LPS:Portal6
Z HelpDesk
ZČU Portal V2
Odkazy na dokumentaci
- WebSphere Portal Server Infocenter 6.0
- WebSphere Portal logs REFERENCE
- XML configuration interface REFERENCE
- Configuration task reference REFERENCE - WPSconfig.sh
- action-empty-portal, action-precompile-jsp, cleanup-work-dir, database-transfer, delete-passwords, validate-database-connection-<dbdomain>, validate-ldap, disable-security enable-security-ldap, update-properties
- Configuration properties REFERENCE
- Portal configuration
- WebSphere Portal Update Installer
- Explaining LD_ASSUME_KERNEL
- Site Analyzer
- LDAP JXplorer diky jiri.dolecek
- Authenticity Confidentiality integrity
- 6.0.0.1: WebSphere Portal version 6.0 fix pack 1
- Recommended fixes for WebSphere Application Server
- http://www-128.ibm.com/developerworks/websphere/library/techarticles/0606_petersonr/0606_petersonr.html
- http://www-128.ibm.com/developerworks/java/jdk/linux/download.html
User:Aragorn/WAS6 Pepovy cancy
Obecne informace a architektura
- Pro dosažení maximální dostupnosti mohou být data distribuována do více databází a sdílena mezi více produkčními liniemi. Vaše data jsou rozdělena do čtyř kategorií. Musíte se rozhodnout, jak mají být jednotlivé kategorie rozděleny do různých databází:
- V určitých situacích je možné, že si budete přát nainstalovat prázdný portál, kde WebSphere Portal je nainstalován normálně, ale nejsou nainstalovány nebo implementovány žádné portlety a nejsou vytvořeny ani žádné stránky. To může být užitečné, pokud si přejete přenést celou konfiguraci portálu z jednoho portálu na jiný. Můžete například chtít přenést portál ze svého testovacího prostředí do produkčního prostředí.
UNIX: ./install.sh -W emptyPortal.active="True"
- setupCmdLine.sh nastavuje spatne $WAS_HOME (hlavne dost dementne podle aktualniho adresare)
Megablast6
- TODO: dynacache ?
- nastaveni portalovych komponent se z $WPS/config/properties/* souboru prenasi do WAS_Console:Resource environment providers > WP SiteAnalyzerLogService > Custom properties -- $WAS_PROFILE/config/cells/zcucz/nodes/portal2/resources.xml -- pomoci update-properties
- pro spravnou fukci admin konzole je potreba mit zapnute cookies a referery
- sifrovani mezi apache2 a webcontainerem je vypnuto absenci knihovny gskit7.so v dynamickemu linkeru schvalne ;) nebudeme si sifrovat lokalni provoz prece, takova blbost
- file explorer zcu
A co na to Jan Tleskač?
provozni firewall na nabrouseny portal2zapnout site analyzer $WPS/services/SiteAnalyzer.....pridat WebSphere EdgeServer<<< pridal sem raci apache2vymyslet jak to bude s adminama: superuser vs. cn=wpsadmins,ou=groupsnainstalovat certifikaty ZCU CAvyklonovat portal i s DBnastavit zalohovanipostelovat porty || presmerovaniwebove statistiky- vymyslet nejakou vhodnou metodu pro uchovavani zaznamu o konfiguracnich zmenach << WAS backupConfig.sh, ale co WPS ?
vymastit nejakyho uzivatele kterej muze shazovat a nahazovat portalnapsat do start skriptu grepik logu po startu na chyby "(.*\ ){4}E\ .*"- zamyslet se nad 3rd party auth pomoci webauthu (apache2 vs. javawebauth)
- neni jaas http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/topic/com.ibm.websphere.base.doc/info/aes/ae/welc_content_csec.html prave moznost aby WAS overoval uzivatele protokolem kerberos primo a nemusel pri tom spolehat na ldap? viz. upravy v publu?
- prihlasovani certifikatama
- co je to ten credential valut ?
- vynastavit email-portlet?
proc nejsou portalove datasourcy videt ve wasconsolil ?
