/db2/jcc/t4/m. ERRORCODE=-4228, SQLSTATE=null DSRA0010E: SQL State = null, Error Code = -4,228.
java.sql.SQLException: [jcc][t4][10262][11223][4.24.92] Unexpected Throwable caught: Class com/ibm/db2/jcc/t4/a illegally accessing "package private" member of class com/ibm/db2/jcc/t4/m. ERRORCODE=-4228, SQLSTATE=null DSRA0010E: SQL State = null, Error Code = -4,228


whilst attempting to test a newly-minted JDBC data source on an equally newly-minted WAS ND 8.5.5.14 / DB2 11.1.3.3  environment.

I spent an age looking at the JDBC provider: -


which I had created using Jython: -

provider=AdminTask.createJDBCProvider('[-scope Cell='+cellID+' -databaseType DB2 -providerType "DB2 Using IBM JCC Driver" -implementationType "XA data source" -name "DB2 Using IBM JCC Driver (XA)" -classpath [${DB2_JCC_DRIVER_PATH}/db2jcc4.jar ${DB2_JCC_DRIVER_PATH}/db2jcc_license_cu.jar ] -nativePath [${DB2_JCC_DRIVER_NATIVEPATH} ] ]')

I also checked out the class path: -

ls -al /opt/ibm/WebSphere/AppServer/universalDriver/lib/

total 4140
drwxr-xr-x 2 wasadmin wasadmins      52 Oct 30 11:33 .
drwxr-xr-x 3 wasadmin wasadmins      16 Oct 30 08:18 ..
-r--r--r-- 1 wasadmin wasadmins 4234170 Oct 30 11:33 db2jcc4.jar
-rw-r--r-- 1 wasadmin wasadmins    1529 Oct 30 13:08 db2jcc_license_cu.jar


comparing it to what DB2 provides: -

ls -al /opt/ibm/db2/V11.1/java/

total 13012
drwxr-xr-x.  3 bin  bin     4096 Mar  3  2018 .
drwxr-xr-x. 42 root root    4096 Sep 20 10:56 ..
-rw-rw-rw-.  1 root root     169 Sep 20 10:55 42E32181339E47B2BF8145FD26612E69.properties
-r--r--r--.  1 bin  bin  2290737 Mar  3  2018 Common.jar
-r--r--r--.  1 bin  bin     1637 Mar  3  2018 db2c2c.jar
-r--r--r--.  1 bin  bin    75300 Mar  3  2018 db2dbgm.jar
-r--r--r--.  1 bin  bin    48203 Mar  3  2018 db2ext.jar
-r--r--r--.  1 bin  bin  1182501 Mar  3  2018 db2java.zip
-r--r--r--.  1 bin  bin  4234170 Mar  3  2018 db2jcc4.jar
-r--r--r--.  1 bin  bin  3813641 Mar  3  2018 db2jcc.jar
-r--r--r--.  1 bin  bin     1529 Mar  3  2018 db2jcc_license_cu.jar
-r--r--r--.  1 bin  bin   122830 Mar  3  2018 db2policy.jar
-r--r--r--.  1 bin  bin     7786 Mar  3  2018 db2qgjdbc.jar
-r--r--r--.  1 bin  bin     9455 Mar  3  2018 db2umplugin.jar
-r--r--r--.  1 bin  bin   618901 Mar  3  2018 ib6core.jar
-r--r--r--.  1 bin  bin    32637 Mar  3  2018 ib6extra.jar
-r--r--r--.  1 bin  bin   297505 Mar  3  2018 ib6js.jar
-r--r--r--.  1 bin  bin    74756 Mar  3  2018 ib6swing.jar
-r--r--r--.  1 bin  bin   103344 Mar  3  2018 ib6util.jar
-r--r--r--.  1 bin  bin     4859 Mar  3  2018 IBMUpdateUtil.jar
-r--r--r--.  1 bin  bin       59 Mar  3  2018 IBMUpdateUtil.prop
drwxr-xr-x.  7 bin  bin     4096 Mar  3  2018 jdk64
-r--r--r--.  1 bin  bin   347851 Mar  3  2018 us.jar


but to no avail.

And then I thought … have you tried TIOAOA ?

So I did….

And it worked.

For the benefit of others, the TIOAOA abbreviation / anagram comes from The IT Crowd: -


in which a common theme is "Have you tried turning it off and on again?"

