LPS:Portal61
Z HelpDesk
Odkazy na dokumentaci
- WebSphere Portal Support
- Application Server Version 6.1 Information Center
- WebSphere Portal Server 5.1 Your Guide to Clustering
- Recommended fixes for WebSphere Application Server
- Recommended fixes and updates for WebSphere Portal and Web Content Management
- HTTP Server load balancing secrets
- Understanding IBM HTTP Server plug-in Load Balancing in a clustered environment
- Common questions about the web server Plug-in
Poznamky k instalaci
- To ensure successful migration, interim fix PK69311 is required and must be applied to the WebSphere Portal Version 6.1
Instalace
- v systemu nastavit:
- ulimit na pocet otevrenych souboru (zrejme uz ve FAI.DEV v /etc/profile) << ZKONTROLOVAT
- priponastavit certifikat CA pro radkoveho klienta ldapsearch (pro kontrolni ucely)
- pridat iptables java hack, nedokazu presvedcit javu aby si nic neposilala sama sobe po verejnem rozhrani
imitovat SUSE- nainstalovat libstdc++5 a pripadne knihovny pro Xka ktere by chybeli, jinak se instalak chova podivne
cat << __EOF__ >> /etc/profile ulimit -n 20240 alias was='cd /opt/WebSphere/AppServer' alias waslog='cd /opt/WebSphere/AppServer/logs' alias wps='cd /opt/WebSphere/PortalServer' alias wpslog='cd /opt/WebSphere/PortalServer/log' # alias wasprof='cd /opt/WebSphere/AppServer/profiles/wp_profile' export REPLACE_WAS_HOME="/opt/WebSphere/AppServer" __EOF__ echo "TLS_CACERT /etc/ldap/ZCUrootCA.pem" >> /etc/ldap/ldap.conf iptables -A INPUT -s 147.228.52.49 -d 147.228.52.49 -j ACCEPT apt-get install libstdc++5
cat << __EOF__ >> /etc/bodik-release SUSE VERSION = 9 __EOF__
DM + Portal
- porozbalovat CDcka ...
for all in `ls *zip`; do mkdir `basename $all .zip`; cd `basename $all .zip`; unzip ../$all; cd ..; done for all in `ls *tgz`; do mkdir `basename $all .tgz`; cd `basename $all .tgz`; tar xzf ../$all; cd ..; done for all in `ls *tar.gz`; do mkdir `basename $all .tar.gz`; cd `basename $all .tar.gz`; tar xzf ../$all; cd ..; done for all in `ls *tar`; do mkdir `basename $all .tar`; cd `basename $all .tar`; tar xf ../$all; cd ..; done
- ... a spustit ./install.sh a nainstalovat WASku a DeploymentManager .. (lepsi je vytvorit profil az posleze protoze si clovek muze zvoli kde bude)
- na 64b nejsou graficke naklikatory:
./manageprofiles.sh -create -profileName Dmgr -templatePath /opt/WebSphere/AppServer/profileTemplates/dmgr -profilePath /opt/WebSphere/Dmgr
- nastavit veci v Dmgr (timeouty, Xmx, zalozit nejake uzivatele, ...)
- zafixovat pro portal (cista was z cd nestaci, nebo instalovat s portalem a federovat dovnitr (snad to projde)
/opt/install/updates/u/UpdateInstaller/../JDK/jre.pak/repository/package.java.jre/java/jre/bin/java -cp /opt/install/updates/u/UpdateInstaller/setup.jar -Xms256m -Xmx512m run -options responsefile.updiinstaller.txt -silent
- nainstalovat portal, asi do stejneho Aplikace abysme jich nemeli 1000...
