Tuesday, 25 October 2016

WebSphere Application Server and Network File System (NFS)

This came up in discussion today, so I thought I'd x-post some relevant links, as I know I'll need them again: -

NFS v4 is commonly used as a reliable storage for the following components of WebSphere Application Server:
The following table lists mount options that are required. They are not exclusive but other options should not negate these.

Option Description
-t nfs4 Forces NFS v4 to prevent any possibility of falling back to NFS v3.
-o hard,intr Soft mounts can lead to file corruption so hard mounts are required. intr allows a user to interrupt from the keyboard.

However, not all file systems provide the necessary file locking semantics, specifically that file locks are released when a server fails. For example, Network File System Version 4 (NFSv4) provides this release behavior, whereas Network File System Version 3 (NFSv3) does not.

NFSv4 releases locks held on behalf of a host in case that host fails. Peer recovery
can occur automatically without restarting the failed hardware. Therefore, this version
of NFS is better suited for use with automated peer recovery

NFSv3 holds file locks on behalf of a failed host until that host can restart. In this
context, the host is the physical machine running the application server that requested
the lock and it is the restart of the host, not the application server, that eventually
triggers the locks to release

If you use NFSv3 to support automatic peer recovery processing, it becomes necessary to disable file locking, as discussed previously in File locking for WebSphere Application Server recovery logs, This action, in turn, requires that additional measures be put in place to prevent system overloading or network partitioning that might lead to a peer recovery process being directed for an active server.
The most recent version of the NFS protocol, NFSv4, provides lease-based exclusive locks on files as does CIFS. NFSv3 locking is not lease-based and so is less effective in an environment where file ownership needs to be failed over in the event of a server crash. If NFSv3 is used with automated peer recovery, a systems administrator must consider additional configuration choices, which are detailed in Considerations for automated peer recovery. These considerations are not required for either manually-initiated peer recovery or when the file system is either NFSv4 or CIFS. This information is summarized in Table 1.

Redbook - Essentials of Cloud Application Development on IBM Bluemix

This newly published Redbook has been on my to-read list for a while now: -

This IBM® Redbooks® publication is based on the Presentations Guide of the course "Essentials of Cloud Application Development on IBM Bluemix" that was developed by the IBM Redbooks team in partnership with IBM Middle East and Africa (MEA) University Program.

This course is designed to teach university students the basic skills that are required to develop, deploy, and test cloud-based applications that use the IBM Bluemix® cloud services.

Share and Enjoy ( to coin someone else's phrase ! )

Redbook - Deliver Modern UI for IBM BPM with the Coach Framework and Other Approaches

One of my IBM colleagues shared this via Slack earlier: -

IBM® Coach Framework is a key component of the IBM Business Process Manager (BPM) platform that enables custom user interfaces to be easily embedded within business process solutions. Developer tools enable process authors to rapidly create a compelling user experience (UI) that can be delivered to desktop and mobile devices. IBM Process Portal, used by business operations to access, execute, and manage tasks, is entirely coach-based and can easily be configured and styled. A corporate look and feel can be defined using a graphical theme editor and applied consistently across all process applications. The process federation capability enables business users to access and execute all their tasks using a single UI without being aware of the implementation  or origin. Using Coach Framework, you can embed coach-based UI in other web applications, develop BPM UI using alternative UI technology, and create mobile applications for off-line working.

This IBM Redbooks® publication explains how to fully benefit from the power of the Coach Framework. It focuses on the capabilities that Coach Framework delivers with IBM BPM version 8.5.7. The content of this document, though, is also pertinent to future versions of the application.

Enjoy :-)

Monday, 24 October 2016

IBM SoftLayer - VPN Client showing "Incorrect username or password"

For context, I'm connecting to IBM SoftLayer using the ArraySSL VPN client, as per this: -

This is via a Mac running macOS Sierra 10.12.

Having pumped in the target SoftLayer service, and my credentials, I saw this: -

upon login.

This baffled me for a time, especially as I couldn't find any reference to a Login Method called localdb.

To debug it, I started the VPN client from a command line: -


specifically so I could see the responses from the client in the Terminal console log: -

016-10-24 14:37:18.260: failed to login, wrong user or password, try again
2016-10-24 14:37:18.260: vpncallback: code 13, error 37
2016-10-24 14:37:18.260: UI sdk callback login,err is 37
2016-10-24 14:37:40.376: login callback isn't prcessed by upper layer.

This made me check (1) my sanity and (2) my VPN credentials.

I navigated to the SoftLayer dashboard: -

and, post authentication, updated my VPN password: -

Once I did this, and clicked the Save Changes button, and ensured that the newly entered VPN credentials were plugged in there.

Now I'm in like Flynn, which is nice :-)

Tuesday, 18 October 2016

com.ibm.wsspi.runtime.variable.UndefinedVariableException: Undefined variable HOST

I saw this today on a newly built ODM Rules box ( using Red Hat Enterprise Linux 6.6 )


