Quantcast
Channel: A Portal to a Portal
Viewing all 1851 articles
Browse latest View live

To unzip or not to unzip - Or the simplest solution is often the right solution

October 27, 2016, 8:19 am
$
0
0
I was stressing as to why I couldn't expand a ZIP archive downloaded from IBM: -

-rw-r--r--  1 hayd  staff  1414823936 27 Oct 14:36 /Volumes/DaveHaySSD/Software/WAS9/Product/WAS_ND_V9.0_MP_ML.zip

which contains the WebSphere Application Server (WAS) Network Deployment V9.0 media.

This was what I was doing: -

unzip WAS_ND_V9.0_MP_ML.zip -d /tmp/WAS9

and this is what I was seeing: -

Archive:  WAS_ND_V9.0_MP_ML.zip
  End-of-central-directory signature not found.  Either this file is not
  a zipfile, or it constitutes one disk of a multi-part archive.  In the
  latter case the central directory and zipfile comment will be found on
  the last disk(s) of this archive.
unzip:  cannot find zipfile directory in one of WAS_ND_V9.0_MP_ML.zip or
        WAS_ND_V9.0_MP_ML.zip.zip, and cannot find WAS_ND_V9.0_MP_ML.zip.ZIP, period.

I saw this both on macOS Sierra and Red Hat Linux.

I checked the file type: -

file WAS_ND_V9.0_MP_ML.zip 

WAS_ND_V9.0_MP_ML.zip: Zip archive data, at least v1.0 to extract

which looked OK.

I even tried Archive Utility: -


Can you guess what'd gone wrong ?

I'd downloaded the file on my MacBook Pro and then SCP'd it across my network to my Mac Mini.

At some point in the transition, the file got corrupted :-(

When I checked the file size on the original download: -

-rw-r--r--@    1 davidhay  staff  1633871835 27 Oct 14:27 WAS_ND_V9.0_MP_ML.zip

it was rather different to the version on the Mac Mini: -

-rw-r--r--  1 hayd  staff  1414823936 27 Oct 14:36 /Volumes/DaveHaySSD/Software/WAS9/Product/WAS_ND_V9.0_MP_ML.zip

I checked this using the crc32 tool on the MacBook Pro, which returned: -

3413d26e

whereas crc32 on the Mac Mini returned: -

3d68b57d

When I re-uploaded the file back to the Mini, it all looked OK: -

-rw-r--r--  1 hayd  staff  1633871835 27 Oct 15:06 WAS_ND_V9.0_MP_ML.zip

and crc32 also looks good: -

3413d26e

and, more importantly, it expands without problems: -

unzip /Volumes/DaveHaySSD/Software/WAS9/Product/WAS_ND_V9.0_MP_ML.zip 

Archive:  /Volumes/DaveHaySSD/Software/WAS9/Product/WAS_ND_V9.0_MP_ML.zip
   creating: Offerings/
   creating: atoc/
   creating: atoc/nq/
  inflating: readme/zh/TW/swg_info_common.css  
  inflating: readme/zh/TW/wasstyle_nlv.css  
  inflating: repository.config       
  inflating: repository.xml   

and, even better, installs OK :-)

Search

WebSphere Application Server 9 - Snooping About

October 27, 2016, 11:38 pm
$
0
0
I've blogged about SuperSnoop in the past: -


so this is just an aide memoire in the context of WebSphere Application Server (WAS) 9.

I've been tested scripted installations of WAS 9 on Linux, as per a previous post: -


Today I'm switching between WAS Base and WAS ND, so this is part of my testing process.

So here goes….

Start WSAdmin Scripting Tool

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -lang jython

Set Variable

cellID=AdminControl.getCell()

Deploy SuperSnoop

AdminApp.install('/home/wasadmin/SuperSnoopWeb.war', '[ -nopreCompileJSPs -distributeApp -nouseMetaDataFromBinary -nodeployejb -appname SuperSnoopWeb_war -createMBeansForResources -noreloadEnabled -nodeployws -validateinstall warn -noprocessEmbeddedConfig -filepermission .*\.dll=755#.*\.so=755#.*\.a=755#.*\.sl=755 -noallowDispatchRemoteInclude -noallowServiceRemoteInclude -asyncRequestDispatchType DISABLED -nouseAutoLink -noenableClientModule -clientMode isolated -novalidateSchema -contextroot /SuperSnoop -MapModulesToServers [[ SuperSnoopWeb SuperSnoopWeb.war,WEB-INF/web.xml WebSphere:cell='+cellID+',node=localhostNode01,server=server1 ]] -CtxRootForWebMod [[ SuperSnoopWeb SuperSnoopWeb.war,WEB-INF/web.xml /SuperSnoop ]]]' )

Save

AdminConfig.save()

Start SuperSnoop

AdminControl.invoke('WebSphere:name=ApplicationManager,process=server1,platform=proxy,node=localhostNode01,version=9.0.0.1,type=ApplicationManager,mbeanIdentifier=ApplicationManager,cell='+cellID+',spec=1.0', 'startApplication', '[SuperSnoopWeb_war]')

Quit

quit

Test via Chrome



Test via CLI


--2016-10-28 07:35:59--  https://rhel66.uk.ibm.com:9443/SuperSnoop/SuperSnoop
Resolving rhel66.uk.ibm.com... 127.0.0.1
Connecting to rhel66.uk.ibm.com|127.0.0.1|:9443... connected.
WARNING: cannot verify rhel66.uk.ibm.com's certificate, issued by `/C=US/O=IBM/OU=localhostNode01/OU=localhostNode01Cell/OU=Root Certificate/CN=localhost':
  Self-signed certificate encountered.
    WARNING: certificate common name `localhost' doesn't match requested host name `rhel66.uk.ibm.com'.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: `SuperSnoop'

    [ <=>                                                                                                                                                                                                                                   ] 67,139      --.-K/s   in 0.05s   

2016-10-28 07:35:59 (1.34 MB/s) - `SuperSnoop' saved [67139]

Check the WAS logs

tail -f /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/server1/SystemOut.log

[10/28/16 7:35:03:769 BST] 00000077 ServletWrappe I com.ibm.ws.webcontainer.servlet.ServletWrapper init SRVE0242I: [SuperSnoopWeb_war] [/SuperSnoop] [SuperSnoop]: Initialization successful.
[10/28/16 7:35:03:772 BST] 00000077 SystemOut     O SuperSnoop running
[10/28/16 7:35:04:909 BST] 00000083 SystemOut     O SuperSnoop running
[10/28/16 7:35:59:683 BST] 00000083 SystemOut     O SuperSnoop running

So that's all good then ….

IBM Java 1.8 on Linux - Nice and Silent

October 31, 2016, 4:32 am
$
0
0
I'm tinkering with IBM UrbanCode Deploy (UCD) 6.2.2 on a Linux box, and needed to get IBM Java installed before starting out.

