Friday, 22 September 2017

IBM Installation Manager and the Not-Well-Formed Markup

I saw this: -

ERROR: Failed to read response file.
  ERROR: Problem in /mnt/installIIM186.rsp at line 5: The markup in the document following the root element must be well-formed.
00:00.52 ERROR [main] com.ibm.cic.agent.core.application.HeadlessApplication run
  Failed to read response file.
    Problem in /mnt/installIIM186.rsp at line 5: The markup in the document following the root element must be well-formed.


whilst trying to install IBM Installation Manager 1.8.7, using a response file: -

/mnt/installIIM187.rsp

<?xml version="1.0" encoding="UTF-8"?>
<server>
<repository location='/mnt/IM64' temporary="true"/>
</server>
<profile id='IBM Installation Manager' installLocation='/opt/ibm/InstallationManager/eclipse' kind='self'>
<data key='eclipseLocation' value='/opt/ibm/InstallationManager/eclipse'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.arch' value='x86_64'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.nl' value='de,no,fi,ru,hr,fr,hu,sk,sl,sv,ko,el,en,pt_BR,it,iw,zh,es,cs,ar,zh_HK,zh_TW,th,ja,pl,da,tr,nl'/>
</profile>
<install modify='false'>
<offering id='com.ibm.cic.agent' version='1.8.7000.20170706_2137' profile='IBM Installation Manager' features='agent_core,agent_jre' installFixes='none'/>
</install>
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/ibm/IMShared'/>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
<preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
<preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>


I dug around, and found out where I'd gone wrong.

I needed to have the line: -

<agent-input acceptLicense='true'>

as per this: -

<?xml version="1.0" encoding="UTF-8"?>
<agent-input acceptLicense='true'>
<server>
<repository location='/mnt/IM64' temporary="true"/>
</server>
<profile id='IBM Installation Manager' installLocation='/opt/ibm/InstallationManager/eclipse' kind='self'>
<data key='eclipseLocation' value='/opt/ibm/InstallationManager/eclipse'/>
<data key='user.import.profile' value='false'/>
<data key='cic.selector.os' value='linux'/>
<data key='cic.selector.arch' value='x86_64'/>
<data key='cic.selector.ws' value='gtk'/>
<data key='cic.selector.nl' value='de,no,fi,ru,hr,fr,hu,sk,sl,sv,ko,el,en,pt_BR,it,iw,zh,es,cs,ar,zh_HK,zh_TW,th,ja,pl,da,tr,nl'/>
</profile>
<install modify='false'>
<offering id='com.ibm.cic.agent' version='1.8.7000.20170706_2137' profile='IBM Installation Manager' features='agent_core,agent_jre' installFixes='none'/>
</install>
<preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/ibm/IMShared'/>
<preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
<preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
<preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
<preference name='offering.service.repositories.areUsed' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
<preference name='http.ntlm.auth.kind' value='NTLM'/>
<preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
<preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
<preference name='PassportAdvantageIsEnabled' value='false'/>
<preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
<preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
<preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
<preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>


/mnt/IM64/tools/imcl -input /mnt/installIIM187.rsp -acceptLicense

Installed com.ibm.cic.agent_1.8.7000.20170706_2137 to the /opt/ibm/InstallationManager/eclipse directory.

Job done :-)

IBM Business Process Manager 8.6

As per my previous post: -


IBM BPM 8.6 was released today, and I've started the download.

This is what I'm pulling down as I type: -

IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (3 of 3) (CNM6BML )

IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (2 of 3) (CNM6AML )

IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (1 of 3) (CNM69ML )


More to come …

Wednesday, 20 September 2017

Kubernetes 1.7 available in IBM Bluemix Container Service

This arrived in my inbox today: -

We're excited to announce that Kubernetes 1.7 is available for IBM Bluemix Container Service. You can now update your Kubernetes master and worker nodes to the latest supported version of Kubernetes by using either the Bluemix dashboard or the CLI.


This is perfect timing for me, as: -

(a) I'm reading and reviewing Kubernetes Microservices with Docker 
(b) I've been tinkering with DB2 and WebSphere Liberty Profile on Docker and Kubernetes, in preparation for an upcoming Lunch and Learn "brown bag" session that I'm delivering to my Services team.

Can you say "Awesome" ?

Using openSSL on macOS to encrypt a file using a password

I had a requirement to share a file with a colleague, which I did using Box. However, I wanted to go one step further and encrypt the file BEFORE sharing.

