Monthly Archives: June 2016

Pros and Cons of IBM i w/ PASE AIX on Power and Linux on Power

This is not an exhaustive list but some thoughts on the pros and cons of running OSS in different environments found on Power Processors.

IBM i and AIX both baked into the OS Kernel on Power CPU
PROS CONS
No separate OS IBM has to update the kernel code to latest AIX, so you might be delayed getting the latest AIX
OSS has been ported over by Michael Perzl, bullfreeware, and aixtoolbox OSS is typically developed for Linux and Intel (Little Endian) first
OSS packages are not available to download via YUM or APT-GET
Forks of processes are slower
IBM I and a Separate Linux LPAR on Power CPU
PROS CONS
Another OS to patch and upgrade
A purchased DB2 Connect license is required to use the PHP Extension IBM_DB2 to talk with the IBM i.  Or you have to use a less feature rich ODBC connection
OSS is typically developed for Linux and Intel (Little  Endian) first Compiling OSS from source might have to be modified to work on little endian Power CPU
OSS packages are available to download via YUM or APT-GET? Have to carve up a Separate LPAR allocations of disk, memory, cpu
There is free versions of Linux but most enterprises will probably go for paying a license to RHEL or SUSE for support and stable releases

Compiling #IBM_DB2 #PHP #Extension Module from source on #IBMi PASE (#AIX) OS

Here’s my quick guide on compiling IBM_DB2 PHP extension module (IBM_DB2.so) from source.  The version i was working with was 1.9.9.  I’m still having some troubles with this extension so i’ll update this guide when I figure out why i’m getting this runtime error with the extension:

#after loading ibm_db2.so
php -v

PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/local/phpdave7/lib/php/extensions/no-debug-non-zts-20160303/ibm_db2.so’ – rtld: 0712-001 Symbol __cxa_finalize was referenced
from module /usr/local/phpdave7/lib/php/extensions/no-debug-non-zts-20160303/ibm_db2.so(), but a runtime definition
of the symbol was not found.

 

Background info

phpize command prepares the build environment for a PHP extension.
configure gets the software ready to be built on your specific system. Ensures dependencies are available and what it needs to know to use them for build and install process.
For example if your compiling c you’ll need a c compiler like gcc and configure will find it amongst other things
gmake controls the generation of executables and other non-source files of a program from the program’s source files.
gmake test runs test scripts against the created executable to make sure its working properly (funcitonal tests)
gmake install will install the application. In the case of a PHP Extension it should move the extension into the PHP extension folder.

The && operator chains all the commands into one line.
phpize && ./configure –build=$CCHOST –host=$CCHOST –target=$CCHOST && gmake && gmake test && gmake install
execute phpize, if it returns zero exit status, execute ./configure, if it returns zero exit status, …

Actual Script to build the extension

Compiling latest #NGINX from source on #IBMi PASE (#AIX) and running #PHP through Nginx instead of Apache

Below is my guide to setup Nginx on IBM i PASE environment and have it work with PHP.  Let me know if you have any problems.  If you don’t already have PHP installed and compiled from source you can check my guide here: https://godzillai5.wordpress.com/2016/06/21/compiling-php7-from-source-on-ibmi-pase-aix/ .

#IBMi modifying the Webserver’s TLS/SSL protocols to prevent SSL2, SSL3 and TLS1.0

If your looking to lock down your webserver (Apache) running on IBM i against issues found in SSL 2.0, SSL 3.0 or TLS 1.0 Here’s some things to look into:

Issues in SSL 2.0: http://tools.ietf.org/html/rfc6176
Issues in SSL 3.0 (POODLE attacks) : https://tools.ietf.org/html/rfc7568
TLS 1.0 (Cipher block chaining and Padding attacks): http://tools.ietf.org/html/rfc4346#section-1.1

  1. Go to your IBM Web Administration for i
  2. http://www.ReplaceWithIBMiDNS.com:2001/HTTPAdmin ->
  3. Selected Server Dropdown “ZENDSVR – APACHE”->
  4. “Manage” Tab, “HTTP Servers Tab”, “Server Properties” Tree open , “Security” link ->
  5. SSL Advanced tab
  6. Change “SSL version to negotiate:” from “All Versions” to “TLS Version 1.2 only” or
  7. Add “Ciphers available during negotiation” TLS v1.1 and TLS v1.2 remove any ciphers that are lower.

 

  1. Go to your Digital Certificate Manager (DCM)
  2. http://www.ReplaceWithIBMiDNS.com:2001/QIBM/ICSS/Cert/Admin/qycucm1.ndm/main0
  3. Select Certificate Store -> *SYSTEM
  4. Manage Applications – Update Application Definition
  5. Server
  6. QIBM_HTTP_SERVER_ZENDSVR
  7. Update Application Definition
  8. SSL protocols
  9. Change from *PGM to Define protocols supported: TLS 1.2, TLS 1.1
  10. Click Apply

Thanks to @jordiwes (http://www.iqwebdevelopment.ca/) for mentioning this could be done in DCM

Compiling #PHP7 from source on #IBMi PASE (#AIX)

Note: this is currently is a draft and is not meant to be used yet.  Many things that I’m looking to clean up and simplify.  There may be things that don’t work so only do this on a development system that you aren’t worried about it being fubar’d

Step 1 – Have SSH access to an IBM i or get a Litmis space IBM i container

  1. If you already have an IBM i you can make sure you have SSH enabled by going through this tutorial http://yips.idevcloud.com/wiki/index.php/PASE/SSHSetup
    Watch out for any gotchas by looking here: https://godzillai5.wordpress.com/2015/07/25/setting-up-ssh-for-ibmi-gotchas/
  2. If you don’t have an IBM i you can sign up at https://spaces.litmis.com/ for a litmis space container.  Use the promo code “BETA”
  3. Sign up with your Github, Linkedin or Google+ account
  4. After signing in setup your litmis container. (Note: you can only have 1 container unless you decide to purchase an account).
  5. Click the shell icon “>_” to get into a SSH window inside your browser.  Alternatively you can find the information for your account and use your SSH client of choice.

Step 2 – Get the PHP Source and prerequisite binaries, run configure and make to compile

Step 3 – Compiling and setting up the Webserver (Nginx or Apache)

Step 4 – Compiling IBM DB2 PHP Extension Module

Using a sequence object in DB2

Simple snippet to show how to use a Sequence object that auto increments in an SQL statement.  Just realize that when used in a stored procedure you cannot drop the sequence as the database will let you know that there’s a dependency of this object within a stored proc.

CREATE SEQUENCE MYLIB.MYAUTO_INCREMENTING_SEQ
AS BIGINT
START WITH 1
INCREMENT BY 1
NO ORDER
NO CYCLE
NO MINVALUE
NO MAXVALUE
CACHE 20;

INSERT INTO MYLIB.MYTABLE
(PRODUCTID,PRODUCTNAME)
VALUES (NEXT VALUE FOR MYLIB.MYAUTO_INCREMENTING_SEQ,'Godzilla Ice Cream');