+

Search Tips   |   Advanced Search

Portal v8 install example


Pre-Install

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
Create wasadmin service account Security Comp Comp Comp Comp Comp Comp
Create filesystems UNIX Comp Comp Comp Comp Comp Comp
Install gtk libraries AIX Comp Comp Comp Comp Comp Comp rpm -qa
Configure X Server GUI UNIX Comp Comp Comp Comp Comp Comp
Create user accounts with sudo access UNIX Comp Comp Comp Comp Comp Comp user3, user1, user2
Mount /media drive UNIX Comp Comp Comp Comp Comp Comp 40+ GB
Set ulimit -n 10024 UNIX Comp Comp Comp Comp Comp Comp
Virtual Portal hostnames in DNS Middleware Comp Comp Comp Comp Comp Comp


Install WAS v8.5.5 and Portal v8.0.0.1

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
Install Installation Manager Middleware Comp Comp Comp Comp Comp Comp
Install WAS for dmgr Middleware Comp Comp Comp Comp Comp Comp
Install WAS for portal Middleware Comp Comp Comp Comp Comp Comp
Upgrade to WAS FP1 Middleware Comp Comp Comp Comp Comp Comp
Install portal on primary node Middleware Comp Comp Comp Comp Comp Comp
    Apply FP1 Middleware Comp Comp Comp Comp Comp Comp
    Apply CF09 Middleware Comp Comp Comp Comp Comp Comp Note that CF10 has been released.
Install portal on secondary nodes Middleware             Comp Comp       Comp
    Apply FP1 Middleware             Comp Comp       Comp
    Apply CF09 Middleware             Comp Comp       Comp
Create Dmgr01 profile Middleware Comp Comp Comp Comp Comp Comp
Configure authoring portlet Middleware Comp Comp Comp Comp Comp Comp
Disable managed pages Middleware Comp Comp Comp Comp Comp Comp
Create profile template Middleware Comp Comp Comp Comp Comp Comp
Configure portal to use DB2 Middleware Comp Comp Comp Comp Comp Comp
Configure Dmgr Middleware Comp Comp Comp Comp Comp Comp
Federate primary node Middleware Comp Comp Comp Comp Comp Comp
Create static cluster Middleware Comp Comp Comp Comp Comp Comp
Configure LDAP on primary node Middleware Comp Comp Comp Comp Comp Comp
Add ha servers for LDAP Middleware

Comp Comp Comp Comp
Install IHS Middleware Comp Comp Comp Comp Comp Comp
Configure web server plug-in Middleware Comp Comp Comp Comp Comp Comp


Deploy MyCo application

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
Configure default realm Middleware Comp Comp Comp Comp Comp Comp      
Configure myAdminRealm Middleware Comp Comp Comp Comp Comp Comp
MyCo shared libraries Middleware Comp Comp Comp Comp Comp Comp
Web container updates Middleware Comp Comp Comp Comp Comp Comp      
Mail session Middleware Comp Comp Comp Comp Comp Comp      
Configure object cache instances Middleware Comp Comp Comp Comp Comp Comp
Configure object pool Middleware Comp Comp Comp Comp Comp Comp
Global security updates Middleware Comp Comp Comp Comp Comp Comp      
Expression Language Middleware Comp Comp Comp Comp Comp Comp
Deploy war Middleware Comp Comp Comp Comp Comp Comp
Map portlets to shared libraries Middleware Comp Comp Comp Comp Comp Comp
Install global filters Middleware Comp Comp Comp Comp Comp Comp
Install Tealeaf processor Middleware Comp Comp Comp Comp Comp Comp
Resource Environment Provider Middleware Comp Comp Comp Comp Comp Comp
Install theme Middleware Comp Comp Comp Comp Comp Comp
Custom security configuration Middleware Comp Comp Comp Comp Comp Comp
Create virtual portal Middleware Comp Comp Comp Comp Comp Comp
Install multilingual system Middleware Comp Comp Comp Comp Comp Comp
Syndicate Middleware Comp Comp Comp Comp Comp Comp
Export/Import WCM libs Middleware Comp Comp Comp Comp Comp Comp Optional. Alternative to syndication.
Set web content permissions Middleware Comp Comp Comp Comp Comp Comp
Export/Import pages Middleware Comp Comp Comp Comp Comp Comp
Error 404: There is no content available Middleware Comp Comp Comp Comp Comp Comp Deploy MyShop.war
Disallow direct servlet access Middleware Comp Comp Comp Comp Comp Comp
Create profiles on secondary nodes Middleware

