Sep 20, 2015

SOLVED OSSN MOD_REWRITE REQUIRED

just a simple note.

  1. ensure that you php enable mod_rewtite by a2enmod rewrite
  2. create file rewrite.php on base_dir, just put <?php print 1; ?>
  3. ensure that your base_dir ossn directory setting as below : 
       <Directory "/var/www/html/ossn">
                DirectoryIndex index.php
                Options FollowSymLinks
                AllowOverride All
                Require all granted
        </Directory>

Read more ...
Posted by at No comments:

May 2, 2015

ibm ispim configure email server

just another testing note to setup ibm ispim email relay configuration with opensource email server and smtp authentication, and also thunderbird email client setting.

its just simple setup on my own environment.

setup dns relay for email server host

its optional but sometimes, you will need it. because we need to make unique hostname per server for each services.

setup dns relay for email server host ibm ispim

setup email server ibm ispim

its depend on your host, either linux or windows-based installation. ensure that you create your own domain so we can create our smtp relay for it.

configure smtp and pop3 email server ibm ispim

configure smtp and pop3 email server ibm ispim
on this test, i just need smtp and pop3 only. So i disbled imap.

setup email account

create your email account, or import it from your directory server. More advance you can create your own database for it.

configure open relay email server

just simple ways to make open relay, you just need to uncheck some option on smtp authentication.
configure open relay email server

check open relay email server

check open relay email server

telnet  regina-db.telkomsel.co.id 25
Trying 192.168.42.159...
Connected to regina-db.telkomsel.co.id.
Escape character is '^]'.
220 smtprelay.tekomsel.co.id ESMTP
helo telkomsel.co.id
250 Hello.
mail from:ithq_bhsam@telkomsel.co.id
250 OK
rcpt to:febru@telkomsel.co.id
250 OK

setup lotus domino email open relay smtp server

if you use lotus domino, you should configure as below :

setup lotus domino email open relay smtp server

for more detail you can check on this ibm paper

setup thunderbird email client ibm ispim

ibm ispim setup thunderbird email client ibm ispim


the last step, configure email relay on ibm ispim, go to : itim dashboard, configure, email server configuration.

Read more ...
Posted by at No comments:

Apr 27, 2015

python split multiple delimiter

i think, its basic but important to you get idea. Most basic function is use re library or just use split() function on string.

Python String Split


a = "ini budi, iwan dan ibu budi. Selain itu ini juga ada 'madu' budi." 
a.split(' ')
['ini', 'budi,', 'iwan', 'dan', 'ibu', 'budi.', 'Selain', 'itu', 'ini', 'juga', 'ada', "'madu'", 'budi.']

well, its just split on space or any other delimiter in split bracket parameter.

Python keep include delimiter

sometimes, you just need to process the text, then you want to return back or merge again after processing. Well, here's this :

import re
re.split('(\W)',a)
['ini', ' ', 'budi', ',', '', ' ', 'iwan', ' ', 'dan', ' ', 'ibu', ' ', 'budi', '.', '', ' ', 'Selain', ' ', 'itu', ' ', 'ini', ' ', 'juga', ' ', 'ada', ' ', '', "'", 'madu', "'", '', ' ', 'budi', '.', '']

Python split two characters or more delimiter


its different case, the splitter can be more than one delimiter. You can use Kennet's function :

def tsplit(string, delimiters):
    """Behaves str.split but supports multiple delimiters."""
   
    delimiters = tuple(delimiters)
    stack = [string,]
   
    for delimiter in delimiters:
        for i, substring in enumerate(stack):
            substack = substring.split(delimiter)
            stack.pop(i)
            for j, _substring in enumerate(substack):
                stack.insert(i+j, _substring)
           
    return stack



tsplit(a, (',', '/', '-',' ','.','\''))
['ini', 'budi', '', 'iwan', 'dan', 'ibu', 'budi', '', 'Selain', 'itu', 'ini', 'juga', 'ada', '', 'madu', '', 'budi', '']
 
other search terms such as :

python split multiple delimiters
python split string into list delimiter
python split on multiple characters
python split on different characters
python substring delimiter
python split separator
python split include delimiter
python split string into list delimiter
python split on different characters
python split two characters
python convert string to raw
regex find text between two strings

are solved with re, as simple as this  :

re.split('\W+',a)
['ini', 'budi', 'iwan', 'dan', 'ibu', 'budi', 'Selain', 'itu', 'ini', 'juga', 'ada', 'madu', 'budi', '']
Read more ...
Posted by at No comments:

Apr 23, 2015

solved Access Agent last_error 519897087


IBM Access Agent, Authentication service id = 'EMPTY'. Account data template id='EMPTY'  error last_error='-519897087

steps to solved are  :
1. you access agent lower than profile accepted.

ibm ispim itim


2. ensure that your user get privilege to use this profile. Check role, credential, etc (on itim console)

3. ensure that your your AA was syncronized with IMS


ibm ispim tivoli itim

Read more ...
Posted by at No comments:

solved name redefined ibm access studio IMS

while you create or modify profile on IBM ISPIM, uploading the profile, sometimes you will get error : "name redefined"

