Image Support #3125

Unable to bring up IDG 7.6 on Azure Cloud

Added by Suresh about 2 years ago. Updated almost 2 years ago.

Status:ClosedDue date:
Priority:Normal% Done:

0%

Assignee:Suresh
Category:-
Image:IBM DataPower - 7.6 Your Marketplace Account ID:0000-0000-0000
Operating System:Linux Marketplace:Microsoft Azure
JRE:Not Applicable Customer State:NC
Instance Type:Any Customer Country:USA

Description

Able to setup VM instance for IDG 7.6. the username/pwd entered is not accepting by DataPower console and connection getting closed. Unable to access webgui with https://publicip:9990 as well. Need assistance.

Screen Shot 2018-05-22 at 09.42.50.png (510 KB) Mariano, 05/22/2018 01:10 pm

Screen Shot 2018-05-22 at 09.40.43.png (505 KB) Mariano, 05/22/2018 01:10 pm

History

#1 Updated by Mariano about 2 years ago

  • Status changed from New to Feedback
  • Assignee changed from Dave to Suresh

Hi Suresh,

Sorry for the inconveniences.

My suggestions to make it work:

  1. Follow to documentation here: https://www.midvisioncloud.com/ibm-websphere-on-microsoft-azure/ibm-datapower-virtual-edition-on-azure/
  1. Check if the URL has the https on it, IBM does not auto redirects from http to https
  1. Please follow the documetation steps and login to the image via SSH and run the box configuration just executing: sudo su - midvision

Let me know if you have any additional doubt or issue.

Cheers,
Mariano

#2 Updated by Mariano about 2 years ago

Hi Suresh,

Your reply by email:

Yes, I followed the same link. Still no luck. The username/password that I reset is used to get into IDG Console and then it fails. Here is the steps that I followed.

Access to the Azure Serial Console is in preview. For more information see <https://aka.ms/serialconsolehelp>.
Connecting to console of DataPowerTNG   □ □ ■
+-----------------------------------------------+
| Connected to the serial port of the VM.       |
| If no login prompt is displayed, press ENTER. |
+-----------------------------------------------+

2018/05/18 15:33:23.267374 INFO Purging disk cache, current incarnation is 1
2018/05/19 15:33:26.555535 INFO Purging disk cache, current incarnation is 1
2018/05/20 15:33:29.396186 INFO Purging disk cache, current incarnation is 1

[midvision@DataPowerTNG ~]$
[midvision@DataPowerTNG ~]$ ls
firstrunsetup.sh  open-firewall.sh  rapiddeploy-systemd
[midvision@DataPowerTNG ~]$ ./firstrunsetup.sh
Welcome, this is MidVisionCloud DataPower Virtual Edition image first run configuration
Note that you can rerun this configuration wizard again by executing /home/midvision/firstrunsetup.sh script
Configuration steps
1. Set DataPower Virtual Edition password
2. Set RapidDeploy framework initial password
3. Open ports on RHEL firewall
Your default DataPower web console password for 'admin' user is set to : mvadmin
Would you like to change it now? [yes/no]?
yes
Configuring password for DataPower 'admin' user
Set password for DataPower user 'admin'. Submit blank for default value of the instance id: mvadmin
Make sure your password is at least 6 characters long
Confirm password
Setting DataPower password for user admin...
spawn telnet 0 2200
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
DataPowerTNG
Unauthorized access prohibited.
login: admin
Password: *******
login: admin
configure terminal
Password: Admin@123
*************
login: admin
mvadmin
Password: Admin@123
*Connection closed by foreign host.
send: spawn id exp6 not open
    while executing
"send "$newPass\r"" 
    (file "/root/changeDataPowerPassword.exp" line 24)
DataPower password successfully set
Configuring password for RapidDeploy default user 'mvadmin'
Set password for user 'mvadmin'. Submit blank for default value of the instance id: mvadmin
Confirm password
Passwords does not match!
Configuring password for RapidDeploy default user 'mvadmin'
Set password for user 'mvadmin'. Submit blank for default value of the instance id: mvadmin
Confirm password
Passwords does not match!
Configuring password for RapidDeploy default user 'mvadmin'
Set password for user 'mvadmin'. Submit blank for default value of the instance id: mvadmin
Confirm password
Setting RapidDeploy password for user 'mvadmin'...
log4j:WARN No appenders could be found for logger (com.midvision.rapiddeploy.utilities.config.PropertyCache).
log4j:WARN Please initialize the log4j system properly.
HTTP/1.1 406
Content-Type: text/plain
Transfer-Encoding: chunked
Date: Mon, 21 May 2018 15:26:26 GMT