Kontakty
- jiri.dolecek [at] upol.cz - vyvojar/spravec WAS6 v Olmiku
- Rodina IS/STAG
Postup instalace WPS 6.0.0.0,6.0.0.1
Instalace WAS a WPS
U všech operačních systémů Linux je před instalací portálu WebSphere Portal potřeba knihovna sdílených objektů libstdc++-3.3.3-41- WebSphere Portal Verze 6.0 vyžaduje povolení XA pro všechny komponentové zdroje dat a ovladače JDBC. << hmm tomu nerozumim
- v systemu nastavit:
- ulimit na pocet otevrenych souboru (FAI.DEV)
- exportovat promenou LD_ASSUME_KERNEL kvuli imitaci SUSE; a zrejme kuli spravnemu vyberu ABI libc6 (FAI.DEV)
- priponastavit certifikat CA pro radkoveho klienta ldapsearch (pro kontrolni ucely)
- pridat iptables java hack, nedokazu presvedcit javu aby si nic neposilala sama sobe po verejnem rozhrani
- imitovat SUSE
cat << __EOF__ >> /etc/profile ulimit -n 20240 alias was='cd /opt/WebSphere/AppServer' alias waslog='cd /opt/WebSphere/AppServer/logs' alias wps='cd /opt/WebSphere/PortalServer' alias wpslog='cd /opt/WebSphere/PortalServer/log' export LD_ASSUME_KERNEL=2.4.19 # alias wasprof='cd /opt/WebSphere/AppServer/profiles/wp_profile' export REPLACE_WAS_HOME="/opt/WebSphere/AppServer" __EOF__ echo "TLS_CACERT /etc/ldap/ZCUrootCA.pem" >> /etc/ldap/ldap.conf iptables -A INPUT -s 147.228.52.49 -d 147.228.52.49 -j ACCEPT
cat << __EOF__ >> /etc/bodik-release SUSE VERSION = 9 __EOF__
- pridat init.d/portal (TODOFAI.DEV)
- porozbalovat CDcka a spustit ./install.sh; proslo celkem bez problemu, nakonci ceka nainstalovany WAS, WPS v podobe server1 a WebSphere_Portal
Migrace databazovych dat
portal6 pouziva nekolik datovych ulozist
- DB - release, customization, community, FeedBack(analyticka data o vyuziti portalu), Likemins(??), WMM(autorizacni data), jcr(db obsahu?;icm)
- LDAP/adresar - autentizacni a identity
- konfiguracni - soubory na disku
konfiguruji se v $WPS/config/wpconfig.props a $WPS/config/wpconfig_dbdomain.props, ...
- zapnout FEEDBACK, resp vytvorit jeji databazi, aby byla prenesena tez a nemusela se inicializovat az bude nekdy treba (asi zbytecne ;)
$ EDIT $WPS/config/wpconfig.properties a dodat hesla pro konfiguracni ulohy $ ./WPSconfig.sh (feedback-database|setup-feedback) $EDIT $WPS/shared/app/config/FeedBack.properties
- vytvorit databazi a potrebna schemata v oracle, a pridelit potrebna opravneni
# db_block_size = 8192 # !!!!!db_cache_size = 300M # v devitce nefunguje, zrejme obsolete # db_files = 1024 # log_buffer = 65536 # open_cursors = 1500 # pga_aggregate_target = 200M # maximalni velikost pameti pro jeden uzivatelsky proces # pre_page_sga = true # shared global area ... jakasi spolecna sdilena pamet ;)) # processes = 300 # shared_pool_size = 200M # ######uzivatele pro data portalu create user releaseusr identified by aaaaaa default tablespace USR_DATA temporary tablespace TMP; create user commusr identified by aaaaaa default tablespace USR_DATA temporary tablespace TMP; create user custusr identified by aaaaaa default tablespace USR_DATA temporary tablespace TMP; create user wmmdbusr identified by aaaaaa default tablespace USR_DATA temporary tablespace TMP; create user feedback identified by aaaaaa default tablespace USR_DATA temporary tablespace TMP; create user lmdbusr identified by aaaaaa default tablespace USR_DATA temporary tablespace TMP; # ######uzivatel pro data obsahu JCR (no dobra icmadmin je trosku schyza :) create user icmadmin identified by aaaaaa default tablespace USR_DATA temporary tablespace TMP;
###jako SYSDBA provest vytvoreni specialnich tablespacu cat << __EOF__ >> /tmp/jcr_tablespaces.sql define jcrdb = WPS6; define logfile = /tmp/icmjcr.log; define dbpath = /home/oracle/data; spool &logfile; whenever sqlerror