LOTUSCONNECTIONS.org

  Somewhere last week I configured AWstats for our
Connections environment to figure out what the usage is and to see
what our  busiest usage period is.

Because we use cronolog to rotate our access.log file on our IHS
server, every day get it’s own directory and access.log.

No problem with AWstats, you can configure it like this.

FILE ./awstats.connectons.company.com
 LogFile=”/data/alogs/connections.company.com/access.log/%YYYY-0/%MM-0/%DD-0/access.log”
!FILE

But after running it for a few days I say one host owning the host top 10
list with more then 65000 page requests in only a couple of days.
After a #dig -x 123.123.123.123 I found that this was a Notes Domino
server equipped with an agent that collected the RSS feeds of
Blogs and Activities 24/7.

By configuring the SkipHosts= option in de config file of AWstats for
our Connections environment I could ignore requests coming from
this Domino server for  the upcoming stats collections.

But to get a good picture of the usage of Connections in the pas days I
searched how I got rebuild the AWstats database to completely ignore
the mentioned Domino server in all stats.

Because we use log rotation for our access logs I could not simple delete
the database as built by awstats. Only deleting the database and a
rerun of the awstats.pl script just gave me the stats of the current day.

Solution, #cat all the access logs of the different days to one and
configure this log file for an one-time run in your awstats
configuration file, et voila.

This blog item is about a longstanding issue that we had with the
River-of-News function on the Homepage of Connections.

The problem that we had was that the River-of-News function
broke down when SSO functionality was active before
navigating to the Homepage of Connections.

We noticed this issue only on a Connections configuration where
multiple server instances were involved like the Advanced stand-alone
installation of Connections. We didn’t had the issue on our
Stand-alone Connections installation with only one JVM.

In our environment we have configured SSO between our Connections
QuickR, webmail and Sametime servers. The River-of-news function
broke when your initial login was on Quickr, webmail or Sametime and
you navigated to the homepage of Connections in the same session.

The error printed on the Homepage was something like below

[3/31/10 18:55:01:666 CEST] 0000004c HomepageSaveN E com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageSaveNewsAction getAllTopStoriesForPerson CLFRQ0382E: An error occurred while invoking a remote interface (EJB) for fetching news stories for person ID 37A3BC5F-CB07-D6CA-C125-72730054A71A. Check nested exception for more details.
                                 com.ibm.lotus.connections.dashboard.common.exceptions.servlet.NewsRepositoryRelatedException: CLFRQ0382E: An error occurred while invoking a remote interface (EJB) for fetching news stories for person ID 37A3BC5F-CB07-D6CA-C125-72730054A71A. Check nested exception for more details.
        at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageRiverOfNewsAction.handleRemoteExceptionForFetchAction(HomepageRiverOfNewsAction.java:79)
        at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.getAllTopStoriesForPerson(HomepageFetchNewsAction.java:307)
        at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.fetchAndSetStories(HomepageFetchNewsAction.java:137)
        at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.handle(HomepageFetchNewsAction.java:80)
        at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.news.NewsStoryServlet.handle(NewsStoryServlet.java:126)
        at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.news.NewsStoryServlet.doGet(NewsStoryServlet.java:73)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)

Scrolling further down the next error came by.

Caused by: java.rmi.AccessException: CORBA NO_PERMISSION 0×49424306 No; nested exception is:
        org.omg.CORBA.NO_PERMISSION: JSAS0202E: [{0}] Credential token expired.  {1}  vmcid: 0×49424000  minor code: 306  completed: No
        at com.ibm.CORBA.iiop.UtilDelegateImpl.mapSystemException(UtilDelegateImpl.java:263)
        at javax.rmi.CORBA.Util.mapSystemException(Util.java:84)
        at com.ibm.lconn.news.ejb.client._NewsStoryEJBBean_Stub.getNewsStories(_NewsStoryEJBBean_Stub.java:1296)
        at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.getAllTopStoriesForPerson(HomepageFetchNewsAction.java:304)
        … 51 more
Caused by: org.omg.CORBA.NO_PERMISSION: JSAS0202E: [{0}] Credential token expired.  {1}  vmcid: 0×49424000  minor code: 306  completed: No

A simple work-around then was to logout in Connections en login
again directly to the Homepage.

We raised a PMR at IBM to figure out what we could do to fix this issue.

After a couple of mailings with Danny Chong from the LotuS Connections
Technical Support team we were advised to install the following iFix.

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK77853

The stupid thing about this iFix is that the error description is totally not
relevant to our situation. Also mentioned that to the guys at IBM but
they insisted that this iFix could solve our issue.