Following this: -

this is what I did: -

vi ~/installer.properties 

INSTALLER_UI=silent 
USER_INSTALL_DIR=/opt/IBM/Java
LICENSE_ACCEPTED=TRUE

export _JAVA_OPTIONS="-Dlax.debug.level=3 -Dlax.debug.all=true"
export LAX_DEBUG=1
./ibm-java-sdk-8.0-3.12-x86_64-archive.bin -i silent -f installer.properties 1>console.txt 2>&1

which resulted in IBM Java being installed in /opt/IBM/Java 

I'm doing this as a non-root user, ucdadmin, so needed to ensure that that user had read/write access to /opt/IBM.

For the record, this is what I have in console.txt post-installation: -

...
Checking for POSIX df.
Found POSIX df.
Checking tail options...
Using tail -n 1.
True location of the self extractor: /home/ucdadmin/ibm-java-sdk-8.0-3.12-x86_64-archive.bin
Creating installer data directory: /tmp/install.dir.20561
Creating installer data directory: /tmp/install.dir.20561/InstallerData
Command.run(): /bin/sh:stdout [...Uninstaller Native Support is complete.]
Command.complete(): process completed with exit code: 0
Command.complete(): process '/bin/sh' complete

Finally, just to prove that Java is indeed installed: -

/opt/IBM/Java/bin/java -version

java version "1.8.0"
Java(TM) SE Runtime Environment (build pxa6480sr3fp12-20160919_01(SR3 FP12))
IBM J9 VM (build 2.8, JRE 1.8.0 Linux amd64-64 Compressed References 20160915_318796 (JIT enabled, AOT enabled)
J9VM - R28_Java8_SR3_20160915_0912_B318796
JIT  - tr.r14.java.green_20160818_122998
GC   - R28_Java8_SR3_20160915_0912_B318796_CMPRSS
J9CL - 20160915_318796)
JCL - 20160914_01 based on Oracle jdk8u101-b13

DB2 on Windows - Ready for the next time

November 3, 2016, 2:48 am
$
0
0
A few weeks back, I helped a friend resolve an issue with IBM Integration Designer (IID) on Windows, whereby he found that the DB2 component, intrinsic to the IID Integration Test Environment (ITE), was failing to start.

Long story short, even though he'd installed IID and the ITE with a user ID that had administration privileges, the DB2 user - db2admin - wasn't able to start the required DB2 services.

We proved this by attempting to start the DB2 services via the Services Control Panel ( services.msc ) whilst logged in as that user, but with no joy.

Equally, DB2 commands such as db2start and db2admin start failed.

I failed … to capture the messages etc. at the time, which is b-a-d.

However, the problem was resolved by ensuring that the db2admin user was manually made part of the db2admins group, as per this: -

Adding your user ID to the DB2ADMNS and DB2USERS user groups (Windows)

Next time I see this, I need to (a) document the problem and (b) document the solution :-)

Synology NAS - From My Mac, Via SSH

November 8, 2016, 2:49 am
$
0
0
I'm definitely NOT new to this party, but I was remarkably impressed with how easy it was to setup SSH between my Mac and my Synology NAS, avoiding the need for me to use my password each and every time I log in.

I followed this: -


and this: -


This is what I did on the Mac: -

ssh-keygen -t rsa

to generate a public/private key pair.

I then used this: -

pbcopy < ~/.ssh/id_rsa.pub

to copy the public key to the clipboard.

On the NAS, I did this: -

vi /etc/ssh/sshd_config 

amending it to read: -

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

and then this: -

touch .ssh/authorized_keys
chmod 700 .ssh/
chmod 644 .ssh/authorized_keys 

and then this: -

vi .ssh/authorized_keys 

to add the previously copied Mac public key.

I was then able to access the NAS without a password: -

ssh root@nas

and verified access: -

uname -a

Linux DiskStation 3.2.40 #8451 SMP Wed Aug 17 05:11:00 CST 2016 armv7l GNU/Linux synology_armadaxp_ds414

The first time out of the gate, I was prompted for the passphrase for the Mac public key, but that's as expected.


IBM Installation Manager - Files for Rollback

November 10, 2016, 3:09 am
$
0
0
Purely as a matter of interest, I wanted to see where IBM Installation Manager (IIM) keeps the binary files that one might choose to use to rollback an installation.

The amount of space being used can be inferred by driving IIM in command-line mode: -

/opt/ibm/InstallationManager/eclipse/tools/imcl -C

=====> IBM Installation Manager

Select:
     1. Install - Install software packages
     2. Update - Find and install updates and fixes to installed software packages
     3. Modify - Change installed software packages
     4. Roll Back - Revert to an earlier version of installed software packages
     5. Uninstall - Remove installed software packages

Other Options:
     L. View Logs
     S. View Installation History
     V. View Installed Packages
        ------------------------
     P. Preferences
        ------------------------
     A. About IBM Installation Manager
        ------------------------
     X. Exit Installation Manager

-----> p

=====> IBM Installation Manager> Preferences

Select:
     1. Repositories
     2. Appearance
     3. Files for Rollback
     4. SSL/TLS
     5. HTTP/FTP Proxy
     6. Passport Advantage
     7. Secure Storage
     8. Updates

     R. Return to Main Menu
-----> [1] 3

Searching for saved files.
.

=====> IBM Installation Manager> Preferences> Files for Rollback

To roll back to a previous version of a package, Installation Manager must access files for that version. Select this option to save locally the files for rollback. If you do not want to save the files locally, Installation Manager must access them from the media or repositories that were used to install the package.

     1. [X] Save files for rollback

Select "Delete Saved Files" to remove any files that were saved for rollback during previous installations. If you delete the files and want to roll back to a previous version, Installation Manager must access the files from the media or repositories that were used to install the package.

Size of saved files: 3.13 GB.

     D. Delete Saved Files

     R. Restore Defaults
     A. Apply Changes and Return to Preferences Menu
     P. Temporarily Keep Changes and Return to Preferences Menu

Having seen that 3.13 GB was being retained, I then dug through the file-system to see precisely WHERE.

I followed a hunch that they were in the Installation Manager Shared (IMShared) directory.

I used this command: -

du -h /opt/ibm/IMShared/

which returned: -

552K/opt/ibm/IMShared/atoc/nq
560K/opt/ibm/IMShared/atoc
699M/opt/ibm/IMShared/native
264K/opt/ibm/IMShared/extra/preserve/IBM WebSphere Application Server V8.5
8.0K/opt/ibm/IMShared/extra/preserve/Operational Decision Manager V8.7
16K/opt/ibm/IMShared/extra/preserve/Web Server Plug-ins for IBM WebSphere Application Server V8.5
12K/opt/ibm/IMShared/extra/preserve/IBM HTTP Server V8.5
304K/opt/ibm/IMShared/extra/preserve
8.0K/opt/ibm/IMShared/extra/trackex/atoc
16K/opt/ibm/IMShared/extra/trackex
324K/opt/ibm/IMShared/extra
2.5G/opt/ibm/IMShared/files
3.2G/opt/ibm/IMShared/

and: -

du -h /opt/ibm/IMShared/files/

2.5G/opt/ibm/IMShared/files/

and then cleared down the rollback files: -

/opt/ibm/InstallationManager/eclipse/tools/imcl -C

...
-----> D
Cleaning up saved files.

