You can do this and it will show any entries.
DSPSVRAUTE USERPROFILENAME
Paul Fenstermacher | Sys Admin, Sr | Technology Operations | Jack Henry & Associates, Inc.
2135 E. Primrose | Springfield, MO 65804 | 417-235-4114 x177389 |
pfenstermacher@xxxxxxxxxxxxx
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Friday, May 4, 2018 9:11 AM
To: 'Midrange Systems Technical Discussion' <midrange-l@xxxxxxxxxxxx>
Subject: RE: Initiating a Windows DNS change from IBM i
The e-mail below is from an external source. Please do not open attachments or click links from an unknown or suspicious origin.
DSPSVRAUTE
I don't think we ever used any.
How can I find if any were added for any profiles?
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob Berendt
Sent: Friday, May 04, 2018 9:37 AM
To: Midrange Systems Technical Discussion
Subject: RE: Initiating a Windows DNS change from IBM i
We run Edge load balancer on a Windows box. We aren't using the fail over option at this time (to get a second Edge server kept in sync). I get a little confused as to what would spray the initial request between the two Edge servers?
SSH keys: We use a generic *.corp.dekko.com for internal and *.dekko.com for external. I literally copy the two files from one Domino server to the other and make no further change.
We use the BRMS network feature. And, as I've said on other threads, I restore from saves performed on other systems with no problems.
RSTOBJBRM OBJ(MYOBJ) SAVLIB(MYLIB) DEV(USSGVTL) FROMSYS(GDIHQ2)
When you have 15 lpars of IBM i you should see my WRKRDBDIRE and my DSPSVRAUTE.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx<mailto:PSteinmetz@xxxxxxxxxx>>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxx>>
Date: 05/04/2018 09:17 AM
Subject: RE: Initiating a Windows DNS change from IBM i
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx<mailto:midrange-l-bounces@xxxxxxxxxxxx>>
Rob,
I know it can be done, but like you said, we may have to change the way we
do somethings and some of our apps would need changes/reconfiguration.
1) IBM Edge server part of WebSphere, correct?
Do you run EDGE on the I or another box in front of the I
We used to run WebSphere years ago, we dropped it.
https://en.wikipedia.org/wiki/IBM_Websphere_Edge_Components
Edge Server comprises 4 basic components:
Load Balancer: Used to direct incoming requests to an appropriate
server based on a set of rules which may include load balancing requests
across several servers. Server selection is based upon health checks which
includes the ability for the user to write specialized health check
requests. The current level supports IPv4 and IPv6 traffic.
Caching Proxy: The caching proxy system can be configured as either a
forward- or reverse-proxy server. Requested content is cached by Edge
before being sent to the requestor and subsequent requests can, based on
its internal algorithm that can be customized, be served from the cache
instead of forwarding them to application server for reprocessing. This
improves response time and minimizes network bandwidth use. A primary use
of Edge server is therefore to increase the performance and scalabity of
J2EE applications.
Content Distribution: This feature is used in conjunction with the
load balancer, where multiple Edge server components are used, to
distribute HTTP requests based on URL or other administrator configured
characteristics, eliminating the need to store identical content on all
Edge servers.
Application Service at the Edge: Ability to build a dynamic web page
from fragments generated by multiple application servers
Edge can be configured for high availability with a backup Edge failover
server that takes over sessions if the primary Edge server fails.
2) How do you handle SSH keys which our generated based on IP, Host Name,
or both?
The remote sites would need a 2nd key from the HA box, correct.
I've added to the list - HA/DR items for consideration.
LPAR system name
TCP/IP interfaces
TCP/IP routes
TCP/IP host table entries
TCP/IP domain information
HTTP instance listening IP
SSH Keys
PC iSeries Access for Windows configurations with IP (200)
HTTPS URL which translate to an IP via network DNS entries
Remote systems with IP in host tables
BRMS
Volumes ownership
Other BRMS settings.
WRKRDBDIRE
Configuring RDB Names for High Availability and External
System Access
http://www-01.ibm.com/support/docview.wss?uid=nas8N1014936
AJS scheduled jobs with the below
Remote Location Name - SAVRSTLIB, SAVRSTOBJ
DDM file on SBMRMTCMD
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Friday, May 04, 2018 7:55 AM
To: Midrange Systems Technical Discussion
Subject: RE: Initiating a Windows DNS change from IBM i
Not a single one. You need to change your applications to be more
flexible. Sure some of the newer routers will allow the same subnet to be
in multiple cities but we don't do that. For a number of reasons.
Propagation delays for one and the fact that our network guy would have a
complete meltdown is probably the biggest reason.