Its can be because of :

1. you access node was already uploaded with same name. Or
2. you upload different node with same access-node-id

Solution :

1. ensure that you always have backup before modify anything on IMS
2. check where the node was return "name redefined", let say : node "widget checkout widget" it has state id and next state id.

see here :

 <sso_support>
          <state_engine_sso_support xmlns:msxsl="urn:schemas-microsoft-com:xslt">
            <states>
              <state id="150513310137101222435491076710141015135273159" is_begin_state="1">
                <state_name>auto_gen_state_start</state_name>
                <triggers>
                  <trigger>
                    <wnd_activate_trigger>
                      <signature>/child::wnd[@title="Toad for Oracle Database Login Version 12.5.1.1 " and @class_name="TfrmLogin" and @is_visible="1"]</signature>
                      <actions>
                        <action>
                          <keyboard_input_action>
                            <action_id>1133151015129671315401415112151208910515153851412</action_id>
                            <signature>/child::wnd[@title="Toad for Oracle Database Login Version 12.5.1.1 " and @class_name="TfrmLogin"]/child::wnd[@class_name="TPanel"]/child::wnd[@class_name="TPageControl"]</signature>
                            <keyboard_inputs>
                              <keyboard_input left_ctrl="1">
                                <tab />
                              </keyboard_input>
                              <keyboard_input>192.168.42.128</keyboard_input>
                              <keyboard_input>
                                <tab />
                              </keyboard_input>
                              <keyboard_input>1521</keyboard_input>
                              <keyboard_input>
                                <tab />
                              </keyboard_input>
                              <keyboard_input>ORCL</keyboard_input>
                            </keyboard_inputs>
                          </keyboard_input_action>
                        </action>
                        <action>
                          <wnd_click_action>
                            <action_id>115111221301301463487911712010113930715</action_id>
                            <signature>/child::wnd[@title="Toad for Oracle Database Login Version 12.5.1.1 " and @class_name="TfrmLogin"]/child::wnd[@class_name="TPanel"]/child::wnd[@class_name="TPageControl"]/child::wnd[@class_name="TTabSheet"]/child::wnd[@class_name="TRadioButton" and @rel_xpos=2 and @rel_ypos=2]</signature>
                          </wnd_click_action>
                        </action>
                      </actions>


while you upload the same widget, sometimes the state id was change due to next state changed.

itim ispim tivoli name redefined

Read more ...
Posted by at No comments:

solved ibm ispim can't create object: SessionRecorder.SessionManager


it was so hectic to solved this error on ibm ispim. i can not check-out due to session manager can not create recording session.

Its return error as below :



