Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Hi Anders,

Which section are you working on?  Native Docker??

If native docker, you should be able to stop and delete the current ISAM containers (but leave the network and volumes in place), then PULL the latest version of my scripts from GitHub, then rerun the docker-setup.sh script.. it will fail to create the stuff already there but recreate what you deleted.

Something like this:

docker rm -f isamconfig
docker rm -f isamwrprp1
docker rm -f isamdsc
docker rm -f isamruntime

git pull

./docker-setup.sh

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Wed March 25, 2020 09:50 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

We're using docker-compose

And I'll confess that I'm pretty new to both docker and docker-compose :-)

Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Original Message:
Sent: Wed March 25, 2020 10:00 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

Which section are you working on?  Native Docker??

If native docker, you should be able to stop and delete the current ISAM containers (but leave the network and volumes in place), then PULL the latest version of my scripts from GitHub, then rerun the docker-setup.sh script.. it will fail to create the stuff already there but recreate what you deleted.

Something like this:

docker rm -f isamconfig
docker rm -f isamwrprp1
docker rm -f isamdsc
docker rm -f isamruntime

git pull

./docker-setup.sh

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:50 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

If you're working on docker-compose, you should be able to do the following:

Do a "git pull" to get latest version of my scripts
Go to the ..../compose/iamlab directory
Run "docker-compose up -d"

Docker-compose should figure out the update image and stop/start the right things to get it up to the requested level.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Wed March 25, 2020 10:00 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

Which section are you working on?  Native Docker??

If native docker, you should be able to stop and delete the current ISAM containers (but leave the network and volumes in place), then PULL the latest version of my scripts from GitHub, then rerun the docker-setup.sh script.. it will fail to create the stuff already there but recreate what you deleted.

Something like this:

docker rm -f isamconfig
docker rm -f isamwrprp1
docker rm -f isamdsc
docker rm -f isamruntime

git pull

./docker-setup.sh

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:50 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

"Close but no cigarr" :-)
'docker-compose up -d' did get the new IF_04 image and rebuilt the the isam images.
But  when I started the admin interface it had lost the settings and started with the "accept" check-box.
"Bummer" but it doesn't take that long to configure it again.
All went well until -- "Configure runtime component" which gave this error:

System Error

A policy server is already configured to this LDAP server. Error: DPWAP0003I An error occurred while executing the command: /opt/PolicyDirector/sbin/PDMgr_config -s TRUE -y no -v TRUE -d cn=root,secAuthority=Default -w XXXX -L 636 -C fips -Z TRUE -k /var/pdweb/shared/keytab/Registry_Keystore.kdb -D Default -m XXXX -l 1460 (0x1)

pls advise
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Original Message:
Sent: Wed March 25, 2020 10:04 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

If you're working on docker-compose, you should be able to do the following:

Do a "git pull" to get latest version of my scripts
Go to the ..../compose/iamlab directory
Run "docker-compose up -d"

Docker-compose should figure out the update image and stop/start the right things to get it up to the requested level.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 10:00 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

Which section are you working on?  Native Docker??

If native docker, you should be able to stop and delete the current ISAM containers (but leave the network and volumes in place), then PULL the latest version of my scripts from GitHub, then rerun the docker-setup.sh script.. it will fail to create the stuff already there but recreate what you deleted.

Something like this:

docker rm -f isamconfig
docker rm -f isamwrprp1
docker rm -f isamdsc
docker rm -f isamruntime

git pull

./docker-setup.sh

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:50 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Never mind....

"better safe than sorry" -- started from scratch. :-)

Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Original Message:
Sent: Wed March 25, 2020 12:04 PM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

"Close but no cigarr" :-)
'docker-compose up -d' did get the new IF_04 image and rebuilt the the isam images.
But  when I started the admin interface it had lost the settings and started with the "accept" check-box.
"Bummer" but it doesn't take that long to configure it again.
All went well until -- "Configure runtime component" which gave this error:

System Error

A policy server is already configured to this LDAP server. Error: DPWAP0003I An error occurred while executing the command: /opt/PolicyDirector/sbin/PDMgr_config -s TRUE -y no -v TRUE -d cn=root,secAuthority=Default -w XXXX -L 636 -C fips -Z TRUE -k /var/pdweb/shared/keytab/Registry_Keystore.kdb -D Default -m XXXX -l 1460 (0x1)

pls advise
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 10:04 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

If you're working on docker-compose, you should be able to do the following:

Do a "git pull" to get latest version of my scripts
Go to the ..../compose/iamlab directory
Run "docker-compose up -d"

Docker-compose should figure out the update image and stop/start the right things to get it up to the requested level.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 10:00 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

Which section are you working on?  Native Docker??

If native docker, you should be able to stop and delete the current ISAM containers (but leave the network and volumes in place), then PULL the latest version of my scripts from GitHub, then rerun the docker-setup.sh script.. it will fail to create the stuff already there but recreate what you deleted.

Something like this:

docker rm -f isamconfig
docker rm -f isamwrprp1
docker rm -f isamdsc
docker rm -f isamruntime

git pull

./docker-setup.sh

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:50 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Anders,

Sorry you had to start over.  I guess you lost config that wasn't saved to a snapshot.
Hopefully it won't take long to get back to where you were.

FYI for anyone following this thread, TechNote for the issue is here:
https://www.ibm.com/support/pages/node/6117526

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Wed March 25, 2020 12:11 PM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Never mind....