For http, we use IBM's Edge server. You go into that and it does
intelligent routing to multiple http endpoints. Not just pinging but,
much like httpapi, it reads the endpoint for a particular string on a
sample page. For example if I go to site.corp.dekko.com Edge may route it
to site01.corp.dekko.com, site02.corp.dekko.com, etc. And it will check a
url, like site01.corp.dekko.com/CheckIfUp to see if a string site01 is in
it.
For database across HA systems you set up aliases. For example,
WRKRDBDIRE will show GDISYS as the *LOCAL entry on both GDISYS1 and
GDISYS2.
GDISYS1 will be an alias for GDISYS on GDISYS1.
GDISYS2 will just be a normal remote entry on GDISYS1.
GDISYS2 will be an alias for GDISYS on GDISYS2.
GDISYS1 will just be a normal remote entry on GDISYS2.
Anyone going directly to GDISYS1 or GDISYS2 had better have a darn good
reason. I'm about the only one who does and that is for querying both
systems for stuff. Also BRMS needs to go to the individual systems so it
needs these setup. IBM has a technote or two on this. Nine years ago
someone from IBM emailed me this: "416466888: Configuring RDB Names for
High Availability and External System Access".
Interfaces:
One for GDISYS1 or GDISYS2 (depending on which machine you're on)
One for acting as GDISYS
One for HA software replication traffic
One for local loopback
Most http is done via Domino on different lpars and they have a LOT of
interfaces. But again, Edge to the rescue.
HA Backup system
Internet Line Interface Text
Address Description Status description
10.27.6.128 LANLINSYS Active GDISYS2
10.27.6.129 LANLINSYS Inactive GDISYS during a switch
10.27.252.193 LANLINMX Active SYS2HA
127.0.0.1 *LOOPBACK Active *BLANK
Primary system
Internet Line Interface Text
Address Description Status description
10.10.6.128 LANLINSYS Active GDISYS1
10.10.6.129 LANLINSYS Active GDISYS
10.10.252.191 LANLINMX Active SYS1HA
127.0.0.1 *LOOPBACK Active *BLANK
Now, you do have to be careful to not replicate certain files between
systems. For example anything listed at
https://wiki.midrange.com/index.php/Change_IP_Address So if you have a
http config file which lists the IP address to bind to you don't want to
replicate that. Instead you'd have to manually make changes on the target
machine to that config file. Omitting individual files like this is what
concerns me about HA solutions like Power HA. However, I'm sure there are
people who actually use that product and manage to get this working.
That's the attitude you need to proceed.
You need to tell yourself to stop concentrating on why it cannot be done
and instead to concentrate on getting it done. Yes, you may have to
change some operations.
Again, from the 30,000' level, people actually do use HA solutions. Some,
like us, switch on a regular basis and run their stuff on the other
machine. It actually works.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx<mailto:PSteinmetz@xxxxxxxxxx>>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxx>>
Date: 05/03/2018 04:55 PM
Subject: RE: Initiating a Windows DNS change from IBM i
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx<mailto:midrange-l-bounces@xxxxxxxxxxxx>>
Rob,
During the role swap, do any of your scripts need to update any system
config variables?
Such as:
LPAR system name
TCP/IP interfaces
TCP/IP routes
TCP/IP host table entries
TCP/IP domain information
HTTP instance listening IP
Some of our applications are dependent on some of these and may not run.
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Wednesday, May 02, 2018 2:54 PM
To: Midrange Systems Technical Discussion
Subject: RE: Initiating a Windows DNS change from IBM i
Yes we run these scripts.
We have these so well documented that I can pass off the documentation to
non-admin IBM i developers and they can do the switch. And, as a test of
the documentation (and to ensure that if I or my backup get hit by the
truck...) I routinely pass these documents on to someone else and have
them run it. At times I have even left the state. Yes the boss gets a
little cranky and nervous about that so I don't make it a habit.
Especially the time I was at Scout camp with lousy reception.
For example
SCRIPT1 - Runs on main system (GDISYS1) to quiesce applications
SCRIPT2 - Runs on backup system (GDISYS2) to become main system.
perform dedicated processing on downed system. Might be able to be
scripted.
SCRIPT3 - Runs on downed system (GDISYS1). Done with dedicated processing
on downed system so start replication back up.
when you think it's all caught up replicating proceed. We normally wait
for Sunday evening to keep quiesce time consistent for operations.
SCRIPT4 - Runs on up system (GDISYS2). Quiesce "up" system and bring it
down.
SCRIPT5 - Runs the switch on the system that is going to become main
system(GDISYS1).
SCRIPT6 - Runs on up system (GDISYS1) to start replication.
