LPS:Portal61

Odkazy na dokumentaci

• WebSphere Portal Support
  • WebSphere Portal Version 6.1 Information Center
  • Special characters in user ID and passwords
  • How to determine if a 32-bit or 64-bit version of WebSphere Portal is installed
• Application Server Version 6.1 Information Center
• WebSphere Portal Server 5.1 Your Guide to Clustering
• Recommended fixes for WebSphere Application Server
• Recommended fixes and updates for WebSphere Portal and Web Content Management

Poznamky k instalaci

• To ensure successful migration, interim fix PK69311 is required and must be applied to the WebSphere Portal Version 6.1

Instalace

• v systemu nastavit:
  • ulimit na pocet otevrenych souboru (zrejme uz ve FAI.DEV v /etc/profile) << ZKONTROLOVAT
  • priponastavit certifikat CA pro radkoveho klienta ldapsearch (pro kontrolni ucely)
  • pridat iptables java hack, nedokazu presvedcit javu aby si nic neposilala sama sobe po verejnem rozhrani
  • imitovat SUSE
  • nainstalovat libstdc++5 a pripadne knihovny pro Xka ktere by chybeli, jinak se instalak chova podivne

cat << __EOF__ >> /etc/profile
ulimit -n 20240
alias was='cd /opt/WebSphere/AppServer'
alias waslog='cd /opt/WebSphere/AppServer/logs'
alias wps='cd /opt/WebSphere/PortalServer'
alias wpslog='cd /opt/WebSphere/PortalServer/log'
#
alias wasprof='cd /opt/WebSphere/AppServer/profiles/wp_profile'
export REPLACE_WAS_HOME="/opt/WebSphere/AppServer"
__EOF__
echo "TLS_CACERT /etc/ldap/ZCUrootCA.pem" >> /etc/ldap/ldap.conf
iptables -A INPUT -s 147.228.52.49 -d 147.228.52.49 -j ACCEPT
apt-get install libstdc++5

cat << __EOF__ >> /etc/bodik-release
SUSE
VERSION = 9
__EOF__

DM + Portal

• porozbalovat CDcka a spustit ./install.sh a nainstalovat WASku a DeploymentManager .. (lepsi je vytvorit profil az posleze protoze si clovek muze zvoli kde bude)

• nastavit veci v Dmgr (timeouty, Xmx, zalozit nejake uzivatele, ...)
• nainstalovat portal, asi do stejneho Aplikace abysme jich nemeli 1000...

Priprava databaze

• vytvorit uzivatele

create user releaseusr identified by password default tablespace USR_DATA temporary tablespace TMP;
create user commusr identified by password default tablespace USR_DATA temporary tablespace TMP;
create user custusr identified by password default tablespace USR_DATA temporary tablespace TMP;
create user jcrusr identified by password default tablespace USR_DATA temporary tablespace TMP;
create user feedback identified by password default tablespace USR_DATA temporary tablespace TMP;
create user lmdbusr identified by password default tablespace USR_DATA temporary tablespace TMP;

• pridelit jim prava

grant select on dba_pending_transactions to releaseusr;
grant connect, resource to releaseusr;
grant select on dba_pending_transactions to commusr;
grant connect, resource to commusr;
grant select on dba_pending_transactions to custusr;
 grant connect, resource to custusr;
grant create session, alter session, create table, create view, create trigger, create library, \
 create tablespace, alter tablespace, drop tablespace, execute any procedure, unlimited tablespace, \
 create sequence to jcrusr;
grant select on dba_pending_transactions to jcrusr;
grant connect, resource to jcrusr;
grant insert any table to jcrusr;
grant select on dba_pending_transactions to feedback;
grant connect, resource, create session to feedback;
grant select on dba_pending_transactions to lmdbusr;
grant connect, resource, create session to lmdbusr;
grant insert any table to lmdbusr;
# pridali sme kuli nejake opravje
grant select on pending_trans$ to public;
grant select on dba_2pc_pending to public;
grant select on dba_pending_transactions to public;
grant execute on dbms_system to releaseusr;
grant execute on dbms_system to commusr;
grant execute on dbms_system to custusr;
grant execute on dbms_system to feedback;
grant execute on dbms_system to lmdbusr;
grant execute on dbms_system to jcrusr;

