I have a need to develop a CL script to quickly deploy a web application across a set of IBMi systems.
Right now, I have everything set up where I can create the directories, deploy the configurations (with the correct modifications) and place the files all from the CL script, but I cannot get it to automatically create and start the HTTP Server.
All of the documentation I can find requires that the servers be set up through the "IBM Web Administration for iSeries interface." Which is pretty much useless if I am trying to automate the entire system.
The only CL commands I can find which are of use are STRTCPSVR and ENDTCPSVR . However, there does not seem to be a clear way to add the server to the underlying system to start it.
Does anyone know of a CL command that does this? If not, is there an object/member I can edit which would add a server to the HTTPA, set it to point to the already set up htdocs and conf directories and then I can start it with STRTCPSVR?
See the Create Apache Server Instance (QzuiCreateInstance) API for a method to automate the creation of http instances.
The QzuiCreateInstance() API allows users to create a new IBM® HTTP Server for i server instance.
Also the QUSRSYS/QATMHINSTC file contains a member for every configured instance. Each member has one record that contains an entry in the format of -apache -d /www/instancename -f conf/httpd.conf. You may be able to create members and add the record without using the API.
Refer to:
How to Manually Create a HTTP Server
About_HTTP_directives_for_CGIDEV2
http://compgroups.net/comp.sys.ibm.as400.misc/create-an-apache-instance/1345746
Quick Summary:
Each HTTP server instance requires its own member in QUSRSYS/QATMHINSTC
/QSYS.LIB/QUSRSYS.LIB/QATMHINSTC.FILE/<SERVERNAME>.MBR
The member above should contain one record
-apache -d /www/<SERVERNAME> -f conf/httpd.conf -AutoStartN
Refer to /www in the IFS for for the file structure of the HTTP Server
Use <IBMi>:2001/HTTPAdmin/ to create a sample HTTP server, which can be used as the basis for future generated HTTP Servers.
Starting / Stopping the HTTP Server instance
srtcpsvr *http httpsvr(<SERVERNAME>)
Related
I have a CentOS VM with an ready installed Pingaccess Server Testenvironment with access to the Pingaccess Admin UI.
Now I would need to set up an Agent-Authentification on the system but sadly have no experience configuring Pingaccess sofar. I also find it dificult to find documentation to complete my task.
I would appreciate any hints and pointers in right direction or information on how this kind of setup can be configured and what else I might need? Is it even possible to set it up in a local VM?
Here a slightly more detailed description of the scenario:
An application that itself is not able to use a corresponding protocol (Oauth, SAML2, ...) (e.g. a small PHP script or something similar) that cannot do anything other than output a user name that it reads from the HTTP headers.
Set up an Agent that extends the header attributes and e.g. something like Header-UserName. The application can then access the web server variables and use these values without having to worry about how the authentication works. The agent, on the other hand, can do the protocols and handle authentication via the server (here PingAccess).
Thanks a lot in advance.
I'm pretty new to Kubernetes and clusters so this might be very simple.
I set up a Kubernetes cluster with 5 nodes using kubeadm following this guide. I got some issues but it all worked in the end. So now I want to install the Web UI (Dashboard). To do so I need to set up authentication:
Please note, this works only if the apiserver is set up to allow authentication with username and password. This is not currently the case with the some setup tools (e.g., kubeadm). Refer to the authentication admin documentation for information on how to configure authentication manually.
So I got to read authentication page of the documentation. And I decided I want to add authentication via a Static Password File. To do so I have to append the option --basic-auth-file=SOMEFILE to the Api server.
When I do ps -aux | grep kube-apiserver this is the result, so it is already running. (which makes sense because I use it when calling kubectl)
kube-apiserver
--insecure-bind-address=127.0.0.1
--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota
--service-cluster-ip-range=10.96.0.0/12
--service-account-key-file=/etc/kubernetes/pki/apiserver-key.pem
--client-ca-file=/etc/kubernetes/pki/ca.pem
--tls-cert-file=/etc/kubernetes/pki/apiserver.pem
--tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem
--token-auth-file=/etc/kubernetes/pki/tokens.csv
--secure-port=6443
--allow-privileged
--advertise-address=192.168.1.137
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--anonymous-auth=false
--etcd-servers=http://127.0.0.1:2379
Couple of questions I have:
So where are all these options set?