:-) 

WebSphere Application Server - Where's my Node Agent ?

Whilst trying to start a newly created WAS Node Agent: -

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh

I saw this: -

...
ADMU0116I: Tool information is being logged in file
           /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/logs/nodeagent/startServer.log
ADMU0128I: Starting tool with the AppSrv01 profile
ADMU3100I: Reading configuration for server: nodeagent
ADMU0111E: Program exiting with error: java.io.FileNotFoundException:
           /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/config/cells/workflowNode01Cell/nodes/Node1/servers/nodeagent/server.xml
           (No such file or directory)
ADMU1211I: To obtain a full trace of the failure, use the -trace option.
ADMU0211I: Error details may be seen in the file:
           /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/logs/nodeagent/startServer.log


and, in the startServer.log file: -

[30/10/18 09:54:35:727 GMT] 00000001 WsServerLaunc E   ADMU3002E: Exception attempting to process server nodeagent
[30/10/18 09:54:35:728 GMT] 00000001 WsServerLaunc E   ADMU3007E: Exception java.io.FileNotFoundException: /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/config/cells/workflowNode01Cell/nodes/Node1/servers/nodeagent/server.xml (No such file or directory)
        at java.io.FileInputStream.open(FileInputStream.java:212)

[30/10/18 09:54:35:739 GMT] 00000001 AdminTool     E   ADMU0111E: Program exiting with error: java.io.FileNotFoundException: /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/config/cells/workflowNode01Cell/nodes/Node1/servers/nodeagent/server.xml (No such file or directory)
[30/10/18 09:54:35:741 GMT] 00000001 AdminTool     A   ADMU0111E: Program exiting with error: java.io.FileNotFoundException: /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/config/cells/workflowNode01Cell/nodes/Node1/servers/nodeagent/server.xml (No such file or directory)

And then it struck me ….

I'd just created the Deployment Manager and Node profiles ….

And had NOT yet federated the Node into the managed Cell …

So how the heck is it ever going to work ?

Until I federate the Node ….

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/addNode.sh `hostname` 8879 -profileName AppSrv01 -username wasadmin -password passw0rd

ADMU0003I: Node Node1 has been successfully federated.
...

Can you say "Doofus" ? Or something much much worse !

Friday, 26 October 2018

IBM Cloud Private 3.1.0 - "Failed to connect to the host via ssh: Permission denied (publickey,password)."

During the installation of the most recent version of IBM Cloud Private (ICP), namely 3.1.0, I ran the main setup/installation command: -

sudo docker run --net=host -t -e LICENSE=accept -v "$(pwd)":/installer/cluster ibmcom/icp-inception-amd64:3.1.0-ee install

which immediately failed with: -

...
PLAY [Checking Python interpreter] *******************************************************************************************************************************************************************************

TASK [Checking Python interpreter] *******************************************************************************************************************************************************************************
fatal: [192.168.1.122]: UNREACHABLE! => changed=false 
  msg: |-
    Failed to connect to the host via ssh: Permission denied (publickey,password).
  unreachable: true
fatal: [192.168.1.121]: UNREACHABLE! => changed=false 
  msg: |-
    Failed to connect to the host via ssh: Permission denied (publickey,password).
  unreachable: true
fatal: [192.168.1.123]: UNREACHABLE! => changed=false 
  msg: |-
    Failed to connect to the host via ssh: Permission denied (publickey,password).
  unreachable: true

NO MORE HOSTS LEFT ***********************************************************************************************************************************************************************************************

NO MORE HOSTS LEFT ***********************************************************************************************************************************************************************************************

PLAY RECAP *******************************************************************************************************************************************************************************************************
192.168.1.121              : ok=0    changed=0    unreachable=1    failed=0   
192.168.1.122              : ok=0    changed=0    unreachable=1    failed=0   
192.168.1.123              : ok=0    changed=0    unreachable=1    failed=0   

Playbook run took 0 days, 0 hours, 0 minutes, 0 seconds

I'm using this: -


and this: -


and this: -


for inspiration.

For the record, I'm running the installation as a non-root user - hayd - but the installation does leverage the sudo command, which is fine.

