I have an MFP8 Bluemix service (which is now a Liberty app instead of container). Deployed one hybrid mobile app and 6 adapters. While things are working fine all of a sudden everything gets wiped off and the server is empty. I have to re-register the app and deploy all the adapters and configure push notification again. This has happened twice and it is very embarrassing when we are in front of customers doing a demo. Unable to figure out the pattern as to when this happens. Never had this issue when the MFP8 server was a container. MFP8 Console that is empty
Anamica,
If you are using the Developer plan, there is no persistent database to store your configuration (including apps and adapters). Everything is on the storage space of your running instance. If there is a restart of the server (because you asked for it or because the server crashed and auto-restarted), you need to redeploy your apps/adapters again. With the Professional plan, you can configure a dashDB database to keep your data in a safe and persistent space.
Agree with Jerome.
You can take a backup and restore in case its lost:
(a) Every time you make any changes to admin service, such as deploying an adapter, register an app, etc. run this CLI/command to download all your config into zip file.
$curl -X GET -u admin:admin -o export.zip http://<App Name>.mybluemix.net/mfpadmin/management-apis/2.0/runtimes/mfp/export/all
(b) In case you recreate your server and loose your config, run this CLI to import the above config to BMX app.
$curl -X POST -u admin:admin -F file=#./export.zip http://<App Name>.mybluemix.net/mfpadmin/management-apis/2.0/runtimes/mfp/deploy/multi
Reference: Different ways of exporting and importing MobileFirst Foundation server artifacts
Hope this helps!!
Related
A Weblogic server got hacked and the problem is now removed.
I am looking through the infected VM's now in a sandbox and want to see what if any data was accessed on the application servers.
the app servers were getting hammered with ssh requests and so we identified the infected VM's as the web logic VMS, we did not have http logging on. Is there any way to Identify if any PII was Compromised?
Looked through secure logs on weblogic as well as looked through the PIA logs
I am not sure how to identify what if any data was accessed
I would like to find out what went out of our network and info or data
what should I be looking for
is there anything I can learn from looking at the weblogic servers running on red hat?
I would want to believe that SSH was not the only service being hammered, and that was a large attempt to make eyes be on Auth logging whilst an attempt on other services is made.
Do you have a Time frame that you are working with?
Have the OS logs been checked for that time frame?
.bash_history been checked? env variables? /etc/pass* for added users? aliases? reverse shells open on the network connections? New users created on services running on that particular host?
Was WebLogic the only service running on this publicly available host?
What other services and ports were available?
Was this due to an older version of Weblogic or another service, application, plugin?
Create yourself an excel spreadsheet and start a timeline.
Look at all the OS level logging possible and start to make note of anything that looks suspicious, to then follow that breadcrumb to exhaustion.
I have made a copy of one of our live ldap servers to use in testing environment.
In our live system we have 2 ldap servers in master/master configuration.
My question is on our testing environment as there is only one server how can I delete the offline ldap server from DSCC. I have tried to remove it using the web interface but as its offline it throws an can't communicate error.
I have also tried using the dsccreg remove-server command with no success.
Any ideas?
You probably want to look at MOS note 1920317.1
I have deployed my application running on my local server # http://localhost:8048/myservice?day=xx&month=yy&year=zzzz , it works succesfully on my local machine, in that it downloads a file from the http site. However when I deploy to Mule Management console . I understand that the default port is 8585. When I change the URL to MMC & give the default port with the same path, it does not download the file . Am I missingsomething
The MMC is a utility for managing and monitoring Mule Standalone Runtimes.
One of its functions is to deploy apps to a Runtime. You are not actually deploying to the MMC.
Does this help clarify the situation or do you want any further help on want The MMC is used for and how to do it?
Please check the logs inside MMC.It stores the logfiles date wise.See if your application has been deployed in MMC successfully and if yes then do the following things:
1)If you are using any path to download the file then cross check the path details.You can put a logger to crosscheck that.
2)Put a logger before the business logic and after the business logic and follow what it is logging in the log file.
3)In case your server is Linux then check the path separator pattern
MMC is a Mule Management Console which is used (provides provision) to deploy, undeploy, manage, monitor application and server both. From the statement you mentioned in your query it seems you are trying to deploy the app in the MMC - MMC is not a server its a console where you can register your ESB Runtimes -or- API Gateways (on-Prem) servers so that you can deploy the applications to the server/runtimes (which will go to the runtimes location $MULE_HOME/apps).
Please check if you have registered the server under MMC's Server tab - if not then you have to do this first and then it will allow you to perform application deployment using the MMC's APplication tab where you can upload your deployment archive/artifacts/build to the mmc repo and then you can deploy through the deployment options by selecting your server (which you have registered).
If I am missing something from your statement then please clarify more and will try to help you out here.