And magically what happened , our issue was solved after applying
this iFix. You can’t download this iFix separately it is only packed  in
WAS fixpack 6.1.0.25 and above. Happily they sent me the separate
iFix so I didn’t had to apply fixpack 25 something that is not supported
by Connections 2.5.

Check this link to download this iFix.

Because I think this issue is very specific to the setup you use, here
is a short list which describes ours.

- Advanced stand-alone Lotus Connections 2.5 GA fixpack 1
   ( issue was also present before fixpack 1 )
- Linux SLES 10 SP1 – WAS 6.1.0.23
- Linux SLES 9 SP4  – DB2 9.1 FP6
- Linux SLES 9 SP4   – TDI 6.1.1 FP6
- Windows 2003 SP2 – Lotus Domino 8.5.1 LDAP

Thanks again to Danny from the LotuS Connections Technical Support
team on helping us with this one.

This morning I took my Lotus Connections 2.5 exam and
passed it successfully .

I found this real exam a little bit harder then the test
exam from Prometric I took last week.  A few questions
about Files and Wikis were a pain for me because
I didn’t dove into the depths of these two parts of LC 2.5 yet.

Next Monday I’m going to take the LOT-987 exam, aka
Administering IBM Lotus Connections 2.5.

To prepare myself for this one I took this test exam from
the prometric site.

http://www-03.ibm.com/certify/tests/samL987.shtml

I went smoothly through this test exam, didn’t do much
preparation before taking this ( 78%, 74% is required ).

So hopefully the real exam goes as smooth as this test exam .

Some talking about the exam from other Connections
guys.

From the blog of Stuart McIntyre, he worked in the team creating the exam.

http://lotusconnectionsblog.com/blog/connblog.nsf/dx/lotus-connections-2.5-certification-now-available

Mikkel about the exam at his blog lekkimworld.com

http://lekkimworld.com/2010/02/25/im_a_certified_lotus_connections_2_5_administrator.html

I tried to figure out how I could map a group to
a role as used by the Lotus Connections apps.

It would be handy if I could create a group like blogadmins
which contains all the people which require admin
privileges on Blogs.

But unfortunately you can’t map groups to a role as used by
Connections, yeah you can but it won’t work.

http://www-10.lotus.com/ldd/lcforum.nsf/d6091795dfaa5b1185256a7a0048a2d0/c20e137e3b31e826852576fd00265771?OpenDocument

Because I can’t map a group to a role I need
to add every user individual.

I want this action to be scripted so I was looking how this could be
done. The trick was the separator which needs to be a “|”.

So check the script below.

appName = ‘Blogs’
lcsearchadmin=’LCdev admin’
blogadmins=’LCdev admin|Donald Duck|Dagobert Duck|Mickey Mouse’
lcadmin=’LCdev admin’

AdminApp.edit(appName, ‘[ -MapRolesToUsers [ ["person" no yes "" ""] ["everyone" yes no "" ""] ["reader" no yes "" ""] ["search-admin" no no "'+lcsearchadmin+'" "" ] [ "admin" no no "'+blogadmins+'" "" ]  ["widget-admin" no no "'+lcadmin+'" "" ] ] ]’)
print “done…. Configuring rights Blogs EAR”
AdminConfig.save()

This is fun creating posts on my bb for my blog. All with the blackberry wordpress plugin from http://blackberry.wordpress.org

While my server suffered some (serious) downtime behind the scenes
I dove into the concept of RAID setups on Linux. I al ready had configured
a Software RAID used to save my precious data but had no clue
there were differences in RAID setups.

“That explained my config of this RAID, I configured my
onboard VIA VT6420 SATA RAID Controller with it’s menu to be a
RAID 1 controller and in Linux I configured this setup with Yast
to be a Software Raid 1 config.???? Yeah you know just do, don’t read.

I took this dive because my root disk was at the end of it’s life.
Smarctl -H didn’t gave me a pretty sight. just a failing hard disk.

Luckily I was able to rescue the most of my files that were
on the root disk only an openSUSE 11.2 installation and some config
files of apps. But I decided that I wanted my root disk
to be a RAID 1 setup as well.

I ordered two SATA disks and a SATA RAID 0/1 controller. Then my
mission started to get this setup working as a root disk.

Searching my way through Google about how to do this I discovered
that there are multiple options to create a RAID config on Linux.

The two relevant for my were:

Software RAID (Operating system based)

You can create a Software RAID you don’t need a RAID controller for
this config, so there I was looking good with my just bought RAID controller .

