IBM BPM and the Process Federation Server - A Voyage of Discovery #3

July 25, 2017, 9:07 am

≫ Next: Hmm, Box Sync not playing nice - "Unable to Connect to Box"

≪ Previous: IBM BPM and the Process Federation Server - A Voyage of Discovery #2

So, following these two posts: -

IBM BPM and the Process Federation Server - A Voyage of Discovery #1

IBM BPM and the Process Federation Server - A Voyage of Discovery #2

once I'd got PFS set up and (mostly) working, I did some testing.

However, I kept seeing errors such as this: -

when I logged into the BPM 8.5.7 Process Portal ( if you remember, this is the new go-to Portal for everything, including the 8.5.5 instances ) via this URL: -

https://bpm857.uk.ibm.com:8443/ProcessPortal

Talking to some of my genius colleagues, I realised that I could debug this better using a JavaScript console such as that provided by Google Chrome.

This is what I saw: -

A spot of Googling for net::ERR_INSECURE_RESPONSE made me realise the error of my ways.

I'm using self-signed certificates for the IHS instances fronting BPM 8.5.5 and 8.5.7. In addition, I'm also using a self-signed certificate for PFS which, although not using IHS, still has a web UI sitting on port 9443: -

https://pfs.uk.ibm.com:9443

When I first access Process Portal or PFS in Chrome, I see this: -

In other words, whilst I'd told Chrome to "trust" BPM 8.5.7 I had not told it to similarly trust BPM 8.5.7.

Once I accessed PFS: -

https://pfs.uk.ibm.com:9443

and reloaded the original 8.5.7 Process Portal page, suddenly my instances started to appear …

I did see one subsequent issue: -

XMLHttpRequest cannot load https://bpm855.uk.ibm.com:8443/rest/bpm/wle/v1/task/56?federationMode=true&parts=actions. The 'Access-Control-Allow-Origin' header has a value 'https://bpm855.uk.ibm.com:9443' that is not equal to the supplied origin. Origin 'https://bpm857.uk.ibm.com:8443' is therefore not allowed access.

It took me a while to work this out, but then I realised that it's telling me that the IHS fronting BPM 8.5.5 is being asked to allow the HTTP header to be modified to readhttps://bpm857.uk.ibm.com:8443 which doesn't match up with the mod_headers directive of: -

Header set Access-Control-Allow-Origin "https://bpm855.uk.ibm.com:8443"

which makes no sense at all, given that it's on the BPM 8.5.5 box itself :-)

Once I changed my IHS configuration: -

LoadModule headers_module modules/mod_headers.so
Header set Access-Control-Allow-Origin "https://bpm857.uk.ibm.com:8443"
Header set Access-Control-Allow-Credentials "true"
Header set Access-Control-Allow-Headers "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
Header set Access-Control-Allow-Methods "GET,POST,PUT,DELETE,OPTIONS"

all was well.

I'm still on the learning curve, especially with regard to the specifics of SSL certificate exchange, so expect more posts ….

↧

Hmm, Box Sync not playing nice - "Unable to Connect to Box"

July 25, 2017, 11:34 pm

≫ Next: Moving an IBM BPM 8.5.7 environment, dealing with the Service Integration Bus (SIBus ) tables

≪ Previous: IBM BPM and the Process Federation Server - A Voyage of Discovery #3

So I started seeing this: -

Unable to Connect to Box

Box Sync is unable to connect to Box.

Verify that you are connected to the Internet and restart Box Sync.

If you continue to see this message, contact your administrator to verify if it is a network issue.

If it is not a network issue, visit the Box Support website to submit a ticket.

yesterday, on my Mac.

No matter how many times I tried stopping/starting the Box Sync app, it flatly refused to connect.

This whilst I was working away on Box via my browser, and happily using the internet for mail, browsing, Slack, Twitter, iMessage etc.

So, this morning, I took Roy's advice ( if you don't know The IT Crowd, you really should ) and "turned it off and on again" - by which I mean the Mac itself.

A reboot didn't seem to sort it, so a full power-down and restart was the order of the day.

When I then tried to start the Box Sync client I saw this: -

There was a login error. Please make sure your network is connected and try logging in again. If you still experience issues, please restart Box Sync. Reason Code: (8)

so I again restart the Box Sync client itself ….

And, quelle surprise, I was able to log in and get syncing … which is nice :-)

↧

Moving an IBM BPM 8.5.7 environment, dealing with the Service Integration Bus (SIBus ) tables

July 26, 2017, 3:32 am

≫ Next: WebSphere Liberty Profile - Variables

≪ Previous: Hmm, Box Sync not playing nice - "Unable to Connect to Box"

I'm working through this process: -

Migrating IBM BPM to the same version on new hardware

specifically testing the process of "lifting and shifting" an IBM BPM Deployment Environment from one VM to another.

This is, in part, to help a client move a running environment from Red Hat Enterprise Linux v5 to v7.

So I've got a working environment on a VM, and I've exported the BPM Deployment Environment thus: -

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -export -de De1 -profile Dmgr01 -outputDir /tmp/De1

deleted the WAS profiles: -

/opt/ibm/WebSphere/AppServer/bin/manageprofiles.sh -deleteAll

removed the WAS profile root: -

rm -Rf WebSphereProfiles/

and then recreated the Deployment Environment using the exported configuration: -

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -create -de /tmp/De1/De1.properties

I then need to do this: -

Dropping the messaging engine tables

…

Manually drop the existing messaging engine tables in the messaging database of your new deployment environment before you start the deployment environment.

The messaging engine table names use the SIB prefix.

...

even though the underlying Oracle database isn't moving anywhere.

So, I'm on the Oracle box, and have started the SQLPlus client: -

sqlplus / as sysdba

Now I need to find the tables: -

SELECT TABLE_NAME FROM ALL_tables WHERE TABLE_NAME LIKE '%SIB%' AND OWNER = 'CMNUSER';

which gives me this: -

TABLE_NAME
--------------------------------------------------------------------------------
DATA_VISIBILITY_TEMPLATE_T
SIB000
SIB001
SIB002
SIBCLASSMAP
SIBKEYS
SIBLISTING
SIBOWNER
SIBOWNERO
SIBXACTS

10 rows selected.