Also, I had previously exchanged SSL keys between the three VMs that make up my cluster - master, worker and proxy - and was able to do "password-less" login between each of them: -

ssh hayd@icpmaster
ssh hayd@icpworker
ssh hayd@icpproxy

and yet the issue appeared to be permissions-related: -

    Failed to connect to the host via ssh: Permission denied (publickey,password).
...

specifically with this file: -

-r-------- 1 root root 3243 Oct 26 12:25 /opt/ibm-cloud-private-3.1.0/cluster/ssh_key

I even tried hacking the permissions: -

chmod 777 /opt/ibm-cloud-private-3.1.0/cluster/ssh_key

( don't hate me, this is my own private VM, running on Beast in my home lab )

but to no avail.

I then focused further upon the documentation, specifically this: -


and tried setting the ansible_user etc.

ansible_user: hayd
ansible_become: true
ansible_become_password: passw0rd

This seems to defeat the point of the password-less login, so I need to think about this more BUT it works.


For now at least …...

Wednesday, 24 October 2018

Something for the weekend - IBM Master Data Management and IBM Business Process Management on Docker

From this: -

Bring up deployed IBM InfoSphere Master Data Management v11.6 Feature Pack 7 along with IBM BPM and IBM Stewardship Center in minutes

The pre-deployed MDM on WAS v9.0.0.8 and DB2 v11.1 along with IBM BPM Process Server, Process Center and IBM Stewardship Center can be brought up in minutes in a system where docker and docker compose are installed

Overview

In this recipe, we are going to have an overview on how to install docker and docker compose and bring up a pre-deployed MDM - database and application along with IBM BPM and IBM Stewardship Center on that docker instance.

Ingredients

A machine on which you can install Docker, Docker Compose and IBM InfoSphere Master Data Management v11.6 Feature Pack 7 along with IBM BPM Process Server, Process Center and IBM Stewardship Center.




Tuesday, 23 October 2018

Single Sign-On - Tinkering with Microsoft Active Directory Federation Services, SAML and WebSphere Application Server

A brief bit of context ….

A colleague was asking some questions about WAS and ADFS and SAML, so I wanted to create a basic test environment to get my head around some of the new ( to me ) concepts.

I already had a Windows Server 2012 VM and another Red Hat Enterprise Linux (RHEL) VM.

The latter was already configured / installed with: -
  • IBM WebSphere Application Server (WAS) Network Deployment (ND) 8.5.5.14
  • IBM Business Automation Workflow (BAW) 18.0.0.1
so I was mostly good to go in the WAS/application world.

On the Windows 2012 VM, I installed / configured: -
  • Active Directory Domain Services (AD)
  • Active Directory Federation Services (ADFS)
  • Internet Information Server
So I had a wee bit of effort to setup AD and ADFS, and also to configure IIS.

For the record, IIS isn't required for the SAML setup etc. BUT it's a useful way to generate a self-signed certificate, which can be exported, with public AND private key, as a PFX file, ready to be be imported into ADFS.

As ever, this is an ongoing work-in-progress.

Having got the AD and ADFS stuff mainly setup, I then ran through the following: -

Test ADFS Login

https://windows2012.uk.ibm.com/adfs/ls/idpinitiatedSignOn.aspx

This allowed me to verify that I could authenticate to ADFS using Windows credentials.

Start Deployment Manager

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh

Start Node Agent

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh

Add AD Signer to WAS

To allow WAS and AD to communicate via LDAPS ( LDAP over an SSL/TLS connection )

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -username wasadmin -password passw0rd -f /mnt/Scripts/addADSignerToWAS.jy

Federate AD into WAS

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -username wasadmin -password passw0rd -f /mnt/Scripts/federateAD.jy

Stop Deployment Manager

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/stopManager.sh -username wasadmin -password passw0rd

Stop Node Agent

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/stopNode.sh -username wasadmin -password passw0rd

Start Deployment Manager

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh

Start Node Agent

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh

Retrieve MetaData

This pulls the ADFS info from the AD box

wget --no-check-certificate https://windows2012.uk.ibm.com/FederationMetadata/2007-06/FederationMetadata.xml

Install ACS Sample App into SupCluster

This app is used to perform the SAML token decryption / extraction
Note that I'm installing this into the BAW (BPM) SupCluster, which does NOT run the main BAW workload - Process Server, SCA BPEL etc.