Comp Comp
Comp
chown -R wasadmin filesystems Middleware Comp Comp Comp Comp Comp Comp Stop as root. Start as wasadmin.
Customize IHS config Middleware Comp Comp Comp Comp Comp Comp
Web service client configuration Middleware Comp Comp Comp Comp Comp Comp esbgateway issue
Web Content Viewer preferences Middleware Comp Comp Comp Comp Comp Comp


Post-Install tasks

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
ibm-allGroups Middleware Comp Comp Comp Comp Comp Comp
Persist serverIOTimeoutRetry Middleware Comp Comp Comp Comp Comp Comp Set to 5
Max of historical log files Middleware


Comp Comp Comp Change from 3 to 6
Performance testing Middleware


Comp Comp Comp


See also

  1. Test
  2. Production
  3. Change dmgr cellname
  4. Restart portal
  5. IHS


Overview

The following is an example of how to install WebSphere Portal v8, and then how to deploy the fictional MyCo's Prodline1 and Prodline2 branded applications and artifacts to their respective virtual hosts.

Note that the example is based on a specific deployment, and includes steps that you, in all likelihood, will not have to follow. These steps, revolving around setup of custom portal applications, are included for illustrative purposes.

The steps below are not necessarily in the correct order. To follow this procedure in the correct order, follow the Tasks in the table above, in the order they are presented.


Create /opt/IBM/Portal and /media filesystems

Create /opt/IBM/Portal and /media filesystems. Size of /opt/IBM/Portal should be at least 50 GB for lower level environments, and preferably 100 GB. /media is a shared directory containing WebSphere install images. Make sure /tmp has at least 3.5 GB free.

For example, on STG host...

stage ->df -g
Filesystem      GB blocks      Free %Used    Iused %Iused Mounted on
/dev/hd4             3.00      2.81    7%    11409     2% /
/dev/hd2            11.00      7.32   34%    59730     4% /usr
/dev/hd9var          4.00      3.62   10%     8988     2% /var
/dev/hd3             4.00      3.94    2%       96     1% /tmp
/dev/hd1             3.00      2.96    2%       79     1% /home
/dev/hd11admin       3.00      3.00    1%        9     1% /admin
/proc                   -         -    -         -     -  /proc
/dev/hd10opt         4.00      3.73    7%     8177     1% /opt
/dev/livedump        0.25      0.25    1%        4     1% /var/adm/ras/livedump
/dev/lvportalwps    90.00     89.63    1%        4     1% /opt/IBM/Portal
/dev/lvrafrepo      20.00     19.92    1%        4     1% /rafrepo
/dev/lvmedia        50.00     14.17   72%    33264     1% /media

Configre X Server GUI

  1. On the local computer, download, install, and run XMing X server

  2. In putty, enable X11 forwarding...

      Connection | SSH | X11 | Enable X11 forwarding

    ...and compression...

      Connection | SSH | Enable compression

    ...and set cipher order...

      Blowfish
      -- warn below here --
      3DES
      DES
      AES

  3. Log on to target host as user root and configure X11. For example...

      username@hostname /home/username ->xauth list
      hostname/unix:11 MIT-MAGIC-COOKIE-1 0c723ae2ccd7660271b1bafc01b5d55f
      hostname/unix:10 MIT-MAGIC-COOKIE-1 d15b40a439806573a57f10099fa9cfaf
      username@hostname /home/username ->sudo su -
      root@hostname / ->xauth add hostname/unix:10 MIT-MAGIC-COOKIE-1 d15b40a439806573a57f10099fa9cfaf
      root@hostname / ->DISPLAY=localhost:10.0
      root@hostname / ->export DISPLAY
      root@hostname / ->xclock

    If xclock does not work, we might need to enable X11 in sshd...