I've highlighted the ones in which I'm interested: -

SIB000
SIB001
SIB002
SIBCLASSMAP
SIBKEYS
SIBLISTING
SIBOWNER
SIBOWNERO
SIBXACTS

so I merely need to drop them: -

vi dropSIBtables.sql

DROP TABLE CMNUSER.SIB000;
DROP TABLE CMNUSER.SIB001;
DROP TABLE CMNUSER.SIB002;
DROP TABLE CMNUSER.SIBCLASSMAP;
DROP TABLE CMNUSER.SIBKEYS;
DROP TABLE CMNUSER.SIBLISTING;
DROP TABLE CMNUSER.SIBOWNER;
DROP TABLE CMNUSER.SIBOWNERO;
DROP TABLE CMNUSER.SIBXACTS;

exit | sqlplus / as sysdba @dropSIBtables.sql

SQL*Plus: Release 12.2.0.1.0 Production on Wed Jul 26 11:25:45 2017

Copyright (c) 1982, 2016, Oracle. All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

Table dropped.

Table dropped.

Table dropped.

Table dropped.

Table dropped.

Table dropped.

Table dropped.

Table dropped.

Table dropped.

SQL> Disconnected from Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

Finally, I need to recreate the SIB tables, using the createSchema_Messaging.sql script that i used when I first built the environment: -

exit | sqlplus / as sysdba @createSchema_Messaging.sql

SQL*Plus: Release 12.2.0.1.0 Production on Wed Jul 26 11:31:36 2017

Copyright (c) 1982, 2016, Oracle. All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

Table created.

Table created.

Table created.

Table created.

Table created.

Index created.

Table created.

Index created.

Table created.

Index created.

Table created.

Table created.

SQL> Disconnected from Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production

and then restart my Deployment Environment: -

/opt/ibm/WebSphere/AppServer/bin/BPMConfig.sh -start -profile Dmgr01 -de De1

and on to testing ….

↧

WebSphere Liberty Profile - Variables

July 26, 2017, 5:58 am

≫ Next: WebSphere Application Server - Scripting Security

≪ Previous: Moving an IBM BPM 8.5.7 environment, dealing with the Service Integration Bus (SIBus ) tables

As per my previous posts, I'm setting up an IBM BPM Process Federation Server (PFS), which runs on WebSphere Liberty Profile (WLP).

I'm now going back through the setup from scratch, to see (a) what I learned and (b) whether I can repeat my success :-)

Looking at the WLP configuration file - server.xml - I'd noticed reference to a pair of variables: -

…

…

and was trying to work out what, if anything, the difference is, given that they actually point to a the same darn file.

This helped: -

Customizing the Liberty environment

…

WLP_OUTPUT_DIR

This environment variable can be used to specify an alternative location for server generated output such as logs, the workarea directory, and generated files. Files in the logs directory can include console.log, messages.log, and any generated FFDC files. Generated files can include server dumps that are created with the server dump or server javadump command. This variable must be an absolute path. If this environment variable is specified, ${server.output.dir} is set to the equivalent of WLP_OUTPUT_DIR/serverName. If this environment variable is not specified, ${server.output.dir} is the same as ${server.config.dir}.

…

So, because I have not actively specified WLP_OUTPUT_DIR the value of server.output.dir is the same as server.config.dir.

For the record, I can also dump out the value of the overall WLP environment: -

/opt/ibm/PFS/v8.5/bin/server status

CWWKE0005E: The runtime environment could not be launched.
CWWKE0010E: The required server.xml file must exist and be readable. Path: /opt/ibm/PFS/v8.5/usr/servers/defaultServer/server.xml Reason: file not found
Java home:  /opt/ibm/PFS/v8.5/java/java_1.8_64/jre
  Install root:  /opt/ibm/PFS/v8.5/
  System libraries:  /opt/ibm/PFS/v8.5/lib/
User root:  /opt/ibm/PFS/v8.5/usr/
  Config:  /opt/ibm/PFS/v8.5/usr/servers/defaultServer/
  Output:  /opt/ibm/PFS/v8.5/usr/servers/defaultServer/

As I did not specify a server name, it dumps out the overall WLP configuration, which is helpful

↧

WebSphere Application Server - Scripting Security

July 26, 2017, 6:45 am

≫ Next: Solved, WebSphere eats Linux - or, Linux reboots when WAS JVM starts up

≪ Previous: WebSphere Liberty Profile - Variables

I'm creating a set of scripts to automate a number of common tasks, including setting up Web SSO: -

/mnt/Scripts/enableSSO.jy

AdminTask.configureSingleSignon(['-enable', 'true', '-requiresSSL', 'true', '-domainName', 'uk.ibm.com'])

# Save and Sync

AdminConfig.save()

AdminNodeManagement.syncActiveNodes()

/mnt/Scripts/exportLTPAkeys.jy

AdminTask.exportLTPAKeys('[-ltpaKeyFile file:/mnt/Misc/bpm855.uk.ibm.com.ltpa -password passw0rd ]')

/mnt/Scripts/importLTPAkeys.jy

AdminTask.configureSingleSignon(['-enable', 'true', '-requiresSSL', 'true', '-domainName', 'uk.ibm.com'])

# Save and Sync

AdminConfig.save()

AdminNodeManagement.syncActiveNodes()

With thanks to this: -

SecurityConfigurationCommands command group for the AdminTask object

LTPACommandGroup command group for the AdminTask object

↧

Solved, WebSphere eats Linux - or, Linux reboots when WAS JVM starts up

July 31, 2017, 3:36 am

≫ Next: Oracle Service Names - I *WILL* get this right - EVENTUALLY

≪ Previous: WebSphere Application Server - Scripting Security

So I've been working an interesting "bug" over the past few days.

The long story short is that we had a VM running Red Hat Enterprise Linux 6.6 ( with kernel 2.6.32-696.3.1.el6.x86_64 ), hosting WebSphere Application Server 8.5.5.8 and BPM Standard 8.5.7.0.

BPM is installed a single cluster, with all of the workload running in a single JVM - in this instance.

Whilst I could happily start the Deployment Manager and Node Agent, when I started the actual BPM JVM, after a minute or two, the box would reboot.

This was 100% reproducible.

I spent a happy day last week debugging this, looking at class paths, dependent JARs, auto starting EAR files etc. but to no avail.

I even wondered whether the fact that we were running slightly older versions of WAS and BPM was pertinent, even though I've used them a million times before.

Interestingly, nothing showed up in dmesg or /var/log/messages or /var/log/kernel.log and there was no obvious kernel panic messages therein.

Thankfully, with the help of a VMware SME, we did find this : -

tail -f /var/crash/127.0.0.1-2017-07-31-10:43:30

...