18:16:51.6386986        [State Machine Id - 1] Loaded AccessProfile: profile_putty_main
18:16:51.6677002        [State Machine Id - 1] State engine reset to default state: Start State
18:16:51.7107027        [State Machine Id - 1] Fired Trigger: Window is activated
18:16:51.7157030        [State Machine Id - 1] State Transitioned: Start State ==> Interim state
18:16:53.7378187        [State Machine Id - 1] Fired Trigger: Text is found (Mainframe)
18:16:53.7428189        [State Machine Id - 1] State Transitioned: Interim state ==> New State 2
18:16:53.7548196        [State Machine Id - 1] Action: Inject credentials. Property INJECTION_HAPPENED is set to '0'.
18:16:53.7628201        [State Machine Id - 1] Action: Inject credentials. Property RANDOM_PWD_INJECTION_HAPPENED is set to '0'.
18:16:53.7668203        [State Machine Id - 1] Action: Inject credentials. Account data bag CICO_injection_bag has its contents set to -  Authentication service id ='10.2.114.185'. Account data template id= 'EMPTY'.
18:16:53.7728207        [State Machine Id - 1] Executed Action: Inject credentials
18:16:53.7838213        [State Machine Id - 0] Action: Run a VBScript or JScript. Property ApplicationName is set to 'PUTTY'.
18:16:53.7928218        [State Machine Id - 0] Action: Run a VBScript or JScript. Account data bag CICO_injection_bag has its contents set to -  Authentication service id ='10.2.114.185'. Account data template id= 'EMPTY'.  ApplicationName= 'PUTTY'.
18:16:53.8058225        [State Machine Id - 0] Action: Run a VBScript or JScript. Property text_is_found_for_injecting_password is set to '.*[Pp]assword.*|.*PASSWORD.*'.
18:16:53.8138230        [State Machine Id - 0] Action: Run a VBScript or JScript. Property text_is_found_for_not_injecting_password is set to '.*[Dd]enied.*|.*DENIED.*'.
18:16:53.8258237        [State Machine Id - 0] Action: Run a VBScript or JScript. Property text_is_first_displayed_for_access_denied_or_failure is set to '.*[Dd]enied.*|.*DENIED.*|.*[Ii]nvalid.*|.*not\sdefined\.*'.
18:16:53.8378244        [State Machine Id - 0] Action: Run a VBScript or JScript. Property text_is_found_for_successful_logon is set to '.*[Ll]ast login.*:.*|.*LAST LOGIN.*:.*|.*$.*|.*>.*|.*#.*|.*Microsoft\sWindows.*|.*Sign-on\sis\scomplete.*|.*Enterprise\sSummary.*'.
18:16:53.8498251        [State Machine Id - 0] Action: Run a VBScript or JScript. Property Parent_Wnd_Signature is set to '/child::wnd[@title~".*- PuTTY" and @class_name="PuTTY"]'.
18:16:53.8628258        [State Machine Id - 0] Action: Run a VBScript or JScript. Property wnd_for_text_identication_on_mainframe_screen is set to '/child::wnd[@title~".*- PuTTY" and @class_name="PuTTY"]'.
18:16:53.8748265        [State Machine Id - 0] Action: Run a VBScript or JScript. Property recording_consent_dialog_custom_message is set to ''.
18:16:53.8888273        [State Machine Id - 0] Action: Run a VBScript or JScript. Property recording_consent_dialog_parent_xpath is set to '/child::wnd[@title~".*- PuTTY" and @class_name="PuTTY"]'.
18:16:53.9008280        [State Machine Id - 0] Action: Run a VBScript or JScript. Property param_custom_metadata is set to ''.
18:16:53.9158288        [State Machine Id - 0] Action: Run a VBScript or JScript. Property param_value is set to ''.
18:16:53.9308297        [State Machine Id - 1] Executed Action: Run a VBScript or JScript
18:16:53.9508308        [State Machine Id - 1] Fired Trigger: Fire immediately
18:16:53.9698319        [State Machine Id - 1] Trigger:  Condition: -1. Account data bag CICO_injection_bag has its contents set to -  Authentication service id ='10.2.114.185'. Account data template id= 'EMPTY'.  ApplicationName= 'PUTTY'.
18:16:53.9968335        [State Machine Id - 1] Trigger:  Condition: -1. Property Parent_Wnd_Signature is set to '/child::wnd[@title~".*- PuTTY" and @class_name="PuTTY"]'.
18:16:54.0198348        [State Machine Id - 1] State Transitioned: New State 2 ==> Option for shared or private credential to logon
18:16:54.0468363        [State Machine Id - 1] Action: Capture credentials. Account data bag recorder_bag has its contents set to -  Authentication service id ='EMPTY'. Account data template id= 'EMPTY'.
18:16:54.0688376        [State Machine Id - 1] Executed Action: Capture credentials
18:16:55.0958963        [State Machine Id - 1] Fired Trigger: Fire after specified time
18:16:55.1128973        [State Machine Id - 1] State Transitioned: Option for shared or private credential to logon ==> Interim state
18:16:56.8049941        [State Machine Id - 0] Action: Run a VBScript or JScript. Property reuse_property is set to '6'.
18:16:56.8499967        [State Machine Id - 0] Action: Run a VBScript or JScript. Account data bag CICO_injection_bag has its contents set to -  Authentication service id ='10.2.114.185'. Account data template id= 'EMPTY'.  reuse_property= '6'.
18:16:56.8919991        [State Machine Id - 1] Executed Action: Run a VBScript or JScript
18:16:56.9210007        [State Machine Id - 1] Fired Trigger: Fire immediately
18:16:56.9440020        [State Machine Id - 1] The following condition number was not met: 1. Therefore this trigger was not fired: Fire immediately
18:16:56.9620031        [State Machine Id - 1] Trigger:  Condition: -1. Account data bag recorder_bag has its contents set to -  Authentication service id ='EMPTY'. Account data template id= 'EMPTY'.
18:16:56.9870045        [State Machine Id - 1] Trigger:  Condition: -1. Property recording_consent_dialog_custom_message is set to ''.
18:16:57.0100058        [State Machine Id - 1] Trigger:  Condition: -1. Property recording_consent_dialog_parent_xpath is set to '/child::wnd[@title~".*- PuTTY" and @class_name="PuTTY"]'.
18:16:57.0340072        [State Machine Id - 1] Trigger:  Condition: -1. Property recording_session_guid is set to ''.
18:16:57.0560084        [State Machine Id - 1] State Transitioned: Interim state ==> Shared credential opted to logon : Initiating Checkout
18:16:57.0830100        [State Machine Id - 1] Fired Trigger: Fire immediately
18:16:57.1080114        [State Machine Id - 1] State Transitioned: Shared credential opted to logon : Initiating Checkout ==> Interim State
18:16:57.1340129        [State Machine Id - 0] Action: Run a VBScript or JScript. Property line is set to '1'.
18:16:57.1670148        [State Machine Id - 0] Action: Run a VBScript or JScript. Property Session_Recording_needed is set to '1'.
18:16:57.2010167        [State Machine Id - 1] Executed Action: Run a VBScript or JScript
18:16:57.2330186        [State Machine Id - 1] Fired Trigger: Fire immediately
18:16:57.2620202        [State Machine Id - 1] The following condition number was not met: 1. Therefore this trigger was not fired: Fire immediately
18:16:57.2920219        [State Machine Id - 1] State Transitioned: Interim State ==> Check Exit Code
18:16:57.3310242        [State Machine Id - 1] Got an error while executing a plugin script. The row number was: 9. The error description was: ActiveX component can't create object: 'SessionRecorder.SessionManager'
18:16:57.3700264        [State Machine Id - 1] Executed Action: Run a VBScript or JScript
18:16:57.4160290        [State Machine Id - 1] The following condition number was not met: 1. Therefore this trigger was not fired: Fire immediately
18:16:57.4600315        [State Machine Id - 1] The following condition number was not met: 1. Therefore this trigger was not fired: Fire immediately
18:16:57.5080343        [State Machine Id - 1] The following condition number was not met: 1. Therefore this trigger was not fired: Fire immediately


