Monday, December 31, 2012

Packt Publishing - Seasonal eBook Offer - Buy 2 or more $5 each

This from those nice people from Packt Publishing: -

To celebrate the festive season, Packt is pleased to announce a special eBook offer – stock your reader this Christmas.

All [yes, ALL] Packt eBooks are on offer now for $5 | €4 | £3 | AUS$5 each when you buy 2 or more. Just add the eBooks into your cart and when you have chosen 2 or more eBooks, you'll get each for $5 per copy when you checkout. This offer is available until Thursday 3rd Jan 2013.

Packt eBooks are flexible and easy to use on any reader: -

  • Download any version, any time, from your account on www.packtpub.com  
  •  Available PDF, ePub [Android, Kobo], Mobi [Kindle] - You can email it right onto your Kindle from your account 
  •  No DRM, meaning you can copy to any device, as often as you like  
  •  You can print, and copy and paste from the eBook directly.
Go, get shopping now



NSURLErrorDomain error using MacTubes - SOLVED

I saw this exception: -

NSURLErrorDomain error -1102

using MacTubes v3.1.5 earlier today whilst downloading from YouTube.

I'd seen the same exception previously, before I upgraded my Mac from Lion ( OS X 10.7 ) to Mountain Lion ( OS X 10.8 ), so I assumed that the problem was with MacTubes rather than with OS X.

A quick Google search took me to this forum post: -


which recommended an update to MacTubes.

Now the original poster was using MacTubes 3.1.4, and fixed the problem by going to 3.1.5.

I thought I'd apply the same logic.

Here: -


at the MacTubes website, the developer reports that 3.1.6: -

• Fixed problem that failed downloading video file.(v3.1.6)

So I took the plunge, downloaded the new version, replacing that which I had in my Applications folder, started it up and … voila, it all works.

Nice one, MacTubes :-)

Friday, December 28, 2012

Mac OS X 10 - Two phews for the price of one ...

So I've finally ( after six long months ) decided to take the plunge and update my Apple MacBook Pro ( with Retsina ) to OS X 10.8 Mountain Lion.

Now I downloaded Mountain Lion the day it was released, and blogged about it shortly afterwards.

However, for various reasons, mostly to do with too much work and too little "spare" time, I've only just got around to it.

I was partly motivated by having some time, and also by my company choosing to stop supporting Lion ( internally) from December 31 onwards.

So, having backed up my Mac to three different USB drives ( using Time Machine, SuperDuper and good ole fashioned tar/zip/cp ), I re-ran through my earlier blog post to create a bootable USB drive containing the Mountain Lion code, and got stuck into it.

So, the first hurdle that I came across was trying and failing to boot the Mac from the USB drive.

No matter what combination of keys I used, I kept ending up at the login screen, rather than booting from the drive itself.

Eventually, using [Alt][CMD], I got to a strange screen that I'd not seen before: -



After a quick Google search, I realised that I'd hit the firmware password prompt, for the first time ever.

Casting my mind back, I realised that I'd set a firmware password when I first acquired the new MacBook in June 2012.

So, having entered the right firmware password, things started to proceed as per usual.

I booted from the USB drive, started Disk Utility and attempted to delete the existing OS X Lion partition. This initially didn't work, because I'd not unlocked the existing partition ( which is encrypted, and thus locked, using FileVault 2 ). I clicked the icon to unlock the partition, entered my usual log on password, and deleted the partition .... or so I thought.

It turned out that I'd deleted one partition, but the second, also encrypted, partition was then hidden from me.

This left me in somewhat of a conundrum - I couldn't delete the "hidden" encrypted partition, I couldn't repartition the drive, I couldn't install Mountain Lion, I couldn't boot back into Lion.

So, before reaching for one of the backup drives, I instead reached for Google - again.

The search string that I used was: -

"The partition contains a locked disk and can not be resized until it is unlocked"

which appeared on the partition screen within Disk Utility.

This led me to this thread: -

External HDD Unlock

which, amongst other things, included a response from one Eddie Yam, who reported how he used the diskutil command in Terminal to list the Logical Volume Group and then delete it, leaving the drive nice n' clean.

I didn't capture screen shots from this, so here's Eddie's rather nice screen shots: -





In essence, he ( and ) used: -

$ diskutil corestorage list

and: -

$ diskutil corestorage delete <VOLUME GROUP ID>

Once done, I was able to quit the Terminal application, and launch the Reinstall OS X application, and the installation proceeds as I type.

Random things to remember about my first IBM Business Process Manager Advanced v8 installation ...