This is known, in some circles, as Pre-Internet Encryption (PIE), which is funny, because I like pie - fish pie, apple pie, mince pie, you name it :-)

This is what I did: -

Encrypt the file

openssl enc -aes-256-cbc -in Patent.doc > Patent_enc.doc 

This example uses the AES-256-CBC cipher and requests a password, which is used, with the chosen block/stream cipher, to encrypt the file.

My colleague then used a similar command: -

openssl enc -aes-256-cbc -in Patent_enc.doc -d > Patent.doc 

to decrypt the file.

I could've used one of a number of ciphers: -



For the record, whilst I shared the file with him via Box, I shared the decryption command via Slack, and the password via a third, separate channel.

Don't call me paranoid :-)

From the Wiki here: -

This page describes the command line tools for encryption and decryption. Enc is used for various block and stream ciphers using keys based on passwords or explicitly provided. It can also be used for Base64 encoding or decoding.

It's also worth noting that the openSSL command on macOS is somewhat limited / out-of-date.

This is what I have: -

openssl version

OpenSSL 0.9.8zh 14 Jan 2016

as compared to Red Hat: -

openssl version

OpenSSL 1.0.1e-fips 11 Feb 2013

So the macOS version is older but newer :-)

As an example, this command ( from the Wiki ): -

openssl list-cipher-algorithms

gives this error on macOS: -

openssl:Error: 'list-cipher-algorithms' is an invalid command.

whereas on RHEL, it gives a huge list :-)

However, I was able to work out what ciphers the command supported: -

openssl help

openssl:Error: 'help' is an invalid command.

Standard commands
asn1parse      ca             ciphers        crl            crl2pkcs7      
dgst           dh             dhparam        dsa            dsaparam       
ec             ecparam        enc            engine         errstr         
gendh          gendsa         genrsa         nseq           ocsp           
passwd         pkcs12         pkcs7          pkcs8          prime          
rand           req            rsa            rsautl         s_client       
s_server       s_time         sess_id        smime          speed          
spkac          verify         version        x509           

Message Digest commands (see the `dgst' command for more details)
md2            md4            md5            mdc2           rmd160         
sha            sha1           

Cipher commands (see the `enc' command for more details)
aes-128-cbc    aes-128-ecb    aes-192-cbc    aes-192-ecb    aes-256-cbc    
aes-256-ecb    base64         bf             bf-cbc         bf-cfb         
bf-ecb         bf-ofb         cast           cast-cbc       cast5-cbc      
cast5-cfb      cast5-ecb      cast5-ofb      des            des-cbc        
des-cfb        des-ecb        des-ede        des-ede-cbc    des-ede-cfb    
des-ede-ofb    des-ede3       des-ede3-cbc   des-ede3-cfb   des-ede3-ofb   
des-ofb        des3           desx           rc2            rc2-40-cbc     
rc2-64-cbc     rc2-cbc        rc2-cfb        rc2-ecb        rc2-ofb        
rc4            rc4-40         seed           seed-cbc       seed-cfb       
seed-ecb       seed-ofb       


Tuesday, 19 September 2017

This time, it's about a freezer

So almost all of my blog posts are technical, and most involve some kind of IT and/or IBM product or service.,

This time, whilst still technology, it's all about …. freezers.

We recently took delivery of a Zanussi ZFT10210WA freezer, and hit a problem ….

Specifically, it was a UI problem.

More specifically, the UI didn't match the documentation ( available as a PDF here ).

This is what the documentation has: -


whereas the freezer looks more like this: -


In other words, how can I set it to -16 degrees C when the Temperature Regulator knob only shows 1-6 ?

I tried Zanussi's support page: -


but they don't actually list freezers there: -

so I tried the email address on the page: -


which bounced back.

I also tried the other email address on the page ( hover over one and the other one is revealed below ): -


but that also bounced back.

Thankfully, I found a Twitter page for @Zanussi_UK  which, despite not having much activity since June 2016, did include a Tweet with an old email address: -


I emailed this address: -


and they came straight back with this: -

<snip>
Thank you for your email below, I'm sorry that the user manual is not showing the correct information.
 
I can confirm that the temperature control within the freezer section should be set  between 3-4 on the dial, this will reduce the temperature to between -16 and -18 degrees.

 </snip>

which is nice.

Thankfully, I already had the dial set midway between 3 and 4, which was a lucky guess.

So, the moral of the story ?

