Tuesday, July 10, 2018

It only takes an hour to get a test BigFix environment installed and working

The only caveat (which they've maybe fixed now) is that the SQL Server that's bundled with the BigFix Eval is borked, so you first need to install an eval version of MSSQL Server 2014, which is available from Microsoft.

But the whole process is really easy:

1. Create/clone a Windows 2012 or 2016 server (you can download an eval copy of Windows Server 2016 if needed)
2. Google MSSQL Server 2014 evaluation download and download it
3. Install MSSQL with all the defaults
5. Follow IBM's instructions for installation.
6. Once it's up and running (takes about 10 minutes), continue through the install instructions to add all of the available Sites. The site named IBM BigFix Inventory v9 is actually the one that will get you the BigFix Inventory install files.
8. Optionally create/clone a Windows or Linux VM to be an additional client in your environment

That's it, and even if you need to install Windows Server from scratch, it only takes at most 1.5 hours.

There are other parts you can also install now, such as BigFix Inventory or the WebUI (both are available via fixlets in one of the available Sites).

Monday, July 9, 2018

How to change the BigFix WebUI database userid and password

I recently installed the BigFix WebUI with the wrong password and needed to fix it. I found the encrypted information in the db_config.json file in the folder:

C:\Program Files (x86)\BigFix Enterprise\BES WebUI\WebUI

However, this is what the contents of that file are:

{"user":"96\u002fzY1rPfE40v69uFttQAg==","password":"MwKBDmT00BEwEZm1ctZahg==","hostname":"WIN-5M6866TPST1.mynet.foo","port":1433}

And while those look like Base64 encoded values, there's also some encryption going on (try putting either of those strings through an online Base64 encoder/decoder and you'll see).

So the first thing I tried was to just put the information in the file in cleartext and restart the WebUI service, so the file looked like:

{"user":"sa","password":"passw0rd","hostname":"WIN-5M6866TPST1.mynet.foo","port":1433}

Amazingly, that worked, and here's the logfile entry that shows it:

Wed, 04 Jul 2018 13:14:24 GMT bf:dbcredentials-error Failed to decrypt database credentials, attempting to use inputted credentials as plaintext

However, the file kept the cleartext data (I had hoped that it would re-encrypt the values on startup, but it did not).

Then I found the solution in the place I should have looked to begin with - in the BigFix console! There's a task defined in the BES Support site specifically for this purpose. The task is named "Deploy/Update WebUI Database Configuration". Run the action associated with that task and it will create a new db_config.json file with the properly encrypted data and you're good to go.

Friday, July 6, 2018

For business use, don't buy a laptop with higher than 1080p resolution

The high resolution screens available today are amazing for graphics and gaming, but absolutely horrible if you need to use any traditional/legacy applications. The main application that gives me trouble is Quickbooks Desktop Pro. We have version 2016, and I don't imagine they're going to fix it anytime soon since they seem to (rightly) want everyone to move to their online version. We've been using Quickbooks for over 15 years, so we're using some features that simply aren't available in the online version. I'm sure we'll move to the online version at some point, but it won't be any time soon. I'm certain there are other desktop applications that similarly have a problem with high resolution monitors - specifically, the text and windows are too small to see, and scaling doesn't work correctly at all. It's just ugly.

The higher end business laptops (Lenovo Thinkpad T, P or X series; Dell XPS; etc.) generally offer a 1920x1080 pixel option as a base, then higher resolutions and touchscreens cost more. In my experience, you'll be the happiest with the lower cost 1920x1080 option. Whether you get a touch-enabled screen or not is up to you, but definitely skip the high resolution screen.

Wednesday, June 27, 2018

Just Announced: IBM Cloud App Management

Here's the announcement, with architecture details:

https://developer.ibm.com/apm/2018/06/26/introducing-ibms-new-service-management-cloud-native-offering-ibm-cloud-app-management/

Some of the highlights are that it runs on IBM Cloud Private (so it runs in containers orchestrated by Kubernetes) and supports both ITM v6 and APM v8 agents.

Monday, June 25, 2018

Reading and writing files in a Maximo automation script

Background

All of the product documentation tells you to use the product provided logging for debugging automation scripts (see here, for example: https://www.ibm.com/support/knowledgecenter/SSZRHJ/com.ibm.mbs.doc/autoscript/c_ctr_auto_script_debug.html ). For quick debugging, however, I thought that was cumbersome, so I decided to figure out how to access files directly from within an automation script. This post goes over exactly what's required to do that. Maximo supports Jython and Rhino-JavaScript for automation scripting, and I'll cover both of those here.

Jython

This one was straightforward, since the Python documentation can be followed exactly. Jython is simply an implementation of Python written completely in Java. All you need to open a file is:

my_file = open('c:/tmp/outfile.txt','a')

where 'a' specifies that we're appending to the file (and creating it if it doesn't exist). You then do need to flush and close the file, and this is my function to do that:

def logit(mytext):
  my_file = open('c:/tmp/jout.txt','a')
  my_file.write(mytext + '\n')
  my_file.flush()
  my_file.close()

So to log a string, just run:

logit("this is my string")

Reading from a file is just as easy:

my_read = open('c:/tmp/computers.json')
my_json = my_read.readline()
my_read.close()

In my case, the file contains one long line of JSON data, so readline() works great to store all of the text of the file into the string named my_json.