Priprava databaze
- pri vytvareni mit na pameti UTF8 - http://www-01.ibm.com/support/docview.wss?uid=swg21317981
- vytvorit uzivatele
create user releaseusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user commusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user custusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user jcrusr identified by password default tablespace USR_DATA temporary tablespace TMP; create user feedback identified by password default tablespace USR_DATA temporary tablespace TMP; create user lmdbusr identified by password default tablespace USR_DATA temporary tablespace TMP;
- pridelit jim prava
grant select on dba_pending_transactions to releaseusr; grant connect, resource to releaseusr; grant select on dba_pending_transactions to commusr; grant connect, resource to commusr; grant select on dba_pending_transactions to custusr; grant connect, resource to custusr; grant create session, alter session, create table, create view, create trigger, create library, \ create tablespace, alter tablespace, drop tablespace, execute any procedure, unlimited tablespace, \ create sequence to jcrusr; grant select on dba_pending_transactions to jcrusr; grant connect, resource to jcrusr; grant insert any table to jcrusr; grant select on dba_pending_transactions to feedback; grant connect, resource, create session to feedback; grant select on dba_pending_transactions to lmdbusr; grant connect, resource, create session to lmdbusr; grant insert any table to lmdbusr; # pridali sme kuli nejake opravje grant select on pending_trans$ to public; grant select on dba_2pc_pending to public; grant select on dba_pending_transactions to public; grant execute on dbms_system to releaseusr; grant execute on dbms_system to commusr; grant execute on dbms_system to custusr; grant execute on dbms_system to feedback; grant execute on dbms_system to lmdbusr; grant execute on dbms_system to jcrusr;
- vytvorit tablespacy nebo co
###jako SYSDBA provest vytvoreni specialnich tablespacu cat << __EOF__ >> /tmp/wps61_tablespaces.sql define jcrdb = WPS61; define logfile = /tmp/icmjcr.log; define dbpath = /home/oracle/data; spool &logfile; whenever sqlerror exit sql.sqlcode rollback; --CONNECT &&dbadmin/&&password; create tablespace ICMLFQ32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLFQ32_01.dbf' size 300M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMLNF32 datafile '&dbpath./&jcrdb./&jcrdb._ICMLNF32_01.dbf' size 25M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMVFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMVFQ04_01.dbf' size 25M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMSFQ04 datafile '&dbpath./&jcrdb./&jcrdb._ICMSFQ04_01.dbf' size 150M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; create tablespace ICMLSNDX datafile '&dbpath./&jcrdb./&jcrdb._ICMLSNDX_01.dbf' size 10M reuse \ autoextend on next 10M maxsize UNLIMITED extent management local autoallocate; spool off; exit; __EOF__
- zkopirovat si nekam ojdbc14.jar
- ponastavit globalni parametry databaze
db_block_size = 8192 db_cache_size = 300M db_files = 1024 log_buffer = 65536 open_cursors = 1500 pga_aggregate_target = 200M pre_page_sga = true processes = 300 shared_pool_size = 200M
- pokracovat upravenim properties wkplc_comp.properties, wkplc_dbtype.properties, wkplc.properties
./ConfigEngine.sh setup-database
nefunguje protoze chce vytvaret uzivatele jako DBA, nicmene v predchozich krokach sem je uz vytvoril a DBA uzivatele temhle skriptum nedam. wps61 dokumentace nahovno.
./ConfigEngine.sh validate-database-(driver|connection) -DTransferDomainList=release,customization,community,jcr,feedback,likeminds validate-database-transfer-environment
taky tam nepisou ze musim zmenit i jmena datasourcu ;( pak funguje prenosem dat
./ConfigEngine.sh database-transfer -DTransferDomainList=release,customization,community,jcr,feedback,likeminds ... BUILD SUCCESSFUL Total time: 10 minutes 30 seconds
for all dbdomains manually do; SQL> execute dbms_stats.gather_schema_stats(ownname=> 'jcr', cascade=> TRUE); done
Pripojeni k DM
- asi je dobre prepnout DM na ldap security uz v tuto chvili, zabrani se pak ruznym prepinanim, pri nastavovani nezapomenout na advanced nastaveni kde jsou vyhledavaci filtry !
- pokud ma DM uz ldap security tak prehodit wp-change-portal-admin-user az nakonec !
