Monday, 24 April 2017

Validating SSL configuration for IBM MQ using mqcertck

In the past in order to perform SSL checking we would have been required to verify manually that the key repository was in the correct location with the correct permissions. We would also have needed to verify the correct CHECKLABL parameter was being used.

As of IBM MQ version 8.0.0.4 (Not on the appliance) we can instead use the mqcertck command. This does the above testing from a previous MQ support pack. The command requires a queue manager is defined but also optionally allows the channel, key repository, port, a specific user or checklabl parameter to be defined and checked.

For full details see the knowledge centre;
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_8.0.0/com.ibm.mq.ref.adm.doc/q120895_.htm

I began to use this command for my Pure Application MQ and IIB testing to coincide with legacy verification tests used after the success of a deploy.. The first usage gave me the following output based on scripts that had been ported to Pure from legacy stand alone scripts.

  [mqm@XXXXXXXXXX root]$ mqcertck MQXXX01
  5724-H72 (C) Copyright IBM Corp. 1994, 2015.
  +----------------------------------------------------------
  | IBM MQ TLS Configuration Test tool                       
  +----------------------------------------------------------
  | mqcertck has ended. See above for any problems found. 
  | If there are problems then resolve these and run this   
  | tool again.                                             
  |                                                         

  +----------------------------------------------------------

This appears to suggest that there were no SSL/TLS configuration issues, thought there isn't a "successful completion" message. Being a firm believer that nobody is perfect, I wanted to test that all was well in the deploy configuration and that the above outcome is expected.

First I altered the queue manager CHECKLABL to a generic 'my labels' and got the following output when the command was rerun.

  echo "ALTER QMGR CERTLABL( 'mylabels' )" | runmqsc MQXXX01
  echo "REFRESH SECURITY TYPE(SSL)" | runmqsc MQXXX01

  [mqm@XXXXXXXXXX root]$ mqcertck MQXXX01
  5724-H72 (C) Copyright IBM Corp. 1994, 2015.
  +----------------------------------------------------------
  | IBM MQ TLS Configuration Test tool                       
  +----------------------------------------------------------
  | Problem identified:                                      
  |  No certificate could be found for the queue manager     
  |  MQXBK01 
  |                                                          
  | Advice:                                                  
  |  Queue managers will use a certificate with the label    
  |  set in the Queue Manager's CERTLABL attribute.          
  |  There is no certificate with the label mylabels 
  |  in the key repository being used by the queue manager   
  |  (/var/mqm/qmgrs/MQXXX01/ssl/MQXXX01.kdb) 
  |                                                          
  | Possible resolution:                                     
  |  A valid certificate with the label mylabels 
  |  needs to be added to the key repository.                
  |                                                          
  | Exceptions:                                              
  |  SSL channels being used to connect to another queue     
  |  manager do not need a personal certificate if the remote
  |  end of the channel at that queue manager has SSLCAUTH   
  |  (SSL client authentication) set to OPTIONAL.            
  |  This is true for channels which initiate the connection 
  |  e.g. sender or requester channels                       
  +----------------------------------------------------------
  | mqcertck has ended. See above for any problems found. 
  | If there are problems then resolve these and run this   
  | tool again.                                             
  |                                                         
  +---------------------------------------------------------- 

A certificate with the stated label - as expected - couldn't be found. So I reverted back to the original labels.

  echo "alter qmgr certlabl( ‘Original Label’ )" | runmqsc MQXXX01
  echo "REFRESH SECURITY TYPE(SSL)" | runmqsc MQXXX01

  [mqm@XXXXXXXXXX root]$ mqcertck MQXXX01
  5724-H72 (C) Copyright IBM Corp. 1994, 2015.
  +----------------------------------------------------------
  | IBM MQ TLS Configuration Test tool                       
  +----------------------------------------------------------
  | mqcertck has ended. See above for any problems found. 
  | If there are problems then resolve these and run this   
  | tool again.                                             
  |                                                         
  +----------------------------------------------------------

I then wanted to test if the command couldn't find the correct .kdb file so I went to the relevant directory and "mv"ed the .kdb to another name in the same location.