exit sql.sqlcode rollback; --CONNECT &&dbadmin/&&password; create tablespace ICMLFQ32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLFQ32_01.dbf' size 300M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMLNF32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLNF32_01.dbf' size 25M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMVFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMVFQ04_01.dbf' size 25M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMSFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMSFQ04_01.dbf' size 150M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMLSNDX datafile '&dbpath./&jcrdb./&jcrdb._ICMLSNDX_01.dbf' size 10M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; spool off; exit; __EOF__
grant select on dba_pending_transactions to releaseusr; grant connect, resource to releaseusr; grant select on dba_pending_transactions to commusr; grant connect, resource to commusr; grant select on dba_pending_transactions to custusr; grant connect, resource to custusr; grant select on dba_pending_transactions to wmmdbusr; grant connect, resource to wmmdbusr; grant create session, alter session, create table,create view,create procedure, create trigger, \ create library,create tablespace, alter tablespace, drop tablespace, execute any procedure, \ unlimited tablespace, create public synonym,drop public synonym, create sequence to icmadmin; grant select on dba_pending_transactions to icmadmin; grant connect, resource to icmadmin; grant insert any table to icmadmin; grant select on dba_pending_transactions to feedback; grant connect, resource, create session to feedback; grant select on dba_pending_transactions to lmdbusr; grant connect, resource, create session to lmdbusr; grant insert any table to lmdbusr; # # pridali sme kuli nejake opravje grant select on pending_trans$ to public; grant select on dba_2pc_pending to public; grant select on dba_pending_transactions to public; grant execute on dbms_system to releaseusr; grant execute on dbms_system to commusr; grant execute on dbms_system to custusr; grant execute on dbms_system to wmmdbusr; grant execute on dbms_system to feedback; grant execute on dbms_system to lmdbusr; grant execute on dbms_system to icmadmin;
- databazove ruznosti a uzitecnosti
select tablespace_name from dba_tablespaces; alter user hehe identified by hesloveslo;
- sehnat JDBC ovladace pro oracle, bud na strankach http://www.oracle.com, nebo ukradnout z nejakeho databazoveho stroje (budiz mi technologickou nekazni ze jsem pouzil 10tkove ovladace pro 9tkovou databazi)
/opt/jdbc/10gR2 /opt/jdbc/9.2
- nastavit nove parametr datovych ulozist, zvalidovat konfiguraci a prenest data
$ EDIT wpconfig.properties; EDIT wpconfig_dbdomain.properties, EDIT wpconfig_dbtype.properties $ ./WPSconfig.sh validate-database-connection-(wps|jcr|feedback|likeminds|wmm,?...?) $ ./WPSconfig.sh validate-database-driver $ ./WPSconfig.sh database-transfer
- udelat otisk/zalohu databaze a portalu >> WPS6.oracleinit.tgz
Konfigurace zabezpeceni
- portal podporuje 4 typy autentizace: form-based, certifikatem, 3ti stranou (nicmene trosku programovaci zbesilost; TODO), pomoci specialniho URL
- umoznuje slozit identitu v portale z dat z nekolika zdroju. typicky LDAP (UserRegistry) + LookAside DB (UserRepository), to v pripade ze nechceme mit nastaveni uzivatelskych profilu v adresari
Napojeni User Registry na adresar
- poskytovani sluzeb v domene identit provadi WebSphere Member Manager. dokaze namapovat atributy pro portalovou identitu z ruznych zdroju. Konfiguruje se ve $WAS/wmm/wmm.xml, $WAS/wmm/wmmLDAPServerAttributes.xml. Zbytek jsou prevazne predlohy (aspon myslim).
