Jython script to modify queue connection factories - websphere

I have queue manager already configured in Queue connection factories of websphere
currently settings are with out SSl enabled.
I want to enable this two things
Use SSL to secure communication with IBM MQ
specify the SSl to be used
Need your help to edit this things through jython


Use modifyWMQConnectionFactory command for this task.
See below example:
#Set QCF Name
qcfName='MYQCF'
#Set custom SSL config name
sslConfig='CUSTOMSSLSettings'
#Get the list of all QCF's in the environment
qcfList=AdminConfig.list('MQQueueConnectionFactory').splitlines()
#You can futher refine this command and restrict the query to a specific resource scope
#eg: qcfList=AdminConfig.list('MQQueueConnectionFactory', clusterId).splitlines()
#Iterate the list and update the config for MYQCF
for qcf in qcfList:
if qcfName == AdminConfig.showAttribute(qcf, 'name'):
print 'Enable SSL config for QCF: '+qcfName+' and use '+sslConfig+' SSL configuration'
AdminTask.modifyWMQConnectionFactory(qcf, '[-sslType SPECIFIC -sslConfiguration '+sslConfig+']')
else:
print 'Skip SSL config update for QCF: '+AdminConfig.showAttribute(qcf, 'name')
#save the changes
AdminConfig.save()

Related

WSO2 APIM 3.0 Configuration proxy problem

I need help for configuration WSO2APIM with proxy for backend.
My configuration In deployment.toml
[transport.passthru_https.sender.parameters]
http.proxyHost = "myadresseproxy"
http.proxyPort = "3128"
non-blocking = "true"
bind-address = ["localhost","myadresse"]
[transport.passthru_http.sender.parameters]
http.proxyHost = "myadresseproxy"
http.proxyPort = "3128"
non-blocking = "true"
bind-address = ["localhost","myadresse"]
This configuration doesn't work :
With API need proxy i have "Error connecting to the back end"
It's ok with API didn't need pass by proxy
with this configuration the file axis2.xml is correct
What can i do ? idea ?
Thank

There seems to be an issue with these configurations and it has fixed in https://github.com/wso2/product-apim/pull/7115/files. You can make these changes in wso2am-3.0.0/repository/resources/conf/default.json and get this done.

rsyslog logging to multiple servers with different TLS configurations

Is it possible to have rsyslog log to multiple servers with different TLS configurations? We're currently logging to a local syslog server using the following:
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/rsyslog/local-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/local-key.pem
$ActionSendStreamDriverAuthMode anon
$ActionSendStreamDriverMode 1
*.* ##10.50.59.241:6514
We're now in the process of setting up logging to a third party and want to use TLS there as well. They state that we should set up rsyslog like this:
$DefaultNetstreamDriverCAFile /path/to/their/ca.crt
$ActionSendStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode x509/name
$ActionSendStreamDriverPermittedPeer *.theirhost.theirdomain
*.* ##theirhost.theirdomain:6514
I figure that I can simply combine the CA's into a single file and set DefaultNetstreamDriverCAFile to that. But if I simply add the remaining second set of options to the bottom of my rsyslog.conf then the permitted peer causes a conflict with the first host. So is there any way to configure rsyslog (we're currently using 7.4.8) to use vastly different TLS setups to two different targets?

Well after a bunch of head-banging I figured this out on my own. First off, there's a bug in some versions of rsyslog that will prevent this from working (you'll never see a connection established to one or more of the target servers) so make sure you're using version 7.6 or later of rsyslog.
Make sure your CA file has any CA's needed for all targets listed in it. Order isn't important. Then your conf file should look something like this:
$DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem
*.* action(type="omfwd"
protocol="tcp"
Target="10.50.59.241"
Port="6514"
StreamDriverMode="1"
StreamDriver="gtls"
StreamDriverAuthMode="anon"
)
*.* action(type="omfwd"
Protocol="tcp"
Target="some.other.host.com"
Port="6514"
StreamDriverMode="1"
StreamDriver="gtls"
StreamDriverAuthMode="x509/name"
StreamDriverPermittedPeers="*.some.other.host.com"
)