=====> IBM Installation Manager> Preferences> Files for Rollback

To roll back to a previous version of a package, Installation Manager must access files for that version. Select this option to save locally the files for rollback. If you do not want to save the files locally, Installation Manager must access them from the media or repositories that were used to install the package.

     1. [X] Save files for rollback

Select "Delete Saved Files" to remove any files that were saved for rollback during previous installations. If you delete the files and want to roll back to a previous version, Installation Manager must access the files from the media or repositories that were used to install the package.

Size of saved files: 0.0 KB.


     R. Restore Defaults
     A. Apply Changes and Return to Preferences Menu
     P. Temporarily Keep Changes and Return to Preferences Menu
...

Now, when I check: -

du -h /opt/ibm/IMShared/

28K/opt/ibm/IMShared/atoc/nq
36K/opt/ibm/IMShared/atoc
40K/opt/ibm/IMShared/native
264K/opt/ibm/IMShared/extra/preserve/IBM WebSphere Application Server V8.5
8.0K/opt/ibm/IMShared/extra/preserve/Operational Decision Manager V8.7
16K/opt/ibm/IMShared/extra/preserve/Web Server Plug-ins for IBM WebSphere Application Server V8.5
12K/opt/ibm/IMShared/extra/preserve/IBM HTTP Server V8.5
304K/opt/ibm/IMShared/extra/preserve
8.0K/opt/ibm/IMShared/extra/trackex/atoc
16K/opt/ibm/IMShared/extra/trackex
324K/opt/ibm/IMShared/extra
344K/opt/ibm/IMShared/files
752K/opt/ibm/IMShared/

I can see that we've "saved" roughly 3.1 GB :-)

Aide Memoire - Tinkering with WS-Security and IBM BPM Advanced 8.5.7

November 10, 2016, 11:00 pm
$
0
0
This is an ongoing Work-in-Progress, as I strive to understand how WS-Security works, specifically in terms of sending SOAP requests into IBM BPM Advanced 8.5.7.

My server code is very very simple; merely a SCA Export, with a Web Service / SOAP Binding, connecting into a SCA/BPEL component. The BPEL code includes a Java snippet which then converts the incoming Business Object into UTF-8 and outputs it to the log.

In order to set WS-Security headers on the SOAP request ( my client is SoapUI ), I'm adding a Digital Signature and a Timestamp, the former via a self-signed certificate held in a Java keystone on the client.

This: -


was extremely useful in helping me set up SoapUI.

Things aren't quite working as expecting, with some rather interesting messages appearing in the WAS SystemOut.log, including: -

Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS6810E: The runtime can not identify the key corresponding to the identifier [CN=davehay.uk.ibm.com,DC=UK,DC=IBM,DC=COM:540918370]. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@c2b4f517
CWWSS6521E

Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6001E: Key object was not obtained. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@2bcbf774

Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@41a64fd1

So now I'm looking at trace strings, including: -

*=info:com.ibm.websphere.wssecurity.*=all:com.ibm.ws.webservices.wssecurity.*=all:com.ibm.wsspi.wssecurity.*=all:com.ibm.ws.wssecurity.*=all:com.ibm.xml.soapsec.*=all:com.ibm.ws.webservices.trace.*=all:com.ibm.ws.websvcs.trace.*=all:com.ibm.ws.webservices.multiprotocol.AgnosticService=all:com.ibm.ws.websvcs.utils.SecurityContextMigrator=all

thanks to this: -




This got me further, and made me realise how little I actually understand about this aspect of WAS, specifically Policy Sets and Bindings.

For the record, this is where I am now: -

Caused by: com.ibm.wsspi.wssecurity.core.SoapSecurityException: security.wssecurity.WSSContextImpl.s02: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS6809E: The X509 certificate owned by CN=davehay.uk.ibm.com, DC=UK, DC=IBM, DC=COM, which is created from the binary in the message is different from the X509 certificate owned by CN=Bob, O=IBM, C=US, which is acquired from the keystore Path: C:\IBM\WebSphere\AppServer\profiles\AppSrv01//etc/ws-security/samples/enc-receiver.jceks. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@9c0b4f13

Caused by: com.ibm.websphere.security.WSSecurityException: Exception org.apache.axis2.AxisFault: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS6809E: The X509 certificate owned by CN=davehay.uk.ibm.com, DC=UK, DC=IBM, DC=COM, which is created from the binary in the message is different from the X509 certificate owned by CN=Bob, O=IBM, C=US, which is acquired from the keystore Path: C:\IBM\WebSphere\AppServer\profiles\AppSrv01//etc/ws-security/samples/enc-receiver.jceks. ocurred while running action: com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1@9c0b4f13

which makes me think that the self-signed certificate that I'm using to sign my SOAP request needs to be in the WAS trust store.

However, the question is WHICH STORE ?

Given that I'm seeing reference to enc-receiver.jceks which is inherited from the WAS 6 WS-Security Samples code makes me think :-)

Watch this space :-)

Repost - Using "IBM Pattern Modeling and Analysis Tool for Java Garbage Collector" to Analyze IBM Business Process Manager JVM Memory Usage and Garbage Collections

November 14, 2016, 10:38 pm
$
0
0
I'm reposting this: -


As you know IBM Business Process Manager is built upon Java technology whose performance is highly impacted by garbage collection. Usually IBM Business Process Manager would recommend to use generational concurrent garbage collection strategy (-Xgcpolicy:gencon) which is well suited to an application that creates many short-lived objects, you can read this section in the product documentation to better understand this policy: Generational Concurrent Garbage Collector.
 
Analyzing the textual verbose GC information recorded in native_stderr.log is the typical way to understand the garbage collection behavior. By default verbose GC is not enabled, here is a guide regarding how to enable it: Enabling verbose garbage collection (verboseGC) in WebSphere Application Server. Besides reading the detail verbose garbage collection information directly, IBM Pattern Modeling and Analysis Tool for Java Garbage Collector is a powerful tool you can leverage. The previous link is an article that will provide you with some scenarios as well as examples how to better use this tool.

because it's something that I'm going to need quite soon, and definitely worth reading.


Search

WebSphere Application Server - Using Java to manage WAS via SOAP over HTTPS

November 14, 2016, 11:38 pm
$
0
0

This has come from a requirement to create a custom Java class to interact with the WAS Deployment Manager via SOAP over HTTPS.