Can i just kill this process and restart it with the option I need?
Will it be started when I reboot the system?
in /etc/kubernetes/manifests is a file called kube-apiserver.json. This is a JSON file and contains all the option you can set. I've appended the --basic-auth-file=SOMEFILE and rebooted the system (right after the change of the file kubectl wasn't working anymore and the API was shutdown)
After a reboot the whole system was working again.
Update
I didn't manage to run the dashboard using this. What I did in the end was installing the dashboard on the cluster. copying the keys from the master node (/etc/kubernetes/admin.conf) to my laptop and did kubectl proxy to proxy the traffic of the dashboard to my local machine. Now I can access it on my laptop through 127.0.0.1:8001/ui
I just found this for a similar use case and the API server was crashing after adding an Option with a file path.
I was able to solve it and maybe this helps others as well:
As described in https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/#constants-and-well-known-values-and-paths the files in /etc/kubernetes/manifests are static pod definitions. Therefore container rules apply.
So if you add an option with a file path, make sure you make it available to the pod with a hostPath volume.
I created a new Hybris extension using one of the given templates.
The build was successful and I am able to start the server, too.
But when opening the weblink from the HAC I get the error "Cannot find CMSSite associated with current URL".
Are there suggestions to solve or investigate this issue?
You need to use hosts file mappings or use the site-ID parameter to avoid a 500 error.
Please follow these link
https://wiki.hybris.com/display/accdoc/Just+One+Storefront
https://help.hybris.com/6.3.0/hcd/8ae0711f86691014877ae05249b2f5ac.html (Hybris 6)
If you have administrator rights, it is a good idea to add the following entries in your host file.
127.0.0.1 hybris.local [Example]
The etc hosts modification allows the accelerator to identify sites (CMSSites) from the url. This makes the URL neat and clean.
After host file change, You can access the site like this
http://hybris.local:9001/yacceleratorstorefront/
If you don't do this, the sites would need to be identified with an additional request parameter like this
http://localhost:9001/yacceleratorstorefront/?site=hybris&clear=true
Error "Cannot find CMSSite associated with current URL".
This is because you are not telling hybris which site you want to access.
There are three ways to do that
Simply pass your siteID as a request parameter(?site=SiteID) in your first request which helps the Hybris to understand which site you are trying to access. Let's say I'm trying to access powertools site then URL would be
https://localhost:9002/yacceleratorstorefront?site=powertools
Access site with siteID as DNS name. You can make 127.0.0.1 host with <siteID>.local. Let's say I want to access a powertools (It's CMSSite id for powertools), then add an entry like 127.0.0.1 powertools.local in your host file and then access your site using http://powertools.local:9001/yacceleratorstorefront/ instead of localhost
Add a new regular expression of your choice in the urlPatterns of your CMSSite. So that you can access your site as you want. Let's say I want to access site using localhost URL only and without passing ?site=powertools ever. So I need to add a new regex like (?i)^https?://[^/].*$ to urlPatterns of powertools CMSSite. Now I can directly open powertools site using https://localhost:9002/yacceleratorstorefront/
You can do that using Impex as well
$siteUid=mysite
# CMS Site
INSERT_UPDATE CMSSite ; uid[unique=true] ; urlPatterns ;
; $siteUid ; (?i)^https?://[^/]+(/[^?]*)?\?(.*\&)?(site=$siteUid)(|\&.*)$,(?i)^https?://$siteUid\.[^/]+(|/.*|\?.*)$,(?i)^https?://[^/].*$ ;
Find the detailed answer here
In addition to the host entry, make sure to add the appropriate regular expression for your website.
The CMS site has an attribute called urlPatterns. This is a list of regular expressions that the website CMS filters match to determine which storefront a user is trying to access.
The simplest thing is to add a further regular expression to the CMS site like the one below:
(?i)^https?://[^/]*/yacceleratorstorefront((?![\?\&]site=).)*
At run time, you can can do it in the hybris Management Console(hMC). Navigate to WCMS Website Your Site Name Properties tab and edit URL Patterns section.