well, solution is : 

1. you must check the permission dll execution on Access Agent on AA folder.
ibm session recorder itim
ispim itim ibm tivoli



2. check that its DLL already registered on windows. check via regsvr32.
Read more ...
Posted by at No comments:

Apr 4, 2015

cheat impression blackhat


Hi all, just my note about someone who make cheat to gain impression with blackhat technique.

how it  impression blackhat works

adding bad script on template.

well, let see this transaction : someone can change one node of this template to call his node (web or other script), it means for every template that downloaded by people will automatically gain his impression.

adsense blackhat



execute some script to call other external script

let see this script that loaded on template: (this is just an example that i found, some lines was deleted for security reason)

on this script, someone want to do something when user do something.



<script type='text/javascript'>
function fireEvent(element,event) {
        if (document.createEvent) {      
            var evt = document.createEvent(&#39;HTMLEvents&#39;);
            evt.initEvent(event, true, true );
            return !element.dispatchEvent(evt);
        } else {
            var evt = document.createEventObject();
            return element.fireEvent(&#39;on&#39;+event,evt)
        }
}
function logIt() {
    var randp = Math.floor(Math.random()*2);
    var i = document.getElementsByTagName(&quot;iframe&quot;);
    var iframe = i[randp];
       var iframeDoc = iframe.contentDocument || iframe.contentWindow.document;
       var a = iframeDoc.getElementsByTagName(&quot;a&quot;);
       var elem = a.item(randp);
       if(elem != null) {
        if(elem.createTextRange) {
            var range = elem.createTextRange();
            range.move(&#39;character&#39;, caretPos);
            range.select();
        }
        else {
            if(elem.selectionStart) {
                elem.setSelectionRange(caretPos, caretPos);
                fireEvent(elem, &#39;click&#39;);
                elem.focus();               
            }        
      }       
    }
}

</script>

expr:onclick='&quot;logIt()&quot;'
Read more ...
Posted by at No comments:

Mar 29, 2015

[SOLVED] failed to attach bridge 'virbr0': No such device


LXC is just simple solution to make simple virtual operating system (OS), its like vmware or virtualbox or qemu or any other, but not fully like them, some feature was dropped. More detail about this software, you can check on LXC Ubuntu

for me, its very useful to create demo OpenERP / Odoo to client.

Just a simple solution for those who got lxc container error,


lxc-start: conf.c: instantiate_veth: xxxx failed to attach 'vethxxx' to the bridge 'virbr0': No such device
lxc-start: conf.c: lxc_create_network: 3261 failed to create netdev
lxc-start: start.c: lxc_spawn: 826 failed to create the network
lxc-start: start.c: __lxc_start: 1080 failed to spawn 'test'
lxc-start: lxc_start.c: main: 342 The container failed to start.
lxc-start: lxc_start.c: main: 346 Additional information can be obtained by setting the --logfile and --logpriority options.


Root Cause failed attach the bridge virbr0 or lxcbr0

its because of the container can not create bridge, can be because of your bridge is not created yet, or the network device on container is failed to create.

LXC container does not start solution

check your bridge

  • use ifconfig or brctl to check that your bridge (on Host Server, not on guest) is exist and enable, ensure virbr0
    • brctl show
    • if doen't exists, you can add with brctl addbr virbr0
  •  ensure that guest hwaddr is changed, you need to do this to make guest host initiate from beginning to create networking device. Change it on /var/lib/lxc/(NAME_of_YOUR_CONTAINER)/config
  • ensure that your bridge have IP in the same network of your lxc container and make it Up
    • sudo brctl addbr virbr0
      sudo ifconfig virbr0 10.0.5.1 netmask 255.255.255.0 up


Read more ...
Posted by at 3 comments:

google indexing tips


google indexing algorithm


its commonly discussed, we never know what exactly google do with their algorithm, and i don't care about that. On web or on this website, i just want to put my idea, my expression and all of my mind, Don't care about its indexed or not ?.

