LPS:Portal61
Z HelpDesk
Odkazy na dokumentaci
- WebSphere Portal Support
- Application Server Version 6.1 Information Center
- WebSphere Portal Server 5.1 Your Guide to Clustering
- Recommended fixes for WebSphere Application Server
- Recommended fixes and updates for WebSphere Portal and Web Content Management
Poznamky k instalaci
- To ensure successful migration, interim fix PK69311 is required and must be applied to the WebSphere Portal Version 6.1
Instalace
- v systemu nastavit:
- ulimit na pocet otevrenych souboru (zrejme uz ve FAI.DEV v /etc/profile) << ZKONTROLOVAT
- priponastavit certifikat CA pro radkoveho klienta ldapsearch (pro kontrolni ucely)
- pridat iptables java hack, nedokazu presvedcit javu aby si nic neposilala sama sobe po verejnem rozhrani
imitovat SUSE- nainstalovat libstdc++5 a pripadne knihovny pro Xka ktere by chybeli, jinak se instalak chova podivne
cat << __EOF__ >> /etc/profile ulimit -n 20240 alias was='cd /opt/WebSphere/AppServer' alias waslog='cd /opt/WebSphere/AppServer/logs' alias wps='cd /opt/WebSphere/PortalServer' alias wpslog='cd /opt/WebSphere/PortalServer/log' # alias wasprof='cd /opt/WebSphere/AppServer/profiles/wp_profile' export REPLACE_WAS_HOME="/opt/WebSphere/AppServer" __EOF__ echo "TLS_CACERT /etc/ldap/ZCUrootCA.pem" >> /etc/ldap/ldap.conf iptables -A INPUT -s 147.228.52.49 -d 147.228.52.49 -j ACCEPT apt-get install libstdc++5
cat << __EOF__ >> /etc/bodik-release SUSE VERSION = 9 __EOF__
DM + Portal
- porozbalovat CDcka a spustit ./install.sh a nainstalovat WASku a DeploymentManager .. (lepsi je vytvorit profil az posleze protoze si clovek muze zvoli kde bude)
- nastavit veci v Dmgr (timeouty, Xmx, zalozit nejake uzivatele, ...)
- nainstalovat portal, asi do stejneho Aplikace abysme jich nemeli 1000...
Priprava databaze
- vytvorit uzivatele
create user releaseusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user commusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user custusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user jcrusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user feedback identified by password default tablespace USR_DATA temporary tablespace TMP; create user lmdbusr identified by password default tablespace USR_DATA temporary tablespace TMP;
- pridelit jim prava
grant select on dba_pending_transactions to releaseusr; grant connect, resource to releaseusr; grant select on dba_pending_transactions to commusr; grant connect, resource to commusr; grant select on dba_pending_transactions to custusr; grant connect, resource to custusr; grant create session, alter session, create table, create view, create trigger, create library, \ create tablespace, alter tablespace, drop tablespace, execute any procedure, unlimited tablespace, \ create sequence to jcrusr; grant select on dba_pending_transactions to jcrusr; grant connect, resource to jcrusr; grant insert any table to jcrusr; grant select on dba_pending_transactions to feedback; grant connect, resource, create session to feedback; grant select on dba_pending_transactions to lmdbusr; grant connect, resource, create session to lmdbusr; grant insert any table to lmdbusr; # pridali sme kuli nejake opravje grant select on pending_trans$ to public; grant select on dba_2pc_pending to public; grant select on dba_pending_transactions to public; grant execute on dbms_system to releaseusr; grant execute on dbms_system to commusr; grant execute on dbms_system to custusr; grant execute on dbms_system to feedback; grant execute on dbms_system to lmdbusr; grant execute on dbms_system to jcrusr;
- vytvorit tablespacy nebo co
###jako SYSDBA provest vytvoreni specialnich tablespacu cat << __EOF__ >> /tmp/wps61_tablespaces.sql define jcrdb = WPS61; define logfile = /tmp/icmjcr.log; define dbpath = /home/oracle/data; spool &logfile; whenever sqlerror exit sql.sqlcode rollback; --CONNECT &&dbadmin/&&password; create tablespace ICMLFQ32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLFQ32_01.dbf' size 300M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMLNF32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLNF32_01.dbf' size 25M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMVFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMVFQ04_01.dbf' size 25M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMSFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMSFQ04_01.dbf' size 150M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMLSNDX datafile '&dbpath./&jcrdb./&jcrdb._ICMLSNDX_01.dbf' size 10M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; spool off; exit; __EOF__
- zkopirovat si nekam ojdbc14.jar
- ponastavit globalni parametry databaze
db_block_size = 8192 db_cache_size = 300M db_files = 1024 log_buffer = 65536 open_cursors = 1500 pga_aggregate_target = 200M pre_page_sga = true processes = 300 shared_pool_size = 200M
- pokracovat upravenim properties wkplc_comp.properties, wkplc_dbtype.properties, wkplc.properties
./ConfigEngine.sh setup-database
nefunguje protoze chce vytvaret uzivatele jako DBA, nicmene v predchozich krokach sem je uz vytvoril a DBA uzivatele temhle skriptum nedam. wps61 dokumentace nahovno.