<2>kernel BUG at drivers/net/vmxnet3/vmxnet3_drv.c:1412!
<4>invalid opcode: 0000 [#1] SMP
<4>last sysfs file: /sys/devices/system/cpu/online
…

which tied up with this: -

Bug 191201 - Randomly freezes due to VMXNET3

which says, in part : -

<snip>

This issue affects all virtual machines running on ESXi 6.5 host (with virtual hardware version 13), the guest will freeze randomly (sometimes several minutes after power on, and sometimes freezes several hours from boot).

I got this kernel panic log several times, possibly this issue was caused by VMXNET3.

All kernel newer than 4.8.x are affected with this issue, if I downgrade the kernel version back to 4.4.x, the VMs will work like a charm.

(Guest OS is CentOS 7.3 with kernel-ml)

And this issue doesn't happen while virtual hardware version 11 with ESXi 6.5, only happen on virtual hardware version 13 + ESXi 6.5.

</snip>

My friendly VMware SME spotted this, and suggested that we switch the virtual Network Interface Card (vNIC) to use a different driver - namely e1000.

We did this and …. voila :-)

The BPM runtime starts happily and all is good.

This appears to be related to the specific version of VMware ESX ( aka vSphere ) and the fact that the Linux VM is newly created, using the most recent virtual hardware version.

So that's all good then ….

↧

Oracle Service Names - I WILL get this right - EVENTUALLY

July 31, 2017, 7:33 am

≫ Next: IBM BPM - Consuming RESTful Services using Swagger and YAML - Learning lessons

≪ Previous: Solved, WebSphere eats Linux - or, Linux reboots when WAS JVM starts up

I saw this: -

Bootstraping data into cluster AppCluster and logging into /opt/ibm/WebSphereProfiles/Dmgr01/logs/bootstrapProcesServerData.AppCluster.log

WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
java.sql.SQLRecoverableException: Listener refused the connection with the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor
...

Caused by: oracle.net.ns.NetException: Listener refused the connection with the following error:
ORA-12514, TNS:listener does not currently know of service requested in connect descriptor
...

whilst running the bootstrap process for an IBM BPM environment: -

/opt/ibm/WebSphereProfiles/Dmgr01/bin/bootstrapProcessServerData.sh -clusterName AppCluster

Again, this is because I keep getting confused between the Oracle SID and the service name.

This helped: -

Checking oracle sid and database name

sqlplus / as sysdba

SQL*Plus: Release 12.2.0.1.0 Production on Mon Jul 31 15:18:15 2017

Copyright (c) 1982, 2016, Oracle. All rights reserved.

Connected to:
Oracle Database 12c Standard Edition Release 12.2.0.1.0 - 64bit Production

SQL> select sys_context('userenv','db_name') from dual;

SYS_CONTEXT('USERENV','DB_NAME')
--------------------------------------------------------------------------------
orcl

SQL> select ora_database_name from dual;

ORA_DATABASE_NAME
--------------------------------------------------------------------------------
ORCL.UK.IBM.COM

SQL> exit
Disconnected from Oracle Database 12c Standard Edition Release 12.2.0.1.0 - 64bit Production

Once I realised which was which, I updated my JDBC datasources to reflect the correct Service Name ( oracle.uk.ibm.com ) and all is now well: -

/opt/ibm/WebSphereProfiles/Dmgr01/bin/bootstrapProcessServerData.sh -clusterName AppCluster

Bootstraping data into cluster AppCluster and logging into /opt/ibm/WebSphereProfiles/Dmgr01/logs/bootstrapProcesServerData.AppCluster.log

WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
'BootstrapProcessServerData admin command completed successfully.....'

For the record, this WAS the URL that I had in my datasource: -

jdbc:oracle:thin:@//bpm857.uk.ibm.com:1521/orcl

and this is what I now have: -

jdbc:oracle:thin:@//bpm857.uk.ibm.com:1521/orcl.uk.ibm.com

↧

IBM BPM - Consuming RESTful Services using Swagger and YAML - Learning lessons

August 2, 2017, 6:18 am

≫ Next: IBM BPM and IBM ODM Rules - I continue to learn ...

≪ Previous: Oracle Service Names - I *WILL* get this right - EVENTUALLY

I'm just starting on a journey to use IBM BPM Standard ( actually I am using BPM Advanced on the IBM Cloud, but am only currently leveraging the BPMN engine ) to consume Decision Services hosted on IBM Operational Decision Manager.

I've done this before with BPM Advanced ( SCA/BPEL ) using WSDL, but this time around I'm using Process Designer, Integration Services, Human Services, Coaches etc.

In addition, I'm accessing the ODM Decision Service via a RESTful service, using Swagger and YAML to describe the service, rather than the more typical SOAP-over-HTTP using WSDL.

To that end, I've exported the Decision Service as a YAML document, from the Decision Server, using the Hosted Transparent Decision Service (HTDS) capability : -

using the Download button, which results in a file - EstimateInstallRuleAppEstimateInstallRulesetDecisionService-2.yaml.

Having done that, I then attempted to create a new External Service in BPM: -

and retrieved the previously downloaded YAML: -

However, when I clicked Next, I saw this: -

with this error: -

specifically: -

CWXSD0006E: Response '200' is invalid. Details: Object 'Estimate' has an invalid property definition 'days'. Data type 'integer' with format 'int64' is not supported.

To quickly overcome this, I hand-edited the YAML, and changed the format from: -

format: "int64"

to: -

format: "int32"

and tried again.

This time around, it worked.

Looking into this further, I found this: -

Invoking a REST service

• Type integer with format int64 is not supported. If the value of the integer is greater than the supported integer number, you will encounter issues. For information about the range that is supported for the integer type, see Variable types in Process Designer.

which helps.

↧

IBM BPM and IBM ODM Rules - I continue to learn ...

August 3, 2017, 4:26 am

≫ Next: IBM BPM - Why won't my Coach Views show up in my Coach ?

≪ Previous: IBM BPM - Consuming RESTful Services using Swagger and YAML - Learning lessons

Following my earlier post: -

IBM BPM - Consuming RESTful Services using Swagger and YAML - Learning lessons

I'm continuing to tinker with IBM BPM, specifically using the web-based Process Designer, to integrate with a very simple Decision Service, called, of course, Hello World.

For the record, I'm using IBM BPM on Cloud ( a SaaS offering ) against ODM Rules on Bluemix ( a PaaS offering ).