How to clone a WebSphere 8 profile

I would like to clone an existing profile, start the server and modify it via the Admin Console.
I already read the IBM documentation about
manageprofiles.bat
but the manageprofiles tool does not contain something like:
# would be nice if a clone action exists
manageprofiles.bat -clone -profileName base -targetProfileName base1
This is what I need and I don't see a way to achieve this.
The tool can create, delete, backup and restore a profile.
What I already tried
Copied the profile directory and renamed it
Edited the paths in the bin/setupCmdLine.bat
Added the profile to the AppServer/properties/profileRegistry.xml
Executed manageprofiles -validateAndUpdateRegistry
But the profile is still not recognized by WAS. I can verify this by executing
manageprofiles -listProfiles
How do you clone or copy profiles?
Is there a manual way?
If so, which files in the profile's dir must be edited?

Solved
Here are the manual steps that I did to clone an existent profile.
Make shure that the server is shutdown.
Copy the existent profile from Profiles/<oldProfile> to Profiles/<newProfile>
Update Path WAS_USER_SCRIPT in Profiles\<newProfile>\bin\setupCmdLine.bat
Update Path USER_INSTALL_ROOT in Profiles\<newProfile>\bin\setupCmdLine.bat
Update property user.root in Profiles\<newProfile>\properties\ssl.client.props
Replace all occurences of <oldProfile> with <newProfile> in Profiles\<newProfile>\firststeps\firststeps.bat
Edit AppServer\properties\profileRegistry.xml. Make a copy of the <oldProfile> and update the tag values with the <newProfile>. Should look something like this: <profile isAReservationTicket="false" isDefault="false" name="newProfile" path=".....\Profiles\newProfile" template=".......\AppServer\profileTemplates\default"/>
Copy AppServer\properties\fsdb\<oldProfile>.bat to AppServer\properties\fsdb\<newProfile>.bat. This step will make the profile available to "AppServer\bin\manageprofiles.bat -listProfiles"
Edit config/cells/<cell>/nodes/<node>/variables.xml. Update the USER_INSTALL_ROOT path.
Update the path of WAS_USER_SCRIPT in AppServer\properties\fsdb\<newProfile>.bat
This worked for me. Please comment or vote to let me know if it also worked for you.

Here is a build-in WebSphere solution. This works fine on WAS 8.5.5.3.
Run your application server in source profile
Run command line utility by running script <WAS_INSTAL_ROOT>/AppServer/profiles/<YOUR_SOURCE_PROFILE>/bin/wsadmin.sh or <WAS_INSTAL_ROOT>/AppServer/profiles/<YOUR_SOURCE_PROFILE>/bin/wsadmin.bat (on Windows machines)
Execute command in this utility:
$AdminTask exportWasprofile {-archive <PATH/TO/PROFILE/EXPORT/ARCHIVE>}
Create new target profile or use existing and run application server on it
Run command line utility for target profile by running script <WAS_INSTAL_ROOT>/AppServer/profiles/<YOUR_TARGET_PROFILE>/bin/wsadmin.sh or <WAS_INSTAL_ROOT>/AppServer/profiles/<YOUR_TARGET_PROFILE>/bin/wsadmin.bat (on Windows machines)
Execute command to import profile settings into target profile in this utility:
$AdminTask importWasprofile {-archive <PATH/TO/PROFILE/EXPORT/ARCHIVE> -deleteExistingServers}
Execute command to save new settings into target profile in this utility:
$AdminConfig save