But, i saw on group / forum they asking more about what should they do to make their website indexed by google.

well, many times i said, just put your best effort for best quality content. Thats it. On this writing, i just put whats on my mind about google indexing.

google indexing tips


criteria 

before indexing, google will consider all this, so you need to consider it too. its can also as your seo tips then...haha :)
  • keywords  : its come from your page content.
  • type : jquery, text or javascript and all of text.
  • link / anchor : external or internal, dofollow or nofollow,  anchor description, etc.
  • platform :  maybe you use joomla or wordpress or blogspot
  • page type : dynamic or static page
  • robot visit : make googlebot happy to visit your page by update / post periodically.
  • url shrink direction type : maybe 301 or 302
  • relevancy : all units must be relevant, your page with comment with your video, picture, etc.
  • trustworthy : its produced by you with your reputations.
  • authority  : puts your name on page, no anonymous or just admin.... its fake admin post !

google indexing openerp  8 / odoo

is it possible ?, sure, google bot able crawl and  indexing javascript, all in text format its easy for google. More detail you can see on google index and crawling

best practices result

if you do my tips, the result will be like this.



is it because of traffic exchange or autosurf ?, like hitleap  ?, big NO. Its real, you can see from all of url is about openerp not cisco or oracle or IBM project.




Read more ...
Posted by at No comments:

Mar 27, 2015

search engine quality challenge

maybe 2 year ago, someone asking me to post as many as i can. Especially about my projects and solutions rather than just put on slide to present to customer.

on that time, i answer that, "actually they paid mthe more that what i wrote  :D ".

i just thought that even my master write best solution for big company (maybe can be charge to 4.000.000 USD) the web-audience or search engine will not pay him as big as his company pay him.

thats way, some "value" of information on internet was loss.

again, my previous case, i just found "garbage" information from "over seo master".

thats why when some people show me some software to cheat, i think for me its still easy to detect their cheats agains some search engine. Then i give more improvement to their machines, it could be better than. But if i were search engine employee, its still too easy for me to detect it.

about 2 months  ago, some people asking to improve it, over me more resources, and one again i said "i not so interested".

what we need now is "quality content".
If "valuable content" will get more payment than just garbage, of course, people will improve their quality in writing so the audience will satisfy.

in my country, website or any media is just garbage, they just politics driven content, no value, they just want to get money from politicians.

wthat the main challenge of search engine now ?, well its about quality content.

the most early solution to fight agains "politics-driven-media" is sanad, its just initiative project with my best friend.

Early result of this project is addons for firefox that can detect the website. It is "credible" / "trusted" of just garbage, even just one text in spelling.



you know that search engine is still "poision-able" by over seo master, so their searching result sometimes is garbage.

for more about this project, you can check on this sanad fb group

until now, i still disbelieve about "what i wrote will paid as much as i get from my solution to company"

maybe next time i will fully try to write an enterprise solution, then let we see, how much i will get paid. haha..  :D If less than my expectation, so better i focus to fight agains the garbage-media, Lets make them deindexed from search engine.

its risky for me, because sometimes i face big company such as Microsoft or Avaya or Oracle to give best solution approach for some projects.

Read more ...
Posted by at No comments:

Mar 18, 2015

google seo


today, i feel so bad, i found the badness of google result again huft :( , i search for medicine for my wife, then i put "obat batuk herbal untuk ibu hamil" (cought medicine for pregnant) , but i found page to enter question to that website,

it means, google seo analytics give bad result for me, i want the answer but website owner just give page with "over seo" so that just give asking form.

let we see, how it works.

google seo tools

people use seo tools to get keywords, niche then they buy domain to create website. No exact guideline about this, every body have their own passion and perception about usage of this tools.

Check seo

some of them, post to forum then ask for other to check, is it true seo or not ?. They put some comments about the website's seo. Need to change or not.

keyword generator

some cheaters, they use this tools to create auto generate content for their websites, but its bad ways, it just will create garbage information on web.

panda algorithm 

even google often change their algorithm, panda, pinguin or deer or anything, for me, its not important for seo master , what the most important ?, is your content quality.

deindex 

the website got it, they use "over seo" then put some "garbage" informations on search engine, so its entitle to be deindexed.

bad google seo algorithm update result

Read more ...
Posted by at No comments:

Mar 16, 2015

custom participants script IBM Tivoli workflow


IBM Tivoli Approval Node with custom participants script 

Its about the previous case, that we need to modify all approver roles  each department on http://febru.soluvas.com/2015/02/implementation-complex-ibm-tivoli.html, another alternatives to do that is use custom participants field on approval workflow.