Having created an External Service, using the YAML that I exported from the Decision Server ( as per the previous post ), I've then created a Service Flow, into which I've dragged the External Service.

I've then bound the External Service to the Service Flow: -

note that I've specified the Operation.

This time around, rather than manually creating Variables within the Service Flow, I chose to have Process Designer do it for me, via the Auto-Map function

This is with what I ended up: -

However, when I tested the Service Flow by hitting the Play button: -

I saw this: -

CWTBG0019E: Unexpected exception during execution. Exception information: 'com.lombardisoftware.component.common.workflow.WorkflowProcessItemException: CWXSD1028E: The operation callDecisionServiceOperation with HTTP method POST returned an unexpected response status code 500 with response message Internal Server Error'.

So I then tried the Debug button instead:

and saw this: -

which is where I realised the error of my ways ….

Note that the Request, which has two parts, as per the downstream Decision Service, is EMPTY.

Can you say "Doofus" ? I bet you can ….

Once I added a default ( this is for testing, after all ) value: -

it just worked, returning: -

Service completed

Now to create my Coaches, Templates and Coach Views …...

↧

IBM BPM - Why won't my Coach Views show up in my Coach ?

August 3, 2017, 6:35 am

≫ Next: IBM API Connect - still learning how to say "Doh!"

≪ Previous: IBM BPM and IBM ODM Rules - I continue to learn ...

As stated previously: -

IBM BPM - Consuming RESTful Services using Swagger and YAML - Learning lessons

IBM BPM and IBM ODM Rules - I continue to learn ...

I'm tinkering with IBM BPM, learning more about the new Responsive Coach Framework in IBM BPM 8.5.7, and the Client-SIde Human Service capabilities.

Having created an External Service and a Service Flow, I then want to create a UI to allow the user to enter their name, and get back a response.

So I've created a Coach View, and marked it as a Template ( for reuse ): -

and then created a pair of Coach Views, one for the input and one for the output.

Having done this, I created a new Client-Side Human Service, and added a pair of coaches: -

However, when I went into each of the two Coaches, via the Coaches tab within the CSHS page, I did NOT see the Coach Views in the palette on the RHS: -

It took me a while to work out why …

When I'd first created the CSHS, I'd ticked the Intended for use on multiple devices checkbox: -

and, as you can guess, when I created the template from which I created the two Coach Views, I did NOT do the same :-(

I went back into the Template, and into the two Coach Views, and suitably checked the appropriate box: -

and now they both appear in the right place: -

which is nice.

↧

IBM API Connect - still learning how to say "Doh!"

August 14, 2017, 9:23 am

≫ Next: IBM DataPower Gateway on Docker - Remember the memory

≪ Previous: IBM BPM - Why won't my Coach Views show up in my Coach ?

I saw this: -

when testing my API, using the local API Connect Toolkit ( apic edit ), even though the same API worked happily on IBM Bluemix.

The suggested URL: -

https://localhost:4001/DecisionService/rest/HelloWorldProject/1.0/HelloWorld

didn't work, and there was nothing listening on port 4001 on my Mac.

Then I noticed this: -

I clicked on the Play icon, which gave me this: -

further validated thusly: -

netstat -an | grep LISTEN

tcp46 0 0 *.4001 *.* LISTEN

and now I get this: -

and, more importantly, this: -

so #LifeIsGood

↧

IBM DataPower Gateway on Docker - Remember the memory

August 15, 2017, 3:56 am

≫ Next: And more IBM DataPower Gateway - SSH this time around

≪ Previous: IBM API Connect - still learning how to say "Doh!"

I've been seeing a few interesting exceptions with an IBM DataPower Gateway Docker image, including: -

20170815T101929.233Z [0x81000029][system][error] : tid(8175): Execution of webgui:///clixform.xsl stopped: file:///drouter/webgui/clixform.xsl:3530: Stack overflow
20170815T101929.233Z [0x8100000f][system][critic] : tid(8175): Failed to save configuration to 'config:///auto-startup.cfg'
20170815T101929.234Z [0x8100003c][mgmt][critic] domain(default): tid(8175): Domain configuration not saved.
20170815T101929.235Z [0x810000d2][cli][error] : tid(207): Saving configuration failed - The configuration could not be parsed.

and: -

20170815T102740.943Z [0x81000029][system][error] : tid(8175): Execution of webgui:///clixform.xsl stopped: Out of memory
20170815T102740.943Z [0x8100000f][system][critic] : tid(8175): Failed to save configuration to 'config:///auto-startup.cfg'
20170815T102740.944Z [0x8100003c][mgmt][critic] domain(default): tid(8175): Domain configuration not saved.
20170815T102740.944Z [0x810000d2][cli][error] : tid(207): Saving configuration failed - The configuration could not be parsed..

and, when I started the container, using this script: -

datapower.sh

docker run -it \
-v $PWD/config:/drouter/config \
-v $PWD/local:/drouter/local \
-e DATAPOWER_ACCEPT_LICENSE=true \
-e DATAPOWER_INTERACTIVE=true \
-p 9090:9090 \
-p 9022:22 \
-p 5554:5554 \
-p 8000-8010:8000-8010 \
--name idg \
ibmcom/datapower

I saw this: -

20170815T102902.256Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T102902.514Z [0x804000fc][system][error] : Insufficient memory allocation. Required is 4000000 KB, but configured is 2046760 KB.
20170815T102902.514Z [0x804000fe][system][notice] : Container instance UUID: 0e839292-f45e-4ca0-be61-0603482240c4, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 1998.8MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T102902.531Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T102902.531Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T102902.918Z [0x8100006d][system][notice] : Executing system configuration.
20170815T102902.922Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
3da718e4a927
Unauthorized access prohibited.
20170815T102906.583Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T102912.809Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T102912.819Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T102912.828Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T102912.850Z [0x0034000d][mgmt][warn] ssh(SSH Service): tid(111): Object is disabled
20170815T102912.879Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T102912.879Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T102924.506Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T102924.518Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T102924.560Z [0x81000001][cli][error] : *** Unknown command or macro
20170815T102924.560Z [0x81000223][cli][error] : (startup-config:632): save-config overwrite
20170815T102924.566Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T102924.618Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.
20170815T102957.720Z [0x80e0047a][system][error] : tid(49): DataPower QuotaEnforcement task is not responding, restart in progress
20170815T103009.550Z [0x80e0047a][system][error] : tid(65): DataPower QuotaEnforcement task is not responding, restart in progress

This: -

Welcome to the DataPower for Docker v7.5.2 beta

gave me a clue as someone else had the same problem, and was advised to increase the default memory from 2 GB to 4 GB, as follows: -

I did this, and restarted the container: -

20170815T104708.843Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T104709.106Z [0x804000fe][system][notice] : Container instance UUID: a2c12305-548b-4133-98b7-b7323d224fc6, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 3947.4MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T104709.129Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T104709.130Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T104709.554Z [0x8100006d][system][notice] : Executing system configuration.
20170815T104709.557Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
1dc74c14aa4f
Unauthorized access prohibited.
20170815T104711.551Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T104717.650Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T104717.654Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T104717.659Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T104717.674Z [0x0034000d][mgmt][warn] ssh(SSH Service): tid(111): Object is disabled
20170815T104717.697Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T104717.697Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T104729.921Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T104729.927Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T104729.968Z [0x81000001][cli][error] : *** Unknown command or macro
20170815T104729.968Z [0x81000223][cli][error] : (startup-config:632): save-config overwrite
20170815T104729.971Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T104730.030Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.