I needed to do this today on WebSphere 8.5 Network Deployment, so I tracked it down and wrote a script. Here's how I do it.
Create a WebSphere profile using the GUI based Profile Management Tool.
Each one you create will write a log file to:
C:\Program Files (x86)\IBM\WebSphere\AppServer\logs\manageprofiles\XXXX_create.log
In the log, look for the -create switch. Clean up and copy that line into a script, modifying or parameterizing the fields as you wish:
SET PROFILENAME=Profile2
SET HOSTNAME=MyHostName
SET WAS_BIN=C:\Program Files (x86)\IBM\WebSphere\AppServer\bin
SET PROFILE_PATH=C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\%PROFILENAME%
SET WAS_TEMPLATE=C:\Program Files (x86)\IBM\WebSphere\AppServer\profileTemplates\default
SET WAS_CELL=%HOSTNAME%%PROFILENAME%Cell
SET WAS_PORTS_FILE=C:\Program Files (x86)\IBM\WebSphere\AppServer\logs\manageprofiles\was_default_portdef.props
SET A1=-create -serverName %PROFILENAME% -profileName %PROFILENAME% -cellName %WAS_CELL% -nodeName %PROFILENAME% -hostName %HOSTNAME%
SET A2=-profilePath "%PROFILE_PATH%" -templatePath "%WAS_TEMPLATE%"
SET A3=-applyPerfTuningSetting development -enableAdminSecurity false -winserviceCheck false -omitAction defaultAppDeployAndConfig
SET A4=-portsFile "%WAS_PORTS_FILE%"
SET A5=-signingCertDN "cn=10.0.2.15\\,ou=Root Certificate\\,ou=%WAS_CELL%\\,ou=%PROFILENAME%\\,o=IBM\\,c=US" -personalCertDN "cn=10.0.2.15\\,ou=%WAS_CELL%\\,ou=%PROFILENAME%\\,o=IBM\\,c=US"
SET A6=-personalCertValidityPeriod 10 -signingCertValidityPeriod 15
SET WAS_ARGS=%A1% %A2% %A3% %A4% %A5% %A6%
call "%WAS_BIN%\manageprofiles.bat" %WAS_ARGS%
You will need to look for the "C:\Program Files (x86)\IBM\WebSphere\AppServer\logs\manageprofiles*_portdef.props" files and copy one of them for your use as I did.
The output of my script was thus a cloned/tweaked version of a profile I had created before.
I then ran it at the commandline:
"C:\Program Files (x86)\IBM\WebSphere\AppServer\bin\manageprofiles.bat" -create -serverName Unica9103 -profileName Unica9103 -cellName UnicaVMUnica9103Cell -nodeName Unica9103 -hostName UnicaVM -profilePat
h "C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\Unica9103" -templatePath "C:\Program Files (x86)\IBM\WebSphere\AppServer\profileTemplates\default" -a
pplyPerfTuningSetting development -enableAdminSecurity false -winserviceCheck false -omitAction defaultAppDeployAndConfig -portsFile "C:\Program Files (x86)\IB
M\WebSphere\AppServer\logs\manageprofiles\was_default_portdef.props" -signingCertDN "cn=10.0.2.15\\,ou=Root Certificate\\,ou=UnicaVMUnica9103Cell\\,ou=Unica9103
\\,o=IBM\\,c=US" -personalCertDN "cn=10.0.2.15\\,ou=UnicaVMUnica9103Cell\\,ou=Unica9103\\,o=IBM\\,c=US" -personalCertValidityPeriod 10 -signingCertValidityPeri
od 15
Notice that the commas need to be escaped with double backslashes or you get cryptic errors.
You will get something like the following on success:
INSTCONFSUCCESS: Success: Profile Unica9103 now exists. Please consult C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\Unica9103\logs\AboutThisProfile.txt for more information about this profile.

I have not tested the method but wsadmin has the following command:
createAppServerTemplate
This script creates a new application server template in your
configuration. A server template is used to define the configuration
settings for a new application server. When you create a new
application server, you either select the default server template or a
template you previously created, that is based on another, already
existing application server. The default template is used if you do
not specify a different template when you create the server.
You could create a template from your initial profile and create a new profile using the template.

I believe that createAppServerTemplate creates e template for the server not the profile. Therefore if you already have configured a profile you can than use the template to create additional servers within this profile.
You would then use createApplicationServer to create new servers based on the above created template.
I guess if you want to copy a profile the best method is to record the configurations and set them in a script file.