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -username wasadmin -password passw0rd -f /opt/ibm/WebSphere/AppServer/bin/installSamlACS.py install SupCluster

Start WSAdmin Client

/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -username wasadmin -password passw0rd

Add SAML TAI

This creates the SAML TAI configuration - we'll populate this further shortly

AdminTask.addSAMLTAISSO('-enable true -acsUrl https://workflow.uk.ibm.com:9445/samlsps/acs')

Save and Sync

AdminConfig.save()
AdminNodeManagement.syncActiveNodes()


Export SP Metadata from WAS

We need this metadata to complete the ADFS configuration

AdminTask.exportSAMLSpMetadata('-spMetadataFileName /home/wasadmin/WASSAMLMetadata.xml -ssoId 1')

Import IdP Metadata into WAS

This is what we previously pulled from the ADFS box

AdminTask.importSAMLIdpMetadata('-idpMetadataFileName /home/wasadmin/FederationMetadata.xml -idpId 1 -ssoId 1 -signingCertAlias idp1')

Save and Sync

AdminConfig.save()
AdminNodeManagement.syncActiveNodes()


Quit

exit

Set TAI Properties

I'm doing this manually, but will script it later

Name: sso_1.sp.acsUrl
Value: https://workflow.uk.ibm.com:9445/samlsps/acs

Name: sso_1.sp.idMap
Value: idAssertion

Name: sso_1.idp_1.EntityID
Value: http://windows2012.uk.ibm.com/adfs/services/trust

Name: sso_1.idp_1.SingleSignOnUrl
Value: https://windows2012.uk.ibm.com/adfs/ls/

Name: sso_1.sp.login.error.page
Value: https://windows2012.uk.ibm.com/adfs/ls/idpinitiatedSignOn.aspx

Name: sso_1.sp.targetUrl
Value: https://workflow.uk.ibm.com:9445/bpc

Name: sso_1.sp.useRealm
Value: defaultWIMFileBasedRealm

Start Clusters
  • MECluster
  • SupCluster
  • AppCluster
Functional Test

Access BPC: -

https://workflow.uk.ibm.com:9445/bpc

Should redirect to: -

https://windows2012.uk.ibm.com/adfs/ls/idpinitiatedSignOn.aspx

and be prompted to log on with AD acount e.g. UK\Administrator

Need to click on Sign-in button again; I don't yet know why this is the case :-(

Should then be redirected to BPC

Repeat for Process Portal: -

https://workflow.uk.ibm.com:9444/ProcessPortal

and Process Center: -

https://workflow.uk.ibm.com:9444/ProcessCenter

Sources

How to setup Microsoft Active Directory Federation Services [AD FS]

Front Side SAML SSO with microsoft product (ADFS -> WAS SAML TAI)

Enabling your system to use the SAML web single sign-on (SSO) feature


LDAP - ldapsearch and SSL - what fun

Having set up a new Microsoft Active Directory 2012 domain controller, I was testing the LDAP connectivity using the ldapsearch command before adding WebSphere Application Server (WAS) into the mix.

I ran this command: -

ldapsearch -h windows2012.uk.ibm.com -p 636 -b dc=uk,dc=ibm,dc=com -D cn=wasbind,dc=uk,dc=ibm,dc=com -w Ch1mn3y5! cn=wasbind

which resulted in this helpful response: -

ldap_result: Can't contact LDAP server (-1)

In order to double-check the connectivity, I ran a few basic tests: -

Trying 192.168.153.130...
Connected to windows2012.uk.ibm.com.
Escape character is '^]'.


openssl s_client -connect windows2012.uk.ibm.com:636 </dev/null

...
Protocol  : TLSv1.2
Cipher    : ECDHE-RSA-AES256-SHA384

...

Given that I'm using SSL/TLS, I tested ldapsearch using a non-SSL connection just to check ….

ldapsearch -h windows2012.uk.ibm.com -p 389 -b dc=uk,dc=ibm,dc=com -D CN=wasbind,CN=Users,DC=uk,DC=ibm,DC=com -w Ch1mn3y5! cn=wasbind

# wasbind, Users, uk.ibm.com
dn: CN=wasbind,CN=Users,DC=uk,DC=ibm,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: wasbind
givenName: wasbind


so the problem is SSL/TLS ….

I'd also noted that I was using the old syntax for ldapsearch in the way that I was specifying the hostname and port.