Create the databases

$ su - db2inst1
$ vi /home/db2inst1/create_BPMv8_databases.txt 

create database BPMDB automatic storage yes  using codeset UTF-8 territory US pagesize 32768;
connect to BPMDB;
grant dbadm on database to user DB2INST1;
UPDATE DB CFG FOR BPMDB USING LOGFILSIZ 4096 DEFERRED;
UPDATE DB CFG FOR BPMDB USING LOGSECOND 64 DEFERRED;
db2 "CREATE BUFFERPOOL bpmdbPool PAGESIZE 32 K"
db2 "CREATE BUFFERPOOL bpmdbPool1 PAGESIZE 32 K"
db2 "CREATE BUFFERPOOL bpmdbPool2 PAGESIZE 32 K"
db2 "CREATE REGULAR TABLESPACE BPMDBTS32 PAGESIZE 32 K MANAGED BY SYSTEM USING (' BPMDBTS32') BUFFERPOOL bpmdbPool1"
db2 "CREATE SYSTEM TEMPORARY TABLESPACE BPMDBTS32SYS PAGESIZE 32 K MANAGED BY SYSTEM USING ('BPMDBTS32SYS') BUFFERPOOL bpmdbPool2"
connect reset;

create database PDWDB automatic storage yes  using codeset UTF-8 territory US
pagesize 32768;
connect to PDWDB;
grant dbadm on database to user DB2INST1;
UPDATE DB CFG FOR PDWDB USING LOGFILSIZ 4096 DEFERRED;
UPDATE DB CFG FOR PDWDB USING LOGSECOND 64 DEFERRED;
db2 "CREATE BUFFERPOOL pdwdbPool PAGESIZE 32 K"
db2 "CREATE BUFFERPOOL pdwdbPool1 PAGESIZE 32 K"
db2 "CREATE BUFFERPOOL pdwdbPool2 PAGESIZE 32 K"
db2 "CREATE REGULAR TABLESPACE pdwdbTS32 PAGESIZE 32 K MANAGED BY SYSTEM USING ('pdwdbTS32') BUFFERPOOL pdwdbPool1"
db2 "CREATE SYSTEM TEMPORARY TABLESPACE pdwdbTS32SYS PAGESIZE 32 K MANAGED BY SYSTEM USING ('pdwdbTS32SYS') BUFFERPOOL pdwdbPool2"connect reset;

create database CMNDB automatic storage yes  using codeset UTF-8 territory US
pagesize 32768;
connect to CMNDB;
grant dbadm on database to user DB2INST1;
UPDATE DB CFG FOR CMNDB USING LOGFILSIZ 4096 DEFERRED;
UPDATE DB CFG FOR CMNDB USING LOGSECOND 64 DEFERRED;
db2 "CREATE BUFFERPOOL cmndbPool PAGESIZE 32 K"
db2 "CREATE BUFFERPOOL cmndbPool1 PAGESIZE 32 K"
db2 "CREATE BUFFERPOOL cmndbPool2 PAGESIZE 32 K"
db2 "CREATE REGULAR TABLESPACE CMNDBTS32 PAGESIZE 32 K MANAGED BY SYSTEM USING ('CMNDBTS32') BUFFERPOOL cmndbPool1"
db2 "CREATE SYSTEM TEMPORARY TABLESPACE CMNBTS32SYS PAGESIZE 32 K MANAGED BY SYSTEM USING ('CMNBTS32SYS') BUFFERPOOL cmndbPool2"
connect reset;

$ db2 -tvf home/db2inst1/create_BPMv8_databases.txt 

create database BPMDB automatic storage yes  using codeset UTF-8 territory US pagesize 32768
DB20000I  The CREATE DATABASE command completed successfully.

connect to BPMDB

   Database Connection Information

 Database server        = DB2/LINUXX8664 9.7.5
 SQL authorization ID   = DB2INST1
 Local database alias   = BPMDB


grant dbadm on database to user DB2INST1
DB21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:
SQL0554N  An authorization ID cannot grant a privilege or authority to itself. 
SQLSTATE=42502

UPDATE DB CFG FOR BPMDB USING LOGFILSIZ 4096 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

UPDATE DB CFG FOR BPMDB USING LOGSECOND 64 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

connect reset
DB20000I  The SQL command completed successfully.

create database PDWDB automatic storage yes  using codeset UTF-8 territory US pagesize 32768
DB20000I  The CREATE DATABASE command completed successfully.

connect to PDWDB

   Database Connection Information

 Database server        = DB2/LINUXX8664 9.7.5
 SQL authorization ID   = DB2INST1
 Local database alias   = PDWDB


grant dbadm on database to user DB2INST1
DB21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:
SQL0554N  An authorization ID cannot grant a privilege or authority to itself. 
SQLSTATE=42502

UPDATE DB CFG FOR PDWDB USING LOGFILSIZ 4096 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

UPDATE DB CFG FOR PDWDB USING LOGSECOND 64 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

connect reset
DB20000I  The SQL command completed successfully.

create database CMNDB automatic storage yes  using codeset UTF-8 territory US pagesize 32768
DB20000I  The CREATE DATABASE command completed successfully.

connect to CMNDB

   Database Connection Information

 Database server        = DB2/LINUXX8664 9.7.5
 SQL authorization ID   = DB2INST1
 Local database alias   = CMNDB


grant dbadm on database to user DB2INST1
DB21034E  The command was processed as an SQL statement because it was not a 
valid Command Line Processor command.  During SQL processing it returned:
SQL0554N  An authorization ID cannot grant a privilege or authority to itself. 
SQLSTATE=42502

UPDATE DB CFG FOR CMNDB USING LOGFILSIZ 4096 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

UPDATE DB CFG FOR CMNDB USING LOGSECOND 64 DEFERRED
DB20000I  The UPDATE DATABASE CONFIGURATION command completed successfully.

connect reset
DB20000I  The SQL command completed successfully.