Just for information In MyEclipseBlue version 10 we can export server profile configuration & import in new profile; hence retaining all the configuration.
René answer is correct but i faced issues while Running the server in Debug Mode.

\WebSphere8552\AppServer\properties\fsdb\AppSrv01.bat change was_user_script path
\WebSphere8552\AppServer\properties\fsdb_was_profile_defauldefault.bat change was_user_script path with actual
Also change path in : \AppServer\properties\profileRegistry.xml for validating license

Gradle can't resolve dependencies through my http proxy

when I try to run gradle dependencies on my computer I am getting a 407 status code "Proxy Authentication Required."
I created a gradle.properties file in my %GRADLE_HOME% directory. gradle.properties contains the following entries:
systemProp.proxySet='true'
systemProp.http.proxyHost=http-proxy.nwie.net
systemProp.http.proxyPort=8080
systemProp.http.proxyUser=%myUserNameHere%
systemProp.http.proxyPassword=%myPasswordHere%
I can successfully get through my proxy for ruby gems by setting HTTP_PROXY to the following value:
http://%myUserNameHere%:%myPasswordHere%#http-proxy.nwie.net:8080
I am using gradle-1.3, please let me know if there is something I am missing.
Thanks in advance!
UPDATE:
I tried setting systemProp.http.proxyUser to a new value in domain/username format. Below are my current properties file contents:
systemProp.proxySet=true
systemProp.http.proxyHost=http-proxy.nwie.net
systemProp.http.proxyPort=8080
systemProp.http.proxyUser=http-proxy.nwie.net/%USERNAME%
systemProp.http.proxyPassword=%PASSWORD%
I am currently getting the same error message I found initially.

Some dependencies are fetched from servers that run over HTTPS so you need to specify values for https properties as well:
systemProp.https.proxyHost=http-proxy.nwie.net
systemProp.https.proxyPort=8080
systemProp.https.proxyUser=http-proxy.nwie.net/%USERNAME%
systemProp.https.proxyPassword=%PASSWORD%

Is it an NTLM proxy (Usually found in a windows environment with active directory). If so, You may have to specify the domain name with the username in the format domain/username.
Take a look at this link.
http://www.gradle.org/docs/current/userguide/build_environment.html

How to export Plone session configuration?

I'd like to export my Plone session configuration to my portal product.
The session configuration is set via the ZMI -> acl-users -> session -> properties
I have tried creating a snapshot of the site but can't locate the session configuration within the snapshot xml...

Indeed, there is no GenericSetup configuration support included in plone.session; there is currently nothing that'll export it for you, nor anything to then import the settings.
You'd have to write a setup step for it instead, and configure the session plugin manually through that.
Add an import step to your configure.zcml configuration file:
<?xml version="1.0"?>
<configure
xmlns="http://namespaces.zope.org/zope"
xmlns:genericsetup="http://namespaces.zope.org/genericsetup"
<genericsetup:importStep
name="yourpackage.a_unique_id_for_your_step"
title="Configures the plone.session plugin"
description="Perhaps an optional description"
handler="your.package.setuphandlers.setupPloneSession"
/>
</configure>
and add an empty 'sentinel' text file to the same profile directory named youpackage.setup-plonesession.txt
then add a setuphandlers.py module to your package (what handler points to in the above example):
def setupPloneSession(context):
if context.readDataFile('youpackage.setup-plonesession.txt') is None:
return
portal = context.getSite()
plugin = portal.acl_users.session
# Configure the plugin manually
plugin.path = '/'
plugin.cookie_name = '__ac'
plugin.cookie_domain = ''
# Set up a shared auth_tkt secret
plugin._shared_secret = 'YourSharedSecretKey'
plugin.mod_auth_tkt = True
Note that we first test if the sentinel file is present; if you reuse your package setup elsewhere the setup step could be run multiple times if you don't do this.
You'll need to refer to the plugin source to get an idea of what you can configure, I'm afraid.

Resources