- adresar musi obsahovat minimalne PortalAdminId a PortalAdminGroupID (nejlepe PAGID e (PAID, ..)), pro content mgmnt jeste wpsContentAdministrators a wpsDocReviewer; taky se hodi wpsBindUser, uzivatel pod kterym se budou provadet vyhledavaci operace nad adresarem
- v pripade portal6 to budou specialne identity dodane primo ldapem, a konta zalozena v KRB kvuli zmenam hesel:
uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz uid=wasadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz uid=wpsbind6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz cn=wpsadmins6,ou=groups,ou=portal,ou=services,dc=zcu,dc=cz
- pro konfiguraci pouziju schema SunOne/IPLANET, nicmene stejne musim zmenit konfiguraci wmm viz nize
- opravit nektera nastaveni ktera pri pouziti SunOne/IPLANET nestaci. Opravy se kykaji mapovani atributu extID pro WMM (pluginAttributeName="nsuniquename" > pluginAttributeName="distigushedName")
- http://www-1.ibm.com/support/docview.wss?uid=swg21192665
- http://ecommunity.groupintelligence.com/websphere/forums/showthread.php?p=2569
- jinak nastane zkart ve WMM a nenabehne cast portalu (vcetne konfiguracniho rozhrani URL:/wps/config)
- jinak docela hezka parba na 2 dny ;), ale dohral sem az do konce
- Mapování externích ID (extId) do Member Manager
---cut SystemOut.log--- [3/1/07 21:54:12:826 CET] 0000000a WSMM Message E com.ibm.ws.wmm.MemberRepositoryManager API: getMember(MemberIdentifier memberId, StringSet attributeNames, String context) The profile repository did not return a external identifier. [3/1/07 21:54:12:918 CET] 0000000a Servlet E com.ibm.wps.engine.Servlet init EJPFD0016E: Initialization of service failed. com.ibm.wps.ac.DomainAdministratorNotFoundException: EJPSB0107E: Exception occurred while retrieving the identity of the domain adminuser/admingroup uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz. at ... ---cut SystemOut.log---
- zkonfigurovat: zastavit servery, vypnout zabezpeceni, zapsat nove identity do konfiguracnich souboru, importovat certifikaty do ulozist (zde repertoir DefaultSSLSetting; a nejlepe vsude protoze instalacni manual je trosku nepresny rekl bych; a jeste sem z toho vyhodil verejne certifikacni autority aby sem si to vic zkomplikoval), zvalidovat nastaveni adresare
$ stopServer.sh WebSphere_Portal $ stopServer.sh server1 $ $ ./WPSconfig.sh disable-security $ $ $WAS/bin/ikeyman.sh $WAS/profiles/wp_profile/etc/DummyServerTrustStore.jks << ZCUrootCA $ $WAS/bin/ikeyman.sh $WAS/profiles/wp_profile/etc/DummyClientTrustStore.jks << ZCUrootCA $ $WAS/bin/ikeyman.sh $WAS/java/jre/lib/security/cacerts << ZCUrootCA $ $ EDIT wpconfig.properties $ echo "LDAPsslEnabled=true" >> wpconfig.properties # navic ale jdeme rovnou na SSL Ldap $ EDIT $WAS/wmm/wmm_LDAP_LA_SO.xml # oprava sslTrustStore, a ssl $ EDIT $WAS/wmm/wmmLDAPAttributes_SO.xml # oprava atributu pluginAtTributeName $ $ # mimodek nainstalovat FixPack1 ;) $ $WPS/update/updatePortalSilent.sh ... ... ... $ # a zapnout si docasne wmmApp trace com.ibm.websphere.wmm.*=all=enabled:com.ibm.ws.wmm.*=all=enabled:WSMM=all=enabled $ $ ./WPSconfig.sh enable-security-ldap $ restartServer.sh (WebSphere_Portal|server1)
- udelat otisk/zalohu databaze >> WPS6001.ldapinit.tgz
- a ziskali sme portal ve verzi:
Name IBM WebSphere Portal MultiPlatform Version 6.0.0.1 ID MP Build Level wp6001_072_02 Build Date 11/20/2006
Nastaveni SSL pro komunikacni kanaly
- nastaveni SSL vrstvy pro ldap sem nastavil trosku intuiticne v predchozim kroku ;(
- In general, the Web server must be configured to accept inbound SSL traffic. - zatim zadnej nemam
- Then, the WebSphere Application Server plugin for the Web server must be configured to forward traffic on that port to WebSphere Application Server and WebSphere Portal. This involves configuring the virtual host information. - zatim zadnej nemam
SSL repertoiry
- No protoze prace s udelatorem jmene ikeyman je opet trochu dementni zvolil sem osvedceny zpusob pro vytvoreni javovskeho JKS
- nakonec sem doslat schopne uloziste a jeste k nemu vytvoril TrustFile s certifikatem ZCUCA
- nastavit spravne SSL repertoiry do transportnich retezcu jednotlivych aplikacnich serveru (server1, WebSphere_Portal, WebAS.)