The wrinkle comes because the target WAS cell is secured using: -
  • Transport Layer Security (TLS) 1.2
  • Strong ECDHE/GCM ciphers
  • Mutual Authentication
This is the relevant portion of the security.xml file: -

  <repertoire xmi:id="SSLConfig_1" alias="CellDefaultSSLSettings" managementScope="ManagementScope_1">
    <setting xmi:id="SecureSocketLayer_1" clientAuthentication="true" securityLevel="CUSTOM" enabledCiphers="SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384" jsseProvider="IBMJSSE2" sslProtocol="TLSv1.2" keyStore="KeyStore_1" trustStore="KeyStore_2" trustManager="TrustManager_2" keyManager="KeyManager_1"/>
  </repertoire>

And this is the code that I'm using to prove the concept: -

import java.util.*;
import javax.management.ObjectName;
import com.ibm.websphere.management.configservice.*;
import com.ibm.websphere.management.*;
import com.ibm.websphere.management.exception.ConnectorException;
 
class adminclient  {
    public static void main(String[] args) throws ConnectorException {

String hostName = args[0];
String soapPort = args[1];

        Properties connectProps = new Properties();
        connectProps.setProperty(AdminClient.CONNECTOR_TYPE, AdminClient.CONNECTOR_TYPE_SOAP);
        connectProps.setProperty(AdminClient.CONNECTOR_HOST, hostName);
        connectProps.setProperty(AdminClient.CONNECTOR_PORT, soapPort);
        connectProps.setProperty(AdminClient.CONNECTOR_SECURITY_ENABLED, "true");
        connectProps.setProperty(AdminClient.CACHE_DISABLED, "false");
 
        AdminClient adminClient = null;
        try {
                adminClient = AdminClientFactory.createAdminClient(connectProps);
        }
 
        catch (Exception e) {
                System.out.println("Exception creating admin client: " + e);
                e.printStackTrace();
        }

try {
ConfigService configService = new ConfigServiceProxy(adminClient);
Session session = new Session();

ObjectName[] servers = configService.resolve(session, "Server");
System.out.println("Number of servers: " + servers.length);
for (ObjectName server : servers) {
System.out.println(server.getKeyProperty("_Websphere_Config_Data_Display_Name"));
}
}

catch (Exception e) {
System.err.println("An exception " + e + " occurred.");
}
    }


To use this code, we set up two configuration files - soap.client.props and ssl.client.props - both of which were copied from the WAS configuration: -

soap.client.props

com.ibm.SOAP.securityEnabled=false
com.ibm.SOAP.authenticationTarget=BasicAuth
com.ibm.SOAP.loginUserid=wasadmin
com.ibm.SOAP.loginPassword=passw0rdcom.ibm.SOAP.loginSource=prompt
com.ibm.SOAP.krb5ConfigFile=
com.ibm.SOAP.krb5CcacheFile=
com.ibm.SOAP.krb5Service=
com.ibm.SOAP.requestTimeout=180
com.ibm.ssl.alias=DefaultSSLSettings

ssl.client.props

com.ibm.ssl.defaultAlias=DefaultSSLSettingscom.ibm.ssl.performURLHostNameVerification=false
com.ibm.ssl.validationEnabled=false
com.ibm.security.useFIPS=false
com.ibm.jsse2.checkRevocation=false
com.ibm.security.enableCRLDP=false
com.ibm.ssl.alias=DefaultSSLSettings
com.ibm.ssl.protocol=TLSv1.2com.ibm.ssl.securityLevel=HIGH
com.ibm.ssl.trustManager=IbmPKIX
com.ibm.ssl.keyManager=IbmX509
com.ibm.ssl.contextProvider=IBMJSSE2
com.ibm.ssl.enableSignerExchangePrompt=gui
com.ibm.ssl.enabledCipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
com.ibm.ssl.keyStoreName=ClientDefaultKeyStore
com.ibm.ssl.keyStore=/home/wasadmin/key.p12
com.ibm.ssl.keyStorePassword=WebAScom.ibm.ssl.keyStoreType=PKCS12
com.ibm.ssl.keyStoreProvider=IBMJCE
com.ibm.ssl.keyStoreFileBased=true

com.ibm.ssl.trustStoreName=ClientDefaultTrustStore
com.ibm.ssl.trustStore=/home/wasadmin/trust.p12
com.ibm.ssl.trustStorePassword=WebAScom.ibm.ssl.trustStoreType=PKCS12
com.ibm.ssl.trustStoreProvider=IBMJCE
com.ibm.ssl.trustStoreFileBased=true
com.ibm.ssl.trustStoreReadOnly=false
Note that the latter references: -
  1. the security settings, including TLS 1.2 and the two ECDHE/GCM ciphers
  2. a pair of PKCS12 ( .p12 ) files, copied from the Deployment Manager
In the case of the .p12 files, the first ( key.p12 ) contains a personal certificate, signed by the Deployment Manager, which is used to authenticate to the Deployment Manager ( hence Mutual Authentication or Client Authentication ).

The second .p12 file ( trust.p12 ) contains the WAS cell's signer certificate, which allows the client code to decrypt what's returned from the DM.

Finally, this is how I compiled the code: -

source /opt/ibm/WebSphereProfiles/Dmgr01/bin/setupCmdLine.sh
javac -cp /opt/ibm/WebSphere/AppServer/runtimes/com.ibm.ws.admin.client_8.5.0.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ws.security.crypto.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ffdc.jar adminclient.java

( the first command updates the Linux shell to use the WAS Java SDK etc. )

and this is how I execute the code: -

java -Dcom.ibm.SSL.ConfigURL=file:/home/wasadmin/ssl.client.props -Dcom.ibm.SOAP.ConfigURL=file:/home/wasadmin/soap.client.props -cp /opt/ibm/WebSphere/AppServer/runtimes/com.ibm.ws.admin.client_8.5.0.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ws.security.crypto.jar:/opt/ibm/WebSphere/AppServer/plugins/com.ibm.ffdc.jar:/home/wasadmin adminclient bpm857.uk.ibm.com 8879

and this is what it returns: -

Nov 15, 2016 7:29:58 AM com.ibm.ws.management.connector.interop.JMXClassLoader
WARNING: Could not find tmx4jTransform.jar in null/etc/tmx4jTransform.jar - Interoperability to older versions of WebSphere is disabled
Nov 15, 2016 7:29:58 AM com.ibm.ws.ssl.config.SSLConfigManager
INFO: CWPKI0027I: Disabling default hostname verification for HTTPS URL connections.
Nov 15, 2016 7:29:58 AM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Nov 15, 2016 7:29:59 AM com.ibm.ws.security.config.SecurityObjectLocator
INFO: CWSCF0002I: The client code is attempting to load the security configuration the server and this operation is not allowed.
Number of servers: 5
dmgr
MEClusterMember1
SupClusterMember1
AppClusterMember1
nodeagent

Not the most exciting class - it's just a list of nodes - but it allows me to prove the plumbing.

