Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Timothy Elwood on 11 December 2017 (6843 visits)
Customers can use the following technote to guide them through the process of setting up Red Hat Satellite Server v6.2 for IBM PureApplication System or Software.
For more details please visit the IBM Support document “IBM PureApplication System: How to set up Red Hat Satellite Server v6.2 or migrate from v5.6 to v6.2”.
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Krishna Moorthy Venkataraman on 20 November 2017 (4879 visits)
Most of you are famliar with “Call Home”, a feature that is available on PureApplication System and Bluemix Local System. The official name of this feature is Service and Support Manager. Most clients use it to automatically open a ticket (PMR) with IBM Support as triggered by certain system events. A system event of type “Call Home” is considered by IBM to require involvement of IBM Support, Service and Support Manager can automatically open the PMR on behalf of the system administrator. You can read more about Service and Support Manager in the IBM Knowledge Center here.
When clients have Service and Support Manager configured, it can be used for in another scenario as well as IBM has enhanced the capabilities of Service and Support Manager over time. Imagine that an administrator opens a PMR with IBM Support directly, for example using the IBM Service Request tool. In many cases, IBM Support will ask the administrator for additional logs and traces to help them debug the issue reported through the PMR. Most clients would manually collect the system logs, downloading them from the system and then uploading them to IBM using the IBM Service Request tool. WIth the Service and Support Manager feature enabled, an administrator can simplify this process by associating the existing PMR with a Problem and letting Service and Support Manager upload the system logs directly to IBM Support.
In the steps below we have outlined this process; in this example the administrator has already opened PMR 53867,082,000 manually and now wants to collect and uploading system logs requested by IBM Support for that PMR.
1. From the PureApplication System user interface, navigate to System > System Troubleshooting.
2. Click on Collect System Logs, which will open a dialog box to specify the exact system logs to be collected.
3. It will take a while for the system collection set to be completed. Once this is done though, click on the “phone icon” as shown below.
4. This will open a dialog box to open a new Problem. Normally when you create new Problem with Service and Support Manager, it creates a corresponding PMR with IBM Support. However we can also create a new Problem and associated it with an existing PMR, in our case 53867,082,000. Click Submit to create the Problem.
5. After clicking Submit a job called “create” will be executed by the system. You can monitor this job from System > Job Queue as shown below.
6. Once the job has completed successfully, go to System > Problems and select the newly created Problem that is associated with PMR 53867,082,000. Scroll down to Service Ticket Files section and click Add collection set to associate the Collection Set of logs to the Problem.
7. Once the collection set has been added, click the “Upload” icon to upload the collection set directly to IBM Support.
8. The upload is done through another job called “uploadfile”, which again can be monitored through System > Job queue.
Once you become familiar with the above process, providing additional logs and collection sets to IBM Support becomes much easier. And in most cases the actual uploads will be much faster as well, since they use the internet connection from the PureSystems Manager (PSM) nodes.
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Chris Laffoon on 22 August 2017 (5520 visits)
Version 2.2.3 of Bluemix Local System and PureApplication System (Intel) was released in May 2017 and introduced advanced functionality. Amongst other things, IBM included support for:
These new features can provide a lot of value to large enterprise clients. The IBM Cloud engineering team has published a developerWorks series of articles called “Hosted VMware environments and recovery solutions in IBM Bluemix Local System”. All three articles have been published now and are a great place for clients to get started.
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Marco Zobbie on 9 August 2017 (7144 visits)
A new feature provided by firmware 2.2.3.0 to access PureApplication’s vCenter from External Applications, https://www.ibm.com/support/knowledgecenter/en/SSNLXH_2.2.3/doc/systemconsole/c_ext_app_access_ov.html
With this feature you can extend backup solutions, with IBM Spectrum Protect. In Pure Application System the ESXi infrastructure is deployed on internal IPv6 network and is not accessible from external ip, so you need to have a VSI deployed on PureApplication System with proxy role to access on ESXi.
