Manually migrating from WAS 5.1 to WebSphere Application Server 6.x with Tivoli Access Manager enabled on multiple nodes
After WAS 6.x is installed on multiple systems being upgraded from version 5.1, you can also migrate the Tivoli Access Manager 5.1 authorization configuration. This should be performed before the Application Server is started. Do not start the Application Server after running the migration wizard or using the migration scripts. This applies to the Deployment Manager system as well as to the managed nodes. The migration will have missed some relevant Tivoli Access Manager files that will prevent the Application Server from starting.
Procedure
- On the Deployment Manager system, copy the following files from the version 5.1 directory to the same directory for the version 6.x installation:
- %WAS_HOME%\java\jre\PDPerm.properties
- %WAS_HOME%\java\jre\lib\security\pdperm.ks
- %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
- %WAS_HOME%\java\jre\PolicyDirector\PD.properties
- %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
- On the Deployment Manager system, open the PD.properties file with a text editor and change the pathnames to the correct pathnames for the following elements, as shown in the following example:
pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext \\ibmjcefw.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext \\ibmjsse.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib \\ext\\ibmpkcs.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre \\lib\\ext\\jaas.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre \\lib\\ext\\local_policy.jar,C\:\\Program Files\\WebSphere\\AppServer \\java\\jre\\lib\\ext\\PD.jar,C\:\\Program Files\\WebSphere\\AppServer \\java\\jre\\lib\\ext\\US_export_policy.jar
- On the Deployment Manager system, open the PdPerm.properties file with a text editor and change all pathnames to the appropriate pathname, as shown in the following example:
pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJ<appsvr-servername>MessageFileHandler.fileName=C\:\\Program Files \\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector\\log/msg__<appsvr-servername>.log pdcert-url=file\:/c\:/progra~1/IBM/WAS/AppServer/java/jre/lib/security/pdperm.ks baseGroup.PDJ<appsvr-servername>TraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere \\AppServer\\java\\jre\\PolicyDirector\\log/trace_<appsvr-servername>.log pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar,C\:\\Program Files \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar,C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib\\ext\\jaas.jar,C\:\\Program Files\\WebSphere\\AppServer\\java \\jre\\lib\\ext\\local_policy.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib \\ext\\PD.jar,C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jarFor the purposes of this example it is assumed that the Application Server has been installed on the C drive running Microsoft Windows. If your Application Server installation is not on the C drive then change the file paths in the configuration settings accordingly.
The <appsvr-servername> value is located in the PdPerm.properties file.
- Start the Application Server Deployment Manager.
- For each of the managed nodes, copy the following files from the version 5.1 directory to the same directory for the version 6.x installation:
- %WAS_HOME%\java\jre\PDPerm.properties
- %WAS_HOME%\java\jre\lib\security\pdperm.ks
- %WAS_HOME%\java\jre\PolicyDirector\PDCA.ks
- %WAS_HOME%\java\jre\PolicyDirector\PD.properties
- %WAS_HOME%\java\jre\PolicyDirector\PDJLog.properties
- For each of the managed nodes, open the PD.properties file with a text editor and change the following configuration elements so that their specified paths are correct:
pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre jar-files=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjcefw.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmjsse.jar,C\:\\Program Files \\WebSphere\\AppServer\\java\\jre\\lib\\ext\\ibmpkcs.jar, C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib\\ext\\jaas.jar,C\:\\Program Files \\WebSphere\\AppServer\\java \\jre\\lib\\ext\\local_policy.jar,C\:\\Program Files\\WebSphere \\AppServer\\java\\jre\\lib \\ext\\PD.jar, C\:\\Program Files\\WebSphere\\AppServer\\java\\jre\\lib\\ext\\US_export_policy.jar
- On each of the managed nodes being migrated, open the PdPerm.properties file with a text editor and change all pathnames to the appropriate pathname, as shown in the following example:
pdvar-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector baseGroup.PDJ<appsvr-servername>MessageFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere \\AppServer\\java\\jre\\PolicyDirector\\log/msg__<appsvr-servername>.log pdcert-url=file\:/c\:/progra~1/IBM/WAS/AppServer/java/jre/lib/security/PdPerm.ks baseGroup.PDJ<appsvr-servername>TraceFileHandler.fileName=C\:\\Program Files\\IBM\\WebSphere \\AppServer\\java\\jre\\PolicyDirector\\log/trace__<appsvr-servername>.log pd-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre\\PolicyDirector java-home=C\:\\Program Files\\IBM\\WebSphere\\AppServer\\java\\jre config_type=standalone
- Start the node agents and associated appservers on each of the Application Server nodes that were migrated to version 6.x.
Manually configuring Tivoli Access Manager only for authentication on WAS 6.x
Manually migrating from WAS 5.1 to WebSphere Application Server 6.x with Tivoli Access Manager enabled on a stand-alone server