Tuesday 22 February 2022

IBM InfoSphere MDM - When Database Password is Updated

 Database password has to be updated at regular time intervals.  When database password is updated, there are certain key locations at which it has to be updated for IBM InfoSphere Master Data Management to function.  

1. The Data Sources

IBM InfoSphere Master Data Management has three Data Sources - DWLCustomer, DWLConfig and MDM in the WebSphere Application Server.  The password value is part of the Custom Properties at each Data Source.  This value has to be updated

To update the password at the Custom Properties of a Data Source,

i) In the WAS Admin Console, Go to Data Sources -> <NAME> -> Custom Properties

ii) Click on password and update the value.  Note that you can provide in plain text.

iii) Click on Save.  Note that when MDM installation is on WAS ND, the Nodes have to synchronized after the changes are performed.

When MDM is installed on WAS Cluster, the number of Data Sources which name MDM is equal to the number of servers in the cluster.  The custom property password at all Data Sources with name MDM has to be updated.

Ensure that all the three Data Sources DWLCustomer, DWLConfig and MDM are updated.

2.  The JAAS Entries

Database Password has to be updated at JAAS - J2C authentication data entries corresponding to DWLCustomer, DWLConfig and MDM.

i) Go to Data Sources -> DWL Customer -> JAAS - J2C authentication data

ii) For each entry that corresponds to the database, click on the entry, modify the value for password and click on OK.  

iii) After updating the database password for all JAAS entries, click on Save.  Note that when MDM installation is on WAS ND, the Nodes have to synchronized after the changes are performed.

Perform Test Connection at the Data Sources and ensure that the correct database password is used as expected.

The changes will get into effect in the MDM application once you restart the application server.  We recommend restarting the application after performing step 3 below.

3. Native engine

Update the value of the below

i) PWD2 in MAD_CONNSTR in com.ibm.mdm.mds.jni.cfg

MAD_CONNSTR=DSN\=MDMDB_E001;UID\=MDMSCHEMA;PWD2\=D7EB04AFB86C5914155D10B0E41DAC4D427124A8C0A1261D1C4B09FFA1961DB3;


ii) password2 in com.ibm.mdm.mds.jdbc.cfg

password2=D7EB04AFB86C5914155D10B0E41DAC4D427124A8C0A1261D1C4B09FFA1961DB3

where the base folder for these files is <MDM_INSTALL_DIR>/mds/conf and <WAS_PROFILE_DIR>/installedApps/<CELL>/MDM-native-<INSTANCE_ID>.ear/native.war/conf folder

Here PWD2 and password2 stands for database password that is encrypted using madpwd2 utility in <MDM_INSTALL_DIR>/mds/bin

To ensure that the connection to the database with the new password works, 

i) Go to the scripts folder (<MDM_INSTALL_DIR>/mds/scripts or <WAS_PROFILE_DIR>/installedApps/<CELL>/MDM-native-<INSTANCE_ID>.ear/native.war/scripts)

ii) Execute 

./madconfig.sh test_datasource

and ensure that the result is successful

After completing the above 3 steps perform synchronization and restart the application server or cluster.  You may execute IVT and confirm that the database password updation is successful.

Thursday 7 February 2019

IBM InfoSphere MDM - How to redeploy Enterprise Business Application when part of it is deleted

The application MDM-operational-server-EBA comprises of assets and bundles.  When one of these components gets deleted, the below steps can be followed to uninstall the components manually and install them back using utilities, to get the EBA working.

1. Go to Applications -> MDM-operational-server-EBA-<INSTANCE_ID> and delete all the Assets there.

2. Go to Applications -> Assets and delete all the Assets listed there.

3. Go to Environment -> OSGI Bundle Repositories -> Internal Bundle Repositories and delete all the bundles listed there.

4. Delete the Business Level Application MDM-operational-server-EBA-<INSTANCE_ID>

5. Synchronise the nodes and Save.

6. Replace the placeholder <INSTANCE_IDENTIFIER> with the value of instance id (similar to E001).  Go to <MDM_INSTALL_DIR>/mds/scripts and invoke the below madconfig targets.  Use madconfig.sh or madconfig.bat based on the OS, in this case, we assume that the OS is Linux.

./madconfig.sh install_mdm_eba install_prop_file_jar map_roles_to_users -DblaName=MDM-operational-server-EBA-<INSTANCE_IDENTIFIER> -DpropFileJarName=com.ibm.mdm.server.resources.properties-<INSTANCE_IDENTIFIER>.jar

For example:
./madconfig.sh install_mdm_eba install_prop_file_jar map_roles_to_users -DblaName=MDM-operational-server-EBA-E001 -DpropFileJarName=com.ibm.mdm.server.resources.properties-E001.jar

Please note that we are passing in two parameter values using the -D option.