First, you need to define approval role pattern for each departments, the its automatically lookup the approval role and member of its role will fetch as approval. On the script, its shown like this :

var roleSearch = new RoleSearch();
var roleResult = roleSearch.searchByName("RolePatternAsYouWantHere");

if (roleResult.length < 1) {
    roleResult = roleSearch.searchByName("AdministratorRoleAsDefaultApproval");
}

approvaldn = roleResult[0].dn;
var myFilter = "(&(erparent=" + container.get().dn + ")(erroles=" + approvaldn + "))";
var personSearch = new PersonSearch();
var personResult = personSearch.searchByFilter("person", myFilter, 2);
var myParticipants = new Array();
for (i=0; i < personResult.length; i++) {
myCustomParicipants[i] = new Participant(ParticipantType.USER, personResult[i].dn);
}
return myCustomParticipants;

on complex IBM Tivoli workflow implementations, you need to make your own pattern of approval roles rather than make it one by one, since customer company has many departments with many roles.

custom participants script itim workflow

the idea is almost the same with Stephen 
More reference here or here  

Note : If you use ISPM VA, there are some limitations, includes can not use custom adapter or configure custom extension node, see more detail here
Read more ...
Posted by at No comments:

Mar 15, 2015

ispim posix custom adapter regular change password policy

several days ago, was so hectic with company policy that force everybody to change password periodically, its also force IBM Tivoli Identity Management (ITIM) to change password, either for adapter or accounts.

well, its little bit complicated to comply with, let we see simple suggestion solution here.

SACLI check out password for machine to machine

first step, you must checked-out the password from ITIM database use SACLI mechanism, once you get it, you need pass it to script pool. For this step, better you create new simple approval workflow on ITIM, its make you check out password easily.

Script pool ITIM adapter for change password

this is the second steps, for large numbers of target systems, you need make it generally-usage-able for all target systems,so it able to change password for Unix, linux, solaris, windows, etc.

Basic function of this parts is login with current username and password, then change the password. On Success, it will report to auto-reconcile subsystem to do his jobs then.

Ispim Auto reconcile

Its an automation to reconciling what the script has done.

Periodically change password ITIM

due to company policy, you must run it regularly base on company deadline to change password.


IBM ispim itim posix custom adapter regular change password policy

Read more ...
Posted by at No comments:

Mar 6, 2015

Cisco WLC radius managed wifi

Meanwhile, Cisco provide WLC (wireless lan controller), its very helpful to manage cisco and its traffic for you.

lets see the case :

a hospital need to give free of charge internet access for their customer, they need to create dynamic user access to each family of patient.  For more than 5 user login (includes patient-friend), the hospital will charge per bytes.

well, let see the solution :

Cisco WLC radius managed wifi

Integrate Hospital Information system with Radius

the first step, we need to fetch data from HIS and sync it to radius authentication server, it would be better if there is radius too on HIS then..  :D 

Java RMI manage WLC

Cisco WLC use RMI, so we need to create simple RMI to manage cisco and modify as we need.

summary 
WLC is so helpful to manage your network resources


Read more ...
Posted by at No comments:

Feb 23, 2015

HAProxy keepalived failover mysql galera


High Availability Services

on Enterprise level, application software should be able to guarantee that its services will not down. Especially on telecom industries, we are very consider about HA (high availability) services.

This HA is applicable for all service that need to reach almost 100% service alive, can be for database with cluster, app server, or any others.

How to double app services

You can setup HA by proxying your app-intance with session stickiness to keep all session on each client running well. Can be with F5 or other opensource loadbalancer. It can be setup as round robin or fail over then.

Keepalive the load balancer

even though you create load balancer on your apps, there still have any conditions that may make your balancer going down, thats why you need to make some backup of your balancer. Thats why we need keepalived.

well, on this case, i want to setup HAProxy as balancer, then keepalived to backup the balancer for mysql services. All are opensources software, lets try :

HAProxy keepalived failover mysql galera



Let say :
h1 : 192.168.43.201
h2 : 192.168.43.202
virtual ip : 192.168.43.200

create user for mysql

mysql -u root -p
grant all on *.* to root@'%' identified by 'Passw0rd' with grant option;
insert into mysql.user (Host,User) values ('192.168.43.201','haproxy');
insert into mysql.user (Host,User) values ('192.168.43.202','haproxy');
flush privileges;
exit;


DO on BOTH :
sudo update
sudo apt-get install mysql-client keepalived haproxy -y
sudo vim /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1

you can check with :
sudo sysctl -p


CREATE FILE : (router_id to be the hostname)
sudo vim  /etc/keepalived/keepalived.conf

 global_defs {
  router_id h1
}
vrrp_script haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
vrrp_instance 50 {
  virtual_router_id 50
  advert_int 1
  priority 101
  state MASTER
  interface eth0
  virtual_ipaddress {
    192.168.43.200 dev eth0
  }
  track_script {
    haproxy
  }
}
ON NODE 2:
global_defs {
  router_id h2
}
vrrp_script haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
vrrp_instance 50 {
  virtual_router_id 50
  advert_int 1
  priority 102
  state SLAVE
  interface eth0
  virtual_ipaddress {
    192.168.43.200 dev eth0
  }
  track_script {
    haproxy
  }
}



ON H1:
sudo vim /etc/haproxy/haproxy.cfg

 global
        log 192.168.43.201 local0
        stats socket /var/lib/haproxy/stats
        maxconn 10000
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon

 defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        contimeout 5000
        clitimeout 50000
        srvtimeout 50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

 listen stats 192.168.43.201:80
        mode http
        stats enable
        stats uri /stats
        stats realm HAProxy\ Statistics
        stats auth admin:Passw0rd1