    1. vi /etc/ssh/sshd_config
    2. Set X11Forwarding yes
    3. stopsrc -s sshd
    4. startsrc -s sshd
    5. Log out of the putty session
    6. Log back in

    If we are logging into target host from AIX jumpbox, use syntax...

      ssh -X -Y -C username@hostname


    Install Installation Manager

      cd /media/installmgr
      ./installc -acceptLicense
      cd /opt/IBM/InstallationManager/eclipse

For more information, see: Installation Manager 1.6.2


Install WAS v8.5.5 for dmgr

On hosts where dmgr is co-located with portal, we install WAS into /opt/IBM/Portal/WebSphere on the portal host. On hosts where dmgr is on its own host, we install into /opt/IBM/Portal/WebsphereMB on the dmgr host.

  1. On the local computer, start XMing X server

  2. Log on to target host as user root

  3. Verify ulimit for number of files and file blocks

      ulimit -n 20480
      ulimit -f unlimited

    To get current ulimit: ulimit -a

    To set, edit /etc/security/limits

  4. Set umask 022 in .profile

  5. Add WAS v8.5.5 to repository using Installation Manager

    Console mode:

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

      ...select...

        P. Preferences | 1. Repositories | D. Add Repository

    2. Set...

        /media/WAS855/repository.config

    3. Add repository for WAS 8.5.5 FP 1

        /media/WAS855_FP1/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
      
      Repositories:
           1. [X] /media/WAS855/repository.config
      
      Other Options:
           D. Add Repository
      
           S. [ ] Search service repositories during installation and updates
      
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu
      

    To add using GUI...

    1. Go to...

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Select...

        File | Preferences | Repositories | Add Respository

    3. Add WAS v8.5.5 repository...

        /media/WAS855/repository.config

    4. Click Apply

    5. Uncheck: "Search service repositories during installation and updates"

    6. Add repository for WAS 8.5.5 FP 1

        /media/WAS855_FP1/repository.config

  6. Install WAS v8.5.5 binaries for use by dmgr profile

    • Command-line method for dmgr that is not co-located with portal...
      
      ### Install WAS 8.5.5 only
      mkdir /opt/IBM/Portal/IMShared 
      cd /opt/IBM/InstallationManager/eclipse/tools 
      ./imcl install com.ibm.websphere.ND.v85_8.5.5000.20130514_1044 \
             -repositories /media/WAS855/repository.config  \
             -installationDirectory /opt/IBM/Portal/WAS1/AppServer  \
             -sharedResourcesDirectory /opt/IBM/Portal/IMShared  \
             -log /tmp/imcl.log  \
             -showProgress \
             -acceptLicense
      

      The version number can be found in the repository.xml file. For example

        <offering ... version='8.5.0.20110617_2222

      ...or using listAvailablePackages. For example...

        ./imcl listAvailablePackages -repositories /media/WAS855_FP1/repository.config

    • GUI method...

      1. Start Installation Manager

          cd /opt/IBM/InstallationManager/eclipse
          ./IBMIM

        ...and go to...

          File | Preferences | Repositories | Add Respository

      2. Add WAS v8.5.5 repository...

          /media/WAS855/repository.config

        ...and then click Apply

      3. On IIM main page, click Install, select the WAS ND package, then click Next...

      4. Accept the license terms, then click Next

      5. Set location of Shared Resources Directory

          /opt/IBM/Portal/IMShared

      6. Set WAS home

        For Test, PRD, and Auth envs...

          /opt/IBM/Portal/WebSphere/AppServer

        For TST, PRD Primary, and PRD HA envs, where Prodline2 dmgr is co-located on same LPAR as Prodline1...

          /opt/IBM/Portal/WAS1/AppServer

      7. Select default features

      8. Accept summary information

        After install completes, select None, and then exit Installation Manager


Install WAS v8.5.5 binaries for use by portal profile

  1. Start Installation Manager in GUI mode

      cd /opt/IBM/InstallationManager/eclipse
      ./IBMIM

  2. On main Installation Manager panel, select Install.

    If dmgr is co-located on this host, you may get pop-up saying package is already installed. Select Continue in Installed Packages pop-up panel.

  3. Select IBM WAS ND v8.5.5.1 to install

  4. On next panel, accept license agreement

  5. For Shared Resources Directory, set...

      /opt/IBM/Portal/IMShared

  6. On the Install Packages screen, select...

      Create a new package group

    ...and for Installation Directory select...