Even better news … I can now log into the Web Management GUI: -

https://localhost:9090/

with the appropriate credentials, whereas I was being blocked before ( even though the same credentials worked on the serial interface ).

↧

And more IBM DataPower Gateway - SSH this time around

August 15, 2017, 4:15 am

≫ Next: IBM DataPower Gateway on Docker - So far, now (mostly) so good

≪ Previous: IBM DataPower Gateway on Docker - Remember the memory

Following this tutorial: -

Getting Started - Command Line Interface

I did this: -

configure terminal:

ssh 0.0.0.0 22

write memory

but saw this: -

20170815T105924.939Z [0x81000243][cli][error] : required property host is missing
20170815T105924.939Z [][cli][error] : (startup-config:601): exit

in the startup logs, and this: -

20170815T110105.223Z [0x00b30004][mgmt][error] ssh(SSH Service): tid(111): Invalid local address
20170815T110105.224Z [0x8100003f][mgmt][notice] domain(default): tid(111): Domain configuration has been modified.
20170815T110105.224Z [0x8240001b][audit][error] : tid(111): (admin:default:serial-port:(null)): ssh 'SSH Service' - Invalid local address
20170815T110105.224Z [0x00b30004][cli][error] ssh(SSH Service): Invalid local address

when I tried to start the SSH service: -

ssh start

Can you see what I was doing wrong ?

I was OVERWRITING the IP address/port combination used here: -

ssh 0.0.0.0 22

with this: -

ssh start

somehow assuming that IDG would know what I was talking about.

Can you say "Doh" ??

↧

IBM DataPower Gateway on Docker - So far, now (mostly) so good

August 15, 2017, 4:59 am

≫ Next: IBM DataPower Gateway - SSH now working

≪ Previous: And more IBM DataPower Gateway - SSH this time around

So this is how I pulled the image: -

docker pull ibmcom/datapower

resulting in this: -

docker images

REPOSITORY TAG IMAGE ID CREATED SIZE
ibmcom/datapower latest 5d04824ab687 2 weeks ago 758MB

and this is how I started the container for the first time: -

resulting in this: -

docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
961a7cb4adf0 ibmcom/datapower "/bin/drouter" About an hour ago Up 2 minutes 0.0.0.0:5554->5554/tcp, 0.0.0.0:8000-8010->8000-8010/tcp, 0.0.0.0:9090->9090/tcp, 0.0.0.0:9022->22/tcp idg

and this is how I start the image, having previously stopped it ( using the shutdown command ): -

docker start 961a7cb4adf0

and this is how I monitor the logs: -

docker logs 961a7cb4adf0 -f

20170815T115344.287Z [0x8040006b][system][notice] logging target(default-log): Logging started.
20170815T115344.298Z [0x804000fe][system][notice] : Container instance UUID: 69106364-39ba-4935-af9d-4012ef3b7208, Cores: 4, vCPUs: 4, CPU model: Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz, Memory: 3947.4MB, Platform: docker, OS: dpos, Edition: developers-limited, Up time: 0 minutes
20170815T115344.309Z [0x8040001c][system][notice] : DataPower IDG is on-line.
20170815T115344.310Z [0x8100006f][system][notice] : Executing default startup configuration.
20170815T115344.663Z [0x8100006d][system][notice] : Executing system configuration.
20170815T115344.665Z [0x8100006b][mgmt][notice] domain(default): tid(8175): Domain operational state is up.
961a7cb4adf0
Unauthorized access prohibited.
20170815T115346.129Z [0x806000dd][system][notice] cert-monitor(Certificate Monitor): tid(399): Enabling Certificate Monitor to scan once every 1 days for soon to expire certificates
login: 20170815T115352.235Z [0x8100006e][system][notice] : Executing startup configuration.
20170815T115352.242Z [0x8040009f][system][notice] throttle(Throttler): tid(1391): Disabling throttle.
20170815T115352.249Z [0x00350015][mgmt][notice] b2b-persistence(B2BPersistence): tid(111): Operational state down
20170815T115352.295Z [0x00350015][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state down
20170815T115352.295Z [0x00350014][mgmt][notice] smtp-server-connection(default): tid(7071): Operational state up
20170815T115352.304Z [0x81000484][mgmt][warn] : Removed the object 'ProductInsights' with value of 'ProductInsights' from the startup configuration script.
20170815T115352.304Z [0x81000243][cli][error] : required property host is missing
20170815T115352.305Z [][cli][error] : (startup-config:601): exit
20170815T115403.515Z [0x00350015][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state down
20170815T115403.521Z [0x00350014][mgmt][notice] quota-enforcement-server(QuotaEnforcementServer): tid(687): Operational state up
20170815T115404.567Z [0x00350014][mgmt][notice] web-mgmt(WebGUI-Settings): tid(303): Operational state up
20170815T115404.622Z [0x8100003b][mgmt][notice] domain(default): Domain configured successfully.