[10/18/16 15:44:36:553 BST] 00000001 WsServerImpl  E   WSVR0100W: An error occurred initializing, Node1-DSServer [class com.ibm.ws.runtime.component.ServerImpl]
com.ibm.ws.exception.ConfigurationError: com.ibm.wsspi.runtime.variable.UndefinedVariableException: Undefined variable HOST
at com.ibm.ws.security.core.distSecurityComponentImpl.initialize(distSecurityComponentImpl.java:415)
at com.ibm.ws.security.core.SecurityComponentImpl.initialize(SecurityComponentImpl.java:94)
at com.ibm.ws.runtime.component.ContainerHelper.initWsComponent(ContainerHelper.java:1193)
at com.ibm.ws.runtime.component.ContainerHelper.initializeComponent(ContainerHelper.java:1100)
at com.ibm.ws.runtime.component.ContainerHelper.initializeComponents(ContainerHelper.java:902)
at com.ibm.ws.runtime.component.ContainerImpl.initializeComponents(ContainerImpl.java:776)
at com.ibm.ws.runtime.component.ContainerImpl.initializeComponents(ContainerImpl.java:750)
at com.ibm.ws.runtime.component.ServerImpl.initialize(ServerImpl.java:370)
at com.ibm.ws.runtime.WsServerImpl.bootServerContainer(WsServerImpl.java:293)
at com.ibm.ws.runtime.WsServerImpl.start(WsServerImpl.java:224)
at com.ibm.ws.runtime.WsServerImpl.main(WsServerImpl.java:697)
at com.ibm.ws.runtime.WsServer.main(WsServer.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at com.ibm.wsspi.bootstrap.WSLauncher.launchMain(WSLauncher.java:234)
at com.ibm.wsspi.bootstrap.WSLauncher.main(WSLauncher.java:96)
at com.ibm.wsspi.bootstrap.WSLauncher.run(WSLauncher.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.eclipse.equinox.internal.app.EclipseAppContainer.callMethodWithException(EclipseAppContainer.java:587)
at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:198)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:369)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.eclipse.core.launcher.Main.invokeFramework(Main.java:340)
at org.eclipse.core.launcher.Main.basicRun(Main.java:282)
at org.eclipse.core.launcher.Main.run(Main.java:981)
at com.ibm.wsspi.bootstrap.WSPreLauncher.launchEclipse(WSPreLauncher.java:402)
at com.ibm.wsspi.bootstrap.WSPreLauncher.main(WSPreLauncher.java:165)
Caused by: com.ibm.wsspi.runtime.variable.UndefinedVariableException: Undefined variable HOST
at com.ibm.ws.runtime.component.VariableMapImpl.expand(VariableMapImpl.java:433)
at com.ibm.ws.runtime.component.VariableMapImpl.expand(VariableMapImpl.java:327)
at com.ibm.ws.runtime.config.AbstractConfigObject.getString(AbstractConfigObject.java:42)
at com.ibm.ws.security.config.SecurityConfigManagerImpl.getString(SecurityConfigManagerImpl.java:1128)
at com.ibm.ws.security.config.GenericConfigHelperImpl.getString(GenericConfigHelperImpl.java:346)
at com.ibm.ws.security.config.GenericConfigHelperImpl.getString(GenericConfigHelperImpl.java:300)
at com.ibm.ws.security.config.AuthMechanismConfigImpl.getString(AuthMechanismConfigImpl.java:1154)
at com.ibm.ws.security.config.CSIv2ConfigImpl.initializeOnServer(CSIv2ConfigImpl.java:744)
at com.ibm.ws.security.config.CSIv2ConfigImpl.initialize(CSIv2ConfigImpl.java:1130)
at com.ibm.ws.security.config.CSIv2ConfigImpl.<init>(CSIv2ConfigImpl.java:107)
at com.ibm.ws.security.config.SecurityConfigObjectFactoryImpl.createCSIv2Config(SecurityConfigObjectFactoryImpl.java:116)
at com.ibm.ws.security.config.SecurityObjectLocator.do_getCSIv2Config(SecurityObjectLocator.java:869)
at com.ibm.ws.security.config.SecurityObjectLocator.getCSIv2Config(SecurityObjectLocator.java:899)
at com.ibm.ws.security.core.distSecurityComponentImpl.initialize_CSIv2(distSecurityComponentImpl.java:1128)
at com.ibm.ws.security.core.distSecurityComponentImpl.initializeSecurityConfig(distSecurityComponentImpl.java:1308)
at com.ibm.ws.security.core.distSecurityComponentImpl.initialize(distSecurityComponentImpl.java:382)
... 37 more


[10/18/16 15:44:36:495 BST]     FFDC Exception:com.ibm.wsspi.runtime.variable.UndefinedVariableException SourceId:com.ibm.ws.security.core.distSecurityComponentImpl.initialize ProbeId:402 Reporter:com.ibm.ws.security.core.distSecurityComponentImpl@34e74114
com.ibm.wsspi.runtime.variable.UndefinedVariableException: Undefined variable HOST

As ever, the internet had the answer: -

The solution was to ensure that my server's hostname was in /etc/hosts.   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 odmdemo

Once I did this, and restarted the application server JVM, we were Good To Go (TM)

Saturday, 15 October 2016

Increase logging with a custom policy for IBM DataPower in the API Connect assembly

This article has been written by two of my IBM colleagues, and is definitely worth a look: -

When you design and develop custom integration policies, you need to be alerted to any problems with your policies. By defining a custom logging policy to log the values of context variables, you can be quickly alerted to where policies might be malfunctioning so that you can correct any errors.

This tutorial describes a user-defined policy to assist with logging and error diagnosis in the API Connect assembly tool. In this policy, custom strings or context variables can be written directly to IBM® DataPower® logs at any point when running an API. By defining such policy, messages can be written at any priority level. And, when you combine API Connect with the capability of DataPower to selectively listen at different priorities, you get straightforward yet powerful logging and diagnosis when designing an API.

Sunday, 9 October 2016

Puppet - Encoding passwords

Following my earlier post: -

I've started to tinker with the password encoding used within my Puppet manifests, including: -


Examples I found include: -

openssl passwd

Verifying - Password: 

openssl passwd -1

Verifying - Password: 

openssl passwd -apr1

Verifying - Password: 

openssl passwd -apr1 -salt h0rseb4tt3ryst4pl3


openssl passwd -crypt passw0rd


openssl passwd -crypt -salt rq passw0rd


grub-crypt --sha-512

Retype password: 

and so on.

Source: -