Failed to login for the following reason: BadCredentialsException: Bad credentialsRapidDeploy password successfully set
Open firewall ports for RapidDeploy (port 9090) and DataPower (port 9990) [y/n]?
9990
Open firewall ports for RapidDeploy (port 9090) and DataPower (port 9990) [y/n]?
y
Opening default web UI ports for DataPower and RapidDeploy.
Open firewall port 9090
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
Open firewall port 9990
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
Type port number to open. Type exit to finish.
exit
Configuration finished, you may now start using DataPower (port 9990) and RapidDeploy (9090) service.
DataPower: https://168.62.51.101:9990
RapidDeploy: 168.62.51.101:9090/MidVision
[midvision@DataPowerTNG ~]$

Base on your information I can tell you:

This is because the firstrunsetup.sh was already executed when the user has logged in the first time. Once it is executed, it should not be executed again. This was meant to be like this.

So, if you dont remember the initial password that you have set or is not the right one, I recommend to remove this VM and create a new one. Then set the right password.

If you remember the password and you like to change it, please login to the DP web console and change it from there.

Let me know if have any doubt or something is not clear enough.

Cheers,
Mariano

#3 Updated by Mariano about 2 years ago

Hey Suresh,

Based on your last email:

Welcome to
__  __ _     ___     ___     _                    ____ _                 _
|  \/  (_) __| \ \   / (_)___(_) ___  _ __        / ___| | ___  _   _  __| |
| |\/| | |/ _` |\ \ / /| / __| |/ _ \| '_ \ _____| |   | |/ _ \| | | |/ _` |
| |  | | | (_| | \ V / | \__ \ | (_) | | | |_____| |___| | (_) | |_| | (_| |
|_|  |_|_|\__,_|  \_/  |_|___/_|\___/|_| |_|      \____|_|\___/ \__,_|\__,_|

                                                         A MidVision Service

        * WebSite: https://www.midvisioncloud.com/product-category/microsoft-azure-marketplace
        * Support: http://support.midvision.com/redmine/projects/devtestcloud
        * Forum:   https://www.midvisioncloud.com/community

Please run 'sudo su - midvision' to start using provided services.
[ssanga@TNGDataPower ~]$ sudo su - midvision

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for ssanga:
Datapower instance is still initialising. Please wait ...
Welcome, this is MidVisionCloud DataPower Virtual Edition image first run configuration
Note that you can rerun this configuration wizard again by executing /home/midvision/firstrunsetup.sh script
Configuration steps
1. Set DataPower Virtual Edition password
2. Set RapidDeploy framework initial password
3. Open ports on RHEL firewall
Your default DataPower web console password for 'admin' user is set to : mvadmin
Would you like to change it now? [yes/no]?
yes
Configuring password for DataPower 'admin' user
Set password for DataPower user 'admin'. Submit blank for default value of the instance id: mvadmin
Make sure your password is at least 6 characters long
Confirm password
Setting DataPower password for user admin...
spawn telnet 0 2200
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
TNGDataPower
Unauthorized access prohibited.
login: admin
Password: *******

Welcome to IBM DataPower Gateway console configuration.
Copyright IBM Corporation 1999-2017

Version: IDG.7.6.0.3 build 292006 on Sep 29, 2017 9:43:50 AM
Serial number: 0000001

idg# configure terminal
Global configuration mode
idg(config)# user-password
Enter old password: *******
Enter new password: *********
Re-enter new password: *********
Password for user 'admin' changed
Cleared RBM cache
idg(config)# exit
idg# eConnection closed by foreign host.
DataPower password successfully set
Configuring password for RapidDeploy default user 'mvadmin'
Set password for user 'mvadmin'. Submit blank for default value of the instance id: mvadmin
Confirm password
Setting RapidDeploy password for user 'mvadmin'...
log4j:WARN No appenders could be found for logger (com.midvision.rapiddeploy.utilities.config.PropertyCache).
log4j:WARN Please initialize the log4j system properly.
HTTP/1.1 200
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 21 May 2018 17:23:55 GMT

