May 31, 2014

Automatically rotate and clean HTTP Server log files

By default IBM HTTP Server log files always grow. This may be a problem especially on production servers where there is a large amount of HTTP requests that can quickly generate a very big access.log file. This file cannot be deleted without stopping the HTTP Server and can be practically impossible to open with a text editor.

A quick solution for this is to use the rotatelogs utility located in [HTTPHOME]/bin directory.

Open the [HTTPHOME]/bin/httpd.conf file and search for 'CustomLog' directive for access.log file. Comment this line and insert a new directive like this:
    CustomLog "|bin/rotatelogs.exe -l logs/access.%Y%m%d-%H%M%S.log 5M" common

Here is how the httpd.conf file should look like.

#CustomLog logs/access.log common
CustomLog "|bin/rotatelogs.exe -l logs/access.%Y%m%d-%H%M%S.log 5M" common

With this method a new access.log file will be generated when its size reached 5 megabytes.
More information on the rotatelog command is available here.


If you want to periodically clean the HTTP Server log files you can use the technique described hereafter.

Go to IBM HTTP Server log directory. In this example it is D:\Program Files\IBM\HTTPServer\logs.
Create an empty text file cleanlogs.cmd and paste the following code into it.

@echo off

net stop "IBM HTTP Server 6.1"
net stop "IBM HTTP Administration 6.1"

echo Waiting few seconds
ping -n 4 localhost > nul

echo Deleting log files
del /Q "%~dp0"\*log

echo.

net start "IBM HTTP Server 6.1"
net start "IBM HTTP Administration 6.1"

Test the script by manually launching it. When everything works fine you can schedule this script using Windows Task Scheduler to purge the log files each night or each Sunday.

May 23, 2014

Mount shared DOCLINKS folder on Windows

A typical configuration step when building a Maximo cluster on Windows systems is to mount a shared filesystem on all the physical systems that belongs to the cluster. This allows to store attachments in a single place in order to be able to access them from all the servers that builds up the cluster.
It is also important to adopt an approach that automatically remounts the network share in case of system restarts.

This article describes the steps required to mount a shared filesystem on Windows 2008 Server.
  1. Launch Windows Task Scheduler
  2. Create a folder named 'IBM'
  3. Create a Basic Task
    • Name: Mount DOCLINKS folder
    • Trigger: When the computer starts
    • Program: net
    • Arguments: use X: \\[SHAREDFOLDER] /persistent:YES
  4. Double click on the task to open its properties
  5. Click on 'Change User or Group' button
  6. Type 'SYSTEM' and press OK
Running this task with SYSTEM privileges will make the mounted drive accessible from all users including the WebSphere processes.


Providing network credentials

If the net use command fails asking for credentials you can use the following syntax to provide them.

net use X: \\[SHAREDFOLDER] /persistent:YES [PASSWORD] /USER:[USERNAME]


Symbolic link technique

Drew Hohnstein has proposed to use the mklink command to create a symbolic link to the network folder.
A command like this should do the trick.

mklink /D C:\doclinks \\[SHAREDFOLDER]


UNC technique

If you can avoid to secure the shared folder you may also try this simple technique: Configure the doclink attachment folder in UNC path


May 22, 2014

Securing Maximo with SSL/HTTPS

Maximo installation configures by default HTTP unencrypted communication. This basic configuration may represent a security exposure especially when the server is reachable from the public internet.

This article describes all the steps needed to enable HTTPS (SSL) communications for Maximo.
It comprises the following main steps.
  1. Creation of a self-signed certificate
  2. IBM HTTP Server configuration
  3. WebSphere configuration
  4. Adjust DocLinks settings

Create a self-signed certificate

Run IBM Key Management utility - Start > Programs > IBM HTTP Server > Start Key Management Utility.
Click Create a new key database file button.


Leave default values and click OK. Take note of the key.kdb file path.



Enter a password and select Stash password to a file option. Click OK.



Click New Self-Signed... button.


Enter MX_SSL_KEY for Key Label and leave default for other fields. Click OK to create a self-signed certificate.


Select Key Database File > Stash Password and close IBM Key Management utility.





Web server configuration


Backup C:\Program Files\IBM\HTTPServer\conf\httpd.conf file and open it with text editor.

If you want to disable HTTP you have to remove or comment out the following line.

Listen 0.0.0.0:80


To enable HTTPS on the default port 443 paste the following rows.

LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
Listen 0.0.0.0:443
<VirtualHost *:443>
 SSLEnable
</VirtualHost>
KeyFile "C:\IBM\HTTPServer\key.kdb"

Verify the path of the key.kdb file matches with the one you have generated before.

Restart IBM HTTP Server by following sequence.
  1. Stop Admin Server
  2. Stop HTTP Server
  3. Start Admin Server
  4. Start HTTP Server


WebSphere configuration

Login to WebSphere ISC console and navigate down to Environment > Virtual Hosts > maximo_host > Host Aliases.
Verify that port 443 is present. Add it if missing. You may also wish to remove port 80 and other unused ports.

Navigate to Servers > Server Types > Web servers. Select webserver1 and click Generate Plug-in. Select webserver1 again and click Propagate Plug-in.
Continue from ISC console, restart MXServer in Servers > Server Types > WebSphere application servers.

Verify the connection by logging in at https://[MXHOST]/maximo, where [MXHOST] is the host name of the HTTP server. Now your server is running in SSL.


Adjust DocLinks settings

The last step is to change the URL generated by Maximo to display attachments.
Login as maxadmin and modify the mxe.doclink.path01 System Property to replace http:// with https://
Do a Live Refresh of this property and test by downloading an attachment.


References

Enabling SSL in IBM SmartCloud Control Desk
Guide to properly setting up SSL within the IBM HTTP Server
Enable HTTPS in WebSphere for Maximo, SCCD, TSRM, and Tririga

May 16, 2014

MxLoader has been released !

I am proud to announce the release of MxLoader on developerWorks. This is a great tool I have developed to help me in my day-to-day job as a Maximo specialist.

MxLoader is a Microsoft Excel spreadsheet that allows to quickly and easily query and load data into IBM Maximo, IBM SmartCloud Control Desk (SCCD) and other TPAE based applications. It brings together the power of the Maximo Integration Framework and the flexibility of Excel allowing to quickly manipulate and import data into any Maximo database.

Look at this short video for a quick overview of the tool.




Refer to MxLoader community on developerWorks to download the latest version of the tool. Subscribing to the community you will be able to write on the support forum and be notified when a new version is available.

May 15, 2014

Educational videos

Yes these are very busy days for me and probably for you all. But don't worry I will start publishing new articles soon.
In the meanwhile you can enjoy watching those two videos from my fellow colleague Andreas.

Jobplan demo (3:03 min)
Offerings/pricebook demo (2:32 min)