Both the -h and -p switches have been deprecated in favour of the -H switch: -

man ldapsearch

       -H ldapuri
              Specify URI(s) referring to the ldap server(s); a list of URI, separated by whitespace or commas is expected; only the protocol/host/port fields are allowed.  As an  exception,
              if  no  host/port  is  specified, but a DN is, the DN is used to look up the corresponding host(s) using the DNS SRV records, according to RFC 2782.  The DN must be a non-empty
              sequence of AVAs whose attribute type is "dc" (domain component), and must be escaped according to RFC 2396.

       -h ldaphost
              Specify an alternate host on which the ldap server is running.  Deprecated in favor of -H.

       -p ldapport
              Specify an alternate TCP port where the ldap server is listening.  Deprecated in favor of -H.

...

So I tried the new syntax: -

ldapsearch -H ldaps://windows2012.uk.ibm.com:636 -b dc=uk,dc=ibm,dc=com -D cn=wasbind,cn=users,dc=uk,dc=ibm,dc=com -w Ch1mn3y5! cn=wasbind

which returned the same thing: -

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

so I added a bit of the old debug: -

ldapsearch -Z -H ldaps://windows2012.uk.ibm.com:636 -b dc=uk,dc=ibm,dc=com -D cn=wasbind,cn=users,dc=uk,dc=ibm,dc=com -w Ch1mn3y5! cn=wasbind

which was more insightful: -

ldap_start_tls: Can't contact LDAP server (-1)
additional info: SSLHandshake() failed: misc. bad certificate (-9825)
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)


This led me here: -



I tried this: -

export LDAPTLS_REQCERT=never

and then: -

ldapsearch -Z -H ldaps://windows2012.uk.ibm.com:636 -b dc=uk,dc=ibm,dc=com -D cn=wasbind,cn=users,dc=uk,dc=ibm,dc=com -w Ch1mn3y5! cn=wasbind

# wasbind, Users, uk.ibm.com
dn: CN=wasbind,CN=Users,DC=uk,DC=ibm,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: wasbind
givenName: wasbind
distinguishedName: CN=wasbind,CN=Users,DC=uk,DC=ibm,DC=com


Hurrah!

Thursday, 18 October 2018

IBM Business Automation Workflow (BAW) 18.0.0.1 - Fun with Context Roots and Deployment Environments

During a recent build of a BAW 18.0.0.1 environment, I saw this: -

CWMCB0195E: The source file of the copy operation does not exist (/opt/ibm/WebSphere/AppServer/profiles/Dmgr01/config/cells/PCCell1/applications/CaseBuilder_AppCluster.ear/deployments/CaseBuilder_AppCluster/CaseBuilder.war/WEB-INF/cbConfig.properties).
The 'BPMConfig.sh -create -de /home/wasadmin/BAW18001_Advanced-PC-ThreeClusters-DB2.properties' command failed. For more information, see the log file /opt/ibm/WebSphere/AppServer/logs/config/BPMConfig_20181017-171418.log.


whilst creating the Deployment Environment using the BPMConfig script: -

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -create -de ~/BAW18001_Advanced-PC-ThreeClusters-DB2.properties

The difference between this and many other builds was that I'd over-ridden the Context Root for the various BAW applications within the DE properties file - BAW18001_Advanced-PC-ThreeClusters-DB2.properties - via this line: -

bpm.de.contextRootPrefix=/corporate/secure

Typically this is left as-is meaning that the applications have the default Context Root e.g.





etc.

whereas I wanted to amend these to: -


Thankfully this has been addressed by an iFix for BAW: -

JR59780

Having downloaded this from IBM Fix Central, I checked the content of the fix: -

/opt/ibm/InstallationManager/eclipse/tools/imcl listAvailableFixes com.ibm.bpm.ADV.v85_8.6.10018001.20180628_0740 -repositories /mnt/BAW18001/Fixpack/8.6.10018001-WS-BPM-IFJR59780.zip

8.6.10018001-WS-BPM-IFJR59780_8.6.10018001.20180911_0132

and then installed it: -

/opt/ibm/InstallationManager/eclipse/tools/imcl install 8.6.10018001-WS-BPM-IFJR59780_8.6.10018001.20180911_0132 -repositories /mnt/BAW18001/Fixpack/8.6.10018001-WS-BPM-IFJR59780.zip -installationDirectory /opt/ibm/WebSphere/AppServer/

Installed 8.6.10018001-WS-BPM-IFJR59780_8.6.10018001.20180911_0132 to the /opt/ibm/WebSphere/AppServer directory.