Sidebar - having enabled Mutual Authentication (MA), I've now locked myself out of the Deployment Manager via a web browser, as my browser doesn't have a personal certificate that WAS trusts. Therefore, I see this: -



which is nice :-)

Book Review - OpenStack in Action by Cody Bumgardner

November 15, 2016, 1:25 am
$
0
0
This is another of my semi-regular book reviews for the British Computer Society, who kindly provided me with a free copy of this book, in ePub format.

OpenStack in Action by Cody Bumgardner

Whether you call it serendipity or just-in-time, the timing of the offer to review this book was perfect, in that I was looking at OpenStack, in order to better understand and position it to my clients and peers.

Therefore, this book ticked all the right boxes for me, in terms of allowing me to get a context and deeper understanding of OpenStack ( and the related DevStack offering ).

Initially, Cody introduces OpenStack and its API, positioning alongside virtualisation, hypervisors, containerisation and public/private/hybrid clouds. He makes the point that OpenStack is built out of a "stack" of services, including storage, networking, security and orchestration.

Having set the scene, the book immediately jumps into a "hands-on" phase, walking the reader through the installation, setup and use of DevStack, on a provided VM, or via a native, custom build on a Linux distribution such as Ubuntu.

This does assume that the reader has some familiarity with Linux, but is a fairly safe bet given the potential audience of the book. Equally, the use of the so-called "companion" VM does help, if the objective is merely to get some hands-on with DevStack, without actually building it.

Post-DevStack, Cody then describes how OpenStack can be driven, most logically using the command-line interface (CLI). This is a useful section in that it provides the context and introduces aspects such as tenants, users and roles.

My only critique of this section is that the page formatting, leastways in the ePub format that I was using, as the font/size used is rather small, meaning that it's somewhat hard to read the listings, where the actual CLI commands are displayed.

The book continues by joining together the OpenStack components, aka services, highlighting the inter-dependencies and the security model, and outlining the relationship between OpenStack and 3rd party solutions, such as storage and networking.

During the second half of the book, Cody dives even more deeply into the setup of the major OpenStack components; this compares and contrasts nicely to the DevStack setup, and this section is very "hands-on", in terms of commands, projected output, results etc.

Again, the assumption is that the reader is going to be deeply engaged in the build, as well as the use, of an OpenStack cloud. It's also fair to say that an understanding of Linux and TCP/IP networking would be of use here.

By the end of this hands-on section, the reader will have a much deeper level of expertise with OpenStack, in terms of understanding both WHAT and HOW it does what it does.

Finally, Cody walks through what one needs to consider when delivering OpenStack into production, again focusing upon networking, storage topologies, automated HA provisioning, and, perhaps most importantly, cloud orchestration using Heat and Ubuntu Juju.

For me, I wanted to get an introduction to, and the context of, OpenStack, and this book was perfect for that. It also provided me with a good opportunity get some hands-on experience with the product, both via DevStack and OpenStack itself.

As with all things, I'm usually ready to learn something when I need to learn something, and, as mentioned, the timing was perfect.

I now need to go and build something with OpenStack, ideally building upon what I already know.

So that's my next challenge ….

If you are looking to get an introduction into, and some hands-on with, OpenStack, as well as a more general deep-dive reference, then this is definitely the book for you.

Out of 10, I'd give this book a solid 9, and would recommend it to others.

Cool your hot entities in IBM ODM Decision Server Insights

November 15, 2016, 8:23 am
$
0
0
This was authored by two of my IBM colleagues, Nigel Crowther and Jonathon Carr


In any high-volume event processing system, such as Decision Server Insights in IBM® Operational Decision Manager (ODM), an entity instance referenced by thousands of events is a "hot entity." Hot entities slow down processing, becoming the sole consumer of events within the system. This situation effectively reduces an entire multi-processing grid to wait for a single thread to complete.

This tutorial aims to help Decision Server Insights architects and developers build solutions without hot entities. Learn the causes of hot entities and tips to avoid them.

Windows 7 - An Update on Updates

November 18, 2016, 2:03 am
$
0
0
Acting in my role as my family's IT Crowd representative, I ran an errand of mercy yesterday to help recover a Windows 7 PC that was failing to properly run up.

It was booting OK, but was tremendously slow, and it's owner was unable to access the internet ( aka Internet Explorer ).

The PC hadn't been booted up for a month or so, and there were a series of overlapping issues, one of which was that the Norton Anti-Virus tool was (a) out-of-date and (b) expired.

In parallel, Windows Update hadn't run in a while, and the PC believed that it had not been updated since July :-( even though updates were last checked for in September :-(

Long story short, I had to manually update Windows via four specific fixes ( Knowledge Base articles ) : -


Windows6.1-KB3102810-x86.msu


Windows6.1-KB3172605-x86.msu


windows6.1-kb3197868-x86_654e073e00c76a3a7dd01dee8fc2e4fb9a75c931.msu


windows6.1-kb3197869-x86_179db4ad840757eeaba21c1838938e5d61217c73.msu

In each case, I found that the trick was to: -

(a)Disable the network interface ( having downloaded the fix, obviously )
(b)Stop the Windows Update Service (WUS) via the Services Control Panel ( services.msc )
(c)Install the fix
(d)Reboot

Once I finally managed to get Windows to update ( and the first of the above four helped with that, as it actually patches WUS ), it's all up-and-running, and Windows seems fairly happy ( as does Norton AV, once I renewed the subscription ).

Now to run SpinRite ...

Apple Calendar - Dealing with Spam invitations

November 24, 2016, 10:56 pm
$
0
0
So I keep receiving spam calendar invitations to my Apple Calendar, on iOS and macOS, which is a nuisance.

Thankfully, I found this: -

<snip>
Log in to iCloud on the web, open your calendar, and go to ⚙ > Preferences. Under Advanced, you'll find an option to receive calendar invitations by email instead of straight into your calendar.
</snip>


<snip>
Ok so this works. Create a new calendar (Calendar/File/New Calendar) then open the bogus invite, you should see a drop down box; when you pull it down you'll see colour coded buttons for the original calendar/s and the new one - you can assign the invite to the new calendar by clicking on it (default name is 'new calendar'), then go to the sidebar (or click the top left button marked 'Calendars' if the sidebar isn't showing) and delete the new calendar. It takes a minute or two for the original calendar to update, but then it will be gone. And without replying to the invite! (I hammered all this out with an Apple online chat person, who at first told me to 'Decline' the invite, bad advice…)
</snip>

Q: How do I block spam calendar invites

which allowed me to do this: -


Note that I did NOT click on the default button, but instead chose Delete and Don't Notify.

Nice :-)

WebSphere Application Server - Managing Profiles and Server Names

November 25, 2016, 2:19 am
$
0
0
This is in the context of managing profiles in WebSphere Application Server, using the manageprofiles.sh command.

