Archive for the ‘websphere’ Category
* another tool for SVN – list_repositories.pl
Posted on May 11th, 2009 by doug. Filed under Solaris, apache2, eclipse, subversion, tools, websphere.
One of the features of subversion + apache2 is the ability to list repositories – natively.
SVNParentPath /apps/repos
SVNListParentPath on
Unfortunately, once you restrict the httpd.conf to individual repositories and start handling permissions separately you lose that. Both of these permissions, set at the top level, at the parent path to the repositories, have to be commented out to have the individual permissions on the directories below take effect.
And listing just the repositories wasn’t enough for what I had in mind – I wanted a read-only table showing an individual developer or a team lead for a project who has what permissions for the subversion repositories. All the users, all the repositories.
Just your basic cgi.
and the script:
# script to parse and display users and repositories and rights (R, RW)
use strict;
use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);
##----------------------------
## Variables
##----------------------------
#debug
my $debug = 0; #set to 0 to turn off, 1 (true) to turn on
# title for page
my $PageTitle = "List of SVN Repositories";
## repository directory
my $SVN = "/apps/repos";
## location for htpasswd files
my $HTDIR = "/apps/apache2/conf/htpasswd";
## Set untainted path
$ENV{PATH} = '/apps/apache2/bin:/bin:/usr/bin:/usr/local/bin';
$ENV{IFS} = "" if $ENV{IFS} ne "";
# css
my $css = "http://<your server name>/css/main.css";
my $headerimg = "http://<your server name>/css/roger_rabbit_120.jpg";
##------------------------------
## MAIN
##------------------------------
&standard_header;
my ($ref_repos, $ref_tabledata, $ref_users) = &CreateTableSpace;
&DisplayTable ($ref_repos, $ref_tabledata, $ref_users);
&standard_footer;
exit;
##------------------------------
## subs
##------------------------------
sub standard_header {
print header();
print start_html(-Title => "$PageTitle", -BGCOLOR=>"White",
-style => {
-src => "${css}"
}
);
print ("<div id=\"header\">\n");
print p("<img src=\"${headerimg}\" title=\"Wells logo\" alt=\"wells logo\"/>\n");
print ("</div>\n");
print ("<div id=\"headertitle\">\n");
print h3("Repositories<br/>\nusers | read (R) | read & write (RW)\n"); # start_multipart_form() if file upload
}
sub standard_footer {
print end_html();
}
sub CreateTableSpace {
my $ref_repos = &GetBlankRepos;
my @repos = @$ref_repos; # dereference
my %tabledata = (); # hash to hold table data
my @users = (); # list of users
my %seen = ();
foreach my $rep (@repos) {
open(FILE, "$HTDIR/${rep}_read") || croak "Failed to open $HTDIR/${rep}_read for reading...";
my @filelines = <FILE>;
close FILE;
foreach my $line (@filelines) {
# lines are user:passwd
my ($user, $pass) = split (":", $line);
unless ($seen{$user}) {
$seen{$user} = 1; # save as seen
push (@users, $user); # save the user to a list
}
$tabledata{$rep}{$user} = "read";
}
open (FILE, "$HTDIR/${rep}_write") || croak "Failed to open $HTDIR/${rep}_write for reading";
my @file_lines = <FILE>;
close FILE;
foreach my $line (@file_lines) {
# lines are user:passwd
my ($user, $pass) = split (":", $line);
unless ($seen{$user}) {
$seen{$user} = 1; # save as seen
push (@users, $user); # save the user to a list
}
$tabledata{$rep}{$user} = "readwrite";
}
}
return (\@repos, \%tabledata, \@users);
}
sub GetBlankRepos {
my @repos = ();
# list $SVN
opendir (DIR, $SVN) || croak "Failed to open directory $SVN for reading...";