To integrate the Spectrum Protect in PureApplication System you need:
After deploy the VSI on Cloud Environment, access at vCenter client and add a new network inteface at VM on CONSOLE Network (3201).
Configure the IPv6 address on new ethernet adapter:
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Marco Zobbi on 7 August 2017 (7010 visits)
On PureApplication System with Multi Cloud Environment is not possible install API Connect via OVA file as Virtual System Pattern so you need to deploy as Virtual Appliance, here there is some how during my work and a special thanks to my colleague Abdoul Gadiri Diallo.
In PureApplication System Console, navigate to Patterns > Virtual Appliances. Click the blue + button in the top-left corner. You’ll need to have an available HTTP server to upload your image from or you can also SCP the image over from any accessible server running sshd. You must give the image a unique name as well, and I also choose a cloud group for the images to belong to.
Once the image finishes importing, you’ll need to deploy it using the Deploy button near the top-right.
During the deploy give it a unique name, you MUST also assign an IP address to the image. Optionally you can modify the CPU and memory of the image as well.
Once the image is deployed, it will appear in Patterns > Virtual Machines. It will also be stopped, go ahead and start it up by clicking the Power On button in the top right.
After it reaches running state, you can login to the server. However, due to the limitation with eth0, the image is not network accessible at the moment. You will have to reach it via the VMware console. Simply click the Console button near the top.
Login to the dev portal – the default login is admin and the default password is !n0r1t5@C
After you login you’ll see a warning about disk size – I didn’t modify this image’s disk, but this can be done easily using just about any virtual disk management software.>
Alright, two things left to do:
For the first, we simply need to edit the network configuration settings.
sudo vi /etc/network/interfaces
You’ll need the basic network info for your PureApplication System – that can be obtained from Cloud > IP Groups using the appropriate cloud group chosen for the IP assigned to the image.
Leave eth0 alone with DHCP – we don’t want to touch it (in fact, if you DO try to enable eth0, it will bring down the entire networking capability of the image, so you can’t reach it at all).
After that is done, you’ll need to bounce the network to get eth1 functioning:
sudo ifdown eth1 sudo ifup eth
Once completed, you should be able to ping and/or ssh into your image.
Finally, we just need to change the dev portal customization configuration to use eth1 instead of eth0:
sudo vi /config/config.ini
The first section has a commented out setting for eth0. Remove the # and change eth0 to eth1.
Login on shell
Backup the file ipas-ovf-env.xml (cp ipas-ovf-env.xml ipas-ovf-env.xml.orig)
Add an entry on the file “<Property ovfenv:key=”pureapp.hasMgmtNic” ovfenv:value=”true”/> to the file ipas-ovf-env.xml
Copy the file modified to /ih_var/install_flags/ cp ipas-ovf-env.xml /ih_var/install_flags/ and run command cicli
Reboot the Virtual Image with commando system reboot
From here on out you can treat it like a standard developer portal configuration by following the instructions from this knowledge center:http://www.ibm.com/support/knowledgecenter/SSWHYP_4.0.0/com.ibm.apimgmt.devportal.doc/tapim_portal_installing_VA.html
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Richard Stacy on 1 August 2017 (5710 visits)
Clients have been able to configure their own SSL certificate since version 2.0.0.0. This allows administrators use certificates that have been signed by a Certificate Authority (CA) that complies with their established security standards and policies. It also assures end-users of the PureApplication console that their connections are secured and that they are connected to the actual PureApplication console.
Like in previous versions, 2.2.3.0 comes with a self-signed certificate from IBM installed by default, however IBM has introduced additional options regarding the type of SSL certificates and private keys that can be imported into PureApplication in 2.2.3.0 and higher:
The process for clients to import their own SSL certificate via the console is similar to previous releases, although the interface has been enhanced to provide support for the private key passphrase and certificate chain file. The import process is outlined in the Knowledge Center here.
The PureApplication Command Line Interface (CLI) has also been enhanced in order to support the additional certificate options. This is documented within the Knowledge Center here.
Validation of the certificate and key files has also been improved to ensure that correct files are being imported. PureApplication Events will be raised to indicate the success or failure of the import process.