7. During target execution, provide appropriate values for passwords.  For BLA User and BLA Password, provide values for MDM Administrator User and Password respectively.

8. After completion of targets' execution, synchronise the nodes and restart the application server.

9. Execute IVT to confirm that the EBA has started successfully.

Saturday 2 February 2019

Kubernetes Ingress Resource for HTTPS Service deployed on WebSphere Application Server

As a beginner to Kubernetes, the link to Ingress clearly explained how to write a fanout rule, but writing one to access HTTPS links on WebSphere took me time.  The concepts of TLS Secrets and certain annotations in Ingress along with certain custom parameters to be added to the Web Container were the primary concepts to be applied for it.

Secrets:
There are certain types of Secrets in Kubernetes, including those to access repositories. 
To access HTTPS links of WebSphere, we need to create a Secret of type TLS.  The steps to create a TLS certificate mention about a key file and certificate file.

kubectl create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}

 Normally, WebSphere Base Profiles are used with the Docker images that are deployed on Kubernetes.  The TLS certificate is created using the Key file (key.p12) located at <WAS_PROFILE_HOME>/config/cells/<CELL>/nodes/<NODE>  The steps to obtain the key file and the cert file using openssl tool are provided below.

openssl pkcs12 -in key.p12 -nokeys -out cert.pem
openssl pkcs12 -in key.p12 -nodes -nocerts -out cert.key

With this, you can create a certificate cert of type TLS using
kubectl create secret tls cert --key cert.pem --cert cert.key

Such a certificate has to be associated with each tls service that is referred to in an ingress resource yml file.  Please find a sample snippet below:
  tls:
  - hosts:
    - sample
    secretName: cert
Here sample is a Service which is referred in the rules section  of the Ingress resource and the tls type Secret cert is used to obtain access to it.   Note that we have created cert from the key.p12 file that is part of the Pod that the Service sample logically represents.



Annotations:
The annotation nginx.org/ssl-services has to be used to specify services that have to be accessed with Security using the TLS secret.  The below is a sample:
metadata:
  annotations:
    nginx.org/ssl-services: sample

Port Redirection in WebSphere Application Server:
Ingress provides us two ports, one corresponding to SSL and one corresponding to non-SSL.  It is also capable of determining the port based on the protocol used.  However, these ports will not be the same as those exposed by WAS Profiles.  The default behaviour of port redirection with WAS Profiles has to be overcome to use it with Ingress.  In order to do this we need to set two custom properties, trusthostheaderport and com.ibm.ws.webcontainer.extractHostHeaderPort, to value true at the Web Container associated with the WAS server.  Note that this change has to be done to the image used with Kubernetes.

 

Saturday 15 September 2018

IBM Entity Insight - The 'Analytical' MDM

A reputed telecommunications company has taken over a line of business from a mobile network operator.  I am a customer of both these organizations and my details are available with the telecommunications company.  As part of the take over, they replaced a dongle with another device and sent a person from a third party organization to verify me, inspite of having my details for the past four years.  This activity involved my time, my disgust of the company on the verification and the payment from the company to the third party.

The telecommunications company could have easily avoided this activity had they combined master data on their entities with the data from the company acquired and obtained key insights.   This is what is now possible with IBM InfoSphere Master Data Management (MDM) and IBM Entity Insight, which is available in IBM InfoSphere Big Match for Hadoop. 

The primary purpose of Entity Insight is to provide information savvy Data Analysts with Analytical Insights based on data from multiple sources.   Data from MDM and other sources are stored in a graph database.  Data from csv files and spreadsheets can be uploaded as collections.  Entity Insight which is also known as Analytical MDM allows the user the match collections with the data catalog and save the resultant collection.  Graph based exploration of collections is an added advantage.  It is also possible to perform searches on such collections based on conditions, save the search result and export the output.


IBM Entity Insight


The telecommunications company could have uploaded customer data from the mobile network operator and created a collection.  It could have then matched the collection with the data from MDM to find out the subset of common customers.  They need not have performed verification on known customers and saved time and money.  They could have also made use of the search feature and saved time and money by sending the alternative device area by area.


