IBM Support

Fix readme for 2.0.0.2-IBM-IMA-IFIT27945

Fix Readme


Abstract

This readme describes the contents and fixes included in new interim fix 2.0.0.2-IBM-IMA-IFIT27945

Content

Interim Fix: 2.0.0.2-IBM-IMA-IFIT27801
Date: February 25, 2019
Build: 20190222-1951
IBM MessageSight 2.0.0.2 Cumulative interim fix

(Note: all MessageSight 2.x ifixes and fixpacks are cumulative.  In addition, because of the nature of the fix packaging for 2.0, any published fix can be used for the base install of MessageSight.  It is recommend to install the latest IFIX or FP as the initial install of the product.)

Fix Details

Component md5sum File
Server b40bb31114f9dc50188f54ee40715fca 2.0.0.2-IBM-IMA-IFIT27945-Server.tz
WebUI 47d1512c55769d09dac662dea9e55a61 2.0.0.2-IBM-IMA-IFIT27945-WebUI.tz

APARs fixed in this build

APAR Description
IT27945 Add a new config item in LDAP object to check server certificate

Note:

We have added a new configuration item "CheckServerCert" in the LDAP object to set Server certificate verification policy.

Possible values are: "TrustStore", "PublicTrust", and "DisableVerify".

TrustStore: the Certificate item is a file name containing one or more CAs in PEM format. This should include the entire trust chain needed to verify the server certificate.

PublicTrust: the Certificate item is not used and the set of publicly trusted root CAs configured in the host is used to verify the server certificate.

DisableVerify: the server certificate is not verified and the host name is not verified to match the certificate name.

For new installations, default is TrustStore.

For code upgrades, the default is DisableVerify (same as previous code levels).

To enable server certificate verification, set this item to "TrustStore". This will make MessageSight server verify the LDAP server certificate using uploaded CA Certificate file and configured "Certificate" configuration item of LDAP object.

Example: curl -X POST https://:/ima/v1/configuration -d '{"LDAP":"URL=ldaps://....", "Certificate":"ldap.pem", "CheckServerCert":"TrustStore"}}'

Restart imaserver after enabling or changing certificate verification.

IT28210 Change message in LDAP configuration code where the message is not an error
IT28211 RejectNew Subscriptions can cause server crash

Fix Instructions:

Before you install:

We strongly recommend performing a backup before upgrading the product software:

Backup and restore instructions

1. Preparing to install the fix:

Prepare the IBM IoT MessageSight .tz files for installation.  The preparation steps for installing MessageSight as an update or for the first time are the same.  For more information, see Preparing the IBM IoT MessageSight .tz packages for installation .

These instructions will focus on providing instructions for updating MessageSight.  See the following instructions for installing MessageSight for the first time:

Installing IBM IoT MessageSight

2. Installing the fix:

A. RPM: In an environment where MessageSight is installed with rpm:

I. Updating the MessageSight Server package if Server is installed:

      cd imaserver

      sudo  yum -y --nogpgcheck update IBMIoTMessageSightServer*.rpm

      systemctl start IBMIoTMessageSightServer

II. Updating the MessageSight Server package if the WebUI is installed:

      cd imawebui

      sudo yum -y --nogpgcheck update IBMIoTMessageSightWebUI*.rpm

      systemctl start IBMIoTMessageSightWebUI

NOTE: these packages can also be installed using: rpm -Uvh IBMIoTMessageSight*.rpm. However, you must never update using:

yum install IBMIoTMessageSightServer*.rpm

or uninstall and reinstall with rpm or yum (if you wish to preserve your existing data), since this will remove all of your data and config under /var/messagesight.

B. Docker: Installing the fix in an environment where MessageSight is running in docker:

I. Build the IBM IoT MessageSight Docker image.

Build the IBM IoT MessageSight server image by issuing the following command:

cd imaserver

mv *.rpm imaserver.rpm

docker build --force-rm=true -t <server_image_name>:<fix_version>.<build> .