Try the web, try email, try Twitter, and then try email again :-)

Kubernetes and IBM Bluemix - again with the #HoldingItWrong

So I saw this: -

kubectl get nodes

Unable to connect to the server: could not refresh token: unrecognized error {"errorCode":"BXNIM0408E","errorMessage":"Provided refresh token is expired","context":{"requestId":"4294322993","requestType":"incoming.Kube_Token","startTime":"19.09.2017 11:58:26:739 UTC","endTime":"19.09.2017 11:58:26:741 UTC","elapsedTime":"2","instanceId":"tokenservice_dal06/1","host":"localhost","threadId":"1955e0","clientIp":"146.90.214.170","userAgent":"Go-http-client/1.1","locale":"en_US"}}

which made me realise that I had forgotten to set the KUBECONFIG environment variable ( I'm using macOS ).

This I did: -

export KUBECONFIG=/Users/davidhay/.bluemix/plugins/container-service/clusters/DaveHayK8SCluster/kube-config-prod-dal10-DaveHayK8SCluster.yml
echo $KUBECONFIG


/Users/davidhay/.bluemix/plugins/container-service/clusters/DaveHayK8SCluster/kube-config-prod-dal10-DaveHayK8SCluster.yml

but I then started getting this: -

kubectl get nodes

The connection to the server localhost:8080 was refused - did you specify the right host or port?

kubectl proxy

The connection to the server localhost:8080 was refused - did you specify the right host or port?

which made me cuss a bit.

However …..

I love it when my own blog post: -


has the solution :-)

Bottom line, the KUBECONFIG variable was AGAIN wrong :-(

I validated this: -

ls $KUBECONFIG

ls: /Users/davidhay/.bluemix/plugins/container-service/clusters/DaveHayK8SCluster/kube-config-prod-dal10-DaveHayK8SCluster.yml: No such file or directory

So I validated the name of my Kubernetes cluster: -

bx cs clusters

OK
Name                ID                                 State    Created                    Workers   Datacenter   
DaveHayK8SCluster   fff102198c534d0096bacd575488c9dd   normal   2017-08-21T09:59:53+0000   1         par01   


and then searched for the YAML: -

find ~/.bluemix/ -name *.yml

/Users/davidhay/.bluemix//plugins/container-service/clusters/DaveHay/kube-config-prod-dal10-DaveHay.yml
/Users/davidhay/.bluemix//plugins/container-service/clusters/DaveHayK8SCluster/kube-config-par01-DaveHayK8SCluster.yml


Once i set the variable appropriately: -

export KUBECONFIG=/Users/davidhay/.bluemix//plugins/container-service/clusters/DaveHayK8SCluster/kube-config-par01-DaveHayK8SCluster.yml

things started working again: -

kubectl get nodes

NAME            STATUS    AGE       VERSION
10.127.239.36   Ready     29d       v1.5.6-4+abe34653415733

kubectl proxy

Starting to serve on 127.0.0.1:8001

and the proxy now works: -


So again, READ MY (OWN) BLOG :-)

Monday, 18 September 2017

Testing JDBC Data Sources using Jython

One of my colleagues asked me about this …

In essence, did I have a Jython script that allows one to test JDBC data source …

Here's one I prepared earlier: -

testDataSource.jy

cellID = AdminControl.getCell()
cell=AdminConfig.getid( '/Cell:'+cellID+'/')
for dataSource in AdminConfig.list('DataSource',cell).splitlines():
 print dataSource
 AdminControl.testConnection(dataSource)


Notes: -

- To support the FOR loop, there are indentations ( thanks Python, we love you ) in front of the last two lines of the script
- Similarly, there's a spare, blank line ( again, thanks, Python ) at the end of the script to finish the loop

When I run this: -

I do get an exception, for which I'm NOT catching: -


specifically this: -

DefaultEJBTimerDataSource(cells/PCCell1/applications/commsvc.ear/deployments/commsvc|resources.xml#DataSource_1228749623069)
WASX7017E: Exception received while running file "testDataSource.jy"; exception information: com.ibm.websphere.management.exception.AdminException
javax.management.MBeanException
java.sql.SQLException: java.sql.SQLException: Database '/opt/ibm/WebSphereProfiles/AppSrv01/databases/EJBTimers/AppClusterMember1/EJBTimerDB' not found. DSRA0010E: SQL State = XJ004, Error Code = 40,000


I could mitigate that by adding the appropriate try/catch logic to my script - that's tomorrow's challenge.

For the record, this exception occurs against a datasource about which I don't care :-)