Links:
IBM Entity Insight Demo with MDM Publisher
Installing and configuring IBM Entity Insight
Publishing MDM Data to Graph Database

Wednesday 18 October 2017

Uninstall a User Interface from IBM InfoSphere Master Data Management v11.5

To uninstall a User Interface that has been installed with MDM v11.5, please follow the below steps.
Note: Please do not use the Modify option from Installation Manager to remove a User Interface from MDM v11.5

Changes to MDM_Variables.properties
1. Go to MDM_INSTALL_HOME/properties and edit the file MDM_Variables.properties.
2. From the value of property user.L2.mdm.feature.list, remove the feature name corresponding to the user interface that you want to uninstall.  The features names corresponding to the MDM user interfaces are listed below:
Business Administration UI: com.ibm.im.mdm.ba.webapp.feature
Enterprise Viewer: com.ibm.im.mdm.ev.webapp.feature
Web Reports: com.ibm.im.mdm.wb.webapp.feature
Inspector: com.ibm.im.mdm.inspector.webapp.feature
3. Save the properties file.

Changes to MDM_isInstalled.properties

1. Go to MDM_INSTALL_HOME/properties and edit the file MDM_isInstalled.properties.
2. Ensure that the value of property IS_MODIFY is YES
IS_MODIFY=YES
3. Ensure that the property corresponding to the installation of user interface is set to YES.  The property names corresponding to the MDM user interfaces are listed below:
Business Administration UI: BA_UI_APPLIED
Enterprise Viewer: EV_UI_APPLIED
Web Reports: WEB_UI_APPLIED
Inspector: INS_UI_APPLIED
4. Save the properties file.

Changes to MDM_Rollback.properties

1. Go to MDM_INSTALL_HOME/properties and edit the file MDM_Rollback.properties.
2. Ensure that the property corresponding to the installation of user interface is set to YES.  The property names corresponding to the MDM user interfaces are listed below:
Business Administration UI: BA_STATUS
Enterprise Viewer: EV_STATUS
Web Reports: WEB_STATUS
Inspector: INS_STATUS
3. Save the properties file.

Target Execution
1. Go to MDM_INSTALL_HOME/MDS/scripts and run the Configure_MasterDataManagement madconfig script to apply the new configuration:
i) When the installation is on Windows, execute
madconfig Configure_MasterDataManagement
ii) On other operating systems, execute
./madconfig.sh Configure_MasterDataManagement


Installation of IBM InfoSphere MDM on Oracle Database 12c Release 2

We have noticed failure when MDM is configured using Oracle Database 12c Release 2 as the database with the below exception:
test_datasource:

Running ODBC SQL statement [select 1 from dual;]...
Executing <MDM_INSTALL_DIR>/mds/bin/madsql.exe
<MDM_INSTALL_DIR>/mds/scripts../bin/madsql.exe: STATE=HY000, CODE=28040, MSG=[InitiateSystems][ODBC Oracle Wire Protocol driver][Oracle]ORA-28040: No matching authentication protocol
Result: 1


To overcome this exception, perform the below steps on Oracle configuration:
1. Set the value of property SQLNET.ALLOWED_LOGON_VERSION_SERVER to a value below 12
in file sqlnet.ora.  The recommended value is 8
2. Restart the Oracle Service corresponding to the database
3. Change the password using the ALTER USER command
The above steps can also be found at SQLNET.ALLOWED_LOGON_VERSION_SERVER


Note: MDM uses ojdbc6.jar for JDBC communication with Oracle during installation, configuration and runtime, hence please ensure that ojdbc6.jar is available at <ORACLE_HOME>/jdbc/lib folder.

Installing MDM v11.6 and MDM v11.5 on WebSphere Application Server v8.5.5.12 using IM GUI

When an attempt is made to install MDM v11.6.0.2 or below on WebSphere Application Server v8.5.5.12 using the Installation Manager GUI, certain exceptions are noticed in the WAS Config Panel and in the Panels that correspond to the MDM User Interfaces.  To overcome this exception and continue installation using IM GUI, the below steps have to be performed:
1. When the installation is on WAS ND, go to System Administration -> Deployment Manager -> Java And Process Management -> Process definition -> Java Virtual Machine -> Custom Properties
When the installation is on WAS Base, go to Servers -> Server Types -> WebSphere Application Servers -> <SERVER> -> Java And Process Management -> Process definition -> Java Virtual Machine -> Custom Properties
2. Add property com.ibm.ws.management.connector.soap.disableSOAPAuthCheck with value as true
3. Restart the Deployment Manager

Setting value for JVM Custom property com.ibm.ws.management.connector.soap.disableSOAPAuthCheck

This property can be removed from the JVM Custom properties and the server can be restarted after the Installation Manager completes extraction of MDM.

The other alternatives to proceed with installation of MDM v11.6.0.2 and below on WAS v8.5.5.12 are:
1. Install using silent mode by providing the inputs through a response file
2. Install MDM on a lower fixpack of WAS and upgrade WAS after MDM installation and configuration.