while (defined(my $file = readdir(DIR))) {
# skip ".", ".." and .<hidden> files...
if ($file =~ /^\./) {
next;
} else {
push(@repos, $file);
}
}
return (\@repos);
}
sub DisplayTable {
my $ref_repos = shift; #@repos
my $ref_tabledata = shift; # %tabledata
my $ref_users = shift; # @users
# dereference
my @repos = @$ref_repos;
my %tabledata = %$ref_tabledata;
my @users = @$ref_users;
# repos across the top, users down, R or RW for permissions
# $tabledata{$rep}{$user} = "readwrite";
# start table
print ("<table>\n<tbody>\n");
# table header
my $cols = ($#repos + 1);
print ("<tr><td>Users</td><td colspan=\"$cols\">Repositories</td></tr>\n");
print ("<div id=\"repotitles\"><tr>\n<td> </td>");
foreach my $rep (@repos) {
print ("<td>$rep</td>");
}
print ("\n</tr>\n</div>\n");
foreach my $user (@users) {
print ("<tr>\n<td>$user</td>");
foreach my $repo (@repos) {
if ($tabledata{$repo}{$user}) {
if ($tabledata{$repo}{$user} eq "read") {
print ("<td>R</td>");
} elsif ($tabledata{$repo}{$user} eq "readwrite") {
print ("<td>RW</td>");
}
} else {
print ("<td> - </td>");
}
}
print ("\n</tr>\n");
}
# finish table
print ("</tbody>\n</table>\n");
}
* how to monitor ibm mq from nagios
Posted on October 21st, 2008 by doug. Filed under websphere.
This was one of the search terms that found an article here… I hadn’t addressed this directly, but I use Nagios to monitor my company’s server environment, and specifically implemented that monitoring for IBM Websphere MQ.
For MQ, I run nagios monitoring against queue depth and processes. I installed three plugins to run against WebSphere. Of these one was developed for my company’s needs (qdepth), one was changed slightly (channels) and the last debugged, found not to actually measure accurately, and not resolved (message age).
Here’s the nagios console for the websphere MQ server. “message age” in the second qdepth check service title is deceptive – actually checking qdepth…
This is the commands section from the nrpe.cfg file on the WebSphere MQ server.
command[check_mq_channel]=/usr/local/nagios/libexec/check_mq_channel.sh $ARG1$ $ARG2$
command[check_mq_msgage]=/usr/local/nagios/libexec/check_mq_msgage.sh $ARG1$ $ARG2$ $ARG3$ $ARG4$
command[wmq_check_qdepth]=/usr/local/nagios/libexec/wmq_check_qdepth.pl $ARG1$ $ARG2$ $ARG3$
Of these we only really using qdepth monitoring. The channels come up triggered, so an inactive state is fine, and the plugin as written only tests for “running”. The message age plugin, as I mentioned, doesn’t actually work.
When I first looked at setting this messaging up and then monitoring it, I searched for “nagios monitoring MQ webshere” and found several pre-written plugins. I took each plugin and tested it for usability and for accurate results and for meeting what we needed for monitoring.
The message age plugin, in testing, actually returned a hard-coded result rather than actually testing and returning a valid answer. I started to fix it, set it aside and haven’t resolved it. I don’t recall the source for the plugin. Check each piece of code you download from the internet – it may have gone through extensive development and testing, or it could just as easily have been hacked together in an hour. Your mileage may seriously vary and I would highly recommend you verify any of this before you bet your job on it.
Here’s the qdepth plugin – I think I wrote or re-wrote this pretty much from scratch, but the original concept for parsing runmcsc came from one of the plugins I downloaded, written by Kyle O’Donnell – the channel plugin has his original author credit intact. This plugin has alerted once to an increasing qdepth, which turned out to be an issue with an SSL certificate.