Oops, didn't previously install IBM Installation Manager


$ cat /tmp/IBM_LaunchPad_BPM_1350053327740/bpm.offering.syserr 

/tmp/launchpad/content/scripts/runCommand.sh: line 9: /opt/IBM/InstallationManager/eclipse/tools/imcl: No such file or directory






Download the Unified Task List (UTL) Portlet









BPM URLs

Process Center


Process Portal


ISC


BPC Explorer


Process Admin




RESTful URLs





Misc URLs





Thursday, December 20, 2012

Kolban's Book on IBM BPM

I found references to this book a few months ago, when I was looking for some help getting the IBM Unified Task List (UTL) portlet running inside WebSphere Portal v7 against IBM BPM v8.

http://www.neilkolban.com/IBM/Book%20Cover%20-%2012-2012%20-%20small.png

From Neil Kolban himself: -

I am an IBM employee who focuses on the IBM Business Process Manager and related products. Over time, I have built and collected information related to the use of this product which I have found to be of value to users, potential users and fellow IBMers. This page presents access to my personal notes, links and other related items that I feel may be of value.

Although I am an IBM employee, please note that any words, concepts or content may not necessarily represent the views of IBM. In addition, there are definetly inaccuracies in my content and thoughts. As such please use this information for what it is, an attempt to share information on IBM's BPM products from my mind to yours.

Enjoy!!

As I learn an IBM product, I take copious notes and jot down thoughts. I have bundled these together into book format and now make it available as a PDF document available for download. The book is released once a month (normally on the 1st day of the month) so it is a good idea to bookmark this page and check back regularly.


The October 2012 edition is now on the iPad, and I'm making my way through it's 1,300+ pages.

So imagine my pleasure to find that Neil has released the December 2012 version here: -


and that we're now up to 1453 pages :-)


Monday, December 17, 2012

More on wsadmin, LDAP servers ( Bluepages ) and WebSphere Application Server

This is an update to my previous post, and follows an interaction with an IBM colleague, who wasn't able to get this working, at least initially.

When I looked back at my steps, I'm not sure how I got it working - perhaps I made some changes that didn't make it into the original blog post :-(

Ah well, c'est la vie.

Anyway, here's an up-to-date set of instructions: -

Change to the WAS profile's binary directory

$ cd /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/bin/

Start the wsadmin client
$ ./wsadmin.sh -lang jython -user e1wasadmin -password passw0rd

WASX7209I: Connected to process "dmgr" on node E1PCDMNODENode using SOAP connector;  The type of process is: DeploymentManager
WASX7031I: For help, enter: "print Help.help()"

List the existing repositories - to start with, we only have one - fileRegistry.xml

wsadmin>AdminTask.listIdMgrRepositories()

'{InternalFileRepository={repositoryType=File, host=LocalHost}}'

Start the process of configuring the WIM user registry

wsadmin>AdminTask.configureAdminWIMUserRegistry('[-realmName defaultWIMFileBasedRealm -verifyRegistry false ]')

''

Create a new LDAP repository

wsadmin>AdminTask.createIdMgrLDAPRepository('[-default true -id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -supportChangeLog none -certificateFilter -loginProperties uid]') 

'CWWIM5046W Each configured repository must contain at least one base entry. Add a base entry before saving the configuration. For LDAP repository, add the LDAP server before adding the base entry.'

Now we have TWO repositories
wsadmin>AdminTask.listIdMgrRepositories()

'{InternalFileRepository={repositoryType=File, host=LocalHost}, LDAP1={repositoryType=LDAP, specificRepositoryType=IDS}}'

Add an LDAP server to the new repository

wsadmin>AdminTask.addIdMgrLDAPServer('[-id LDAP1 -host bluepages.ibm.com -port 389 -bindDN uid=7712663228,c=gb,ou=bluepages,o=ibm.com -bindPassword passw0rd! -referal ignore -sslEnabled false -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter]')

'CWWIM5027W The configuration is not complete. Saving an incomplete configuration can cause startup problems.'

Set the login properties

wsadmin>AdminTask.updateIdMgrLDAPRepository('[-id LDAP1 -adapterClassName com.ibm.ws.wim.adapter.ldap.LdapAdapter -ldapServerType IDS -sslConfiguration -certificateMapMode exactdn -certificateFilter -supportChangeLog none -loginProperties uid]')

'CWWIM5027W The configuration is not complete. Saving an incomplete configuration can cause startup problems.'

Set the base entry

wsadmin>AdminTask.addIdMgrRepositoryBaseEntry('[-id LDAP1 -name o=ibm.com -nameInRepository o=ibm.com]')

'CWWIM5028I  The configuration is saved in a temporary workspace. You must use the "$AdminConfig save" command to save it in the master repository.'

wsadmin>AdminTask.addIdMgrRealmBaseEntry('[-name defaultWIMFileBasedRealm -baseEntry o=ibm.com]') 

'CWWIM5028I  The configuration is saved in a temporary workspace. You must use the "$AdminConfig save" command to save it in the master repository.'