I still haven't quite cracked SSH, but that's just a matter of time :-)

I've validated the configuration re SSH: -

cat ~/config/auto-startup.cfg |grep -i ssh

acl "ssh"
ssh "0.0.0.0""22"
metadata "ssh-password-metadata"
  meta-item "variable""password""var://context/INPUT/ssh/password"
  meta-item "variable""publickey""var://context/INPUT/ssh/publickey"
  meta-item "variable""username""var://context/INPUT/ssh/username"
%if% available "sshdomainclientprofile"
sshdomainclientprofile
  ciphers CHACHA20-POLY1305_AT_OPENSSH.COM
  ciphers AES128-GCM_AT_OPENSSH.COM
  ciphers AES256-GCM_AT_OPENSSH.COM
%if% available "sshserverprofile"
sshserverprofile
  ciphers CHACHA20-POLY1305_AT_OPENSSH.COM
  ciphers AES128-GCM_AT_OPENSSH.COM
  ciphers AES256-GCM_AT_OPENSSH.COM

so it'll be sorted shortly :-)

↧

IBM DataPower Gateway - SSH now working

August 15, 2017, 6:53 am

≫ Next: Getting my head around REST APIs

≪ Previous: IBM DataPower Gateway on Docker - So far, now (mostly) so good

Today has been a day for DataPower: -

IBM DataPower Gateway on Docker - Remember the memory

And more IBM DataPower Gateway - SSH this time around

IBM DataPower Gateway on Docker - So far, now (mostly) so good

So I'm not yet sure why this works, but I was struggling to get SSH to work against an IBM DataPower Gateway Docker image/container.

Whilst the configuration looked OK: -

https://localhost:9090/configure/SSHService

the service would refuse to become active, instead frustratingly staying as disabled ( 0x0034000d ).

This meant that, whilst I could connect to the DataPower via the web admin interface: -

https://localhost:9090/

having previously enabled it: -

configure; web-mgmt 0 9090 9090;

thanks to this: -

IBM DataPower Gateways - Getting Started

I wasn't able to SSH into the box.

Thankfully, I could still attach to the serial terminal using docker attach: -

docker ps -a

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
14cffe1113a3 ibmcom/datapower "/bin/drouter" 9 minutes ago Up 23 seconds 0.0.0.0:5554->5554/tcp, 0.0.0.0:8000-8010->8000-8010/tcp, 0.0.0.0:9022->9022/tcp, 0.0.0.0:9090->9090/tcp idg

docker attach 14cffe1113a3

login: admin
Password: *****

Welcome to IBM DataPower Gateway console configuration.
Copyright IBM Corporation 1999-2017

Version: IDG.7.6.0.0 build 289959 on Jul 20, 2017 1:16:22 PM
Serial number: 0000001

Notice: startup config contains errors.
idg#

I tried various things, but to no avail.

I then started wondering whether the problem might be related to the fact that I'm running the Docker container as a non-root user, and whether the underlying OS was therefore preventing me from starting a service on a port less than 1024.

For the record, this is kinda Unix 101, one cannot run any service on, say, ports 22 or 80 or 443, unless one is running as root.

It's for that reason that I always configure my web servers ( IBM HTTP Server ) to run on ports 8080 and 8443, because who wants to run a web server as root ? Clue: NOBODY

So I changed the SSH configuration: -

configure terminal

ssh 0.0.0.0 9022

write memory

and then changed my startup script from this: -

docker run -it \
-v $PWD/config:/drouter/config \
-v $PWD/local:/drouter/local \
-e DATAPOWER_ACCEPT_LICENSE=true \
-e DATAPOWER_INTERACTIVE=true \
-p 9090:9090 \
-p 9022:22 \
-p 5554:5554 \
-p 8000-8010:8000-8010 \
--name idg \
ibmcom/datapower

to this: -

docker run -it \
-v $PWD/config:/drouter/config \
-v $PWD/local:/drouter/local \
-e DATAPOWER_ACCEPT_LICENSE=true \
-e DATAPOWER_INTERACTIVE=true \
-p 9090:9090 \
-p 9022:9022 \
-p 5554:5554 \
-p 8000-8010:8000-8010 \
--name idg \
ibmcom/datapower

In other words. I'm mapping port 9022 within the container to port 9022 within the host.

Once I did this, I was able to SSH into the box: -

ssh -p 9022 localhost

14cffe1113a3
Unauthorized access prohibited.
login: admin
Password: *****

Welcome to IBM DataPower Gateway console configuration.
Copyright IBM Corporation 1999-2017

Version: IDG.7.6.0.0 build 289959 on Jul 20, 2017 1:16:22 PM
Serial number: 0000001

Notice: startup config contains errors.
idg#

and the SSH service looks nice n' happy: -

↧

Getting my head around REST APIs

August 15, 2017, 8:50 am

≫ Next: What's the opposite of "cat" ? Another in the "I did not know that" series

≪ Previous: IBM DataPower Gateway - SSH now working

Almost every product with which I've worked recently, including: -

IBM Business Process Manager
IBM Operational Decision Manager (Rules)
IBM API Connect
IBM WebSphere Liberty Profile (Collectives)
IBM DataPower Gateway

leverages Representational State Transfer (REST) APIs, so I've got no excuse but to L-E-A-R-N.

Whilst working through the DataPower tutorial here: -

IBM DataPower Gateways - Getting Started - Your first configuration

I needed to get a handle on how to drive REST, both in the context of the IDG administration tools, which have a pretty RESTful set of APIs: -

REST management interface and IBM DataPower Gateway, Part 1: Introduction to the interface and status monitoring

REST management interface and IBM DataPower Gateway, Part 2: Configuration management

REST management interface and IBM DataPower Gateway, Part 3: File and directory management

REST management interface and IBM DataPower Gateway, Part 4: Triggering appliance operations

I thus enabled the REST Management service: -

configure; rest-mgmt; admin-state enabled; exit; exit;

Whilst the tutorial recommends the use of the HTTPie tool, I prefer to use curl which is baked into macOS, and doesn't require tools such as brew or port.

So here's my crib of some of the IDG REST APIs, via curl : -

Summary of the Management APIs

curl -k --request GET -url https://localhost:5554/mgmt/ -u admin:admin

Summary of the Status Indicators

curl -k --request GET -url https://localhost:5554/mgmt/status/ -u admin:admin

List available domains

curl -k --request GET -url https://localhost:5554/mgmt/domains/config/ -u admin:admin

Check the CPU usage

curl -k --request GET -url https://localhost:5554/mgmt/status/default/CPUUsage -u admin:admin

As you can imagine, this is a TINY example of the power of the REST APIs.

Then I moved onto the next phase of the tutorial, where we are creating a Multi-Protocol Gateway to "proxy" REST calls through the IDG to IBM Bluemix, using a sample service for Pokemon.

The service is available on Bluemix here: -

https://pokemons.mybluemix.net/api/pokemons

and, when poked with a browser, which issues a GET request, simply returns a list of Pokemons in JSON format.

Initially, I tickled the same URL using a REST client plugin called Restlet which sits nicely inside Google Chrome.