$ keytool -genkey -alias portal2 -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -keystore portal2ServerKeyFile.jks -dname \ "CN=portal2.zcu.cz, OU=CIV, OU=Services, O=ZCU, L=Pilsen, ST=Czech Republic, C=CZ" -validity 1024 $ keytool -list -v -alias portal2 -keystore portal2ServerKeyFile.jks $ keytool -certreq -keystore portal2ServerKeyFile.jks -alias portal2 -keyalg RSA -file portal2.csr $ openssl req -text -in portal2.csr GOTO(p@ja) <<portal2.csr >>portal2.crt $ keytool -import -trustcacerts -file ZCUrootCA.pem -alias "ZCUrootCA" -keystore portal2ServerKeyFile.jks $ keytool -import -trustcacerts -file portal2.crt -alias portal2 -keystore portal2ServerKeyFile.jks
Uprava aplikace WPS.ear na generovani spravnych odkazu
- Finally, WebSphere Portal must be set up to generate self-referencing URLs using SSL as the transport.
- nastavit redirekty na prislusne porty podle dokumentace v ConfigService
- pridat bezpecnostni mantinely do deployment deskriptoru portalu << ASI NEVYDRZI UPGRADE ;(
- upravit thematka tak aby jspcka generovala spravna URL << ASI NEVYDRZI UPGRADE ;(
- html/IBM/banner_toolbar.jspf
- html/IBM/mainMenu.jsp
- html/Default.jsp
- procistit cache
- pustit ulohu update-properties
- zkonfigurovat LoginPortlet v portalu
$ EDIT $WPS/config/properties/ConfigService.properties $1 portal starts1 $1 wsadmin.sh -user jmeno -password heslo -c "$AdminApp export wps /tmp/wps.ear" $1 EARExpander.sh -ear /tmp/wps.ear -operationDir /tmp/exp/ -operation expand $1 EDIT /tmp/exp/wps.war/WEB-INF/web.xml << CONFIDENTAL $1 grep -R "wps.Login" * | xargs EDIT ... $1 EARExpander.sh -ear /tmp/wps.ear -operationDir /tmp/exp/ -operation collapse $1 wsadmin.sh -user jmeno -password heslo -c "$AdminApp install /tmp/wps.ear {-update -appname wps -nodeployejb}" $1 wsadmin.sh -user jmeno -password heslo -c "$AdminConfig save" $ $2 EDIT $WAS_PROFILE/installedApps/zcucz/wps.ear/wps.war/WEB-INF/web.xml << NONE>CONFIDENTIAL $2 EDIT $WAS_PROFILE/config/cells/zcucz/applications/wps.ear/deployments/wps/wps.war/WEB-INF << NONE>CONFIDENTIAL $2 cd $WAS_PROFILE/installedApps/zcucz/wps.ear/wps.war/themes; grep -R "wps.Login" * | xargs EDIT ... $ $ dilit -r $WAS_PROFILE/temp/*; dilit -r $WAS_PROFILE/wstemp/*
- nicmene wmm i was koukaji take do ldapu pomoci ssl takze zase bude potreba zmena dvou ulozist ?