Validate the admin user - which remains in the fileRegistry repository, rather than in LDAP

wsadmin>AdminTask.validateAdminName('[-registryType WIMUserRegistry -adminUser e1wasadmin ]')

'true'

Enable global security - this allows us to secure the admin console by default

wsadmin>AdminTask.setAdminActiveSecuritySettings('[-activeUserRegistry WIMUserRegistry -enableGlobalSecurity true]')

''

Set the user search base

wsadmin>AdminTask.updateIdMgrLDAPEntityType('[-id LDAP1 -name PersonAccount -objectClasses ibmPerson;inetorgperson -searchBases c=us,ou=bluepages,o=ibm.com -searchFilter ]')

'CWWIM5028I  The configuration is saved in a temporary workspace. You must use the "$AdminConfig save" command to save it in the master repository.'

Set the group search base

wsadmin>AdminTask.updateIdMgrLDAPEntityType('[-id LDAP1 -name Group -objectClasses groupOfNames -searchBases ou=memberlist,ou=ibmgroups,o=ibm.com -searchFilter ]')

'CWWIM5028I  The configuration is saved in a temporary workspace. You must use the "$AdminConfig save" command to save it in the master repository.'
Save the configuration

wsadmin>AdminConfig.save()

''
Sync the nodes

wsadmin>AdminNodeManagement.syncActiveNodes()

---------------------------------------------------------------
 AdminNodeManagement:        Synchronize the active nodes
 Usage: AdminNodeManagement.syncActiveNodes()
 Return: If the command is successfully invoked, a value of 1 is returned. 
---------------------------------------------------------------
 
1


List the repositories ( again )

wsadmin>AdminTask.listIdMgrRepositories()

'{InternalFileRepository={repositoryType=File, host=LocalHost}, LDAP1={repositoryType=LDAP, specificRepositoryType=IDS, host=bluepages.ibm.com}}'

List the base entry for the newly added LDAP repository

wsadmin>AdminTask.listIdMgrRepositoryBaseEntries('[-id LDAP1]')

'{o=ibm.com=o=ibm.com}'

We're finished

wsadmin> quit

That's it, that's the lot.

This time, after restarting the WAS server ( in my case, it's a Deployment Manager ), I can search for, and find, "real" users and groups from LDAP.

Sweet .....

PS For the record, this time around, I'm using WebSphere Application Server 8.0.0.3

Thursday, December 13, 2012

IBM Notes 9 on the Mac - it's lovely ….

Following many others in my network, I've taken the plunge and updated my Mac to run IBM Notes 9, replacing IBM Lotus Notes 8.5.4 CD5.
  • Activity streams: allow you to view and take action quickly on content and events
  • Embedded Experiences: allow you to access business critical actions from other applications without leaving your email. This brings collaboration in-context and results in tighter integration across iNotes, Connections, Notes, app dev (XPages), and 3rd-party products and services
  • Contemporary user interface, simpler navigation, easier to locate information both in Notes and iNotes
  • IBM Notes Browser Plug-in: allows rapid delivery of IBM Notes Social Edition applications to the web
  • Incorporation of a social application container, based on the OpenSocial standard, which provides for development of a reusable set of "gadgets" from both IBM and third parties
  • Inclusion of the XPages Extension Library which greatly improves developer productivity when building collaborative workflow driven applications for web, mobile web and Notes
  • Domino Designer provides a new home page, editor enhancements and a server-side JavaScript debugger for use with XPages
  • Enhancements to Domino REST services and new Calendaring and Scheduling APIs
  • Domino integration: SAML, OAuth
  • Notes Traveler: Windows Phone 7.5/8; BlackBerry 10 BES support; IBM i Server
It's early days, but it's looking very nice.





Here's the IBM Notes and Domino 9.0 Social Edition Public Beta Forum from where you can access the Public Beta site here: -

IBM Business Monitor v8 - Linking Up

And hot on the heels of my last post: -


IBM BPM - A Few Good Links

I'm harvesting a whole slew of useful links from the most excellent @IBMBPM account on Twitter.

These include: -









It's all good :-)

Friday, December 7, 2012

com.lombardisoftware.client.security.AuthorizationDeniedException: You are not authorized to make changes to items in this context

This one drove me to distraction for most of this week.

Whilst trying to populate my BPM databases using the bootstrap process: -

$ /opt/IBM/WebSphere80/AppServer/BPM/Lombardi/tools/bootstrapProcessServerData.sh -clusterName  E1PCSR01.AppTarget

but it kept failing with: -

...
TWImportAndActivate:
    [mkdir] Created dir: /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/temp/saved-search-admin.twx
    [unzip] Expanding: /opt/IBM/WebSphere80/AppServer/BPM/Lombardi/imports/saved-search-admin.twx into /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/temp/saved-search-admin.twx
   [delete] Deleting directory /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/temp/saved-search-admin.twx

TWActivateWrapper:

importRBGs:
     [echo] bootstrapData: Importing Resource Bundle Groups...