      /opt/IBM/Portal/WAS1/AppServer

  7. Keep English as the only default language.

  8. Select features to install. We can keep the defaults.

  9. Review the summary information, then select Install

  10. On last screen, select None, then Finish


Upgrade WAS to v8.5.5 FP 1

Do this for WAS binaries on both the Dmgr host and on portal nodes.

Note that if included WAS FP1 in the repository when doing WAS install, this should already be done. To verify...

# cd opt/IBM/Portal/WebSphere/AppServer/bin 
# ./versionInfo.sh
--------------------------------------------------------------------------------
IBM WebSphere Product Installation Status Report
--------------------------------------------------------------------------------

Report at date and time May 19, 2014 6:45:30 PM EDT

Installation
--------------------------------------------------------------------------------
Product Directory        /opt/IBM/Portal/WebSphere/AppServer
Version Directory        /opt/IBM/Portal/WebSphere/AppServer/properties/version
DTD Directory            /opt/IBM/Portal/WebSphere/AppServer/properties/version/dtd
Log Directory            /var/ibm/InstallationManager/logs

Product List --------------------------------------------------------------------------------
ND                       installed

Installed Product
--------------------------------------------------------------------------------
Name                  IBM WebSphere Application Server Network Deployment
Version               8.5.5.1
ID                    ND
Build Level           cf011341.03
Build Date            10/18/13
Package               com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
Architecture          PPC64
Installed Features    IBM 64-bit WebSphere SDK for Java
                      WebSphere Application Server Full Profile
                      EJBDeploy tool for pre-EJB 3.0 modules
                      Embeddable EJB container
                      Stand-alone thin clients and resource adapters


# cd /opt/IBM/Portal/WAS1/AppServer/bin 
# ./versionInfo.sh
--------------------------------------------------------------------------------
IBM WebSphere Product Installation Status Report
--------------------------------------------------------------------------------

Report at date and time May 19, 2014 6:47:14 PM EDT

Installation
--------------------------------------------------------------------------------
Product Directory        /opt/IBM/Portal/WAS1/AppServer
Version Directory        /opt/IBM/Portal/WAS1/AppServer/properties/version
DTD Directory            /opt/IBM/Portal/WAS1/AppServer/properties/version/dtd
Log Directory            /var/ibm/InstallationManager/logs

Product List --------------------------------------------------------------------------------
ND                       installed

Installed Product
--------------------------------------------------------------------------------
Name                  IBM WebSphere Application Server Network Deployment
Version               8.5.5.1
ID                    ND
Build Level           cf011341.03
Build Date            10/18/13
Package               com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
Architecture          PPC64
Installed Features    IBM 64-bit WebSphere SDK for Java
                      WebSphere Application Server Full Profile
                      EJBDeploy tool for pre-EJB 3.0 modules
                      Embeddable EJB container
                      Stand-alone thin clients and resource adapters

Before installing, make a backup of WAS file system.

To install silently using command-line, as user root...

cd /opt/IBM/InstallationManager/eclipse/tools 
./imcl install com.ibm.websphere.ND.v85_8.5.5001.20131018_2242 \
       -repositories /media/WAS855_FP1/repository.config  \
       -installationDirectory /opt/IBM/Portal/WAS1/AppServer  \
       -sharedResourcesDirectory /opt/IBM/Portal/IMShared  \
       -log /tmp/imcl.log  \
       -showProgress \
       -acceptLicense

To install using Installation Manager GUI...

  1. On the main IIM page, select Update

  2. On the "Select a package group to find updates for", select first package group

  3. On the panel, "Select updates to install", verify V8.5.5.1 is selected

  4. On the panel, "Select the features to install", keep defaults, then select Next

  5. On the Summary panel, select Update

  6. After it finishes, do the same for the second package group


Install Portal on primary node

  1. Configure portal repository

    Using console mode

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

    2. Select...

        P. Preferences | 1. Repositories | D. Add Repository

    3. Add repository...

        /media/Portal8/Setup/eimage/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
      
      Repositories:
           1. [X] /media/Portal8/Setup/eimage/repository.config
      
      Other Options:
           D. Add Repository
      
           S. [ ] Search service repositories during installation and updates
      
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu
      

    Using GUI...