• vytvorit tablespacy nebo co

###jako SYSDBA provest vytvoreni specialnich tablespacu
cat << __EOF__ >> /tmp/wps61_tablespaces.sql
define jcrdb = WPS61;
define logfile = /tmp/icmjcr.log;
define dbpath = /home/oracle/data;
spool &logfile;
whenever sqlerror exit sql.sqlcode rollback;
--CONNECT &&dbadmin/&&password;
create tablespace ICMLFQ32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLFQ32_01.dbf' size 300M reuse \
 autoextend on next 10M maxsize UNLIMITED extent management local autoallocate;
create tablespace ICMLNF32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLNF32_01.dbf' size 25M reuse \
 autoextend on next 10M maxsize UNLIMITED  extent management local autoallocate;
create tablespace ICMVFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMVFQ04_01.dbf' size 25M reuse \
 autoextend on next 10M maxsize UNLIMITED extent management local autoallocate;
create tablespace ICMSFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMSFQ04_01.dbf' size 150M reuse \
 autoextend on next 10M maxsize UNLIMITED extent management local autoallocate;
create tablespace ICMLSNDX datafile '&dbpath./&jcrdb./&jcrdb._ICMLSNDX_01.dbf' size 10M reuse \ 
 autoextend on next 10M maxsize UNLIMITED extent management local autoallocate;
spool off;
exit;
__EOF__

• zkopirovat si nekam ojdbc14.jar
• ponastavit globalni parametry databaze

db_block_size = 8192
db_cache_size = 300M
db_files = 1024
log_buffer = 65536
open_cursors = 1500
pga_aggregate_target = 200M
pre_page_sga = true
processes = 300
shared_pool_size = 200M

• pokracovat upravenim properties wkplc_comp.properties, wkplc_dbtype.properties, wkplc.properties

./ConfigEngine.sh setup-database

nefunguje protoze chce vytvaret uzivatele jako DBA, nicmene v predchozich krokach sem je uz vytvoril a DBA uzivatele temhle skriptum nedam. wps61 dokumentace nahovno.

./ConfigEngine.sh validate-database-(driver|connection) -DTransferDomainList=release,customization,community,jcr,feedback,likeminds
validate-database-transfer-environment

taky tam nepisou ze musim zmenit i jmena datasourcu ;( pak funguje prenosem dat

./ConfigEngine.sh database-transfer -DTransferDomainList=release,customization,community,jcr,feedback,likeminds
...
BUILD SUCCESSFUL
Total time: 10 minutes 30 seconds

for all dbdomains manually do;
  SQL> execute dbms_stats.gather_schema_stats(ownname=> 'jcr', cascade=> TRUE);
done

Pripojeni k DM

./ConfigEngine.sh collect-files-for-dmgr
./ConfigEngine.sh cluster-node-config-pre-federation
./ConfigEngine.sh cluster-node-config-post-federation
./ConfigEngine.sh wp-change-portal-admin-user -DnewAdminId=uid=wpsadmin6,o=defaultWIMFileBasedRealm -DnewAdminPw=heslo -DnewAdminGroupId=cn=wpsadmins6,o=defaultWIMFileBasedRealm
./ConfigEngine.sh cluster-node-config-cluster-setup

• nainstalovat webserver (apache2.0 ;(, plugin, pridat definici webserveru do DM
• rucne sem musel u kazde aplikace naklikat bindovani modulu na jednolive komponenty (cluster,webserver) coz mi prislo zvlastni, ale co uz

Prepnuti na LDAP

• pridat ZCUrootCA certifikat do server truststore, pres webove rozhrani
• nastavit client truststore na ten samy (ssl.client.props)
• poeditovat wkplc.properties, a pokusit se nastavit spravne parametry pro pripojeni a vyhledavani uzivatelu, takova trochu sportka