BUILD FAILED
/opt/IBM/WebSphere80/AppServer/BPM/base/profile/actions/bootstrapData.ant:46: The following error occurred while executing this line:
/opt/IBM/WebSphere80/AppServer/BPM/base/profile/actions/bootstrapData.ant:53: The following error occurred while executing this line:
/opt/IBM/WebSphere80/AppServer/BPM/base/profile/actions/tw_init_bootstrap.ant:347: Java returned: 1

Total time: 1 minute 50 seconds

Bootstrap failed


and: -

...
INFO: Client code attempting to load security configuration
06-Dec-2012 13:40:49 com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident
INFO: FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/logs/ffdc/ffdc.6400587257559169791.txt com.ibm.ws.orbimpl.transport.WSTransport.getConnection 448
06-Dec-2012 13:40:49 com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident
INFO: FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/logs/ffdc/ffdc.8213873865726580924.txt com.ibm.ws.naming.util.WsnInitCtxFactory.mergeWsnNSProperties 1551
06-Dec-2012 13:40:49 com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident
INFO: FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/logs/ffdc/ffdc.296063757638535691.txt com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext 965
06-Dec-2012 13:40:49 com.ibm.ffdc.util.provider.FfdcOnDirProvider logIncident
INFO: FFDC1003I: FFDC Incident emitted on /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/logs/ffdc/ffdc.2968224156869316365.txt com.ibm.ws.naming.util.WsnInitCtxFactory.getRootJndiContext 886
06-Dec-2012 13:40:49 com.lombardisoftware.utility.db.QueryUtil findDatabaseType
WARNING: Could not find database from JNDI lookup in server. Defaulting to configuration file
06-Dec-2012 13:40:49 com.lombardisoftware.core.cache.LocalCache initializeSettingsFile
INFO: CWLLG2155I:  Cache settings read have been from file file:/opt/IBM/WebSphere80/AppServer/BPM/Lombardi/process-server/twinit/lib/basic_resources.jar!/LombardiTeamWorksCache.xml.
Exception in thread "P=248348:O=0:CT" com.lombardisoftware.client.security.AuthorizationDeniedException: You are not authorized to make changes to items in this context
at com.lombardisoftware.client.security.AuthorizationUtils.deny(AuthorizationUtils.java:120)
at com.lombardisoftware.client.security.PersistenceAuthorizationImpl.assertWrite(PersistenceAuthorizationImpl.java:25)
at com.lombardisoftware.server.ejb.persistence.PSDefaultHandler.save(PSDefaultHandler.java:80)
at com.lombardisoftware.server.ejb.persistence.PersistenceServicesCore.saveInternal(PersistenceServicesCore.java:306)
...

As per usual, I spent some time looking for the answer in a variety of places, including Google.

Eventually, I found this developerWorks forum post: -


which suggested that the problem really was one of authorization.

I checked my database: -

$ db2 connect to BPMDB
db2 "select propkey,propvalue from lsw_system where propvalue like '53c5c0a3-0d2b-4822-b94c-5722a59d5227'"

PROPKEY PROPVALUE
InstallationGUID 53c5c0a3-0d2b-4822-b94c-5722a59d5227                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  1 record(s) selected.


Following Andrew Paier's response to the forum post, I then checked the LSW_ACL_ENTRY table: -

db2 "select * from DB2INST1.LSW_ACL_ENTRY"

ACL_ENTRY_ID   USER_ID        GROUP_ID       PO_TYPE    PO_ID                                MASK                 
-------------- -------------- -------------- ---------- ------------------------------------ ---------------------
            1.              -             3.      5000. d106db6a-393e-49b2-8ec9-3fd149438343                  127.
            2.              -             4.      5000. d106db6a-393e-49b2-8ec9-3fd149438343                   63.
            3.              -             3.      2066. 1b351583-e5cb-43b7-baee-340a63130ea7                   63.
            4.              -             4.      2066. 1b351583-e5cb-43b7-baee-340a63130ea7                   63.
            5.              -             3.      2066. bdf91468-0d01-4ae2-bb53-054b3b591f94                  127.
            6.              -             4.      2066. bdf91468-0d01-4ae2-bb53-054b3b591f94                  127.
            7.              -             3.      2066. dbecd816-afed-47b0-ba92-c13256fcb566                  127.
            8.              -             3.      2066. b691179d-e7a4-4a27-b89b-f2263d0280e7                   63.
            9.              -             4.      2066. b691179d-e7a4-4a27-b89b-f2263d0280e7                   63.
           10.              -             3.      2066. 4b3882d9-e886-4f08-9d0c-078ebda719b9                   63.
           11.              -             4.      2066. 4b3882d9-e886-4f08-9d0c-078ebda719b9                   63.
         1002.             9.              -      2066. 23d3ecec-6fdb-4033-9c57-e931aa13761f                  127.
         1052.             9.              -      2066. c8cc5ba4-0c95-41bd-8aac-8136bc86ae85                  127.
         1102.             9.              -      2066. 9ab0d0c6-d92c-4355-9ed5-d8a05acdc4b0                  127.

  15 record(s) selected.

As Andrew rightly said, I did not have the InstallationGUID propvalue - 53c5c0a3-0d2b-4822-b94c-5722a59d5227 - in the table.