"better safe than sorry" -- started from scratch. :-)

Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 12:04 PM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

"Close but no cigarr" :-)
'docker-compose up -d' did get the new IF_04 image and rebuilt the the isam images.
But  when I started the admin interface it had lost the settings and started with the "accept" check-box.
"Bummer" but it doesn't take that long to configure it again.
All went well until -- "Configure runtime component" which gave this error:

System Error

A policy server is already configured to this LDAP server. Error: DPWAP0003I An error occurred while executing the command: /opt/PolicyDirector/sbin/PDMgr_config -s TRUE -y no -v TRUE -d cn=root,secAuthority=Default -w XXXX -L 636 -C fips -Z TRUE -k /var/pdweb/shared/keytab/Registry_Keystore.kdb -D Default -m XXXX -l 1460 (0x1)

pls advise
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 10:04 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

If you're working on docker-compose, you should be able to do the following:

Do a "git pull" to get latest version of my scripts
Go to the ..../compose/iamlab directory
Run "docker-compose up -d"

Docker-compose should figure out the update image and stop/start the right things to get it up to the requested level.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 10:00 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

Which section are you working on?  Native Docker??

If native docker, you should be able to stop and delete the current ISAM containers (but leave the network and volumes in place), then PULL the latest version of my scripts from GitHub, then rerun the docker-setup.sh script.. it will fail to create the stuff already there but recreate what you deleted.

Something like this:

docker rm -f isamconfig
docker rm -f isamwrprp1
docker rm -f isamdsc
docker rm -f isamruntime

git pull

./docker-setup.sh

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:50 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Started over -- up and running :-)
Thanks!

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------

Original Message:
Sent: Wed March 25, 2020 12:14 PM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Anders,

Sorry you had to start over.  I guess you lost config that wasn't saved to a snapshot.
Hopefully it won't take long to get back to where you were.

FYI for anyone following this thread, TechNote for the issue is here:
https://www.ibm.com/support/pages/node/6117526

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 12:11 PM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Never mind....

"better safe than sorry" -- started from scratch. :-)

Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 12:04 PM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

"Close but no cigarr" :-)
'docker-compose up -d' did get the new IF_04 image and rebuilt the the isam images.
But  when I started the admin interface it had lost the settings and started with the "accept" check-box.
"Bummer" but it doesn't take that long to configure it again.
All went well until -- "Configure runtime component" which gave this error:

System Error

A policy server is already configured to this LDAP server. Error: DPWAP0003I An error occurred while executing the command: /opt/PolicyDirector/sbin/PDMgr_config -s TRUE -y no -v TRUE -d cn=root,secAuthority=Default -w XXXX -L 636 -C fips -Z TRUE -k /var/pdweb/shared/keytab/Registry_Keystore.kdb -D Default -m XXXX -l 1460 (0x1)

pls advise
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 10:04 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

If you're working on docker-compose, you should be able to do the following:

Do a "git pull" to get latest version of my scripts
Go to the ..../compose/iamlab directory
Run "docker-compose up -d"

Docker-compose should figure out the update image and stop/start the right things to get it up to the requested level.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 10:00 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

Which section are you working on?  Native Docker??

If native docker, you should be able to stop and delete the current ISAM containers (but leave the network and volumes in place), then PULL the latest version of my scripts from GitHub, then rerun the docker-setup.sh script.. it will fail to create the stuff already there but recreate what you deleted.

Something like this:

docker rm -f isamconfig
docker rm -f isamwrprp1
docker rm -f isamdsc
docker rm -f isamruntime

git pull

./docker-setup.sh

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:50 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Thanks for the quick response :-)
In the .env we (unfortunately) have ISAM_VERSION=9.0.7.1_IF3.
>Have you configured a Reverse Proxy instance (and published snapshot) in LMI? If not, you must do this. If yes, check the instance >name. It must be rp1.
yes we have done that part as you describe.

Would you suggest "starting from scratch" with 9.0.7.1_IF4 or do you think that the 'backup/restore' described n the cookbook will suffice?

Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:44 AM
From: Jon Harry
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi Anders,

First of all, please make sure that if you are using ISAM 9.0.7.0 or 9.0.7.1, you use images ibmcom/isam:9.0.7.0_IF2 or ibmcom/isam:9.0.7.1_IF4 respectively.  This is related to an issue with snapshots that was identified over the weekend.
I have updated by assets on GitHub to use these versions.

If above does not help, keep reading...

The WGAWA0022E error you're seeing in the RP log indicates that the loaded configuration snapshot does not include a definition for the rp1 Reverse proxy instance.  Have you configured a Reverse Proxy instance (and published snapshot) in LMI?  If not, you must do this.  If yes, check the instance name.  It must be rp1.  If you used a different name you could update the INSTANCE environment variable in the container definition of the Reverse Proxy container to match (or delete and recreate the instance in the configuration).

I hope this helps.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed March 25, 2020 09:31 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Missed to copy the 1st error message:
Fatal error: WGAWA0022E The supplied instance name, rp1, is not a configured instance.

------------------------------
Anders Domeij
CGI Sweden AB

Original Message:
Sent: Wed March 25, 2020 09:24 AM
From: Anders Domeij
Subject: ISAM9 Docker webseal cant configure reverse proxy

Hi,
We have been foolowing John Harry's cookbok from Nov 2019.
Unfortunately we run into a problem when reaching the "Configure Reverse proxy" section.
All commands from the cookbook can be followed and behave as decribed.
Oce the configuration has been done, the policy file published and the iamlab_isamwrprp1_1 instance
restarted, we see the following in the logs:

mesa_config[303]: Error: LMI:Lite. Unable to extract the LMI public/private keys
<snip>
wga_notifications: WGAWA0047W:: WGA_events:: |1=rp1,msg=Reverse Proxy is not running: rp1|

My interpretation is that the webseal instance rp1 never started correctly in the iamlab_isamwrprp1_1 image.

Please help!
Rgds
Anders

------------------------------
Anders Domeij
CGI Sweden AB
------------------------------