Rhino-JavaScript

This one is quite a bit more painful than Jython, which is really just one more reason that all of your automation scripts should be written in Jython. Specifically, the Rhino implementation in Maximo doesn't seem to completely adhere to the documentation you'll fine online. For example, there is no "ReadFile()" method available in Maximo. There are also other limitations, and the only way I found to get over them was to use Java classes. I thought that would make it easy, but then you have to deal with the fact that Java objects (specifically Array objects) are absolutely not the same as JavaScript objects. 

So, writing a file isn't too difficult once you realize that you need to use Java. Here's how you open and write a file:

var outFile = new java.io.FileWriter("c:/tmp/autoscriptout.txt");
outfile.write("my string");
outfile.close();

The hard part is actually reading data from the file. Using the same JSON file as above with one long line of JSON, the following is required to read that data into a JavaScript string that can then be parsed:

var 
  thefile = new java.io.File("c:/tmp/computers.json"),
  filelength = thefile.length(),
  thefilereader = new java.io.FileReader(thefile),
  jsonData = java.lang.reflect.Array.newInstance(java.lang.Character.TYPE,filelength),
  res = thefilereader.read(jsonData,0,filelength),
  jsonString = new java.lang.String(jsonData);

And now all of the JSON data is in the string named jsonString.

Enjoy.

Friday, June 15, 2018

ICD 7.6 Fresh install and config with LDAP authentication configured will fail

We found a problem when installing IBM Control Desk 7.6 on WebSphere and MSSQL where it fails every time if you enable LDAP/AD authentication during the configuration phase of the install. Specifically, you'll see this error in the ConfigTool window:

Apply Deployment Operations-CTGIN5013E: The reconfiguration action deployDatabaseConfiguration failed. Refer to messages in the console for more information.

And if you look in the CTGConfigurationTrace<datetime>.log file, you'll see this error:

SEVERE: NOTE ^^T^Incorrect syntax near the keyword 'null'.
com.microsoft.sqlserver.jdbc.SQLServerException: Incorrect syntax near the keyword 'null'.
at com.microsoft.sqlserver.jdbc.SQLServerException.makeFromDatabaseError(SQLServerException.java:216)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.getNextResult(SQLServerStatement.java:1515)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.doExecutePreparedStatement(SQLServerPreparedStatement.java:404)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement$PrepStmtExecCmd.doExecute(SQLServerPreparedStatement.java:350)
at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:5696)
at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:1715)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeCommand(SQLServerStatement.java:180)
at com.microsoft.sqlserver.jdbc.SQLServerStatement.executeStatement(SQLServerStatement.java:155)
at com.microsoft.sqlserver.jdbc.SQLServerPreparedStatement.executeQuery(SQLServerPreparedStatement.java:285)
at com.ibm.tivoli.ccmdb.install.common.util.CmnEncryptPropertiesUtil.init(CmnEncryptPropertiesUtil.java:187)
at com.ibm.tivoli.ccmdb.install.common.util.CmnEncryptPropertiesUtil.<init>(CmnEncryptPropertiesUtil.java:101)
at com.ibm.tivoli.ccmdb.install.common.util.CmnEncryptPropertiesUtil.getInstance(CmnEncryptPropertiesUtil.java:141)
at com.ibm.tivoli.ccmdb.install.common.config.database.ACfgDatabase.createCronTask(ACfgDatabase.java:1391)
at com.ibm.tivoli.ccmdb.install.common.config.database.CfgEnableVMMSyncTaskAction.performAction(CfgEnableVMMSyncTaskAction.java:140)
at com.ibm.tivoli.ccmdb.install.common.config.database.ACfgDatabase.runConfigurationStep(ACfgDatabase.java:1108)
at com.ibm.tivoli.madt.reconfig.database.DeployDBConfiguration.performAction(DeployDBConfiguration.java:493)
at com.ibm.tivoli.madt.configui.config.ConfigureSQLServer.performConfiguration(ConfigureSQLServer.java:75)
at com.ibm.tivoli.madt.configui.common.config.ConfigurationUtilities.runDatabaseConfiguration(ConfigurationUtilities.java:540)
at com.ibm.tivoli.madt.configui.bsi.panels.deployment.TpaeDeploymentPanel$RunOperations.run(TpaeDeploymentPanel.java:1550)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121)


This happens before the EAR files are built.

The way around this is to select "Use Maximo internal authentication" on the "Configure Application Security" screen of the ConfigTool". Once everything is installed, configured and running, you can then go in and enable J2EE application security for authentication.


Wednesday, June 13, 2018

JD-Gui is an invaluable tool for troubleshooting Java applications

If you deal with Java applications, you should get familiar with JD-Gui if you aren't already. JD-Gui (Java Decompile - Graphical User Interface) does exactly what its name states, and it seems downright magical because it shows you source code from compiled Java applications, which can give you amazingly useful insight into how an application is working. Here's a screenshot of it in action, where I'm using it to look at a JAR file that's included with the IBM Control Desk ConfigTool:


All of that information came from just dropping the JAR file onto JD-Gui.

The problem I'm encountering is a SQL error complaining about a syntax error near the keyworkd "null". By looking at the trace file produced and the source code, I've been able to reproduce the exact error message, and I'm 100% confident I know exactly in the code where the error is generated. So instead of just randomly trying different possible solutions, I can focus on the very small number of areas that could be causing this particular problem.

I've been using this tool for years, so I'm not sure what took me so long to write about it.