  cd /var/mqm/qmgrs/MQXXX01/ssl
  mv MQXXX01.kdb MQAAA01.kdb

  [mqm@XXXXXXXXXX root]$ mqcertck MQXXX01
  5724-H72 (C) Copyright IBM Corp. 1994, 2015.
  +----------------------------------------------------------
  | IBM MQ TLS Configuration Test tool                       
  +----------------------------------------------------------
  | Problem identified:                                      
  |  No key repository could be found for the queue manager  
  |  MQXBK01 
  |                                                          
  | Advice:                                                  
  |  Queue managers use the SSLKEYR attribute to identify the
  |  location of the SSL key repository to use.              
  |  No key repository file could be found at the location   
  |  specified in the queue manager's SSLKEYR attribute      
  |  (/var/mqm/qmgrs/MQXXX01/ssl/MQXXX01.kdb) 
  |                                                          
  | Possible resolution:                                     
  |  Alter the queue manager's SSLKEYR attribute to point at 
  |  the correct key repository and/or create a key          
  |  repository at the specified location.                   
  +----------------------------------------------------------
  | mqcertck has ended. See above for any problems found. 
  | If there are problems then resolve these and run this   
  | tool again.                                             
  |                                                          
  +----------------------------------------------------------

The output for this failure clearly states that the key repository as defined on the queue manager could not be found. When I moved the file back and ran the command again. The command again confirmed the SSL setup was correct.

mv MQAAA01.kdb MQXXX01.kdb

  [mqm@XXXXXXXXXX root]$ mqcertck MQXXX01
  5724-H72 (C) Copyright IBM Corp. 1994, 2015.
  +----------------------------------------------------------
  | IBM MQ TLS Configuration Test tool                       
  +----------------------------------------------------------
  | mqcertck has ended. See above for any problems found. 
  | If there are problems then resolve these and run this   
  | tool again.                                             
  |                                                         
  +----------------------------------------------------------

To conclude, when it comes to mqcertck: no news is good news.

Monday, 6 March 2017

Launch Configuration - IBM Bluemix

A few days ago, I was playing with Bluemix and building an application. But, I accidentally deployed my application to the wrong Bluemix Space. Silly, I know. I didn't really realise why this had happened. So, here's why...

In IBM Bluemix you can have a number of organisations, each with multiple spaces. To deploy applications in these spaces, each project has a .launch file that is used by Bluemix to determine the launch configuration.

This file can be found in the launchConfigurations folder as seen below:
A .launch file is assigned for each project
In this file there is a description of the service type, the name of the application as well as target information for where to deploy. This file can be seen here:
A typical .launch file
It is important to make sure that the target location is set to the Url, Org and Space that you want to deploy to. It also means you can deploy the same application in lots of different spaces.

You can also make additional changes to the application in the manifest.yml which can be put into the "Path" entity in the configuration file. The manifest lets you define memory usage, application name (which will need to be changed *i think* if you wish to deploy the same application in multiple places), domain name and disk quota.

The final piece to mention is the "Instrumentation" entity which is where you store the Connected Service configuration information in the .launch file.

So, there's why. You need to check your configuration and understand what you're doing.

Thursday, 16 February 2017

Weighing for Stall Torque

So a while back, Alastair and I, made a watering system for the greenhouse. It was fantastic. For the three days we used it.

It was in fact, the end of Mine and Louise's greenhouse cycle as we'd got the allotment late and had nothing left to grow, however in the last two weeks we've started planting out cauliflower, red onions and parsnips in the spare bedroom so will shortly need to use the system again.

So I called back the technical support of Alastair, and alas during testing (We're well disciplined technicians) the closing of the tap by the servo was failing. It appeared that the servo was struggling on its return either because the tap was stiff or there wasn't enough power.

Alastair - being the Einstein he is - suggested we tested the force the servo would need in order to turn the tap. So our first test was to thread string around the handle roughly 1cm from the pivot point. We then hung a plastic cup from this and slowly added water.

Test 1: Cup on a string and add water
********************
Lesson 1: If you use a knife to put holes in your cup and then add water. The water will eventually reach the holes and pour all over your counter.
********************
The water wasn't heavy enough to move the tap at all, and in fact didn't make turning it any easier.
Let's move on. 

The next thing to try was a random ball of lead that weighed roughly 600g. This still was unable to turn the tap on its own. However once we added a hammer to the top it quickly turned. Great? Not quite. So we now weren't seeing the effective weight power we needed to turn the tap because it was imprecise between the weight of the lead, and the weight of the lead and the hammer. 


********************
Lesson 2: Do not put lead on the scales you use to weigh your food. Lead poisoning is a thing.
********************

Additional to our problems, attaching string to a tap in the way shown below, has added a cm to the distance from pivot making the maths more difficult and the whole thing a bit wild.

Knots are tricky

Eventually we managed to find some scales to make it all easier, some old style cooking scales.

We removed the top, held the tap steady and pushed down on the metal point of the scale until the tap slowly began to turn. We then measured the constant weight shown as the tap was turned. To add accuracy we repeated the test until we had some averages.