CWZIP8579E New certificate content is missing from the request CWZIP8608E New private key content is missing from the request
In the event of an unexpected error that prevents the successful upload of the files, the following message will be displayed. Such an error may require investigation within the ipas.server trace logs, which can be found in the Management log collection set.
CWZIP8580E An error occurred while trying to update the SSL certificate
CWZIP8609E Certificate and private key do not match
The uploaded files are not a valid pair; Ensure that the correct server certificate and private key files are being uploaded
CWZIP8610E Passphrase is not valid for private key
The provided passphrase is incorrect for the given private key file; Ensure that the correct passphrase is provided during when initiating the import process
CWZIP8611E Certificate chain of trust cannot be verified
The given chain file was not used to sign the server certificate file and therefore the chain of trust is not valid; Ensure the correct chain file is being uploaded
CWZIP8612E Unable to apply imported console certificate
CWZIP8613I Console certificate has been successfully applied
Note: The imported SSL certificate will be persistent across future firmware upgrades of the PureApplication server.
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Hendrik van Run on 31 July 2017 (5468 visits)
Over the past months, many of you have been asking questions regarding the announced end-of-support of the Red Hat Network (RHN) on 31st July (today). Red Hat has later put a 3 month grace period in place, effectively ending support of RHN on 31st October. IBM has put together a set of detailed technical details here.
When you read the information carefully, note that IBM intends to release a Satellite 6.2 Pattern in the 3rd quarter of 2017. Today IBM only provides a Red Hat Satellite Server 5.6 Virtual System Pattern, but clients can already use the “Red Hat Satellite Six Service (External)” shared service to register VMs on PureApplication with an existing Red Hat Satellite Server 6.x. environment.
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Marco Zobbi on 9 May 2017 (6199 visits)
Here is the documentation for backup and restore on PureApplication System:https://www.ibm.com/support/knowledgecenter/SSCR9A_2.2.2/doc/iwd/brc_overview.html
PureApplication System offers 2 types of backups: System Backup and Component Backup. Note that the actual workloads/applications (i.e. the data on the filesystems of the VMs) is not included in either the System or Component Backup. For workload/applications VMs you could take a snapshot, but you can only have one snapshot at time and you cannot recover if you delete the VM/Pattern instance.
System/Component Backup basically copies the content from PureApplication to an external backup server. Typically this external backup server is a Linux server that accessible by PureApplication. The requirements for this server includes:
Is recommended that both types of backup should be configured. These backup could be scheduled to run at specific times and daily,monthly or weekly.
The System/Component backup feature in IBM PureApplication System captures the system’s configuration, its cloud environment’s configuration and workload catalog.The System Backup copy the internal data from the management nodes, and the catalog content (scripts, images, ptypes, etc) and we could consider as a snapshot in time on the content on the rack.
For the System Backup, the first backup is what we call a “full” or initial backup, any subsequent backups to the same location and using the same firmware are “incremental” backups (i.e. they backup only the delta from the initial full backup) so they are a lot smaller and faster.The Component Backup copy only the catalog’s contents, and allows customer to select which components they want backup (script packages, virtual images, ptypes, system plugins, environment profiles, ….).
For the Component Backup, the first one exports all the selected components,after that, only components that are new/updated are backup, so it’s also a lot smaller and faster.
The purpose of this backup types is quite different. The restore of System Backup restore all contents and the rack looks like the time when the backup was taken, note that customers could not restore themselves and need IBM support, the restore not work if both management nodes have failed. The restore of Component Backup does not rollback the rack to a specific point in time, instead customer could restore themselves the desired component for example a script package was deleted by accident they could select to restore just that script package.