To make the change permanent, add the appropriate code to the CMS site setup ImpEx script run during the project data phase of initialization e.g. for electronics storefront
# CMS Site
UPDATE CMSSite;uid[unique=true];urlPatterns;
;electronics;(?i)^https?://[^/]+(/[^?]*)?\?(.*\&)?(site=electronics)(|\&.*)$,(?i)^https?://electronics\.[^/]+(|/.*|\?.*)$,(?i)^https?://api\.hybrisdev\.com(:[\d]+)?/rest.*$,(?i)^https?://[^/]*/yacceleratorstorefront((?![\?\&]site=).)*;
This issue usually comes up if the server was started with unsatisfied spring bean dependencies. Please check your server startup log to confirm which particular bean or beans failed to initialise.
I have a file (or set of files under a directory) published on my web server. Each of this resource needs to be access-protected based on the user's credentials and authority.
The authorization details are stored in a DB, so I need to make a call to the Java code in application server to determine the access.
Everytime the user hits this particular path in the webserver, I need to ensure s/he has access to the requested resource by, ensuring he is logged in and has the necessary priveleges to access this resource.
The webserver is apache - Can you please point me to the settings in apache that allows me to secure resource access using the above logic?
Thanks for the suggestions to correct the Tag and the Question!:
My Web Server is Apache HTTPD
Agree that this is not a Java Question: The only reason why I am bringing the Java perspective, is that I am most likely going to use some Java POJOs to go and check for user authorization for a particular directory that is stored in the DB - That is unless there is a trick in the apache httpd configuration that goes and checks the DB automatically - something similar to the one that is pointed out here...At the end of the it, I need to check if a particular user (authenticated previously by the Single Sign On Server (Sun access manager)) has access to a particular directory (user mapping to directory stored in the DB) and protect the resources under the directory accordingly.
Please let me know if that clarifies.
i am not sure why this is tagged with java - unless your db structure is VERY sepcific, you might able to get it done with apache authz and authn:
http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html
or, for an ovierview:
http://httpd.apache.org/docs/2.2/howto/auth.html
Here's the scenario:
Server A is hosting the 'main' application (www.example.com)
Server B is hosting a support application (b.example.com)
They are connected internally to each other through a 192.* address and are both externally available through DNS
Server A has several virtual directories that are mapped through UNC shares:
www.example.com/virtual1 -> \192.168.1.1\virtual1 (on serverB)
I'd like to be able to run the application that sits on Server B (served through IIS) and make it appear as if it's running on serverA:
www.example.com/application -> b.example.com/app
I'd still want to be able to access server B directly
b.example.com/app
Any ideas?
Edit:
Turns out the application behind the proxy refused to let me dynamically change it's form "action" (nor did it let me change anything else). I was able to display the data from the server; just couldn't post :(
So both answers pointed me in the right direction. I used a proxy:
http://code.google.com/p/iisproxy/
I created a virtual directory on Server A that matched the directories I needed on Server B - and it worked! :-)
This should be possible in IIS. I remember I had to do this once.
Just create a virtual directory using the UNC path pointing to \\ServerB\SharedAppDirOnB and (if necessary) "Connect As..." using the credentials needed for Server B.
If you have problems with "Connect As..." it could be a folder permissions problem of Server B. Try the following thing: add a new user account on your main server which has the same name and password as the account on Server B. It sounds stupid, but I remember it solved my issue. You could for example add a new user account on both servers: "IisCommon" with the same passwords on both servers. Then make sure you give all necessary file access permission to the folder on server B (and the Share permission!). Try first connecting manually using Windows Explorer if you can access the share.
Make sure that you mark the new virtual directory as application and give the right execution permissions.
Another solution would be some kind of reverse proxy. I used a third-party product on IIS 6.0 for this: ISAPIrewrite for IIS. The "proxy" mode allows you to "forward" request made to your main server (www.example.com/...) to your other server, but serving the resulting responses as if they were processed by your main "domain" application. The feature is called "proxy directive". It accepts regular expressions.
Since serving the virtual directory from server A through a UNC share apparently does not work, you need to serve b.example.com/app from server b.
DNS resolves domain names to IP addresses. You are asking for the same domain name to resolve to two different IP addresses, based on a different URL. This is not something that IIS or Windows can do.
Your options are:
write a proxy service on server A that passes requests on to server B. If you want it completely transparent (not just a redirect), you'd have to stream back the response as well. This is not trivial, but possible.
Put the server B page into an IFRAME on a new page on server A.
Use a load balancer in front of both servers that can split traffic based on URL