Updates for 11.0.0.6

Author: mattbaileyuk

CHANGELOG.md

@@ -1,6 +1,28 @@
 # Change log
 
-## 11.0.0.5 (2019-07-x)
+## 11.0.0.6 (2019-10-30)
+
+**Breaking changes**:
+* None
+
+**Other changes**:
+* Updated to use the 11.0.0.6 build
+* Support metrics when Integration Server is using TLS
+
+## 11.0.0.5.1 (2019-09-24)
+
+**Breaking changes**:
+* None
+
+**Other changes**:
+* New image that includes an MQ client
+* Supports MQ 9.1.3 images
+* Support for defining custom ports
+* Support for running switches
+* Ability to set up operator, editor, and audit users for the ACE web UI, in addition to admin and viewer users
+* Support for LEL User Exit files
+
+## 11.0.0.5 (2019-07-05)
 
 **Breaking changes**:
 * When using MQ, the UID of the mqm user is now 888.  You need to run the container with an entrypoint of `runmqserver -i` under the root user to update any existing files.

README.md

@@ -13,21 +13,21 @@ You can build an image containing one of the following combinations:
 
 # Building a container image
 
-Download a copy of App Connect Enterprise (ie. `ace-11.0.0.5.tar.gz`) and place it in the `deps` folder. When building the image use `build-arg` to specify the name of the file: `--build-arg ACE_INSTALL=ace-11.0.0.5.tar.gz`
+Download a copy of App Connect Enterprise (ie. `ace-11.0.0.6.tar.gz`) and place it in the `deps` folder. When building the image use `build-arg` to specify the name of the file: `--build-arg ACE_INSTALL=ace-11.0.0.6.tar.gz`
 
-- **Important:** Only ACE version **11.0.0.5 or greater** is supported.
+- **Important:** Only ACE version **11.0.0.6 or greater** is supported.
 
 Choose if you want to have an image with just App Connect Enterprise or an image with both App Connect Enterprise and IBM MQ Advanced.
 
 ### Building a container image which contains an IBM Service provided fix for ACE
 
 You may have been provided with a fix for App Connect Enterprise by IBM Support, this fix will have a name of the form `11.0.0.X-ACE-LinuxX64-TF12345.tar.gz`. In order to apply this fix follow these steps.
  - On a local system extract the App Connect Enterprise archive
-   `tar -xvf ace-11.0.0.5.tar.gz`
+   `tar -xvf ace-11.0.0.6.tar.gz`
  - Extract the fix package into expanded App Connect Enterprise installation
-   `tar -xvf /path/to/11.0.0.5-ACE-LinuxX64-TF12345.tar.gz --directory ace-11.0.0.5`
+   `tar -xvf /path/to/11.0.0.6-ACE-LinuxX64-TF12345.tar.gz --directory ace-11.0.0.6`
  - Tar and compress the resulting App Connect Enterprise installation
-   `tar -cvf ace-11.0.0.5_with_IT12345.tar ace-11.0.0.5`
+   `tar -cvf ace-11.0.0.5_with_IT12345.tar ace-11.0.0.6`
    `gzip ace-11.0.0.5_with_IT12345.tar`
  - Place the resulting `ace-11.0.0.5_with_IT12345.tar.gz` file in the `deps` folder and when building using the `build-arg` to specify the name of the file: `--build-arg ACE_INSTALL=ace-11.0.0.5_with_IT12345.tar.gz`
 
@@ -45,7 +45,7 @@ When building a production image with MQ, follow the [MQ instructions](https://g
 
 [Info on how to get the Developers or production image for MQ](#using-mq-production-image)
 
-The `deps` folder must contain a copy of ACE, **version 11.0.0.5 or greater**. If using ACE for Developers, download it from [here](https://www.ibm.com/marketing/iwm/iwm/web/pick.do?source=swg-wmbfd).
+The `deps` folder must contain a copy of ACE, **version 11.0.0.6 or greater**. If using ACE for Developers, download it from [here](https://www.ibm.com/marketing/iwm/iwm/web/pick.do?source=swg-wmbfd).
 Then set the build argument `ACE_INSTALL` to the name of the ACE file placed in `deps`.
 
 1. ACE production with MQ Advanced production
@@ -57,7 +57,7 @@ Then set the build argument `ACE_INSTALL` to the name of the ACE file placed in
 
 ## Build an image with App Connect Enterprise only
 
-The `deps` folder must contain a copy of ACE, **version 11.0.0.5 or greater**. If using ACE for Developers, download it from [here](https://www.ibm.com/marketing/iwm/iwm/web/pick.do?source=swg-wmbfd).
+The `deps` folder must contain a copy of ACE, **version 11.0.0.6 or greater**. If using ACE for Developers, download it from [here](https://www.ibm.com/marketing/iwm/iwm/web/pick.do?source=swg-wmbfd).
 Then set the build argument `ACE_INSTALL` to the name of the ACE file placed in `deps`.
 
 1. ACE for Developers only:
@@ -143,6 +143,12 @@ In the `sample` folder there is an example on how to build a server image with a
 - **ACE_TRUSTSTORE_PASSWORD** - Set this to the password you wish to use for the trust store (if using one).
 - **ACE_KEYSTORE_PASSWORD** - Set this to the password you wish to use for the key store (if using one).
 