I have a VM running Windows Server 2016 Technical Preview, and have installed the Containers feature, and then run the Install-ContainerHost.ps1 script from Microsoft's container tools repo
https://github.com/Microsoft/Virtualization-Documentation/tree/master/windows-server-container-tools/Install-ContainerHost
I can now run the Docker Deamon on Windows. Next I want to copy the certificates to a client machine so that I can issue commands to the host remotely. But I don't know where the certificates are stored on the host.
In the script the path variable is set to %ProgramData%\docker\certs.d
The certificates on windows are located in the .docker folder in the current user directory.
docker --help command will show the exact path details
AFAIK there are no certificates generated when you do what you are doing. If you drop certificates in the path you found then it will use them, and be secured. But otherwise there is none on the machine. Which explains why it isn't exposed by default.
On my setup I connected without TLS but that was on a VM that I could only access on my dev machine. Obviously anything able to be accessed over a network shouldn't do that.
Other people doing this are here: https://social.msdn.microsoft.com/Forums/en-US/84ca60c0-c54d-4513-bc02-14bd57676621/connect-docker-client-to-windows-server-2016-container-engine?forum=windowscontainers and here https://social.msdn.microsoft.com/Forums/en-US/9caf90c9-81e8-4998-abe5-837fbfde03a8/can-i-connect-docker-from-remote-docker-client?forum=windowscontainers
When I dug into the work in progress post it has this:
Docker clients unsecured by default
In this pre-release, docker communication is public if you know where to look.
https://msdn.microsoft.com/en-us/virtualization/windowscontainers/about/work_in_progress#DockermanagementDockerclientsunsecuredbydefault
So eventually this should get better.
I have installed Worklight 6.2 on Linux, using Liberty 8.5.5 and DB2 10.5. Created the DB2 databases for WRKLGHT and WLREPORT. Have executed the Server Configuration Tool and successfully created a Worklight Server configuration (did not have any errors in the Console view when running the Ant tasks, tables were created successfully in the database, and configuration shows deployed status in the SCT). Created a runtime environment in the SCT, also seemed to succeed (no errors in Console view, tables created/updated, runtime environment shows deployed in the SCT). Stopped and restarted the Liberty server.
Can hit Worklight admin at (/worklightconsole) and log in successfully using my demo user, however it then indicates there are no runtime environments. When trying to access runtime environment at /worklight/console (which should be the correct URL given how I created the runtime config in SCT using my Worklight project WAR), I get various errors: first "Service unavailable since initialization is not yet complete." then after retrying for about a minute or two I get "javax.servlet.ServletException: java.lang.RuntimeException: Timeout while waiting for the management service to start up at com.worklight.core.auth.impl.AuthenticationFilter.isWaitingForInitialization(AuthenticationFilter.java:561)".
Seems the management service is not starting up successfully. Upon reviewing the messages.log I see the following error precede it: "FWLSE0242E: Failed to synchronize application runtime information. The servlet initialization failed and the servlet will deny serve. The most common reason is a failure in JMX communication with the ''worklightadmin'' service. You need to restart the web application after fixing the problem. [project worklight]" and this creates an FFDC log.
I know this is a lot of information but trying to be complete. Anything I should check to fix the JMX communication issue and get the management service starting?
Thank you for the replies back. Turns out there is an issue with Liberty (I was on 8.5.5.0) and the IBM JDK I was using (1.7_64). Swapped out to the Oracle JRE (1.7.0_60-b19), pointed Liberty to use it, and the problem was solved. I am pursuing a fix with the Liberty team through IBM Support for this issue.
I cannot give a unique solution, but I can explain the situation and this may lead to a solution.
The runtime servlet initialization tries to contact the Worklight Admin service. The Worklight Admin service is a web application that must be running when the runtime starts. The runtime was not able to find the Worklight Admin service. It waited a while, in case that the Worklight Admin service is just starting up, but then gave up due to a timeout because within a given time, it could not find the Worklight Admin service.
Possible reasons:
the web server is not at all configured to run the Worklight Admin service. In your case, this seems not the problem, since you can access the Worklight Console. You should also see in the log file whether the Worklight Admin service did start.
the worklightadmin service might never start up ... this could be a configuration problem, e.g. with the WLADMIN data base. This could also be detected from the server logs.
when the runtimes and the Worklight Admin service start up together, it might be that the Worklight Admin service simply takes too long to start. Let's say you have 100 webapps, and the runtime starts first and the Worklight Admin service starts last, it could be that the 98 other webapps take too much time to start. In that case, make your web server lighter ... run only Worklight on that webserver, nothing else.
the Worklight Admin service starts, but the runtime cannot communicate with it. This indicates that the JMX communication is misconfigured. Follow the documentation of the webserver how to configure JMX. For liberty, see http://www-01.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_admin_restconnector.html?cp=SSD28V_8.5.5%2F1-5-2-10-1&lang=en