<html><head><title>changePasswd</title><link href="http://localhost:9090/MidVision/ui/javax.faces.resource/components.css?ln=primefaces" rel="stylesheet" type="text/css" /></head><body><div style="border-bottom: 0.1em solid black; display:block; height: 30px; margin-bottom: 1em; margin-top: 0.5em; position: relative; width: 100%;"><h2>changePasswd</h2></div><div class="ui-messages ui-widget" aria-live="polite"><div class="ui-messages-info ui-corner-all"><ul><li><span class="ui-messages-info-summary">Change password</span><br/><span class="ui-messages-info-detail">SUCCESS: The password has been changed.</span></li></ul></div></div></body></html>RapidDeploy password successfully set
Open firewall ports for RapidDeploy (port 9090) and DataPower (port 9990) [y/n]?
y
Opening default web UI ports for DataPower and RapidDeploy.
Open firewall port 9090
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
Open firewall port 9990
iptables: Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
Type port number to open. Type exit to finish.
exit
Configuration finished, you may now start using DataPower (port 9990) and RapidDeploy (9090) service.
DataPower: https://40.76.79.115:9990
RapidDeploy: 40.76.79.115:9090/MidVision
[midvision@TNGDataPower ~]$ ./firstrunsetup.sh
[midvision@TNGDataPower ~]$ ssh 40.76.79.115
The authenticity of host '40.76.79.115 (40.76.79.115)' can't be established.
ECDSA key fingerprint is SHA256:SBJmQiZIIxUTVomJsyzsCEqFn5J6VIhIxS42oiC+hIo.
ECDSA key fingerprint is MD5:cb:e5:68:fc:79:0a:3b:27:83:6a:7f:1c:54:d1:05:05.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '40.76.79.115' (ECDSA) to the list of known hosts.
Password:
Password:
Password:
midvision@40.76.79.115's password:
Permission denied, please try again.
midvision@40.76.79.115's password:
Permission denied, please try again.
midvision@40.76.79.115's password:
Authentication failed.
[midvision@TNGDataPower ~]$ ssh 40.76.79.115
Password:

[midvision@TNGDataPower ~]$ ssh admin@40.76.79.115
Password:
Password:

Not sure what you are trying to do.

You tried to connect via SSH to the VM box and user midvision. Have you set the password of midvision user?

Avyway, to connect to DP, please go to the DP web console: https://40.76.79.115:9990 or the name that you have in the Azure DNS something like https://TNGDataPower.westeurope.cloudapp.azure.com:9990, check the name in the Azure portal.

Regards,
MP

#4 Updated by Mariano about 2 years ago

Hey Suresh,

Sorry but I was assuming that you have everything comfigured in the Azure VM.

Please check in Azure portal for your VM if all ports you need are open (VM Networking) and if you have defined the DNS name and try to connect to the VM through the DNS name instead of the IP.

Cheers,
MP

#5 Updated by Mariano about 2 years ago

Hi,

Please run the following commands from console and let me know the output

sudo netstat -lpnt

wget -p --no-check-certificate  https://localhost:9990/dp/index.html -O /dev/null 

Regards,
MP

#6 Updated by Mariano about 2 years ago

Hey Suresh,

Your output:

[midvision@TNGDataPower ~]$ sudo netstat -lpnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:26379         0.0.0.0:*               LISTEN      1829/dp-redis-senti
tcp        0      0 127.0.0.1:63501         0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 127.0.0.1:9005          0.0.0.0:*               LISTEN      1448/java
tcp        0      0 0.0.0.0:5550            0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 127.0.0.1:63502         0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 127.0.0.1:63503         0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd
tcp        0      0 127.0.0.1:63504         0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 127.0.0.1:63505         0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 0.0.0.0:9009            0.0.0.0:*               LISTEN      1448/java
tcp        0      0 127.0.0.1:63506         0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 127.0.0.1:44085         0.0.0.0:*               LISTEN      1448/java
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      1058/dnsmasq
tcp        0      0 127.0.0.1:44086         0.0.0.0:*               LISTEN      1448/java
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1550/sshd
tcp        0      0 127.0.0.1:2200          0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1147/master
tcp        0      0 127.0.0.1:16379         0.0.0.0:*               LISTEN      1828/dp-redis-serve
tcp        0      0 127.0.0.1:20443         0.0.0.0:*               LISTEN      1448/java
tcp        0      0 127.0.0.1:20000         0.0.0.0:*               LISTEN      1448/java
tcp        0      0 0.0.0.0:9090            0.0.0.0:*               LISTEN      1448/java
tcp        0      0 0.0.0.0:9990            0.0.0.0:*               LISTEN      1705/drouter
tcp        0      0 127.0.0.1:9001          0.0.0.0:*               LISTEN      1448/java
tcp6       0      0 :::111                  :::*                    LISTEN      1/systemd
tcp6       0      0 :::53                   :::*                    LISTEN      1058/dnsmasq
tcp6       0      0 :::22                   :::*                    LISTEN      1550/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      1147/master
0/dp/index.html -O /dev/nullwget -p --no-check-certificate https://localhost:999
WARNING: combining -O with -r or -p will mean that all downloaded content
will be placed in the single file you specified.