Eg:

docker build --force-rm=true -t imaserver:2.0.0.2.20190222-1951 .

II. Build the IBM IoT MessageSight Web UI image by issuing the following command:

cd imawebui

mv *.rpm imawebui.rpm

docker build --force-rm=true -t <webui_image_name>:<fix_version>.<build> .

Eg:

docker build --force-rm=true -t imawebui:2.0.0.2.20190222-1951 .

III.  Stop the existing containers.

Stop the server container by issuing the following command:

docker stop <server_container_name>

where <server_container_name> is the name of the container in which the IBM IoT MessageSight server is running. For example,

docker stop imaserver

Stop the Web UI container by issuing the following command:

docker stop <webui_container_name>

where <webui_container_name> is the name of the container in which the IBM IoT MessageSight Web UI is running. For example,

docker stop imawebui

IV. Remove the containers.

Remove the server container by issuing the following command:

docker rm <server_container_name>

where <server_container_name> is the name of the container in which the IBM IoT MessageSight server was running. For example,

docker rm imaserver

Remove the Web UI container by issuing the following command:

docker rm <webui_container_name>

where <webui_container_name> is the name of the container in which the IBM IoT MessageSight Web UI was running. For example,

docker rm imawebui

V.  Remove the old MessageSight images (optional)

This step is only required if you are not tagging MessageSight docker images with version specific tags.  For example, if you build a MessageSight docker image like this:

docker build --force-rm=true -t imaserver:2.0 .

for every version of MessageSight, then you need to remove the previous image by issuing the following command(s), before building the update image:

docker rmi -f $(docker ps | grep imaserver | awk '{print $3}')

Remove the IBM IoT MessageSight Web UI image by issuing the following command:

docker rmi -f $(docker ps | grep imawebui | awk '{print $3}')

If, however, you tag each MessageSight image with a build specific version, eg:

docker build --force-rm=true -t imaserver:<fix_version>.<build> .

then this step is not required.

VI.  Start the new containers.

Use the same Docker run command that you had used for previous incarnations of the MessageSight containers.

Here's the general syntax for how to start the IBM IoT MessageSight server container:

docker run --cap-add SYS_ADMIN --net=host -P -it --name=<server_container_name> -env-file=IBMIoTMessageSightServer-docker.env -m <memory> -v <local_data_directory>:/var/messagesight -v <local_temp_directory>:/var/tmp -d <server_image_name>:<fix_version>.<build>

A more concrete example:

docker run --cap-add SYS_ADMIN --net=host -P -it --name=imaserver -env-file=IBMIoTMessageSightServer-docker.env -m 64G -v /data/messagesight:/var/messagesight -v /mnt/tmp:/var/tmp -d imaserver:2.0.0.2.20190222-1951

To start the IBM IoT MessageSight Web UI container:

docker run --cap-add SYS_ADMIN --net=host -P -it --name=<webui_container_name> --env-file=IBMIoTMessageSightServer-docker.env -m <memory> -v <local_data_directory>:/var/messagesight -v <local_temp_directory>:/var/tmp -d <webui_image_name>:<fix_version>.<build>

A more concrete example:

docker run --cap-add SYS_ADMIN --net=host -P -it --name=imawebui --env-file=IBMIoTMessageSightServer-docker.env -m 2G -v /data/messagesight:/var/messagesight -v /mnt/tmp:/var/tmp -d imawebui:2.0.0.2.20190222-1951

3. Verifying the installation:

If this is your initial install of the product see Configuring the licensed usage for IBM IoT MessageSight and accepting the license by using REST Administration APIs for accepting the product license .

If this is an update, then you can verify the status of the server see Viewing the status of an IBM IoT MessageSight server and services by using REST Administration APIs .

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWMAJ","label":"IBM IoT MessageSight"},"Component":"","Platform":[],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
26 February 2019

UID

ibm10873190