./ConfigEngine.sh validate-database-(driver|connection) -DTransferDomainList=release,customization,community,jcr,feedback,likeminds validate-database-transfer-environment
taky tam nepisou ze musim zmenit i jmena datasourcu ;( pak funguje prenosem dat
./ConfigEngine.sh database-transfer -DTransferDomainList=release,customization,community,jcr,feedback,likeminds ... BUILD SUCCESSFUL Total time: 10 minutes 30 seconds
for all dbdomains manually do; SQL> execute dbms_stats.gather_schema_stats(ownname=> 'jcr', cascade=> TRUE); done
Pripojeni k DM
./ConfigEngine.sh collect-files-for-dmgr ./ConfigEngine.sh cluster-node-config-pre-federation ./ConfigEngine.sh cluster-node-config-post-federation ./ConfigEngine.sh wp-change-portal-admin-user -DnewAdminId=uid=wpsadmin6,o=defaultWIMFileBasedRealm -DnewAdminPw=heslo -DnewAdminGroupId=cn=wpsadmins6,o=defaultWIMFileBasedRealm ./ConfigEngine.sh cluster-node-config-cluster-setup
- nainstalovat webserver (apache2.0 ;(, plugin, pridat definici webserveru do DM
- rucne sem musel u kazde aplikace naklikat bindovani modulu na jednolive komponenty (cluster,webserver) coz mi prislo zvlastni, ale co uz
Prepnuti na LDAP
- pridat ZCUrootCA certifikat do server truststore, pres webove rozhrani
- nastavit client truststore na ten samy (ssl.client.props)
- poeditovat wkplc.properties, a pokusit se nastavit spravne parametry pro pripojeni a vyhledavani uzivatelu, takova trochu sportka
WasUserid=uid=wasadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz WasPassword=STARE PortalAdminId=uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz PortalAdminPwd=STARE PortalAdminGroupId=cn=wpsadmins6,ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.id=orion standalone.ldap.host=clotho.zcu.cz standalone.ldap.port=637 standalone.ldap.bindDN=uid=wpsbind6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.bindPassword=NOVE standalone.ldap.ldapServerType=CUSTOM standalone.ldap.userIdMap=inetOrgPerson:uid standalone.ldap.groupIdMap=*:cn standalone.ldap.groupMemberIdMap=groupOfUniqueNames:uniqueMember standalone.ldap.userFilter=(uid=%v) standalone.ldap.groupFilter=(cn=%v) standalone.ldap.serverId=uid=wpsbind6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.serverPassword=NOVE standalone.ldap.realm=zcucz31 standalone.ldap.primaryAdminId=uid=wasadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.primaryAdminPassword=NOVE standalone.ldap.primaryPortalAdminId=uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.primaryPortalAdminPassword=NOVE standalone.ldap.primaryPortalAdminGroup=cn=wpsadmins6,ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.baseDN=ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.et.group.searchFilter=(objectclass=groupOfUniqueNames) standalone.ldap.et.group.objectClasses=groupOfUniqueNames standalone.ldap.et.group.searchBases=ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.et.personaccount.searchFilter=(objectclass=inetOrgPerson) standalone.ldap.et.personaccount.objectClasses=inetOrgPerson standalone.ldap.et.personaccount.searchBases=ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.personAccountParent=ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.groupParent=ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.gc.name=memberof standalone.ldap.sslEnabled=true
- a zvalidovat nastaveni
./ConfigEngine.sh validate-standalone-ldap -DWasPassword=heslo
- v souboru /opt/WebSphere/wp_profile/ConfigEngine/config/actions/wp_security_pub.xml jsem na radce 333(6.1.0.0), 360(6.1.0.1) vyhodil task wplc-delete-federated-ldap-entitytyp protoze pres nej proste nejel vlak. potom uz prosel task
./ConfigEngine.sh wp-modify-ldap-security -DWasPassword= ./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config -DWasPassword=
Ostatni
- apache2.0
- webauth
- certifikaty
- mod_deflate + 304 konzerva patch Uživatel:Konzerva/PortalDeflate
- nastavit cluster aby spravne pracoval se ssl (hlavne generovani htttp v login formularich) Setting up SSL
- Resources > .. > WP Config service: redirect.login.ssl=true , host.port.https=443
- nastavic security constrainty, upravit jspcka, pokonfigurovat LoginPortlet
/opt/WebSphere/AppServer/bin/wsadmin.sh -profileName wp_profile -c "\$AdminApp export wps /tmp/w/wps.ear" /opt/WebSphere/AppServer/bin/EARExpander.sh -ear wps.ear -operationDir /tmp/w/exp -operation expand grep -R "wps.Login" * | xargs EDIT ... mv /tmp/w/wps.ear /tmp/w/wps.ear.old /opt/WebSphere/AppServer/bin/EARExpander.sh -ear wps.ear -operationDir /tmp/w/exp -operation collapse /opt/WebSphere/AppServer/bin/wsadmin.sh -profileName Dmgr -c "\$AdminApp install /tmp/w/wps.ear {-update -appname wps -nodeployejb}" /opt/WebSphere/AppServer/bin/wsadmin.sh -profileName Dmgr -c "\$AdminConfig save"
- logrotate (i s http pluginem !)
- hugepages
/etc/sysctl.conf vm.nr_hugepages = 575 kernel.shmmax = 2511724800 kernel.shmall = 2511724800
WEBSPHERE_JAVA_OPTS += -Xlp
Migrace
- migration is not supported to clustered environment. you have to migrate to standalone server and than cleate a cluster.
- You can migrate information to WebSphere Portal Version 6.1 from the earlier offerings: 6.0.1.1
- To ensure successful migration, interim fix PK69311 is required and must be applied to the WebSphere Portal Version 6.1 environment prior to migration.
- vyrobit kopii JCR schematu z puvodnich dat
- nastavit nejaky soubor, ale lehce mi unika proc to mam delat $wp_profile_root/PortalServer/jcr/lib/com/ibm/icm/icm.properties:jcr.database.schema=jcrusr