--2018-05-21 20:22:54--  https://localhost:9990/dp/index.html
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:9990... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:9990... connected.
WARNING: cannot verify localhost's certificate, issued by ‘/C=US/O=IBM/OU=IBM DataPower Gateways/CN=SSL Server CA’:
  Self-signed certificate encountered.
    WARNING: certificate common name ‘Container DataPower WebGUI’ doesn't match requested host name ‘localhost’.
HTTP request sent, awaiting response... 303 See Other
Location: /dp/login.xml [following]
--2018-05-21 20:22:54--  https://localhost:9990/dp/login.xml
Reusing existing connection to localhost:9990.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘/dev/null’

    [ <=>                                   ] 2,272       --.-K/s   in 0s

2018-05-21 20:22:54 (22.0 MB/s) - ‘/dev/null’ saved [2272]

Loading robots.txt; please ignore errors.
--2018-05-21 20:22:54--  https://localhost:9990/robots.txt
Reusing existing connection to localhost:9990.
HTTP request sent, awaiting response... 303 See Other
Location: /dp/login.xml [following]
--2018-05-21 20:22:54--  https://localhost:9990/dp/login.xml
Reusing existing connection to localhost:9990.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘/dev/null’

    [ <=>                                   ] 2,272       --.-K/s   in 0s

2018-05-21 20:22:54 (40.1 MB/s) - ‘/dev/null’ saved [2272]

I can see that the ports are open properly and from the box you can reach the DP web console.

So, there might be a firewall issue from the OS or Azure VM.

Please let check first if it is the OS firewall first. So please do this:

Disable the OS firewall:

sudo systemctl stop iptables.service

Then try to reach the DP web console.

if it works, not sure why the ports were not open during the first login script.

if you are still not able to reach the DP web console, try to add a new rule in to VM Networking:

Priority: 1000
Name: Port_Any
Port: Any
Protocol: Any
Source: Any
Destination: Any

If this make it work, please in the VM box, enable again the firewall via:

sudo systemctl start iptables.service

Cheers,
MP

#7 Updated by Mariano about 2 years ago

Hi Suresh,

I've been trying to replicate your issue and unfortunatelly I couldn't do it.

I created an VM with our IBM DataPower 7.6.0.4 from MarketPlace in Azure portal folloing the wizard. Leaving all values as default. Then once is was created and running, I followed the steps on our documentation changing the passwords to DP admin user and RD mvadmin user as well. Then I got it working without any issue.

Please find attached two screenshots of the Azure VM, one is the overview settings and the other is the default Networking rules that you should use.

Hope this helps.

Cheers,
MP

#8 Updated by Dave about 2 years ago

Updating tickets with comments from the email.

Dave, I tried to use the telnet and here is what I see.

[midvision@TNG1DataPower ~]$ telnet 137.117.85.59 9990
Trying 137.117.85.59...
telnet: connect to address 137.117.85.59: Connection timed out

Grep on 9990 port is showing this.
[midvision@TNG1DataPower ~]$ netstat -an | grep 9990
tcp 0 0 0.0.0.0:9990 0.0.0.0:* LISTEN
tcp 0 1 10.0.1.4:49134 137.117.85.59:9990 SYN_SENT

Suresh Sanga
LPL Financial
AVP Architecture, Advisor & Investor Platform Technology

Direct: 980-321-1504
Toll-free: 800-877-7210 | ext. 1504
Cell: 704-807-8408
E-mail :
The day you stop upgrading your skills is the
day you have actually started shrinking them

From: David [mailto:@midvision.com]
Sent: Tuesday, May 22, 2018 11:59 AM
To: Suresh Sanga
Cc: richard
Subject: Re: #3125

Suresh,

Forwarding on some advice. Could you try the commands below:

telnet <DP IP> 9990 from one server
Log in to the DP server and run netstat -an | grep 9990
Look for EST or SYN_REC
if neither it is inbound firewall
if SYN_REC it is outbound firewall
If ESTABLISHED it is an internal server issue or DP issue
It won't be established because I get SYN_SENT

#9 Updated by Dave about 2 years ago

Suresh - it would appear your issue is a firewall problem. You are NOT connecting to the port to access DataPower.

If you have another Azure Host it would be better if you can do the telnet command from there (and the netstat on the DataPower and remote host you are running the telnet from). This would allow you to understand if the problem is with an In Bound or Outbound firewall rule.

telnet 137.117.85.59 9990

It would appear to us though this is a firewall issue - not an issue with DataPower or our image.

Do you have any internal resource you can get support from regarding the security config you are using?

Dave

#10 Updated by Rafael almost 2 years ago

  • Status changed from Feedback to Marked for Closure

Hi Suresh,

We noticed there hasn't been an update to this ticket for some time. Can we consider this ticket closed from support point of view? Is this still an issue or is there anything further that we can do for you in this regard? If not we will be timing out this ticket and will be closed in a few days time. If you have any other queries, please do not hesitate to ask us.

Regards,

Rafa

#11 Updated by Rafael almost 2 years ago

  • Status changed from Marked for Closure to Closed

Also available in: Atom PDF