I inserted the value: -

$ db2 "insert into db2inst1.lsw_acl_entry (acl_entry_id, po_id, mask, po_type, group_id) values (1404, '53c5c0a3-0d2b-4822-b94c-5722a59d5227', 127, 5000, 3)"

and validated the changed: -

$ db2 "select * from DB2INST1.LSW_ACL_ENTRY"

ACL_ENTRY_ID   USER_ID        GROUP_ID       PO_TYPE    PO_ID                                MASK                 
-------------- -------------- -------------- ---------- ------------------------------------ ---------------------
            1.              -             3.      5000. d106db6a-393e-49b2-8ec9-3fd149438343                  127.
            2.              -             4.      5000. d106db6a-393e-49b2-8ec9-3fd149438343                   63.
            3.              -             3.      2066. 1b351583-e5cb-43b7-baee-340a63130ea7                   63.
            4.              -             4.      2066. 1b351583-e5cb-43b7-baee-340a63130ea7                   63.
            5.              -             3.      2066. bdf91468-0d01-4ae2-bb53-054b3b591f94                  127.
            6.              -             4.      2066. bdf91468-0d01-4ae2-bb53-054b3b591f94                  127.
            7.              -             3.      2066. dbecd816-afed-47b0-ba92-c13256fcb566                  127.
            8.              -             3.      2066. b691179d-e7a4-4a27-b89b-f2263d0280e7                   63.
            9.              -             4.      2066. b691179d-e7a4-4a27-b89b-f2263d0280e7                   63.
           10.              -             3.      2066. 4b3882d9-e886-4f08-9d0c-078ebda719b9                   63.
           11.              -             4.      2066. 4b3882d9-e886-4f08-9d0c-078ebda719b9                   63.
         1002.             9.              -      2066. 23d3ecec-6fdb-4033-9c57-e931aa13761f                  127.
         1052.             9.              -      2066. c8cc5ba4-0c95-41bd-8aac-8136bc86ae85                  127.
         1404.              -             3.      5000. 53c5c0a3-0d2b-4822-b94c-5722a59d5227                  127.
         1102.             9.              -      2066. 9ab0d0c6-d92c-4355-9ed5-d8a05acdc4b0                  127.

  15 record(s) selected.



And then re-ran the bootstrap process: -

/opt/IBM/WebSphere80/AppServer/BPM/Lombardi/tools/bootstrapProcessServerData.sh -clusterName  E1PCSR01.AppTarget

and, this time around, it worked perfectly: -

...
amples:
   [delete] Deleting: /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/config/cells/E1PCCELL/nodes/E1PCNODE1/servers/E1PCSR011.AppTarget/process-center/config/100Bootstrap.xml
   [delete] Deleting: /opt/IBM/WebSphere80/AppServer/profiles/E1PCDMProfile/config/cells/E1PCCELL/nodes/E1PCNODE1/servers/E1PCSR011.AppTarget/process-center/TeamWorksConfiguration.running.xml

BUILD SUCCESSFUL
Total time: 2 minutes 24 seconds

...

As they say, easy when you know how.

Now can I explain what went wrong ? Er, no ......

Wednesday, December 5, 2012

IBM Business Process Manager Standard v8.0.0 - CWLDB9005W No topology is found in the cell

A brief post outlining a problem that I saw with IBM BPM earlier today.

It may sound obvious, but if you see this error: -

CWLDB9005W No topology is found in the cell

when attempting to import a Deployment Environment ( for Process Center or Process Server ) into your WAS cell, check that you don't already have a Deployment Environment present :-)

I was rebuilding an existing BPM Standard v8 environment, and had cleared down the servers, clusters, nodes, applications etc.

However, I kept seeing this error when I attempted to import the Deployment Environment back in ( having re-created and federated in my nodes ).

Can you guess what it was ?

Whilst I'd removed servers, clusters, nodes and applications, I had NOT removed the Deployment Environment.

When I checked, via the Integrated Solutions Console, I still had the old DE there.

Once I removed it, all was well :-)

For the record, here's some more DE-related information: -




Tuesday, December 4, 2012

SQL20201N The install, replace or remove of "DB2INST1.UUIDUDFJAR" failed as the jar name is invalid. SQLSTATE=46002

I kept seeing this: -

SQL20201N  The install, replace or remove of "DB2INST1.UUIDUDFJAR" failed as 
the jar name is invalid.  SQLSTATE=46002


when running this: -

$ db2 "call sqlj.install_jar('file:/home/db2inst1/UUIDUDF.jar', 'UUIDUDFJAR')"

when attempting to register a new Java user-defined-function in DB2 UDB 9.7.0.6.

Having checked the path, permissions etc. for my Java Jar file - /home/db2inst1/UUIDUDF.jar - I eventually Google'd the error :-)

I found this: -


which said, in part: -

SQL20201

The example for SQL20201 uses the same INSERT stored procedure used in the SQL4306 example above to illustrate a SQL20201 problem. SQL20201 can occur:

• When you attempt to drop and recreate the stored procedure, but did not remove the JAR file before calling sqlj.install_jar again.
• When you attempt to remove the JAR file with an invalid JAR ID.

Listing 30. SQL20201 example 1: Error occurs when installing the JAR file on Windows
                
D:\>db2 drop procedure INSERT
DB20000I  The SQL command completed successfully.

D:\>db2 call sqlj.install_jar("file:///D:\INSERT.jar", 'INSERTJAR')
SQL20201N  The install, replace or remove of "CWYLAW  .INSERTJAR" failed as
the jar name is invalid.  SQLSTATE=46002

For the first situation, you will have to call sqlj.remove_jar first before you call sqlj.install_jar to install the JAR file again. Or you can simply call sqlj.replace_jar if you want to replace the JAR file with updated class files.