- pokud ma DM uz ldap musi se sprave nakonfigurovat i profil portalu pro tento novy ldap, jinak to dela kraviny, je to prvni krok v dokumentaci a snadno se prehledne
./ConfigEngine.sh collect-files-for-dmgr ./ConfigEngine.sh cluster-node-config-pre-federation ./ConfigEngine.sh cluster-node-config-post-federation ./ConfigEngine.sh wp-change-portal-admin-user -DnewAdminId=uid=wpsadmin6,o=defaultWIMFileBasedRealm -DnewAdminPw=heslo -DnewAdminGroupId=cn=wpsadmins6,o=defaultWIMFileBasedRealm ./ConfigEngine.sh cluster-node-config-cluster-setup
- nainstalovat webserver (apache2.0 ;(, plugin, pridat definici webserveru do DM
rucne sem musel u kazde aplikace naklikat bindovani modulu na jednolive komponenty (cluster,webserver) coz mi prislo zvlastni, ale co uz
Prepnuti na LDAP
- pridat ZCUrootCA certifikat do server truststore, pres webove rozhrani
- nastavit client truststore na ten samy (ssl.client.props)
- poeditovat wkplc.properties, a pokusit se nastavit spravne parametry pro pripojeni a vyhledavani uzivatelu, takova trochu sportka
WasUserid=uid=wasadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz WasPassword=STARE PortalAdminId=uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz PortalAdminPwd=STARE PortalAdminGroupId=cn=wpsadmins6,ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.id=orion standalone.ldap.host=clotho.zcu.cz standalone.ldap.port=637 standalone.ldap.bindDN=uid=wpsbind6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.bindPassword=NOVE standalone.ldap.ldapServerType=CUSTOM standalone.ldap.userIdMap=inetOrgPerson:uid standalone.ldap.groupIdMap=*:cn standalone.ldap.groupMemberIdMap=groupOfUniqueNames:uniqueMember standalone.ldap.userFilter=(uid=%v) standalone.ldap.groupFilter=(cn=%v) standalone.ldap.serverId=uid=wpsbind6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.serverPassword=NOVE standalone.ldap.realm=zcucz31 standalone.ldap.primaryAdminId=uid=wasadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.primaryAdminPassword=NOVE standalone.ldap.primaryPortalAdminId=uid=wpsadmin6,ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.primaryPortalAdminPassword=NOVE standalone.ldap.primaryPortalAdminGroup=cn=wpsadmins6,ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.baseDN=ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.et.group.searchFilter=(objectclass=groupOfUniqueNames) standalone.ldap.et.group.objectClasses=groupOfUniqueNames standalone.ldap.et.group.searchBases=ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.et.personaccount.searchFilter=(objectclass=inetOrgPerson) standalone.ldap.et.personaccount.objectClasses=inetOrgPerson standalone.ldap.et.personaccount.searchBases=ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.personAccountParent=ou=users,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.groupParent=ou=groups,ou=portal,ou=services,dc=zcu,dc=cz standalone.ldap.gc.name=memberof standalone.ldap.sslEnabled=true
- a zvalidovat nastaveni
./ConfigEngine.sh validate-standalone-ldap -DWasPassword=heslo
- v souboru /opt/WebSphere/wp_profile/ConfigEngine/config/actions/wp_security_pub.xml jsem na radce 333(6.1.0.0), 360(6.1.0.1) vyhodil task wplc-delete-federated-ldap-entitytyp protoze pres nej proste nejel vlak. potom uz prosel task
./ConfigEngine.sh wp-modify-ldap-security -DWasPassword= ./ConfigEngine.sh wp-validate-standalone-ldap-attribute-config -DWasPassword=
Ostatni
- zkontroluj jejich startup ENV, vetsinou je potreba rucne sourceovat /etc/profile, protoze uvnitr defaultnich RC skriptu (napr. saslauthd, init.d/functions ...) natvrdo prepisujou PATH, ...
- apache2.0, webauth, certifikaty
- JVM options: -Xgcpolicy:gencon -Xverbosegclog:/opt/WebSphere/wp_profile/logs/gc-${WAS_SERVER_NAME}.log -Xmn300m -Duser.timezone=Europe/Prague
- nastavit property od WebContaineru nutnou pro servirovani velikych dokumentu pres JVM
- Servers -> Application Servers -> serverName -> Web Container Settings -> Web Container -> Custom Properties:
- Add the following pair: com.ibm.ws.webcontainer.channelwritetype = sync
- http://www-01.ibm.com/support/docview.wss?uid=swg21317658
- vertikalni cluster
- prikliknout novy clen clusteru, proverit nastavene porty, pridat do virtual hosts
- pro vsechny cleny
./ConfigEngine.sh cluster-node-config-vertical-cluster-setup -DServerName=
- mod_deflate + 304 konzerva patch Uživatel:Konzerva/PortalDeflate
- logrotate (i s http pluginem !)
- plugin-cfg.xml -- IgnoreAffinityRequests=false, ServerIOTimeout="60"
- RHEL: kdyz chybi nejake baliky tak pouzit google: redhat epel http://fedoraproject.org/wiki/EPEL
- RHEL,CENTOS: touch /var/lock/subsys/$NAME jinak se ta sluzba nebude povazovat za spustenou a nebude se korektne vypinat. co hur, nebude se to pri `reboot` ani pokouset vypinat...