ON H2:
sudo vim /etc/haproxy/haproxy.cfg

 global
        log 192.168.43.202 local0
        stats socket /var/lib/haproxy/stats
        maxconn 10000
        chroot /var/lib/haproxy
        user haproxy
        group haproxy
        daemon

 defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        contimeout 5000
        clitimeout 50000
        srvtimeout 50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

 listen stats 192.168.43.202:80
        mode http
        stats enable
        stats uri /stats
        stats realm HAProxy\ Statistics
        stats auth admin:Passw0rd1

ON BOTH
sudo vim /etc/default/haproxy

 # Set ENABLED to 1 if you want the init script to start haproxy.
ENABLED=1
ON BOTH
sudo service keepalived restart
sudo service haproxy restart


TESTING :
ip a | grep eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    inet 192.168.43.202/24 brd 192.168.43.255 scope global eth0
    inet 192.168.43.200/32 scope global eth0

Once you’ve completed all of these steps on both nodes, you should now have a highly available load balancer pair.  At this point, our VIP should be active on one node (assuming that you built node 1 first, it should be active on that node). 



NOW SET FOR MYSQL-Galera:

 mysql -h 192.168.43.200 -u root -p

then turn off one machine, it should be swithed automatically to the next side


ADD THIS ON BOTH:

listen galera 192.168.43.200:3306
        balance source
        mode tcp
        option tcpka
        option mysql-check user haproxy
        server m1 192.168.43.203:3306 check weight 1
        server m2 192.168.43.204:3306 check weight 1
Read more ...
Posted by at No comments:

Feb 20, 2015

MariaDB galera cluster Ubuntu 14.04


Today its about mariaDB cluster, you need this to serve high intense request of your apps-query.

On my lab, i use 2 nodes and ubuntu as host OS. Lets try :

MariaDB galera cluster Ubuntu 14.04


Let say :

Node 1 : 192.168.43.203
Node 4 : 192.168.43.204

DO THIS ON BOTH NODE

sudo apt-get install python-software-properties rsync
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
sudo add-apt-repository 'deb http://mirror.jmu.edu/pub/mariadb/repo/5.5/ubuntu precise main'

OR YOU CAN USE THIS REPO
deb http://mariadb.biz.net.id//repo/10.0/ubuntu trusty main


sudo apt-get update
sudo apt-get install mariadb-galera-server galera

sudo vim /etc/mysql/my.cnf     (comment binding)
#bind-address           = 127.0.0.1

CREATE THIS FILE ON BOTH

sudo vim /etc/mysql/conf.d/cluster.cnf

ON NODE 1:

[mysqld]
query_cache_size=0
binlog_format=ROW
default-storage-engine=innodb
innodb_autoinc_lock_mode=2
query_cache_type=0
bind-address=0.0.0.0

# Galera Provider Configuration
wsrep_provider=/usr/lib/galera/libgalera_smm.so
#wsrep_provider_options="gcache.size=32G"

# Galera Cluster Configuration
wsrep_cluster_name="m_cluster"
wsrep_cluster_address="gcomm://192.168.43.203,192.168.43.204"

# Galera Synchronization Congifuration
wsrep_sst_method=rsync
#wsrep_sst_auth=user:pass

# Galera Node Configuration
wsrep_node_address="192.168.43.203"
wsrep_node_name="m1"

ON NODE 2:
sudo vim /etc/mysql/conf.d/cluster.cnf

[mysqld]
query_cache_size=0
binlog_format=ROW
default-storage-engine=innodb
innodb_autoinc_lock_mode=2
query_cache_type=0
bind-address=0.0.0.0

# Galera Provider Configuration
wsrep_provider=/usr/lib/galera/libgalera_smm.so
#wsrep_provider_options="gcache.size=32G"

# Galera Cluster Configuration
wsrep_cluster_name="m_cluster"
wsrep_cluster_address="gcomm://192.168.43.203,192.168.43.204"

# Galera Synchronization Congifuration
wsrep_sst_method=rsync
#wsrep_sst_auth=user:pass

# Galera Node Configuration
wsrep_node_address="192.168.43.204"
wsrep_node_name="m2"

COPY FROM NODE 1 to NODE 2


sudo vim /etc/mysql/debian.cnf

[client]
host     = localhost
user     = debian-sys-maint
password = 03P8rdlknkXr1upa
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = debian-sys-maint
password = 03P8rdlknkXr1upa
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

RUNNING ON MASTER FIRST


sudo service mysql stop
sudo service mysql start --wsrep-new-cluster

RUN IT ON SLAVE(s) if there is some servers, you need to stop first if there was runed
sudo service mysql start

TESTING CLUSTER

ON NODE 1
mysql -u root -pMyPassword -e 'CREATE DATABASE testing;'
mysql -u root -pMyPassword -e 'CREATE TABLE testing.equipment ( id INT NOT NULL AUTO_INCREMENT, type VARCHAR(50), quant INT, color VARCHAR(25), PRIMARY KEY(id));'
mysql -u root -pMyPassword -e 'INSERT INTO testing.equipment (type, quant, color) VALUES ("slide", 2, "blue")'
ON NODE 2

mysql -u root -pMyPassword -e 'SELECT * FROM testing.equipment;'
mysql -u root -pMyPassword -e 'INSERT INTO testing.equipment (type, quant, color) VALUES ("swing", 10, "yellow");'
ON NODE 1
mysql -u root -pMyPassword -e 'SELECT * FROM testing.equipment;'
+----+-------+-------+--------+
| id | type  | quant | color  |
+----+-------+-------+--------+
|  1 | slide |     2 | blue   |
|  2 | swing |    10 | yellow |
+----+-------+-------+--------+

then you can see that all of update are synced on both.