#! /bin/perl## wmq_check_qdepth.pl
#
# nrpe (nagios) script to check websphere qdepth
# uses runmqsc binary
#
# display queue ('APP.REQUEST')
# 8 : display queue ('APP.REQUEST')
# AMQ8409: Display Queue details.
# QUEUE(APP.REQUEST) TYPE(QLOCAL)
# ACCTQ(QMGR) ALTDATE(2008-01-22)
# ALTTIME(14.18.23) BOQNAME( )
# BOTHRESH(0) CLUSNL( )
# CLUSTER( ) CLWLPRTY(0)
# CLWLRANK(0) CLWLUSEQ(QMGR)
# CRDATE(2008-01-22) CRTIME(14.18.23)
# CURDEPTH(0) DEFBIND(OPEN)
# DEFPRTY(0) DEFPSIST(NO)
# DEFSOPT(SHARED) DEFTYPE(PREDEFINED)
# DESCR( ) DISTL(NO)
# GET(ENABLED) HARDENBO
# INITQ( ) IPPROCS(0)
# MAXDEPTH(5000) MAXMSGL(4194304)
# MONQ(QMGR) MSGDLVSQ(PRIORITY)
# NOTRIGGER NPMCLASS(NORMAL)
# OPPROCS(0) PROCESS( )
# PUT(ENABLED) QDEPTHHI(80)
# QDEPTHLO(20) QDPHIEV(DISABLED)
# QDPLOEV(DISABLED) QDPMAXEV(ENABLED)
# QSVCIEV(NONE) QSVCINT(999999999)
# RETINTVL(999999999) SCOPE(QMGR)
# SHARE STATQ(QMGR)
# TRIGDATA( ) TRIGDPTH(1)
# TRIGMPRI(0) TRIGTYPE(FIRST)
# USAGE(NORMAL)
### Variables ###
# test values set if this flag is true (1)
### THIS MUST BE SET TO 0 IN PRODUCTION!!! ###
my $test = 0;
# debug flag (adds messages)
my $debug = 0;
my $LOG = "/tmp/wmq_check_qdepth.pl.log";
# runmqsc binary
my $MQSC = "/opt/mqm/bin/runmqsc";
### ARGS ###
# first argument is warn level
my $WARN = shift;
# second arg is crtitical level
my $CRIT = shift;
# third arg is queue name
my $QUEUE = shift;
# set for dev purposes
if ($test) {
$WARN = 5;
$CRIT = 10;
$QUEUE = "1A33.EVG.REQUEST";
}
# validate
# WARN and CRIT must be greater than 0 and CRIT must be greater than WARN
unless (($WARN > 0) && ($CRIT > 0)) {
print ("Command Failed: WARN and CRIT levels must be greater than 0\n");
exit 3;
}
unless ($CRIT > $WARN) {
print ("Command Failed: CRIT must be greater than WARN\n");
exit 4;
}
### Subs ###
### MAIN ###
# run query
my $result = `echo "display queue ('${QUEUE}')" | $MQSC | grep CURDEPTH`;
print ("result: $result\n") if $debug;
# parse result
my @lines = split ("\n", $result); # divide into an array by end of line...
# each element of the array will contain a single line
# set variables
my ($PARAM, $VALUE);
for my $line (@lines) {
# each line is one or two elements like "QDPLOEV(DISABLED) QDPMAXEV(ENABLED)"
# divide those...
my ($first, $discard) = split (' ', $line);
print ("\$first: $first \$discard $discard\n") if $debug;
($PARAM, $VALUE) = split ('\(', $first);
$VALUE =~ s/\)//;
print ("\$PARAM: $PARAM \$VALUE: $VALUE\n") if $debug;
}
# testing value
$VALUE = 13 if $test;
# check for $WARN and $CRIT levels, exit 0 as OK, 1 as warn or 2 as critical
if ($VALUE == 0) {
print ("OK: found qdepth for $QUEUE at 0\n");
exit 0;
} elsif ($VALUE < $WARN) {
print ("OK: found qdepth for $QUEUE at $VALUE\n");
exit 0;
} elsif (($VALUE >= $WARN) && ($VALUE < $CRIT)) {
print ("WARN: qdepth of $QUEUE is at $VALUE: exceeds WARN thresh of $WARN\n");
exit 1;
} elsif ($VALUE >= $CRIT) {
print ("CRITICAL: qdepth for $QUEUE at $VALUE: exceeds CRITICAL thresh of $CRIT\n");
exit 2;
}
This is the channel status plugin – I may have re-written the original data gathering runmssc string, but the majority of the plugin remained intact…
#!/bin/ksh
#
# check queue manager status
#
# Kyle O'Donnell
#
#$Id: check_mq_channel,v 1.2 2007/04/04 14:36:02 kodonnel Exp $
#
# debug
DATE=`date`
LOG="/tmp/nrpe_check_mq_channel.sh.log"
echo "" >> $LOG
echo $DATE >> $LOG
echo "" >> $LOG
[ $# -ne 2 ] && echo "usage: $0 " && exit 3
channel=$1
qmgr=$2
echo "channel: $channel qmanager: $qmgr" >> $LOG
RUNMQSC="/opt/mqm/bin/runmqsc"
chanstatus=`echo "dis chs(${channel}) status" | ${RUNMQSC} ${qmgr} | grep -i "status(running)"`
echo "channel status result: $chanstatus" >> $LOG
if echo $chanstatus |grep -i "status(running)" > /dev/null 2>&1; then
STATE=0
printf "${channel} on ${qmgr} running"
echo ""
echo ""
else
STATE=2
printf "${channel} on ${qmgr} not running"
echo ""
echo ""
fi
echo "state: $STATE" >> $LOG
exit $STATE;
Here’s the server.cfg file for the Websphere MQ machine on the nagios server:
define service {
use generic-service
host_name mq1
service_description Host Alive
check_period 24x7
contact_groups unix-administrators
notification_period 24x7
check_command check-host-alive
}
define service {
use generic-service
host_name mq1
service_description Sonic Bridge java process
check_period 24x7
contact_groups esb-administrators
notification_period 24x7
check_command check_unix_proc!mqm!1!java
}
define service {
use generic-service
host_name mq1
service_description SSB queue depth EVGPQM01.DEAD.QUEUE message age
check_period 24x7
contact_groups systems-services,help_desk
notification_period 24x7
check_command wmq_check_qdepth!1!3!QMGR01!QMGR01.DEAD.QUEUE
}
define service {
use generic-service
host_name mq1
service_description server queue depth APPLICATION.RESPONSE
check_period 24x7
contact_groups systems-services,help_desk
notification_period 24x7
check_command wmq_check_qdepth!5!10!APPLICATION.RESPONSE
}
define service {
use generic-service
host_name mq1
service_description server queue depth OPPOSITE-QMGR
check_period 24x7
contact_groups systems-services,help_desk
notification_period 24x7
check_command wmq_check_qdepth!5!10!OPPOSITE-QMGR
}
define service {
use generic-service
host_name mq1
service_description WMQ command server
check_period 24x7
contact_groups systems-services,help_desk
notification_period 24x7
check_command check_unix_proc!mqm!1!amqpcsea
}
define service {
use generic-service
host_name mq1
service_description WMQ Critical process manager
check_period 24x7
contact_groups systems-services,help_desk
notification_period 24x7
check_command check_unix_proc!mqm!1!amqzmuc0
}
The strategy is to monitor qdepth and processes specific to IBM WebSphere MQ on the Websphere MQ server, along with the normal UNIX processes and disk space.
— dsm
* refreshing SSL certificates in websphere MQ
Posted on July 30th, 2008 by doug. Filed under websphere.
The first project I was given when I started at Evergreen Investments involved IBM’s WebSphere MQ messaging application. I took a development instance of the application and translated that to the requirements for a production deployment of the application.
It has been completely bulletproof. Set up correctly and sized appropriately, it just works. Eventually all good things come to an end, and you must maintain the service. SSL certificates expire, and must be replaced with new certificates.
In WebSphere versions prior to 6.0, you had to restart the queue manager, the local god of the application, to have the new certificate information deploy. That was somewhat disruptive, but it ensured that the information you were using for bringing up encrypted channels of communication was the new information, not the old.
With version 6.0, there is a command you can run in runmqsc (the WebSphere MQ command line shell and script interface) –
REFRESH SECURITY TYPE(SSL)
The same command run as
REFRESH SECURITY
will touch USER security, but leave the SSL certificate information untouched and unrefreshed. Thus leaving you with an invalid certificate in place, even though you have replaced and refreshed (you think) the information…
This is obvious in hindsight. And completely baffling, until you find it, while trying to get the application to come back up after replacing an expired certificate.
—dsm
recent posts
- compacting logs
- I miss my brother…
- home to Boston, daughter in remission
- visually healthy bone marrow…
- matter of the lungs
- Fall through code to a success…
- another tool for SVN – list_repositories.pl
- svnadmin.pl – perl cgi script to manage svn over apache
What I'm Doing...
- waiting for Dell to inform FedEx they've shipped my netbook... 2010-06-07
- sorting out stuff (moving...) 2010-05-25
- downloaded netbook remix (for my Asus) and amd64 (for my 64 bit Intel PC) - desktop for everything else has slowed to 120 kbs... 37 minutes 2010-04-29
- More updates...
Posting tweet...