Hitting the same URL with a GET request gives me the same list of Pokemon, albeit in a nice UI: -

As part of the tutorial, I needed to add a new Pokemon to the list, using the POST method.

Whilst I could use Restlet for this, I wanted to use curl, so I tested the GET request: -

curl --request GET --url https://pokemons.mybluemix.net/api/pokemons

[{"data":{"moves":"fast"},"height":"34","name":"charmeleon","weight":432,"id":"2"},{"data":{"moves":"very fast"},"height":"90","name":"venusaur","weight":80,"id":"3"},{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"1"},{"data":{"moves":"fast"},"height":"50","name":"bulbasuar","weight":100,"id":"4"},{"data":{"moves":"slow"},"height":"70","name":"charmander","weight":122,"id":"9ed78062996515b4db7e1b78d73208b0"}]

I then added a new Pokemon: -

curl --request POST --url https://pokemons.mybluemix.net/api/pokemons --header 'accept: application/json' --header 'content-type: application/json' --data '{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"6"}'

{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"6"}

and retrieved the updated list: -

curl --request GET --url https://pokemons.mybluemix.net/api/pokemons

[{"data":{"moves":"fast"},"height":"34","name":"charmeleon","weight":432,"id":"2"},{"data":{"moves":"very fast"},"height":"90","name":"venusaur","weight":80,"id":"3"},{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"1"},{"data":{"moves":"fast"},"height":"50","name":"bulbasuar","weight":100,"id":"4"},{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"6"},{"data":{"moves":"slow"},"height":"70","name":"charmander","weight":122,"id":"9ed78062996515b4db7e1b78d73208b0"}]

When I (perhaps stupidly) re-ran the POST request with the SAME data, I got this: -

{"error":{"name":"Error","status":409,"message":"Document update conflict. (duplicate?)","error":"conflict","reason":"Document update conflict.","scope":"couch","statusCode":409,"request":{"method":"POST","headers":{"content-type":"application/json","accept":"application/json"},"uri":"https://XXXXXX:XXXXXX@757241f7-e17e-4fc1-b206-91919dd9ced5-bluemix.cloudant.com/pokemon_db","body":"{\"data\":{\"moves\":\"slow\"},\"height\":\"70\",\"name\":\"ivysaur\",\"weight\":200,\"_id\":\"6\",\"loopback__model__name\":\"pokemon\"}"},"headers":{"cache-control":"must-revalidate","content-type":"application/json","date":"Tue, 15 Aug 2017 15:36:22 GMT","x-couch-request-id":"e7ffd29868","x-content-type-options":"nosniff","x-cloudant-backend":"bm-dal-standard3","via":"1.1 lb1.bm-dal-standard3 (Glum/1.37.0)","strict-transport-security":"max-age=31536000","statusCode":409,"uri":"https://XXXXXX:XXXXXX@757241f7-e17e-4fc1-b206-91919dd9ced5-bluemix.cloudant.com/pokemon_db"},"errid":"non_200","description":"couch returned 409"}}

which kinda makes sense.

To prove this, I used the DELETE method: -

curl --request DELETE --url https://pokemons.mybluemix.net/api/pokemons/6

{"count":1}

retrieved the now updated list: -

curl --request GET --url https://pokemons.mybluemix.net/api/pokemons

and then reinserted ID 6: -

{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"6"}

and (finally) retrieved the now updated list: -

curl --request GET --url https://pokemons.mybluemix.net/api/pokemons

[{"data":{"moves":"fast"},"height":"34","name":"charmeleon","weight":432,"id":"2"},{"data":{"moves":"very fast"},"height":"90","name":"venusaur","weight":80,"id":"3"},{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"1"},{"data":{"moves":"fast"},"height":"50","name":"bulbasuar","weight":100,"id":"4"},{"data":{"moves":"slow"},"height":"70","name":"ivysaur","weight":200,"id":"6"},{"data":{"moves":"slow"},"height":"70","name":"charmander","weight":122,"id":"9ed78062996515b4db7e1b78d73208b0"}]

All of this is of use, because it's enabled me to get a better handle on how I can drive REST from a browser, from a plugin ( Restlet in my case ) and from the command-line, using curl.

Which is all nice.

For the record, here's how I test an API deployed to IBM API Connect: -

curl -k --request POST \
--url https://apimdev2019.hursley.ibm.com/daves-org/sb/DecisionService/rest/HelloWorldProject/1.0/HelloWorld \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '{"request":"David M M Hay"}'

↧

What's the opposite of "cat" ? Another in the "I did not know that" series

August 16, 2017, 2:33 am

≫ Next: IBM API Connect - Adding IBM DataPower Gateway into the mix - SOMA import failed

≪ Previous: Getting my head around REST APIs

Thanks to a friend, Paul Smith, for sharing this.

He had a requirement - to take a list of items ( a text file ) and invert the list.

Initially I thought he meant that he wanted to sort the list, which seemed simple.

Here's a list: -

cat list.txt

Cat
Rabbit
Dog
Gerbil
Hamster
Horse
Rhino
Hippo
Alosaur

so here's the sorted list: -

sort list.txt

Alosaur
Cat
Dog
Gerbil
Hamster
Hippo
Horse
Rabbit
Rhino

and here's the reverse sort: -

sort -r list.txt

Rhino
Rabbit
Horse
Hippo
Hamster
Gerbil
Dog
Cat
Alosaur

but NO, I didn't understand his requirement - he wanted the list reversed BUT not sorted.

Introducing …. TAC

Why tac ? 'cos it's the reverse of cat :-)

Unix and puns, what's not to like

So here's the list, reversed BUT NOT sorted: -

tac list.txt

Alosaur
Hippo
Rhino
Horse
Hamster
Gerbil
Dog
Rabbit
Cat

↧

IBM API Connect - Adding IBM DataPower Gateway into the mix - SOMA import failed

August 17, 2017, 6:39 am

≫ Next: IBM DataPower Playground - on IBM Bluemix

≪ Previous: What's the opposite of "cat" ? Another in the "I did not know that" series

I've been tinkering with an IBM API Connect 5.0.7.2 implementation on my Mac, running all three VMs; the API Manager, the Developer Portal AND the DataPower Gateway on the same box.

However, I saw this: -

when attempting to integrate APIC and IDG.