It is not supported for the user to manually prune/delete any data from the backup server, it is very easy to corrupt the backup and make them unusable.Instead, the customer should have to configure a new backup location from PureApplications console under section “Management/Backup & Restore” or via CLI, for more informations: https://www.ibm.com/support/knowledgecenter/SS6PD2_2.1.1/doc/iwd/brt_modify_location.html
For the System Backup, this will create a new initial backup, and the scheduled backup will be incremental. Similarly, do the same for the Component Backup. Once you are comfortable that do not need the backups, you can then purge completely the old backup location. However, the creation of a new backup location means the customer does need to have sufficient free storage, or a different server.
For the System Backup, the restore only works on the same PureApplication version. So when the rack is upgraded to a new fixpack level, the first backup taken after the upgrade is a new base backup for the new PureApplication version, additional space is required for this initial backup, the backups from the old PureApplication versions may be deleted. So if the customer has backups from prior releases those are safe to delete. You would feel more comfortable to delete the old backups only after a new initial backup has completed successfully after the upgrade, in case need it to help with debugging.
Each backup location (/backup in my example below), there is directory for each PureApplication version, the version number is based on the backup component. For the corresponding PureApplication version, replace the “5” with “2”. Within each 5.1.1.x is a System Backup for that PureApplication release. The directories are created automatically by the backup. If the rack is upgraded to 5.1.1.3, a new initial backup is taken and stored under the 5.1.1.3 directory. Within each version directory, there is one initial backup and all incrementals backups. So it is not supported to cleanup by removing contents from a version directory. However, in the example below, it is safe to delete 5.1.1.0 and 5.1.1.1 directory. Those backups could only be used for restored if the rack build level is rolled-back to that version.
cbdns:/backup/Rack18/8278Rack18> ls
5.1.1.0 5.1.1.1 5.1.1.2 backupSecurity backupStorage
cbdns:/backup/Rack18/8278Rack18/5.1.2.0/backupStorage> ls
backup.json docroot facets globalcontext key scripts security templates vault virtual
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Sandeep Minocha on 2 February 2017 (6028 visits)
Many clients have requirements to perform custom configuration and/or installation of custom software. I often recommend them to first automate using a simple shell or python script and then proceed to building simple Script Packages. However Software Components can often be used as well, so how does one choose between the two? The table below should help make that choice easier.
| Quality of Service/Criteria | Software Component | Script Package |
| Attributes | Many attribute types available. | Limited number of attribute types available. One key type missing is a file attribute type, however you can use ‘Additional file’ software component as a workaround. |
| Resource and platform requirements | Yes (can specify vCPU, vMemory, vStorage and OS requirements) | No |
| Operations | Yes | No but workaround is to create on-demand script packages. |
| Stop/restart/delete instance | Yes via stop.py and start.py lifecycle scripts | Very limited. ie. when script package is set to run on delete, otherwise must do it directly at the OS level by creating a system service to run a script on reboot. |
| Maintenance | Can supply a maintenance.py lifecycle script to run between the install and configure phases. | No hook for a special maintenance.py script. |
| Lifecycle scripts | Yes including install.py, configure.py, maintenance.py, start.py and stop.py. | No although its equivalent to the start.py script. |
| Branding | Yes (can specify a custom icon for your software component) | No (cannot change the script package icon) |
| Packaging | Plugin TGZ file | ZIP file |
| Debugging/troubleshooting | Yes but complex; not easy to find logs | Yes – much easier to find logs |
| Disable Base Scaling Policy | Yes | No |
| Console Links | Yes | Yes |
| Licensing tracking | Yes | Yes |