I did as suggested: -

$ db2 "call sqlj.remove_jar('UUIDUDF.jar')"

and, voila, was then able to install the JAR.

Nice :-)

Thanks also to this developerWorks post - Generating universally unique identifiers (UUID) - which advised how to create the UDF in the first instance :-)

Monday, December 3, 2012

Using IBM Installation Manager to report on what's installed

In this very brief post, I outline how I use IBM Installation Manager (IIM) to produce a brief listing of the packages and features installed on my server.

I used this for IBM Business Process Manager (BPM) version 8, but it'd be equally good for other IIM-based products, including WAS, Portal, Connections, WODM etc.

Here's the command: -

for i in `/opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledPackages`; do echo "Package" $i "contains Feature(s): -"; /opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledFeatures $i; done

and here's a full-on Bash script: -

#!/bin/bash
for i in `/opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledPackages`
do
echo "Package" $i "contains Feature(s): -"
/opt/IBM/InstallationManager/eclipse/tools/imcl listInstalledFeatures $i
done


java.security.cert.CertPathValidatorException: Certificate chaining error seen with IBM Business Process Manager v8

In this post, I describe how we identified, and resolved, an issue with SSL certificates, seen IBM Business Process Manager (BPM) version 8 ( Standard ).

Having built out an IBM BPM environment, with a topology spanning two WAS cells ( Process Center and Process Server ), we were experiencing a strange issue when attempting to install a process from the Process Center cell to the Process Server cell.

Whilst the Process Server always appeared correctly within the Process Center environment ( Process Server - PS - broadcasts it's presence to Process Center - PS ), we saw: -

Caused by: com.lombardisoftware.core.TeamWorksException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
java.security.cert.CertPathValidatorException: The certificate issued by OU=CustomerName CA, O=CustomerName CAs, O=1359.2.1, C=gb is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.lombardisoftware.core.TeamWorksException.asTeamWorksException(TeamWorksException.java:136)
at com.lombardisoftware.core.TWHttpClient.login(TWHttpClient.java:144)
at com.lombardisoftware.server.ejb.repositoryservices.DeployToServerSupport.deploySnapshot(DeployToServerSupport.java:223)
... 101 more
Caused by: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
java.security.cert.CertPathValidatorException: The certificate issued by OU=CustomerName CA, O=CustomerName CAs, O=1359.2.1, C=gb is not trusted; internal cause is: 
java.security.cert.CertPathValidatorException: Certificate chaining error
at com.ibm.jsse2.o.a(o.java:22)


Having seen this kind of issue before, I was convinced that the solution was to ensure that the client's CA-generated root and intermediate certificates were present in the WAS cell-level trust store, and proceeded to use WAS' "Retrieve from Port" function to import the certificate chain ( from the load-balanced hostname of the IBM HTTP Servers into which these two certificates had already been installed ).

When this didn't fix the problem, I went one step further and, using openSSL to extract the "device-level" certificate from the IHS key store - keystore.kdb, I imported the certificate, as a plain ASCII file, again into the cell-level trust store.

Having gone around this loop over and over again, I was beginning to doubt my sanity.

Talking with a friend about the problem, he mentioned the key ( pardon the pun  ) phrase CACerts.

Having come across this before in the context of WAS, I asked him what he meant.

He directed me at a file - cacerts - located here : -

/opt/IBM/WebSphere80/AppServer/java/jre/lib/security

which contains the WAS JVM's default trust store.

Using the ikeycmd command that ships with IBM HTTP Server, we explorer this trust store: -

/opt/IBM/HTTPServer80/java/jre/bin/ikeycmd -cert -list -db /opt/IBM/WebSphere80/AppServer/java/jre/lib/security/cacerts -pw changeit -type jks

Whilst there were 77 individual labels within the store, all of which are provided by default with WAS, we did NOT have anything that tied back to the client's CA-generated certificates.

Once we imported ONLY the root and intermediate certificates, and restarted the Process Center and Process Server JVMs, our ability to publish processes improved 100% :-)

The moral of the story ?

If the error message about chaining suggests that you don't have the certificate chain within WAS, then you probably don't :-)

One more for the book ....

Problems with non-unique InstallationGUID in IBM Business Process Manager v8

Problem

When you attempt to deploy an application, you cannot select your runtime environment because the user interface keeps changing between each of your environments. For instance, it displays the development environment, then the production environment, and then staging environment instead of showing 3 distinct environments.

Cause

You used the same SQL scripts to set up each environment. The SQL scripts have a hard-coded installation ID for each environment. If you use the same installation scripts for each environment, then they all have the same unique installation ID.

Solution

Check the createTable_ProcessServer.sql script and ensure that the statement: -

INSERT INTO LSW_SYSTEM("KEY", "VALUE") 
VALUES ('InstallationGUID', 'dba1912e-d0b0-46d4-b8cb-505e10296f99') ;

( actual value will vary from site to site )

*ALWAYS* uses a unique InstallationGUID value.

This IBM Technote puts it far far better than I can: -

Sunday, December 2, 2012

A tcpdump tutorial and primer

I saw this on Twitter earlier, posted by a friend - Jon Machtynger - 

tcp_header


tcpdump is the premier network analysis tool for information security professionals. Having a solid grasp of this über-powerful application is mandatory for anyone desiring a thorough understanding of TCP/IP. Many prefer to use higher level analysis tools such as Ethereal Wireshark, but I believe this to usually be a mistake.