A friend asked me how he could set the name of a specific server instance ( think JVM ) when he was creating a profile …

This is what I told him: -

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -profilePath /opt/ibm/WebSphere/AppServer/profiles/diesel -enableService false -nodeName chugger -serverName hst125 -profileName diesel -create -cellName trainsRcool -enableAdminSecurity false -hostName bpm857.uk.ibm.com -templatePath /opt/ibm/WebSphere/AppServer/profileTemplates/default

where I'm setting the following variants: -

-nodeName chugger

-serverName hst125

-profileName diesel

-cellName trainsRcool

So that's all good then ….

Note to self - monitoring User Limits in GNU Linux

November 28, 2016, 1:01 am
$
0
0
This came up last week, and is something that I need to keep an eye on.

These are some of the commands that one can/should use to monitor ulimit use on a Linux box: -

ps -eLf

ps -eTf

ps -Tp `pidof java`

top -H -p `pidof java`

pstree -p `pidof java`

for pid in $(pgrep java); do ls /proc/$pid/fd | wc -l; done


Search

IBM BPM and the Bootstrap Process - Sigh, one day I'll get this right

December 5, 2016, 7:57 am
$
0
0
So, again, *IF* I ever see this again: -

/opt/IBM/WebSphereProfiles/Dmgr01/bin/bootstrapProcessServerData.sh -clusterName AppCluster

Bootstraping data into cluster AppCluster

WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
java.lang.Exception: java.lang.reflect.InvocationTargetException
at com.ibm.bpm.bootstrap.BootstrapProcessServerDataHelper.loadInstallationGuid(BootstrapProcessServerDataHelper.java:534)
at com.ibm.bpm.bootstrap.BootstrapProcessServerDataHelper.bootstrapData(BootstrapProcessServerDataHelper.java:248)
at com.ibm.bpm.bootstrap.BootstrapHelper.execute(BootstrapHelper.java:125)
at com.ibm.websphere.management.async.client.AsyncCommandClient.execute(AsyncCommandClient.java:177)
at com.ibm.ws.scripting.adminCommand.AdminCmdController.executeCmd(AdminCmdController.java:1877)
at com.ibm.ws.scripting.adminCommand.AdminCmdController.processCmd(AdminCmdController.java:318)
at com.ibm.ws.scripting.adminCommand.AdminCmdProxyHandler.invoke(AdminCmdProxyHandler.java:92)
at com.ibm.ws.scripting.adminCommand.AdminCmdProxyBase.__method4(AdminCmdProxyBase.java:58)
at com.ibm.ws.scripting.adminCommand.AdminTask.bootstrapProcessServerData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java)
at org.python.core.PyMethod.__call__(PyMethod.java)
at org.python.core.PyObject.__call__(PyObject.java)
at org.python.core.PyInstance.invoke(PyInstance.java)
at org.python.pycode._pyx50.f$0(<input>:1)
at org.python.pycode._pyx50.call_function(<input>)
at org.python.core.PyTableCode.call(PyTableCode.java)
at org.python.core.PyCode.call(PyCode.java)
at org.python.core.Py.runCode(Py.java)
at org.python.core.Py.exec(Py.java)
at org.python.util.PythonInterpreter.exec(PythonInterpreter.java)
at com.ibm.bsf.engines.jython.JythonEngine$BSFPythonInterpreter.runcode(Unknown Source)
at org.python.util.InteractiveInterpreter.runsource(InteractiveInterpreter.java)
at org.python.util.InteractiveInterpreter.runsource(InteractiveInterpreter.java)
at com.ibm.bsf.engines.jython.JythonEngine.iexec(Unknown Source)
at com.ibm.bsf.BSFManager$7.run(Unknown Source)
at java.security.AccessController.doPrivileged(AccessController.java:453)
at com.ibm.bsf.BSFManager.iexec(Unknown Source)
at com.ibm.ws.scripting.AbstractShell.executeCommands(AbstractShell.java:1121)
at com.ibm.ws.scripting.AbstractShell.run(AbstractShell.java:2282)
at com.ibm.ws.scripting.WasxShell.main(WasxShell.java:1172)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234)
at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:96)
at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587)
at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340)
at org.eclipse.core.launcher.Main.basicRun(Main.java:282)
at org.eclipse.core.launcher.Main.run(Main.java:981)
at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:402)
at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:165)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.bpm.bootstrap.BootstrapProcessServerDataHelper.loadInstallationGuid(BootstrapProcessServerDataHelper.java:519)
... 59 more
Caused by: java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:257)
at com.ibm.bpm.bootstrap.InstallationGuidHelper.loadInstallationGuid(InstallationGuidHelper.java:41)
... 64 more
Caused by: java.lang.IllegalStateException: Failed to initialize registry
at com.lombardisoftware.core.Registry.getInstance(Registry.java:116)
at com.lombardisoftware.utility.spring.ProgrammaticTransactionSupport.<clinit>(ProgrammaticTransactionSupport.java:119)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)
... 65 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'handlersMap': Cannot create inner bean 'com.lombardisoftware.server.ejb.persistence.PSDefaultHandler#8851dc42' of type [com.lombardisoftware.server.ejb.persistence.PSDefaultHandler] while setting bean property 'sourceMap' with key [TypedStringValue: value [Task], target type [null]]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.lombardisoftware.server.ejb.persistence.PSDefaultHandler#8851dc42' defined in class path resource [registry.persistence.xml]: Cannot resolve reference to bean 'dao.task' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dao.task' defined in class path resource [registry.persistence.xml]: Instantiation of bean failed; nested exception is java.lang.ExceptionInInitializerError
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:230)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:117)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:320)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:134)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(AccessController.java:424)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:423)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:729)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:381)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)
at com.lombardisoftware.core.Registry.loadFromClasspath(Registry.java:73)
at com.lombardisoftware.core.Registry.load(Registry.java:65)
at com.lombardisoftware.core.Registry.getInstance(Registry.java:111)
... 68 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.lombardisoftware.server.ejb.persistence.PSDefaultHandler#8851dc42' defined in class path resource [registry.persistence.xml]: Cannot resolve reference to bean 'dao.task' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dao.task' defined in class path resource [registry.persistence.xml]: Instantiation of bean failed; nested exception is java.lang.ExceptionInInitializerError
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:479)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:162)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:925)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:835)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(AccessController.java:424)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:219)
... 90 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'dao.task' defined in class path resource [registry.persistence.xml]: Instantiation of bean failed; nested exception is java.lang.ExceptionInInitializerError
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:254)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:925)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:835)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(AccessController.java:424)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
... 100 more
Caused by: java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:257)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:56)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:39)
at java.lang.reflect.Constructor.newInstance(Constructor.java:527)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:248)
... 112 more
Caused by: java.lang.IllegalStateException: Failed to initialize registry
at com.lombardisoftware.core.Registry.getInstance(Registry.java:116)
at com.lombardisoftware.server.ejb.persistence.dao.TaskDAO.<clinit>(TaskDAO.java:73)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)
... 119 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'handlersMap': Cannot create inner bean 'com.lombardisoftware.server.ejb.persistence.UserGroupPersistenceHandler#f1708b31' of type [com.lombardisoftware.server.ejb.persistence.UserGroupPersistenceHandler] while setting bean property 'sourceMap' with key [TypedStringValue: value [UserGroup], target type [null]]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.lombardisoftware.server.ejb.persistence.UserGroupPersistenceHandler#f1708b31' defined in class path resource [registry.persistence.xml]: Instantiation of bean failed; nested exception is java.lang.ExceptionInInitializerError
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:230)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:117)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:320)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:134)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(AccessController.java:424)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:423)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:729)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:381)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)
at com.lombardisoftware.core.Registry.loadFromClasspath(Registry.java:73)
at com.lombardisoftware.core.Registry.load(Registry.java:65)
at com.lombardisoftware.core.Registry.getInstance(Registry.java:111)
... 122 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.lombardisoftware.server.ejb.persistence.UserGroupPersistenceHandler#f1708b31' defined in class path resource [registry.persistence.xml]: Instantiation of bean failed; nested exception is java.lang.ExceptionInInitializerError
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:254)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:925)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:835)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(AccessController.java:424)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:219)
... 144 more
Caused by: java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:257)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:56)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:39)
at java.lang.reflect.Constructor.newInstance(Constructor.java:527)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:248)
... 151 more
Caused by: java.lang.IllegalStateException: Failed to initialize registry
at com.lombardisoftware.core.Registry.getInstance(Registry.java:116)
at com.lombardisoftware.server.ejb.persistence.UserGroupPersistenceHandler.<clinit>(UserGroupPersistenceHandler.java:34)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:235)
... 158 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'message.routingCache' defined in class path resource [registry.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.lombardisoftware.bpd.runtime.engine.message.DefaultMessageRoutingCache]: Constructor threw exception; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:883)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:839)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(AccessController.java:424)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:729)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:381)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)
at com.lombardisoftware.core.Registry.loadFromClasspath(Registry.java:73)
at com.lombardisoftware.core.Registry.load(Registry.java:65)
at com.lombardisoftware.core.Registry.getInstance(Registry.java:111)
... 161 more
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [com.lombardisoftware.bpd.runtime.engine.message.DefaultMessageRoutingCache]: Constructor threw exception; nested exception is java.lang.NullPointerException
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:115)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:61)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:877)
... 179 more
Caused by: java.lang.NullPointerException
at com.lombardisoftware.client.security.ServerTypeUtil.isRepository(ServerTypeUtil.java:35)
at com.lombardisoftware.server.ejb.environment.EnvironmentServicesCore.isRepository(EnvironmentServicesCore.java:460)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.lombardisoftware.utility.spring.TransactionInterceptor$2.call(TransactionInterceptor.java:67)
at com.lombardisoftware.utility.spring.ProgrammaticTransactionSupport.executeWithNoTransaction(ProgrammaticTransactionSupport.java:633)
at com.lombardisoftware.utility.spring.ProgrammaticTransactionSupport.execute(ProgrammaticTransactionSupport.java:334)
at com.lombardisoftware.utility.spring.TransactionInterceptor.invoke(TransactionInterceptor.java:65)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.lombardisoftware.utility.spring.CoreEntryInterceptor.invoke(CoreEntryInterceptor.java:44)
at com.lombardisoftware.utility.spring.PSCoreEntryInterceptor.invoke(PSCoreEntryInterceptor.java:14)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy47.isRepository(Unknown Source)
at com.lombardisoftware.bpd.runtime.engine.message.DefaultMessageRoutingCache.doInitCache(DefaultMessageRoutingCache.java:404)
at com.lombardisoftware.core.cache.LocalCache.initCache(LocalCache.java:254)
at com.lombardisoftware.server.core.cache.ServerCoreCache.<init>(ServerCoreCache.java:46)
at com.lombardisoftware.bpd.runtime.engine.message.DefaultMessageRoutingCache.<init>(DefaultMessageRoutingCache.java:78)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:56)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:39)
at java.lang.reflect.Constructor.newInstance(Constructor.java:527)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
... 181 more
WASX7015E: Exception running command: "AdminTask.bootstrapProcessServerData(['-clusterName','AppCluster'])"; exception information:
java.lang.Exception: java.lang.Exception: java.lang.reflect.InvocationTargetException