Once this was applied, we're good to go :-)

PS For the record, BAW is a combination of IBM Business Process Manager (BPM) 8.6, plus various Enterprise Content Management (ECM) capabilities, including Filenet Content Platform Engine (CPE) and IBM Content Navigator (ICN).

Also, for the record, this is what I now have installed: -

/opt/ibm/InstallationManager/eclipse/tools/imcl listInstalledPackages

com.ibm.cic.agent_1.8.9001.20180709_1302
com.ibm.bpm.ADV.v85_8.6.10018001.20180628_0740
com.ibm.websphere.ND.v85_8.5.5014.20180802_1018
8.6.10018001-WS-BPM-IFJR59569_8.6.10018001.20180829_1311
8.6.10018001-WS-BPM-IFJR59780_8.6.10018001.20180911_0132
8.6.10018001-WS-BPM-IFJR59939_8.6.10018001.20180905_0257
8.6.10018001-WS-BPMPCPD-IFPD59569_8.6.10018001.20180829_1322


macOS Time Machine - Backing up over the LAN

Some interesting experimentation, whilst tinkering with a full Time Machine backup of my MacBook Pro, via Ethernet, to a Synology DiskStation DS414.

The actual client/server network connectivity is using Server Message Block (SMB) as the former Apple Filing System (AFS) has been deprecated.

As this was a FULL backup, the time to completion, even over 1,000 Mb/s Ethernet was going to take a while …..

These two articles were of much use: -



both of which taught me to turn off throttling, via the command: -

sudo sysctl debug.lowpri_throttle_enabled=0

plus this: -


which showed me how to TEMPORARILY turn off SSL/TLS packet signing.

Note the warning: -

If you turn off packet signing, you lower the security of the SMB connection. Turn off packet signing only if both the client and server are on a secure network.

Here be dragons ….

I did also confirm that the DS414 *DID* have Gigabit Ethernet enabled: -


and that my Mac's Ethernet card was similarly performant: -



Fun times !

Friday, 12 October 2018

IBM BPM - Tinkering with Groups via REST

I’m digging into an issue with the IBM Master Data Management (MDM) Data Stewardship Center (DSC), where a button ( Add ) doesn’t appear for my user, DSUser1: -




even though the user is a member of the correct DataStewardGroup: -





As part of the investigation, I wanted to look at the groups and teams available to IBM BPM.

There’s a rather useful REST API for this, accessible via the BPM REST API Tester: -




also accessible via cURL : -

curl -k -u wasadmin:passw0rd -o /tmp/groups.txt --request GET --url https://lt.uk.ibm.com:9446/rest/bpm/wle/v1/groups?includeDeleted=false&parts=all

Knowing the group name ( DataStewardGroup ), I then used the REST API to get at that: -

curl -k -u wasadmin:passw0rd --request GET --url https://lt.uk.ibm.com:9446/rest/bpm/wle/v1/group/DataStewardGroup?includeDeleted=false&parts=all

which returns a single member - DSUser1 : -



I then dug into the BPM teams, as opposed to the groups: -




and the snapshot ID: -




Armed with the Team ID ( 24.fccd301e-1a55-4873-b69f-05c43b251545 ), Snapshot ID ( 2064.f96be189-3d91-4b8e-b485-21af8e0af5ce ) and Branch ID ( 2063.d1ecb65f-8778-4ddc-8c4f-b94ef28781c9 ), I was then able to dig into the details of the DataStewardTeam: -

https://lt.uk.ibm.com:9446/rest/bpm/wle/v1/team/24.fccd301e-1a55-4873-b69f-05c43b251545?snapshotId=2064.f96be189-3d91-4b8e-b485-21af8e0af5ce&branchId=2063.d1ecb65f-8778-4ddc-8c4f-b94ef28781c9




all of which seems to confirm that DSUser1 is a member of the DataStewardGroup which is mapped to the DataStewardTeam

So why doesn’t the Add button appear ?

Ah, well, keep on digging ….

Some follow-up reading: -



Fun with OpenSSL Certificate Requests and space characters in Subject Names

I've got a command within a Dockerfile that generates a Certificate Service Request, via the openssl req  command. This references an ...