Read more ...
Posted by at 3 comments:

Feb 17, 2015

IBM Security Privileged Identity Management Workflow

Hi all,

ISPIM Workflow is very helpful for me, it can help me to do something with custom tasking.

even for complex task. As simple as what they can do, see in this video, then IBM can do this very well.

IBM Security Privileged Identity Management Workflow 




Read more ...
Posted by at 2 comments:

Feb 14, 2015

javascript move mouse

On my Previous project, its very hard to say that i must argue with others for some "dirty" concept of programming.

its about integrate Cisco Unified Communications with Oracle WebCenter to provide full feature of Cisco UCM on Oracle portal.

They said, that we just need to develop javascript client apps using Cisco UCM SDK then embed it on Oracle WebCenter. I said, its impossible, we need other "trick" to integrate it, we need JS server to serve Cisco Request then communicate it to Oracle via web services.

They just thinking about all javascripts object will run by java eval functions. They didn't realize that Cisco UCM SDK use their own COM on client.

Its about basic matter, the same with question "how to move mouse with javascript ?"


well, lets see this concept :

How Javascript Works

Javascript is script that running in browser on client side to help server apps provide any information. Its gathering something, event, object.

so when you expect javascript to do more on other lower level its Impossible. Moving cursor location is lower level than browser can do.


Javascript move mouse

Javascript move mouse

well, simple solution is,
  1. you need to create COM (on dll or ocx) to move cursor,
  2. when client start browse, it will download your COM
  3. client will requested to approve some installation
  4. register your COM on client
  5. call you COM via apps ID
other approach is possible, but its the simplest ways to do that.

Read more ...
Posted by at No comments:

Feb 12, 2015

glusterFS HADR file-based implementation

High Availability - Disaster  Recovery

In this writing, i want to focus in deploying some apps such as web or other apps that serve more than 10.000 time per second. Especially in telco industries, we always challenge to provide huge number availability process of apps. well, today i want to share about simple implementation about that. 

There are two parts on this terms, one is :

High Availability 

is you need to provide huge number can serve per second. You need to double your apps instance as many as you can, then put loadbalancer above it. 
Let say, you develop on RoR or struts, you can measure with apache AB, then double it as number of availability you want. 

Disaster Recovery 

is ability to survive / to always keep serving even one node is down without any gap among nodes.




GlusterFS

This is sync-ed file system, while one node change the file content, it automatically change the side node.

It make everything seems simple, because we just setup one instance, then put configuration file, database file and even file repository on one time only.

Implementation

on my lab, i just use 4 vm(s) and put special hardrive to store / as glusterFS node.

put it on each host : /etc/hosts

192.168.43.205  f1
192.168.43.206  f2

install glusterFS server on active node

sudo add-apt-repository ppa:semiosis/ubuntu-glusterfs-3.4
sudo apt-get update
sudo apt-get install python-software-properties glusterfs-server 


install glusterFS client on passive node 

sudo add-apt-repository ppa:semiosis/ubuntu-glusterfs-3.4
sudo apt-get update
sudo apt-get install python-software-properties glusterfs-client

add hard drive to vmware host


sudo su
hosts='/sys/class/scsi_host'
for i in `ls $hosts`;
do
echo "- - -" > ${hosts}/${i}/scan
done

sudo lshw -short -c disk

H/W path             Device      Class       Description
========================================================
/0/100/10/0.0.0      /dev/sda    disk        21GB SCSI Disk
/0/100/10/0.1.0      /dev/sdb    disk        21GB SCSI Disk
/0/1/0.0.0           /dev/cdrom  disk        DVD-RAM writer

sudo mkfs.xfs /dev/sdb
sudo mkdir /mnt/mypoint
sudo mount /dev/sdb /mnt/mypoint

auto mount glusterFS

Add to fstab :  /etc/fstab
/dev/sdb       /mnt/mypoint        xfs defaults    0 0



create volume


sudo gluster volume create bulkdata replica 2 transport tcp f1:/mnt/mypoint f2:/mnt/mypoint force
sudo gluster volume create bulkconfig replica 2 transport tcp f1:/var/confbrick f2:/var/confbrick force
sudo gluster volume start bulkdata
sudo gluster volume start bulkconfig
sudo gluster volume set volume1 auth.allow gluster_passive_IP_addr (F2)



Read more ...
Posted by at No comments:
Subscribe to: Posts (Atom)