Instalace WASpluginu - svazani s predrazenym HTTP serverem
- http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?noscript=1
- vypnout apache
- najit instalacni CD IL-10 (Edge Components)
- chce to mit /etc/suse-release
- spustit /plugins/install a normalne nainstalit plagin, jde to celkem snadno
- vynastavit predrazeny webserver na ssl (virtualhost) a predhodit mu certifikat a klic vyexportovany z uloziste pro ssl konektor WAS
- dosmudlit aliasy a dresare pro dokumenty a zdroje a redirekty na wps/portal
- a jeste s usmevem upgradnout neexistujici verzi pluginu 6.0.0.0 ktera se nachazi na instalacnim CDcku
./update -W relaunch.active=false \ -W prereqsfailedpanelInstallWizardBean.active="false" \ -W maintenance.package=./maintenance/6.0.2-WS-WASPlugIn-LinuxX32-FP00000017.pak
- doinstalovat rucne zkonvertovany balcek s knihovnou GSkit7 (ten by to teda chtelo nainstalovat i s pluginem rovnou ;), ale potom neumim vypnout sifrovani ktere sem tim na pluginu rozjede 2x :)
echo "/usr/local/ibm/gsk7/lib" >> /etc/ld.so.conf
Poinstalacni upravy aka changelog
Pridani prav pro recovery XA transakci
- pridali sme v databazi prava: http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/topic/com.ibm.websphere.express.doc/info/exp/ae/rtrb_dsaccess2.html#rtrb_dsaccess2__XArecovery
Upgrade WAS 6.0.2.9 -> 6.0.2.17
- 27.04.2007
- http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24014310
- sosnout fixpacky; chce to hodne mista .. aspon 2giga volny
- http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27008921
- zazalohovat vsechna nastaveni pomoci $WAS/bin/backupConfig.sh
- zazalohovat stary update installer a odmazar maintainence adresar
- rozbalit packy do $WAS (novy updater si nesou s sebou)
- namastit dostupny pack v maintainence nebo si vybrat co chci instalovat
cd $WAS/bin' source setupCmdLine.sh; cd $WAS/updateinstaller ./update -silent -W relaunch.active=false ./update -silent -W relaunch.active=false -W maintenance.package=./maintenance/6.0.2-WS-WAS-LinuxX32-FP00000017.pak
- logy jsou ve $WAS/log/update
- nainstaloval sem takhle SDKcko a WAS (ihs a klienta neupdatil protoze tam zadny neni ted)
Upgrade WPS 6.0.0.1 -> 6.0.1
- http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/pui_intro601.html
- nastavit delsi SOAP timeout v soap.client.props ve $WAS_PROFILE
- posmudlit Read a Write timeouty v Inbound Channels ve Web container transport chains (prelozil bych to do cesniny ale nejsu masochysta)
- zastavit vsechny portaly a wasky a zazalohovat konfiguraci
- doplnit hesla, + PWordDelete=false
- rozbalit fixpack a pustit update:
./updatePortal.sh -install -installDir "/opt/WebSphere/PortalServer" -fixpack -fixpackDir "/opt/WebSphere/PortalServer/update" -fixpackID WP_PTF_601 ... <kafe><caj><cigo> ... Result: BUILD SUCCESSFUL Result: Total time: 48 minutes 1 second
- oprava wps.ear na zabezpeceni ssl a generovani bezpecnych linku
Klonování
rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/WebSphere/AppServer . rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/WebSphere/PortalServer . rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/jdbc . mkdir /opt/WebSphere/SiteAnalyzer
- protoze je portal6 deployovany myslim trosku jinak nebo sem tomu predtim nejak nevenoval pozornost tak sem pristoupil k ponekud brutalnejsimu klonovani ;) V podstate jde o to zamenit vsechna domenova jmena a vsechny reference na jmeno nodu/uzlu v ruznych nastavenich WAS a WPS. Dale potom vymenit jmeno pouzivane databaze.
# NODE NAME in WAS export WHERE=grepportal2; export ORIGNODE=portal2; export NEWNODE=pdev2.civ export REPLACE="s/$ORIGNODE/$NEWNODE/g"; export IFS=$'\n' grep -ri "$ORIGNODE" AppServer/* > $WHERE grep -ri "$ORIGNODE" PortalServer/* >> $WHERE for all in `cat $WHERE | awk -F ':' '{print $1}' | egrep -v "^Binary file"`; do cp "$all" "$all-$ORIGNODE" cat "$all-$ORIGNODE" | sed $REPLACE > "$all" echo "$all" >> $WHERE.log done unset IFS # # database export WHERE=grepWPS6; export ORIGDB=WPS6; export NEWDB=PDEV2 grep -r "$ORIGDB" AppServer/* > $WHERE grep -r "$ORIGDB" PortalServer/* >> $WHERE export IFS=$'\n' export REPLACE="s/$ORIGDB/$NEWDB/g" for all in `cat $WHERE | awk -F ':' '{print $1}' | egrep -v "^Binary file"`; do cp "$all" "$all-$ORIGDB" cat "$all-$ORIGDB" | sed $REPLACE > "$all" echo "$all" >> $WHERE.log done unset IFS # flat file configuration mv $WAS/profiles/wp_profile/config/cells/zcucz/nodes/$ORIGNODE $WAS/profiles/wp_profile/config/cells/zcucz/nodes/$NEWNODE my $WAS/profiles/wp_profile/tranlog/zcucz/$ORIGNODE $WAS/profiles/wp_profile/tranlog/zcucz/$NEWNODE
- posmudlit keystory pro SSL klice
- v DB ve schematu RELEASEUSR nejaky odkaz na portal2; zamenit TOADem
INSERT INTO PSE_SOURCE_DD ( PSE_SOURCE_OID, NAME, VALUE ) VALUES ( '0000076B3872130071938008EDFDA4840080', 'serverInfo', '10038,portal2.zcu.cz,/wps,/myportal,false');
pam_ora_auth.so
- protože sme potřebovali dostat identity ze stagu do portalu sesmolili sme s Franou PAM modul, ktery vyzobne z pamstacku kredence a zkusi pod nima vytvorit spojeni do databaze. Pokud se to povede je uzivatel prihlasen.