WasUserid=uid=wasadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz
WasPassword=STARE
PortalAdminId=uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz
PortalAdminPwd=STARE
PortalAdminGroupId=cn=wpsadmins6,ou=groups,ou=portal,ou=services,dc=zcu,dc=cz

standalone.ldap.id=orion
standalone.ldap.host=clotho.zcu.cz
standalone.ldap.port=637
standalone.ldap.bindDN=uid=wpsbind6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.bindPassword=NOVE
standalone.ldap.ldapServerType=CUSTOM
standalone.ldap.userIdMap=inetOrgPerson:uid
standalone.ldap.groupIdMap=*:cn
standalone.ldap.groupMemberIdMap=groupOfUniqueNames:uniqueMember
standalone.ldap.userFilter=(uid=%v)
standalone.ldap.groupFilter=(cn=%v)
standalone.ldap.serverId=uid=wpsbind6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.serverPassword=NOVE
standalone.ldap.realm=zcucz31
standalone.ldap.primaryAdminId=uid=wasadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.primaryAdminPassword=NOVE
standalone.ldap.primaryPortalAdminId=uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.primaryPortalAdminPassword=NOVE
standalone.ldap.primaryPortalAdminGroup=cn=wpsadmins6,ou=groups,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.baseDN=ou=portal,ou=services,dc=zcu,dc=cz

standalone.ldap.et.group.searchFilter=(objectclass=groupOfUniqueNames)
standalone.ldap.et.group.objectClasses=groupOfUniqueNames
standalone.ldap.et.group.searchBases=ou=groups,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.et.personaccount.searchFilter=(objectclass=inetOrgPerson)
standalone.ldap.et.personaccount.objectClasses=inetOrgPerson
standalone.ldap.et.personaccount.searchBases=ou=users,ou=portal,ou=services,dc=zcu,dc=cz

standalone.ldap.personAccountParent=ou=users,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.groupParent=ou=groups,ou=portal,ou=services,dc=zcu,dc=cz
standalone.ldap.gc.name=memberof
standalone.ldap.sslEnabled=true

• a zvalidovat nastaveni

 ./ConfigEngine.sh validate-standalone-ldap -DWasPassword=heslo

• v souboru /opt/WebSphere/wp_profile/ConfigEngine/config/actions/wp_security_pub.xml jsem na radce 333(6.1.0.0), 360(6.1.0.1) vyhodil task wplc-delete-federated-ldap-entitytyp protoze pres nej proste nejel vlak. potom uz prosel task

 ./ConfigEngine.sh wp-modify-ldap-security -DWasPassword=
 ./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config -DWasPassword=

Ostatni

• apache2.0
• webauth
• certifikaty
• mod_deflate + 304 konzerva patch Uživatel:Konzerva/PortalDeflate
• nastavit cluster aby spravne pracoval se ssl (hlavne generovani htttp v login formularich) Setting up SSL
  • Resources > .. > WP Config service: redirect.login.ssl=true , host.port.https=443
  • nastavic security constrainty, upravit jspcka, pokonfigurovat LoginPortlet

/opt/WebSphere/AppServer/bin/wsadmin.sh -profileName wp_profile -c "\$AdminApp export wps /tmp/w/wps.ear"
/opt/WebSphere/AppServer/bin/EARExpander.sh -ear wps.ear -operationDir /tmp/w/exp  -operation expand
grep -R "wps.Login" * | xargs EDIT ...
mv /tmp/w/wps.ear /tmp/w/wps.ear.old
/opt/WebSphere/AppServer/bin/EARExpander.sh -ear wps.ear -operationDir /tmp/w/exp  -operation collapse
/opt/WebSphere/AppServer/bin/wsadmin.sh -profileName Dmgr -c "\$AdminApp install /tmp/w/wps.ear {-update -appname wps -nodeployejb}"
/opt/WebSphere/AppServer/bin/wsadmin.sh -profileName Dmgr -c "\$AdminConfig save"

• logrotate (i s http pluginem !)
• hugepages

/etc/sysctl.conf
vm.nr_hugepages = 575
kernel.shmmax = 2511724800
kernel.shmall = 2511724800

WEBSPHERE_JAVA_OPTS += -Xlp

Migrace

• migration is not supported to clustered environment. you have to migrate to standalone server and than cleate a cluster.
• You can migrate information to WebSphere Portal Version 6.1 from the earlier offerings: 6.0.1.1
• To ensure successful migration, interim fix PK69311 is required and must be applied to the WebSphere Portal Version 6.1 environment prior to migration.

• vyrobit kopii JCR schematu z puvodnich dat
• nastavit nejaky soubor, ale lehce mi unika proc to mam delat $wp_profile_root/PortalServer/jcr/lib/com/ibm/icm/icm.properties:jcr.database.schema=jcrusr