Fake-Raid (Firmware/driver-based RAID)

You can create a Fake-Raid setup by utilizing a Fake-Raid controller capabilities.

You can got loose on the whole RAID thing at wikipedia

http://en.wikipedia.org/wiki/Fakeraid

“Hardware RAID controllers are expensive and proprietary. To fill this
gap, cheap Fake-Raid controllers were introduced.”

I decided to go with the Fake-Raid solution, didn’t want my just-bought
RAID controller to be a waste of money, all though it only cost me 20 EURO
but it’s all about the principle .

Below a summary of all the things I had to do to let me 20 EURO
be a worthy investment.

Create a RAID 1 setup with the menu tool on the RAID controller.

Then create a file-system on the RAID 1 config.

To find out the device name of your RAID device use this command

# dmraid -ay
# ls -la /dev/mapper/

Then use cfdisk or fdisk or whatever partition program to create a file-system.

In my situation it was

# cfdisk /dev/mapper/sil_bgadaecebiea

To be able to boot from a Fake-Raid device you have to have
a initrd file which contains a driver which supports this.

From the man of mkinitrd

dmraid =Include support for Software-Raid over device mapper
              (known as Fake-Raid)
dm      = Include support for device mapper in general
md      = Include support for Software RAID (md)
kpartx = Include support for kpartx partitioning. Always use this
              if you have device mapper devices.

What was important for me, and something that I found out later
is that you can’t boot from a FakeRaid config and use a Sofware based
RAID device at the same time.

http://www.brandonchecketts.com/archives/disabling-dmraid-fakeraid-on-centos-5

“Both of the drivers will attach themselves to all the drives with
any partitions sets as type fd (Linux raid autodetect).”

Later on the road when I was able to boot from my FakeRaid root disk I
converted my Software RAID setup to a Fake-Raid as well.

Found out that creating a Fake-Raid capable initrd file on openSUSE
is a mission own it own.

http://en.opensuse.org/P35_With_SATA_Raid/

“Next we have to edit another file: /lib/mkinitrd/scripts/boot-dmraid.sh
(Note, that I don’t know the state, it was originally in)

you have to change the line that reads

/sbin/dmraid -a y -p

to

/sbin/dmraid -ay”

With all the trip/tricks/hints in mind my final mkinitrd commando looked liked this.

#mkinitrd -f “dm dmraid kpartx”

In order to be able to boot from a FakeRaid device I had to add the
following two parameters to my GRUB menu.lst and set root to my new
partition created.

root = /dev/mapper/sil_bgadaecebieap1
root_dm = 1
root_dmraid=1

kernel (hd0,0)/boot/vmlinuz-2.6.31.5-0.1-default root=/dev/mapper/sil_bgadaecebieap1 root_dm=1 root_dmraid=1 splash=silent agp=off clocksource=hpet 001 showopts

To install the GRUB bootloader on my RAID setup I had to create the following
device.map.

hertogjan:/boot/grub # cat device.map
(fd0)  /dev/fd0
(hd0) /dev/mapper/sil_bgadaecebiea

Then install GRUB

grub> root (hd0,0)
grub> setup (hd0)
grub> quit

And there you go if everything is working out for you you
should be able to boot from your Fake-RAID root disk.

Extra note:

It’s seems booting from a “broken” Fake-Raid on Linux is not supported
as can be read on this website at the bottom.

http://wiki.archlinux.org/index.php/Installing_with_Fake_RAID

“Booting with degraded array

One drawback of the fake RAID approach on GNU/Linux is that
dmraid is currently unable to handle degraded arrays, and will
refuse to activate.

In this scenario, one must resolve the problem from within another
OS (e.g. Windows) or via the BIOS/chipset RAID utility.

Alternatively, if using a mirrored (RAID 1) array, users may temporarily
bypass dmraid during the boot process and boot from a single drive:

 1. Edit the kernel line from the GRUB menu
 2. Remove references to dmraid devices
     (e.g. change /dev/mapper/raidSet1 to /dev/sda1)
 3. Append disablehooks=dmraid to prevent a kernel panic
     when dmraid discovers the degraded array
 4. Boot the system “

Sites already mentioned in the above story that were very
helpful in my attempt fixing this one.

http//www.brandonchecketts.com/archives/disabling-dmraid-fakeraid-on-centos-5
http://wiki.archlinux.org/index.php/Installing_with_Fake_RAID
http://www.texsoft.it/index.php?c=hardwareamp;m=hw.storage.grubraid1amp;l=it
http://en.opensuse.org/P35_With_SATA_Raid