• Options
• Basic Usage
• Common Syntax
• Writing to a File
• Getting Creative
• Advanced


Using sed and awk to manipulate files

In this post, I describe how I used two of the most useful of the Unix tools to manipulate a text file.

The file in question is the configuration file for IBM HTTP Server - httpd.conf, and I had a requirement to create a Bash script that would take the vanilla file, and enable SSL.

In essence, I wanted to go from this: -

...
#LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
#Listen 443
#<VirtualHost *:443>
#SSLEnable
#</VirtualHost>
#KeyFile /opt/IBM/HTTPServer80/ihsserverkey.kdb
#SSLDisable
# End of example SSL configuration
...

to this: -

...
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 8443
<VirtualHost *:8443>
SSLEnable
</VirtualHost>
KeyFile /opt/IBM/HTTPServer80/ssl/WODMPCINT.kdb
#SSLDisable
# End of example SSL configuration
SSLCachePortFilename /opt/IBM/HTTPServer80/logsext/siddport
# The name of the socket to use for communication with the cgi daemon
ScriptSock logsext/cgisock

...

To achieve this, I created a script that makes use of two rather useful, but often misunderstood, Unix tools - sed and awk.

Firstly, I used sed ( or String Editor to give it its full name ) to search/replace instances of text within the file.

The syntax of the command is ( as I'm using it ) is: -

$ sed -i'' 's/<search>/<replace>/g' filename.ext

To be more specific, this is broken down as follows: -

$ sed <- The command
-i'' <- Perform an in-line edit, and do not create a backup file
's/ <- Start the search pattern
<search> <- The string for which to search
/ <- Separator
<replace> <- The string with which to replace
/g' <- End the search pattern AND search globally ( g )
filename.ext <- The file on which to perform the search/replace operation

This sequence worked for most of the lines: -

sed -i'' 's/Listen 8080/#Listen 8080/g' httpd.conf
sed -i'' 's/#LoadModule ibm_ssl_module/LoadModule ibm_ssl_module/g' 
httpd.conf
sed -i'' 's/#Listen 443/Listen 8443/g' 
httpd.conf
sed -i'' 's/#<VirtualHost \*:443>/<VirtualHost \*:8443>/g' httpd.conf
sed -i'' 's/#SSLEnable/SSLEnable/g' 
httpd.conf

but didn't work for the line that includes #</VirtualHost> because there were TWO instances of that line in the file, and I only wanted to uncomment the SECOND instance.

Therefore, after much Google'ing and much trial n' error, I discovered AWK ( supposedly this is the initials of it's creators - Aho, Weinberger and Kernighan ).

The specific command that I used was: -

awk '/#<\/VirtualHost>/{c++;if(c==2){sub("#<\/VirtualHost>","<\/VirtualHost>");c=0}}1' filename.ext > /tmp/foobar

which is broken down as follows: -

$ ask <- The command
'/#<\/VirtualHost> <- Searches for #</VirtualHost> - note the use of the \ escape character in front of the / character
{c++;if(c==2) <- Start a counter ( from 1 ), and wait until it reaches the required number - two ( 2nd instance )
{sub("#<\/VirtualHost>" <- The string for which to search
, <- Separator
"<\/VirtualHost>" <- The string with which to replace
);c=0}}1' <- Reset the counter and end the loop (?)
filename.exe <- The file on which to perform the search/replace operation
> /tmp/foobar <- The temporary output file

I'm not sure whether awk ( AWK ) has an in-line edit option, like sed's -i'' hence the use of a temporary file.

So here's the finished script: -

sed -i'' 's/Listen 8080/#Listen 8080/g' httpd.conf
sed -i'' 's/#LoadModule ibm_ssl_module/LoadModule ibm_ssl_module/g' httpd.conf
sed -i'' 's/#Listen 443/Listen 8443/g' httpd.conf
sed -i'' 's/#<VirtualHost \*:443>/<VirtualHost \*:8443>/g' httpd.conf
sed -i'' 's/#SSLEnable/SSLEnable/g' httpd.conf
awk '/#<\/VirtualHost>/{c++;if(c==2){sub("#<\/VirtualHost>","<\/VirtualHost>");c=0}}1' httpd.conf > /tmp/foobar
cp /tmp/foobar httpd.conf
sed -i'' 's/#KeyFile/KeyFile/g' httpd.conf
sed -i'' 's/ihsserverkey.kdb/ssl\key.kdb/g' httpd.conf
sed -i '863iSSLCachePortFilename /opt/IBM/HTTPServer80/logsext/siddport' httpd.conf
sed -i '864i# The name of the socket to use for communication with the cgi daemon' httpd.conf
sed -i '865iScriptSock logsext/cgisock' httpd.conf
echo "# WebSphere Plugin" >> httpd.conf
echo 'LoadModule was_ap22_module "/opt/IBM/HTTPPlugins80/bin/64bits/mod_was_ap22_http.so"' >> httpd.conf
echo 'WebSpherePluginConfig /opt/IBM/HTTPPlugins80/config/IHS/plugin-cfg.xml' >> httpd.conf


Simple :-)