| Tooling | Yes (PDK) | Yes (PDK) |
| Maestro APIs | Yes | Yes (assuming python script) |
| Register logs to the Log viewer | Yes | Yes (assuming python script) |
| Import Permissions | Workload resources administration full permission | Create new catalog content |
Originally posted on IBM Developer blog “Exploring PureApplication System, Software Service and more” by Hendrik van Run on 25 January 2017 (9949 visits)
Fixpack 11 for WAS 8.5.5 was released on 23 December 2016, so a number of clients have a desire to use this when building building out new infrastructure. However when using version 2.2.2.0 of the WebSphere Application Server Patterns on PureApplication and Bluemix Local System 2.2.2, the only way to install WAS 8.5.5.11 is to:
Applying WAS 8.5.5.11 a patch on top of WAS 8.5.5.10 or earlier works fine, because the Java installation is already in place in that case. However when you attempt to deploy a pattern instance using a WAS 8.5.5.11 software component directly, it will fail with the following error in the trace.log:
[Wed 18 Jan 2017 08:25:58 PM UTC] vsys/im.py 140667681728256 pid=15292 DEBUG Run IM cmd : sudo -u virtuser /home/virtuser/IBM/InstallationManager/eclipse/tools/imcl -acceptLicense input /opt/IBM/maestro/agent/usr/servers/OS_Node.11484770835603/scripts/Appserver/responsec.xml -log product_install.log -variables wasProfile=V8x,eclipseCache=/opt/IBM/InstallationManager_AppServer_Shared,web20Home=/opt/IBM/WebSphere/Web20Mobile,wctHome=/opt/IBM/WebSphere/Toolbox,wasBitness=64,wasArch=x86,ws=gtk,wasRepositoryURL=http://IBMWorkloadDeployer:8585/IMRepository/Compo,wasHome=/opt/IBM/WebSphere/AppServer,wasOfferingId=com.ibm.websphere.ND.v85,wasOfferingVersion=8.5.5011.20161206_1434,arch=x86,osType=linux -secureStorageFile/home/virtuser/IBM/InstallationManager/eclipse/tools/credential.store -masterPasswordFile/home/virtuser/IBM/InstallationManager/eclipse/tools/master_password_file.txt [Wed 18 Jan 2017 08:25:58 PM UTC] maestro 140667681728256 pid=15292 DEBUG WARNING: shell=True used for subprocess command execution; might be insecure. [Wed 18 Jan 2017 08:26:13 PM UTC] vsys/im.py 140667681728256 pid=15292 DEBUG rc is 1 [Wed 18 Jan 2017 08:26:13 PM UTC] vsys/im.py 140667681728256 pid=15292 DEBUG out is ERROR: Support for using Java SE 6 with WebSphere Application Server ends in April 2018. Java SE 8 is the recommended Java SDK because it provides the latest features and security updates. You can continue to use Java SE 6, but no service can be provided after the end of support date, which could expose your environment to security risks. You must specify the default Java SDK version on the 'user.wasjava' property. To install the Java 8 SDK, specify '-properties user.wasjava=java8'. To install the Java 6 SDK, specify '-properties user.wasjava=java6'. [Wed 18 Jan 2017 08:26:13 PM UTC] stdout 140667681728256 pid=15292 DEBUG Installation Error: <class 'maestro.debugUtil.CallError'> <traceback object at 0x25405a8> [Wed 18 Jan 2017 08:26:13 PM UTC] invoker 140178774116096 pid=15862 DEBUG Start: /opt/IBM/maestro/agent/usr/servers/OS_Node.11484770835603/scripts/Part/stop.py
Because IBM Java 6.0 SE in WebSphere Application Server V8.5 will reach End of Service (EOS) in September 2017, from version 8.5.5.11 the WebSphere installation process now requires you to explicitly specify which Java version to install (i.e. Java 6.0 SE or Java 8.0 SE). That is the reason that deployment of a pattern instance using the WAS 8.5.5.11 software component fails when using the 2.2.2.0 WebSphere Application Patterns.
There is good news however. IBM released version 2.2.3.0 of the WebSphere Application Server Patterns in December 2016. This version includes support for the aforementioned change in the WebSphere installation process. You can find more details about this here in the WebSphere Application Server Patterns Knowledge Center.
Note: Unlike with the version 2.2.2.0 release of the WebSphere Application Server Patterns, version 2.2.3.0 does not requires your PureApplication or Bluemix Local System to be on 2.2.3.0 firmware. As long as you are on 2.2.2 firmware, you should be able to download and import the 2.2.3.0 WebSphere Application Server Patterns.
Refer to the Release information for WebSphere Application Server Patterns for links to download the 2.2.3.0 pattern types:
IBM Cloud Pak System