All of these scripts have excellent restart capabilities. Sample
EDHSWIRUN SYSNAME(GDISYS1) SCENARIO(SCRIPT1) RUNMODE(*STEP) SEQ(0)
Says run SCRIPT1 and make sure I'm on GDISYS1. Since I said SEQ(0) start
at the beginning. If I wanted it to start at line 610 I could. And I've
done these kind of restarts. I just get in the habit of always specifying
the SEQ to help the "users" know they can.
RUNMODE(*STEP) says to stop at every line of the script and make me hit a
function key to proceed.
I can flag a line of the script as a comment. Often useful to comment out
commands you may put back in some time in the future.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx<mailto:PSteinmetz@xxxxxxxxxx>>
To: "'midrange-l@xxxxxxxxxxxx'" <midrange-l@xxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxx>>
Date: 05/02/2018 02:27 PM
Subject: RE: Initiating a Windows DNS change from IBM i
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx<mailto:midrange-l-bounces@xxxxxxxxxxxx>>
Rob,
When you "role swap" from primary to back or visa/versa, do you have to
run scripts similar to these?
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Rob
Berendt
Sent: Wednesday, May 02, 2018 2:20 PM
To: midrange-l@xxxxxxxxxxxx<mailto:midrange-l@xxxxxxxxxxxx>
Subject: Initiating a Windows DNS change from IBM i
With all this talk of HA solutions I thought I'd share our solution for
initiating a Windows DNS change from IBM i.
Quick-EDD uses "switch scenarios". These are scripts. Comparable to BRMS
control groups. However do not think this is a function of Quick-EDD as I
used this same technique with Mimix when we ran that.
Way down in the one script I have
Seq. Command to execute
610 ADDLIBLE LIB(ROUTINES) POSITION(*LAST)
620 SETDNS SERVER(GDISYS) FROMIP('10.10.6.129') TOIP('10.27.6.129')
...
ROUTINES is our utility library.
If you prompt our SETDNS you will see
Server . . . . . . . . . . . . . SERVER
From IP . . . . . . . . . . . . FROMIP
To IP . . . . . . . . . . . . . TOIP
User Id . . . . . . . . . . . . RMTUSER 'qsecofr'
Password . . . . . . . . . . . . RMTPWD <redacted>
We often use CHGCMDDFT on it to keep the password updated. Yes QSECOFR
also exists in Windows, with a matching password.
SETDNS is a RPGLE program.
SETDNS talks to an intermediary PC. Something about our security does not
allow IBM i remote commands to work on our servers but IBM i security will
work on Windows clients who can then talk to Windows servers.
// Check intermediary with a ping
if $chkIntermediary();
// Check that Intermediary is accepting remote commands
if $chkRMTcmd();
// Delete 'from' DNS entry
//callp $delIP(domain1:inSvr:inIP1);
callp $delIP(domain2:inSvr:inIP1);
// If called without second parm, the program is in delete
// mode where a test entry has been used, and now needs
// to be deleted.
if %addr(inIP2)<>*null;
// Add the 'to' DNS entry
//callp $addIP(domain1:inSvr:inIP2);
callp $addIP(domain2:inSvr:inIP2);
endif;
endif;
endif;
Here's a snippet from $addIP
callp $CvtDomain(Domain:Svr:inDomain:InSvr);
cmd='RUNRMTCMD CMD('''
+ 'C:\PSTools\psexec \\' + DNSsvr
+ ' -u ' + UsrDomain + '\' + %trim(InUserId)
+ ' -p ' + %trim(InPassword)
+ ' -h c:\Windows\System32\DNSCMD.EXE ""'+ DNSsvr
+ ' /recordadd ' + Domain + ' ' + Svr
+ ' 600 A ' + IP + '""'')'
+ ' RMTLOCNAME(''' + Intermediary +''' *IP)'
+ ' RMTUSER(' + %trim(InUserId) +') RMTPWD('
+ %trim(InPassword) + ')';
callp QCMDEXC(cmd:%len(cmd));
The big clues from this snippet are:
look for pstools and psexec on the internet
Also notice the dnscmd.exe
I have a licensing issue with my Rational going on right now and the
coworker I want to help me with it is on a day off so I may post to
code.midrange.com later.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx<mailto:MIDRANGE-L@xxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx<mailto:MIDRANGE-L-request@xxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at
https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx<mailto:support@xxxxxxxxxxxx> for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link:
http://amzn.to/2dEadiD
NOTICE: This electronic mail message and any files transmitted with it are intended
exclusively for the individual or entity to which it is addressed. The message,
together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution
is strictly prohibited. If you have received this message in error, please
immediately advise the sender by reply email and delete all copies.
midrange.com