- zkontrolovat nastaveni classpath u JDBC providera, tak aby tam byl ojdbc14.jar i orai18n.jar
SSL ... do magic here ...
- udelat si zalohu cele bunky ;)
- v Security > SSL certificate and key management > Manage endpoint security configurations sjednotit pouzivane konfigurace. Po federaci muze mit fenerovana noda svoje vlastni nastaveni
- vytvorit nove 2 keystory (asi by stacilo mozna jenom jeden)
- keystore: personal - server, signers - CA
- truststore: signers - server,CA
- importovat klic se musi pres JKS pomoci PKCS12Import.java, navic kompilovanou sunovskou javou protoze tou od IBM to nefunguje
openssl pkcs12 -export -out exported.pfx -inkey exported.key -in exported-pem.crt
- nastavit keystory pro pouziti v pouzivane ssl konfiguraci (CellDefaultSLL...)
- synchronizovat celou bunku !!
- zastavit nodeagenta, dmgr
- spustit dmgr, nodeagenta, portal cluster
- pokud se v predchozim kroku nepridali nove certifikaty do truststoru jednotlivych klientu tak upravit nastaveni ssl.client.props (./retrieveSigners.sh -conntype SOAP)
- popravde je lepsi upravit ssl.client.properties aby se pouzival stejny keystore i pro komunikaci v bunce (ssl magic)
- TODO: bylo by zajimave se nekdy podivat na sniff jake klice si vlastne vymenuji ;]
- pozor na GSkit, nepodarilo se mi ho nikde vypnout programove a kdyz se nechci placat s dalsim keystorem tak musim ze systemu vyhodit sifrovaci knihovnu gsk7bas64-7.0-3.20
- nastavit cluster aby spravne pracoval se ssl (hlavne generovani htttp v login formularich) Setting up SSL
- Resources > .. > WP Config service: redirect.login.ssl=true , host.port.https=443
- nastavic security constrainty, upravit jspcka, pokonfigurovat LoginPortlet
/opt/WebSphere/AppServer/bin/wsadmin.sh -profileName wp_profile -c "\$AdminApp export wps /tmp/w/wps.ear"
/opt/WebSphere/AppServer/bin/EARExpander.sh -ear wps.ear -operationDir /tmp/w/exp -operation expand
grep -R "wps.Login" * | xargs EDIT ...
mv /tmp/w/wps.ear /tmp/w/wps.ear.old
/opt/WebSphere/AppServer/bin/EARExpander.sh -ear wps.ear -operationDir /tmp/w/exp -operation collapse
/opt/WebSphere/AppServer/bin/wsadmin.sh -profileName Dmgr -c "\$AdminApp install /tmp/w/wps.ear {-update -appname wps -nodeployejb}"
/opt/WebSphere/AppServer/bin/wsadmin.sh -profileName Dmgr -c "\$AdminConfig save"
Migrace
nakonec sme stejne delalli rucne
- migration is not supported to clustered environment. you have to migrate to standalone server and than cleate a cluster.
- You can migrate information to WebSphere Portal Version 6.1 from the earlier offerings: 6.0.1.1
- To ensure successful migration, interim fix PK69311 is required and must be applied to the WebSphere Portal Version 6.1 environment prior to migration.