Bootstrap failed

one of a number of root causes is …..

I forgot to set up the password for the DB2 user ( db2user1 ) :-)

I validated this by starting the Deployment Manager and the Node Agent, and then attempting to "ping" the JDBC data source from within the WAS Integrated Solutions Console (ISC) which threw up this: -

[05/12/16 15:47:21:704 GMT] 00000067 DSConfigurati W   DSRA8201W: DataSource Configuration: DSRA8040I: Failed to connect to the DataSource jdbc/BPEDB.  Encountered java.sql.SQLInvalidAuthorizationSpecException: [jcc][t4][2013][11249][4.11.69] Connection authorization failure occurred.  Reason: User ID or Password invalid. ERRORCODE=-4214, SQLSTATE=28000 DSRA0010E: SQL State = 28000, Error Code = -4,214.
java.sql.SQLInvalidAuthorizationSpecException: [jcc][t4][2013][11249][4.11.69] Connection authorization failure occurred.  Reason: User ID or Password invalid. ERRORCODE=-4214, SQLSTATE=28000 DSRA0010E: SQL State = 28000, Error Code = -4,214
        at com.ibm.db2.jcc.am.gd.a(gd.java:674)


[05/12/16 15:47:21:793 GMT] 00000067 DataSourceCon E   DSRA8040I: Failed to connect to the DataSource "".  Encountered java.sql.SQLInvalidAuthorizationSpecException: [jcc][t4][2013][11249][4.11.69] Connection authorization failure occurred.  Reason: User ID or Password invalid. ERRORCODE=-4214, SQLSTATE=28000 DSRA0010E: SQL State = 28000, Error Code = -4,214


I'd created the db2user1 user: -

groupadd db2users
useradd -g db2users -d /home/db2user1 db2user1

but forgot to set the password: -

echo "passw0rd" | passwd db2user1 --stdin

( I should point out that this is a PoC environment hence the somewhat weak choice of password )

Therefore, the password that BPM was expecting, as defined within the BPMConfig template - Advanced-PC-ThreeClusters-DB2.properties: -

bpm.de.authenticationAlias.3.name=BPM_DB_ALIAS
bpm.de.authenticationAlias.3.user=db2user1
bpm.de.authenticationAlias.3.password=passw0rd

Once I got it right, this happened: -

/opt/IBM/WebSphereProfiles/Dmgr01/bin/bootstrapProcessServerData.sh -clusterName AppCluster

Bootstraping data into cluster AppCluster

WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/system-toolkit.twx
deploy: false
latestSystemToolkit: true
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/system-coaches.twx
deploy: false
latestSystemToolkit: false
activateSnapshot: false
 importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/content-integration-toolkit.twx
deploy: false
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/system-dashboards.twx
deploy: false
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/governance-toolkit.twx
deploy: false
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/ssi4bpm-guided-workflow.twx
deploy: false
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/process-portal.twx
deploy: true
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/saved-search-admin.twx
deploy: true
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/standard-hiring-sample.twx
deploy: true
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/advanced-hiring-sample.twx
deploy: false
latestSystemToolkit: false
activateSnapshot: false
importFile: /opt/IBM/WebSphere/AppServer/BPM/Lombardi/imports/procurement-sample.twx
deploy: false
latestSystemToolkit: false
activateSnapshot: false
'BootstrapProcessServerData admin command completed successfully.....'