We found we needed around 820g of weight to turn the tap. We had been using the Tower Pro SG90 Mini Servo, 37-1330 which hasStall torque - 1.8kg/cm (4.8V). Specs.

What's that I hear you ask? What is stall torque? It's a good question. At this point I had to ask Alastair what stall torque was and more importantly. Why we cared.

 ********************
Lesson 3: Find out why you are doing things before you do them.
********************
So, "Stall torque is the torque produced by a mechanical device whose output rotational speed is zero. It may also mean the torque load that causes the output rotational speed of a device to become zero, i.e., to cause stalling." Thanks Google!

So we were finding out how much stall torque power we needed for a 5v servo (4.8v) in order to make the tap turn. The answer was 820g to make it go down/open. However in reverse, we had to push it up with other factors such as going against gravity, water flowing etc. we would need additional power and force. Evidently, since the current servo was struggling to do this, it needed more than 1.8kg of stall torque to close the tap.

So we decided to just up the ante and use a more powerful servo. Which we had planned to do when we first saw it wasn't working.

To conclude, it was an interesting and exciting waste of time which I thoroughly enjoyed.

Friday, 27 January 2017

HTML Image Arrays

I recently started to play with php and building a website. What I really wanted to do was to create a checkbox list of a certain category. Place names and the like. But it was a lot of repetitive typing, so I toyed with writing an array. 

The array was fairly simple to create but didn't look very nice. So I instead decided that images would better represent whatever it was I was displaying.
My first play (getting bits and bobs off the internet) looked something like this;

Array of images loaded side by side
<html>
<body onload="buildImage('slct1');">
<script>
   function buildImage(slct1) {
       
        var images = ["a.jpg","b.jpg","c.jpg","d.jpg","e.jpg"];
                 var s2 = document.getElementById(slct1);
                 s2.innerHTML = "";
                 var optionArray = ["a.jpg","b.jpg","c.jpg","d.jpg","e.jpg"];
                 for (var option in optionArray) {
                     if (optionArray.hasOwnProperty(option)) {
                         var pair = optionArray[option];
                         var img = document.createElement("img");
                         img.src = optionArray[option];
                         img.height = 410;
                         img.width = 327;
                         s2.appendChild(img);
                        
                         var label = document.createElement('label')
                         label.htmlFor = pair;
                         label.appendChild(document.createTextNode(pair));
                     }
                 }
      }
</script>
</body>
</html>
********************
Lesson 1: Make sure you're using " instead of 
      ********************
For the sake of playing. I was then able to put them vertical by adding the simple line:
            s2.appendChild(document.createElement("br"));
on the last line of the if statement within the function.
                         ...
                         var label = document.createElement('label')
                         label.htmlFor = pair;
                         label.appendChild(document.createTextNode(pair));
                         s2.appendChild(document.createElement("br"));
                     }...
Array of images loaded vertically
********************
Lesson 2: There is no need to over complicate what can be simple.
      ********************
All is going well. Though I'd prefer to allow the user to cycle through the images. Again using an array so as to keep reduce the amount of manual labour I need to do to expand the website.

The next step is to load the first image in a single space and then add buttons to allow you to move from the previous image to the next image.


The above images show me cycling through the image letters until we get to "F" which isn't in the images array so the unloaded image icon appears where an image should be.

<html>
<body onload="buildImage();">
<div class="contents" id="content" align="center">
<button onclick="previousImage()">Previous Image</button><button onclick="nextImage()">Next Image</button><br>
</div>
<script>
    var images = ["a.jpg","b.jpg","c.jpg","d.jpg","e.jpg"];
    var index = 0;

    function buildImage() {
      var img = document.createElement('img')
      img.src = images[index];
      img.height = 410;
      img.width = 327;
      document.getElementById('content').appendChild(img);
    }
   function nextImage(){
      var img = document.getElementById('content').getElementsByTagName('img')[0]
      index++;
      img.src = images[index];
      img.height = 410;
      img.width = 327;
}
    function previousImage(){
      var img = document.getElementById('content').getElementsByTagName('img')[0]
      index--;
      img.src = images[index];
      img.height = 410;
      img.width = 327;
    }
</script>
</body>
</html>

This is solved by adding the following code: index = index % images.length;
This loops the images forever and ever and ever and ever and ever and ever.
********************
Lesson 3: Don't test this functionality with 100 images.
      ********************
A final thought.. you can implement other functions to be attached "on click" to these images as they load. In the image properties just add: img.onclick = function(){FUNCTION(param1, param2)};

So happy coding everyone and many thanks to the following:
http://www.w3schools.com
http://stackoverflow.com/questions/13330202/how-to-create-list-of-checkboxes-dynamically-with-javascript