- vyrobit kopii JCR schematu z puvodnich dat
- nastavit nejaky soubor, ale lehce mi unika proc to mam delat $wp_profile_root/PortalServer/jcr/lib/com/ibm/icm/icm.properties:jcr.database.schema=jcrusr
Klonování
rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/WebSphere/AppServer . rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/WebSphere/PortalServer . rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/WebSphere/Plugins . rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/jdbc . rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/PORTAL-data/zdroje . rsync -rva --rsh="ssh -C -l root" root@portal2.zcu.cz:/opt/PORTAL-data/konfigurace . mkdir /opt/WebSphere/SiteAnalyzer
- je to cluster
#
#
smazat vsechny logy, jinak to trva o chvilku dele
# NODE NAME in WAS
export WHERE=grepportal2; export ORIGNODE=portal2; export NEWNODE=pdev2.civ
export REPLACE="s/$ORIGNODE/$NEWNODE/g"; export IFS=$'\n'
grep -ri "$ORIGNODE" AppServer/* > $WHERE
grep -ri "$ORIGNODE" PortalServer/* >> $WHERE
grep -ri "$ORIGNODE" Plugins/* >> $WHERE
grep -ri "$ORIGNODE" wp_profile/* >> $WHERE
grep -ri "$ORIGNODE" Dmgr/* >> $WHERE
for all in `cat $WHERE | awk -F ':' '{print $1}' | egrep -v "^Binary file"`; do
cp "$all" "$all-$ORIGNODE"
cat "$all-$ORIGNODE" | sed $REPLACE > "$all"
echo "$all" >> $WHERE.log
done
unset IFS
#
# database
export WHERE=grepWPS6; export ORIGDB=WPS6; export NEWDB=PDEV2
export REPLACE="s/$ORIGDB/$NEWDB/g"; export IFS=$'\n'
grep -r "$ORIGDB" AppServer/* > $WHERE
grep -r "$ORIGDB" PortalServer/* >> $WHERE
grep -r "$ORIGDB" wp_profile/* >> $WHERE
grep -r "$ORIGDB" Dmgr/* >> $WHERE
for all in `cat $WHERE | awk -F ':' '{print $1}' | egrep -v "^Binary file"`; do
cp "$all" "$all-$ORIGDB"
cat "$all-$ORIGDB" | sed $REPLACE > "$all"
echo "$all" >> $WHERE.log
done
unset IFS
#
# flat file configuration
mv $WAS/profiles/wp_profile/config/cells/zcucz/nodes/$ORIGNODE $WAS/profiles/wp_profile/config/cells/zcucz/nodes/$NEWNODE
mv $WAS/profiles/wp_profile/config/cells/zcucz/nodes/webserver1-$ORIGNODE_node/servers/webserver1-$ORIGNODE $WAS/profiles/wp_profile/config/cells/zcucz/nodes/webserver1-$NEWNODE_node/servers/webserver1-$NEWNODE
mv $WAS/profiles/wp_profile/tranlog/zcucz/$ORIGNODE $WAS/profiles/wp_profile/tranlog/zcucz/$NEWNODE
mv $PLUGINS/logs/webserver1-$ORIGNODE $PLUGINS/logs/webserver1-$NEWNODE
mv $PLUGINS/config/webserver1-$ORIGNODE $PLUGINS/config/webserver1-$NEWNODE
mv $BASE/wp_profile/instlledApps/$ORIGNODE $BASE/wp_profile/instlledApps/$NEWNODE
#
# solve colissions in namespace in applications ;(((((
find $WAS/profiles/wp_profile/config/cells/zcucz/applications -name "*$ORIGDB"
vim $WAS/profiles/wp_profile/config/cells/zcucz/applications/no_id_available_q0ua3x4.ear/deployments/no_id_available_q0ua3x4/q0ua3x4.war/WEB-INF/applicationContext.xml (WPS6 vs. PDEV2)
find $WPS/installedApps/ -name "*$ORIGDB"
vim $WPS/installedApps/no_id_available_q0ua3x4.ear/q0ua3x4.war/WEB-INF/applicationContext.xml (WPS6 vs. PDEV2)
#
# changle ldap user registry&repository to testing one
vim $WAS/profiles/wp_profile/config/cells/zcucz/security.xml
vim $WPS/config/wpconfig.properties
vim $WPS/wmm/wmm.xml
#
# changle DataSources in WAS and Portal.Spring
# bacha na mala/velka pismenka .. je tam -i protoze je to pokazdy jinak ;)
export WHERE=grepGINA1; export ORIGDB=GINA1; export NEWDB=VYVOJ1
export REPLACE="s/$ORIGDB/$NEWDB/g"; export IFS=$'\n'
grep -ri "$ORIGDB" AppServer/* > $WHERE
grep -ri "$ORIGDB" PortalServer/* >> $WHERE
grep -ri "$ORIGDB" wp_profile/* >> $WHERE
grep -ri "$ORIGDB" Dmgr/* >> $WHERE
for all in `cat $WHERE | awk -F ':' '{print $1}' | egrep -v "^Binary file"`; do
cp "$all" "$all-$ORIGDB"
cat "$all-$ORIGDB" | sed $REPLACE > "$all"
echo "$all" >> $WHERE.log
done
unset IFS
- posmudlit keystory pro SSL klice
- podobne jako vyse prehodit ldap.zcu.cz > clotho.zcu.cz a adresu puvodni nody na novou (mame to nekde v PodporaVyuky)