+- **ACE_ADMIN_SERVER_SECURITY** - Set to `true` if you intend to secure your Integration Server using SSL.
+- **ACE_ADMIN_SERVER_NAME** - Set this to the DNS name of your Integration Server for SSL SAN checking.
+- **ACE_ADMIN_SERVER_CA** - Set this to your Integration Server SSL CA certificate.
+- **ACE_ADMIN_SERVER_CERT** - Set this to your Integration Server SSL certificate.
+- **ACE_ADMIN_SERVER_KEY** - Set this to your Integration Server SSL key certificate.
+
 The following environment variables are used by MQ Advanced if being used:
 
 - **LICENSE** - Set this to `accept` to agree to the App Connect Enterprise license. If you wish to see the license you can set this to `view`.
@@ -177,7 +183,7 @@ You can mount the following file structure at `/home/aceuser/initial-config`. Mi
 - `/home/aceuser/initial-config/serverconf`
    - A text file called `server.conf.yaml` that contains a `server.conf.yaml` overrides file. This will be copied to `/home/aceuser/ace-server/overrides/server.conf.yaml`
 - `/home/aceuser/initial-config/setdbparms`
-   - For any parameters that need to be set via `mqsisetdbparms` include a text file called `setdbparms.txt`. This supports 2 formats:
+   - For any parameters that need to be set via `mqsisetdbparms` include a text file called `setdbparms.txt` This supports 2 formats:
       ```
       # Lines starting with a "#" are ignored
       # Each line which starts mqsisetdbparms will be run as written 

cmd/runaceserver/integrationserver.go

@@ -128,7 +128,7 @@ func initialIntegrationServerConfig() error {
 		}
 	}
 
-	
+
 
 	log.Printf("Initial configuration of integration server complete")
 
@@ -309,27 +309,31 @@ func addOpenTracingToServerConf(serverconfContent []byte) ([]byte, error) {
 // getConfigurationFromContentServer checks if ACE_CONTENT_SERVER_URL exists.  If so then it pulls
 // a bar file from that URL
 func getConfigurationFromContentServer() error {
+
 	url := os.Getenv("ACE_CONTENT_SERVER_URL")
 	if url == "" {
 		log.Printf("No content server url available")
 		return nil
 	}
 
+	defaultContentServer := os.Getenv("DEFAULT_CONTENT_SERVER")
+	if defaultContentServer == "" {
+		log.Printf("Can't tell if content server is default one so defaulting")
+		defaultContentServer = "true"
+	}
+
 	serverName := os.Getenv("ACE_CONTENT_SERVER_NAME")
 	if serverName == "" {
 		log.Printf("No content server name available but a url is defined")
 		return errors.New("No content server name available but a url is defined")
 	}
 
 	token := os.Getenv("ACE_CONTENT_SERVER_TOKEN")
-	if token == "" {
+	if token == "" &&  defaultContentServer == "true" {
 		log.Errorf("No content server token available but a url is defined")
 		return errors.New("No content server token available but a url is defined")
 	}
 
-	log.Printf("Getting configuration from content server")
-	url = url + "?archive=true"
-
 	err := os.Mkdir("/home/aceuser/initial-config/bars", os.ModePerm)
 	if err != nil {
 		log.Errorf("Error creating directory /home/aceuser/initial-config/bars: %v", err)
@@ -343,19 +347,47 @@ func getConfigurationFromContentServer() error {
 	}
 	defer file.Close()
 
-	// Get file from content server
-	caCert, err := ioutil.ReadFile("/home/aceuser/ssl/cacert.pem")
+	// Create a CA certificate pool and add cacert to it
+	var contentServerCACert string
+	if defaultContentServer == "true" {
+		log.Printf("Getting configuration from content server")
+		contentServerCACert = "/home/aceuser/ssl/cacert.pem"
+		url = url + "?archive=true"
+	} else {
+		log.Printf("Getting configuration from custom content server")
+		contentServerCACert = os.Getenv("CONTENT_SERVER_CA")
+		if contentServerCACert == "" {
+			log.Printf("CONTENT_SERVER_CA not defined")
+			return errors.New("CONTENT_SERVER_CA not defined")
+		}
+	}
+	log.Printf("Using ca file %s", contentServerCACert)
+	caCert, err := ioutil.ReadFile(contentServerCACert)
 	if err != nil {
 		log.Errorf("Error reading CA Certificate")
 		return errors.New("Error reading CA Certificate")
 	}
 	caCertPool := x509.NewCertPool()
 	caCertPool.AppendCertsFromPEM(caCert)
 
+	// If provided read the key pair to create certificate
+	contentServerCert := os.Getenv("CONTENT_SERVER_CERT")
+	contentServerKey := os.Getenv("CONTENT_SERVER_KEY")
+	cert, err := tls.LoadX509KeyPair(contentServerCert, contentServerKey)
+	if err != nil {
+		if ( contentServerCert != "" && contentServerKey != "" ) {
+			log.Errorf("Error reading Certificates: %s", err)
+			return errors.New("Error reading Certificates")
+		}
+	} else {
+		log.Printf("Using certs for mutual auth")
+	}
+
 	client := &http.Client{
 		Transport: &http.Transport{
 			TLSClientConfig: &tls.Config{
 				RootCAs:    caCertPool,
+				Certificates: []tls.Certificate{cert},
 				ServerName: serverName,
 			},
 		},

cmd/runaceserver/logging.go

@@ -26,11 +26,11 @@ import (
 var log *logger.Logger
 
 func logTerminationf(format string, args ...interface{}) {
-	logTermination(fmt.Sprintf(format, args))
+	logTermination(fmt.Sprintf(format, args...))
 }
 
 func logTermination(args ...interface{}) {
-	msg := fmt.Sprint(args)
+	msg := fmt.Sprint(args...)
 	// Write the message to the termination log.  This is the default place
 	// that Kubernetes will look for termination information.
 	log.Debugf("Writing termination message: %v", msg)