Troubleshooting Web Services Performance Problems In IBM WebSphere Application Server With Web Services Performance (WSPerf) Trace

December 5, 2016, 10:38 am
$
0
0
This is my current "think" as I'm digging into some BPM performance challenges: -


The WSPerf trace is a feature of IBM WebSphere Application Server. The WSPerf is a troubleshooting aid to assist analysts to resolve web services problems, especially performance problems. WSPerf trace can be used to analyze the speed of web services message traffic in IBM's WebSphere Application Server web services engine. WSPerf trace helps to narrow down likely suspects for root-cause problem determination. WSPerf trace is a subset of the full web services engine trace. The full engine trace is seen in MustGather: Web Services engine and tooling problems for WebSphere Application Server.

Web services problems, especially message traffic performance problems, can arise form many different possible root causes. Some examples include, any application running in WebSphere EJB or Web Container, IBM BPM, WebSphere Portal, and WebSphere Commerce. What this article discusses, is how to understand, use, and exploit the WSPerf trace feature.


Watch this space ...

IBM BPM - Process Designer and the Mysterious Case of the Hostname

December 5, 2016, 12:20 pm
$
0
0
I saw this: -


and this: -

[05/12/16 19:29:23:233 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null
[05/12/16 19:29:23:274 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null
[05/12/16 19:29:23:335 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null
[05/12/16 19:29:23:356 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null
[05/12/16 19:29:23:409 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null
[05/12/16 19:29:23:487 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null
[05/12/16 19:29:23:510 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null
[05/12/16 19:29:23:534 GMT] 0000024b HttpProtocolH W com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy getEndpointUrl Unable to construct URL because servlet request argument was null

on a freshly-minted IBM BPM Process Center installation, when attempting to log into Process Designer from a remote Windows 7 box.

I know WHAT I did wrong; not sure precisely how, but I ended up with localhost in my BPMConfig properties file - Advanced-PC-ThreeClusters-DB2.properties :-

bpm.dmgr.hostname=localhost
bpm.de.node.1.hostname=localhost
bpm.de.db.1.hostname=localhost
bpm.de.db.2.hostname=localhost
bpm.de.db.3.hostname=localhost
bpm.de.db.4.hostname=localhost

This is an internal PoC, so, rather than rebuilding my Deployment Environment, I set out to "fix" the problem.

I suspect that it was related to the BPM Endpoints, that would've been misconfigured to use localhost rather than a real hostname.

In the context of these Endpoints, the ones that I'm specifically interested relate to the so-called EXTERNAL_CLIENT scenario, as described here: -


Therefore, I wrote this Jython script to resolve the problem: -

scenario='EXTERNAL_CLIENT'

bpmurlsid=AdminConfig.getid(dePath+'BPMURLS:/')
bpmurllist=AdminUtilities.convertToList(AdminConfig.list("BPMURL", bpmurlsid))
for item in bpmurllist :
  if AdminConfig.showAttribute(item,'scenario')==scenario : bpmurl=item

AdminConfig.modify(bpmurl,[['url','https://bpm855.uk.ibm.com:9443']])

AdminConfig.save()
AdminNodeManagement.syncActiveNodes()

which I then validated as follows: -

print AdminConfig.show(bpmurl)

which returns: -

[scenario EXTERNAL_CLIENT]
[strategies "com.ibm.bpm.endpoint.impl.strategies.WCCMConfigStrategy, com.ibm.bpm.endpoint.impl.strategies.HttpProtocolHostStrategy"]
[url https://bpm855.uk.ibm.com:9443]

Once I restarted the AppCluster, Process Designer just worked :-)

The moral of the story ? Get your hostnames RIGHT RIGHT RIGHT when building a Deployment Environment, but also know how to configure the BPM Endpoints, especially when adding web servers ( IBM HTTP Server ), load balancers etc.

Encrypting WebSphere Application Server system passwords

December 5, 2016, 10:51 pm
$
0
0
This from one of my IBM colleagues, Martin Lansche: -

...
It seems that every day we are bombarded with stories in the technical and mainstream press of attacks of computer systems where passwords are stolen, after which these passwords are then available to attackers. The press frequently points out that one reason that this password data was retrievable is because "it was not encrypted." In this situation, it's important to recognize that the passwords in question are user passwords, those used to log in and access the system, not passwords associated with the system processes and binaries. This difference is extremely important.

With such press coverage in mind, perhaps the most common comment centers around customers wanting to encrypt passwords in their IBM® WebSphere® Application Server systems. This comment is often repeated by WebSphere security consultants, our technical sales people, and the WebSphere security development architects. The message that we get is, "WebSphere is mostly meeting its claim of being secure by default, but there are passwords stored on the filesystem which are simply encoded, not encrypted." This is frequently followed by "and we failed our security audit because they are not encrypted."

Some clients have insisted that encryption of system passwords used by WebSphere Application Server is preferred over encoding. However, a system programming interface (SPI) has been available since WebSphere Application Server Version 6.0.2, which can be used to implement any password "hiding" solution that a client might want to implement. By using this SPI, IBM Hybrid Cloud Services (formerly known as IBM Software Services for WebSphere) has implemented such a solution for several clients. In this article, I define some basic security concepts and then describe the design considerations in this custom solution.
...

WebSphere Application Server Performance Cookbook

December 6, 2016, 11:25 pm
$
0
0
I'm not sure if I've posted this before, but it's worth a read, either way: -

The WebSphere Application Server Performance Cookbook covers performance tuning for WebSphere Application Server (WAS), although there is also a very strong focus on Java, Operating Systems, and theory which can be applied to other products and environments. The cookbook is designed to be read in a few different ways:

• On the go: Readers short on time should skip to the Recipes chapter at the end of the book. In the spirit of a cookbook, there are recipes that provide step-by-step instructions of how to gather and analyze data for particular classes of problems.
• General areas: For readers interested in tuning some general area such as WAS or Java, each major chapter provides its recipe at the top of the chapter that summarizes the key tuning knobs that should be investigated.
• Deep dive: Readers interested in end-to-end tuning are encouraged to skim the entire book for areas relevant to their product usage.

Viewing all 1851 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>