I dumped out the APIC CMC logs: -

debug postmortem export sftp 10.10.2.3 user fred file /tmp/foobar.tar.gz

and, on the Mac, exploded the resulting tarball, giving me this: -

log/cmc.out:2017-08-17 13:19:30.076 SEVERE [T-83] [com.ibm.datapower.gwapi.impl.GatewaysImpl.deployFilesAndConfig] Deploy: APIMgmt_9A8A3AFACB/gw1: failed: IOException:SOMA import failed
log/cmc.out:Throwable occurred: java.io.IOException: SOMA import failed
log/cmc.out:at com.ibm.datapower.gwapi.soma.Manager.importConfig(Manager.java:657)
log/cmc.out:at com.ibm.datapower.gwapi.soma.Manager.importConfig(Manager.java:625)
log/cmc.out:at com.ibm.datapower.gwapi.soma.Manager.importConfig(Manager.java:621)
log/cmc.out:2017-08-17 13:19:30.084 SEVERE [T-83] [com.ibm.apimgmt.exception.APIGenericException$Serializer.serialize] Error(599597e2e4b0d25e2a2ee700), Http-Code(500), Message(SOMA import failed), User(cmc/admin), Path(post:/gatewayClusters/599426b4e4b04960a3daf1dd/servers/59959798e4b0d25e2a2ee6fa)

Looking here: -

API Connect v5 Cloud Management Console response with "SOMA import failed" when assigning an Unused Server (DataPower Appliance) to the Gateway Service.

I'm wondering whether RAM may be the issue.

As a quick test, I'm moving the IDG VM from the main Mac to another Mac, in order to spread the load, leaving the Manager and Portal VMs on the primary box.

We'll see ……

*UPDATE*

Yes, as I suspected, once I moved the IDG VM to another box, and increased it's RAM from 4 GB to 8 GB, all is now well.

On APIC, we have: -

and, on IDG, we have: -

Now to test my API ....

↧

IBM DataPower Playground - on IBM Bluemix

August 18, 2017, 1:49 am

≫ Next: IBM API Connect - Webhooks not configured

≪ Previous: IBM API Connect - Adding IBM DataPower Gateway into the mix - SOMA import failed

I found this serendipitously whilst looking for something completely different: -

Welcome to the IBM DataPower Playground.

The IBM DataPower Playground is an interactive website that lets you write GatewayScript code and execute it on a cloud hosted DataPower Gateway for learning purposes.

GatewayScript is a new transformation technology for API, Web and Mobile and is available in DataPower as a Processing Policy Action starting from firmware version 7.0. For more information see the documentation.

To get started click on the Samples tab.

DataPower Playground

For the record, I'm tinkering with DataPower in multiple contexts at present, both DataPower on Docker ( see previous posts ) and DataPower with IBM API Connect ( see previous posts ).

So that's all good then ...

↧

IBM API Connect - Webhooks not configured

August 18, 2017, 7:27 am

≫ Next: IBM API Connect - "Unexpected token ILLEGAL"

≪ Previous: IBM DataPower Playground - on IBM Bluemix

I'm learning my way around IBM API Connect at present, which is giving me a great opportunity to also learn IBM DataPower Gateway, which is nice.

Whilst trying to determine why I'm unable to test my APIs on the DataPower Gateway from within the API Manager, I was looking at some of the underlying Developer Portal commands, including: -

list_sites

which returned: -

5995c388e4b0d25e2a2ee8f2.5995c388e4b0d25e2a2ee8fe => portal.uk.ibm.com/davehay/sb (INSTALLED) <!> Webhooks not configured

and: -

status

System version: 7.x-5.0.7.2-20170629-1629
Distribution version: 7.x-5.0.7.2-20170628-2109

Free disk space: 16G
Set Hostname: OK
DNS Server: Reachable (192.168.153.2)
APIC SSH Key: OK

Configuration:
  APIC Hostname: management.uk.ibm.com
  APIC IP: 192.168.153.130
  Devportal Hostname: portal.uk.ibm.com
  Devportal IP: 192.168.153.132
  APIC Certificate Status (Default): ERROR - The certificate that was presented by the remote was self signed, but with the expectation that it would be CA signed.
Please ensure that there is a valid CA signed certificate being used by the APIM servers and ensure any intermediate public certificates are presented or are in the trust store.

Node is standalone

Site web check: All sites OK

Site services:
Webhooks: Some DOWN <!> (portal.uk.ibm.com/davehay/sb)
  Background sync: All sites Up

Services:
  Queue   is Up
  Database   [Mysql]     is Up (Standalone)
  Web Server [Nginx]     is Up
  PHP Pool   [Php5-fpm]   is Up
  Inetd   [Openbsd-inetd] is Up
  REST     [Restservice]   is Up

FAILURE: Some services are DOWN.

which was less than impressive.

Thankfully the Knowledge Centre saved me: -

Installing the Developer Portal

which said, in part: -

So I ran the command: -

download_apim_cert

which returned: -

depth=0 C = US, ST = NY, L = Armonk, O = IBM Corporation, CN = API Connect
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = NY, L = Armonk, O = IBM Corporation, CN = API Connect
verify return:1
DONE
WARNING: The common name provided in the certificate, "Connect", does not match the configured IBM APIC server: "management.uk.ibm.com". The developer portal will be configured to trust the provided certificate without checking that the server name matches the common name.
Setting user provided https certificate for portal.uk.ibm.com/davehay/sb

I then re-ran the status command: -

status

System version: 7.x-5.0.7.2-20170629-1629
Distribution version: 7.x-5.0.7.2-20170628-2109

Free disk space: 16G
Set Hostname: OK
DNS Server: Reachable (192.168.153.2)
APIC SSH Key: OK

Configuration:
  APIC Hostname: management.uk.ibm.com
  APIC IP: 192.168.153.130
  Devportal Hostname: portal.uk.ibm.com
  Devportal IP: 192.168.153.132
  APIC Certificate Status (Mismatch): WARNING - Only suitable for development and PoC purposes.

Node is standalone

Site web check: All sites OK

Site services:
Webhooks: All sites Up
  Background sync: All sites Up

Services:
  Queue   is Up
  Database   [Mysql]     is Up (Standalone)
  Web Server [Nginx]     is Up
  PHP Pool   [Php5-fpm]   is Up
  Inetd   [Openbsd-inetd] is Up
  REST     [Restservice]   is Up

SUCCESS: All services are Up.

and the list_sites command: -

list_sites

5995c388e4b0d25e2a2ee8f2.5995c388e4b0d25e2a2ee8fe => portal.uk.ibm.com/davehay/sb (INSTALLED)

So that's all good then ….

↧