- hook je pouzit v saslauthd na strane adresare. Zdrojove kody jsou v $CVSLPS/service/pam_ora_auth a je to vlastne vykradeny priklad pro OCI v C obaleny do nejakeho jineho ukazkoveho pamu ;)
- na strane adresare musi byt v prislusnych vetvich prislusne identity spravne nality
- nakonec sme museli jeste pridat kontrolu username na format studijniho cisla (pomoci regcomp,regexec z libc6 ;), protoze ve stagu/oracle jsou i ucitelska konta jejichz loginame muze kolidovat s orionUsername
Problémy
NullPointerException následovaný ArrayIndexOutOfBoundsException
- Výjimka vyhazovaná při SQL dotazech, třeba:
java.lang.ArrayIndexOutOfBoundsException: 1229044712 at oracle.jdbc.driver.T4CPreparedStatement.doOall8(T4CPreparedStatement.java(Compiled Code)) at oracle.jdbc.driver.T4CPreparedStatement.fetch(T4CPreparedStatement.java:1038)
Podrobnosti http://forums.oracle.com/forums/thread.jspa?threadID=498046 Chyba někde v Oracle JDBC driveru verze 10.2.0.3.0, řešením je stahnout verzi 10.2.0.2.0 od Oraclů...
Nějaká XA error
[4/17/07 20:10:35:032 CEST] 00000012 XARminst E WTRN0037W: The transaction service encountered an error on an xa_recover operation. The resource was com.ibm.ws.rsadapter.spi.WSRdbXaResourceImpl@6c9670e2. The error code was XAER_RMERR. The exception stack trace follows: javax.transaction.xa.XAException ...
- http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/topic/com.ibm.websphere.express.doc/info/exp/ae/rtrb_dsaccess2.html#rtrb_dsaccess2__XArecovery
- řešením je nastavení dodatečných práv = hotov
Zmena contextu pri redeploy WAR
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK38647
- resenim je aplikovat portal fixpack 6.0.1
Chyby na adminKonzoli
- cast (ajaxova?) mi prestala fakcit kdyz sem mel vypnute referrery, tak si je asi zase zapnu ;)
misc
- setupCmdLine.sh
- wasadmin: $AdminConfig, $AdminApp
- genVersionInfo.sh
- WPSConfig
tunink
- http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tprf_tuneappserv.html
- http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/topic/com.ibm.wp.ent.doc/wpf/sec_audit.html
authz
- pri vaznych hovorech sme nasli nasledujici skupiny/role lidi kteri maji co do cineni s portalem
- portal users
- aka authenticated user, kazdy uzivatel ktery se umi a muze prihlasit do portalu, nemel by videt skoro nic krome nejobecnejsich pokecu
- zmastnanci
- osoby zamestanane na zcu (cn=staff)
- studenti
- osoby ktere studuji (viz. stag) (cn=students)
- nulty rocnik
- maji konto ve stagu ale nemaji orion (cn=stagid) (existence na ZCU do 6.9. pak by udajne jiz nikdy nemel byt duvod k existenci, nulte rocniky budou mit orion konto)
- stagstuff
- zamestnanci, manipulujici s daty ve stagu (studijni referentky, tajemnici/grigarovci, sekretarky kateder)
- ucitele
- vyucujici zamestnanci, ucici externisti (viz. stag); moje vyuka,predmety vyvoj
- admins
- my vsichni z ostrova ;))) (cn=wpsadmins6)
- techstuff
- bez vyuziti, uklizecky,udrzbari,ucetni + kunovjanek
- coursemasters
- (cn=coursemasters)
- anonymous
- ostatni serfari, uchazeci