    1. Run

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Add repository...

        /media/Portal8/Setup/eimage/repository.config

  2. Install Portal

    1. First, set up X11 like we did for installing WAS.

      If we cannot log on directly to host, for example, to get to PRD HA hosts we have to go through jump server, set up X11 forwarding. Basically you log on to the jump box, and then ssh to the target host using syntax...

        ssh -X -Y -C username@hostname

    2. Run IBMIM and then select Install

    3. On Install Packages panel, select IBM WebSphere Portal Server

    4. Accept license agreement

    5. Select "Create a new package group" and set Installation Directory to...

        /opt/IBM/Portal/WAS1/PortalServer

    6. For features, if this is a primary node, select...

      • Config Engine
      • Portal Server Binary
      • Portal Server Profile

      If this is a secondary node, do not select Portal Server Profile. See Installing addtional portal nodes

    7. On the next screen, select "Existing WebSphere Application Server Root Directory"

        /opt/IBM/Portal/WAS1/AppServer

    8. For Profile Template Type, select "Base"

    9. Set node and cell name...

      Cell p1cellP
      Node PrdNode01

      For username and password set...

      • wasadmin
      • password

      We will change password later when we configure LDAP

      The cell and node name for the portal MUST be different than the cell and node names for the dmgr cell.

      The cluster setup steps in this guide assume we use the same IDs for portal and dmgr. If we do NOT use the same ID, you may see unexpected problems when creating the cluster related to the user IDs..

    10. On the Summary page, click install...


Additional portal nodes


Overview

This section covers adding the additional node to the Deployment Manager cell and adding a new WebSphere_Portal server as a horizontal dynamic cluster member to the previously created dynamic cluster. Once this section is completed, you will have a functional two-node horizontal dynamic cluster using the federated LDAP security.

  1. Install Installation Manager

  2. Add WAS v8.5.5 and WAS FP1 to Installation Manager repository...

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

      ...select...

        P. Preferences | 1. Repositories | D. Add Repository

    2. Set...

        /opt/IBM/Portal/media/WAS855/repository.config

    3. Add repository for WAS 8.5.5 FP 1

        /opt/IBM/Portal/media/WAS855_FP1/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
      
      Repositories:
           1. [X] /opt/IBM/Portal/media/WAS855/repository.config
      
      Other Options:
           D. Add Repository
      
           S. [ ] Search service repositories during installation and updates
      
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu
      

  3. Install WAS v8.5.5 binaries

    1. Start Installation Manager GUI...

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Select Install, then select Continue in pop-up panel.

    3. On the Install Packages screen, select...

        Create a new package group

      ...and for Installation Directory select...

        /opt/IBM/Portal/WAS1/AppServer

    4. Select defaults for remainder of panels, then on summary page, select Install

    5. On last screen, select None, then Finish

  4. Install Fixes

    1. Add repository for WAS 8.5.5 FP 1

        /opt/IBM/Portal/media/WAS855_FP1/repository.config

      MyCo has WCM license, which is different from WCM Standard Edition (fewer entitlements). We install...

        8.0.0-WP-Server-FP001
        8.0.0-WP-WCM-FP001

      Uncheck: "Search service repositories during installation and updates"

    2. On the main IIM page, select Update

    3. On the "Select a package group to find updates for", select first package group

    4. On the panel, "Select updates to install", verify V8.5.5.1 is selected

    5. On the panel, "Select the features to install", keep defaults, then select Next

    6. On the Summary panel, select Update

  5. Install Portal v8.0

    1. Add repository...

        /opt/IBM/Portal/media/Portal8/Setup/eimage/repository.config

    2. On Install Packages panel, select IBM WebSphere Portal Server

    3. Select "Create a new package group" and set Installation Directory to...

        /opt/IBM/Portal/WAS1/PortalServer

    4. For features, select only...

      • Config Engine
      • Portal Server Binary

    5. On the next screen, select "Existing WebSphere Application Server Root Directory"

        /opt/IBM/Portal/WAS1/AppServer

    6. On the Summary page, click install...

    7. Once the installation completes, click the radio button for None and click Finish to exit the installer.

    Upgrade Portal with latest fix pack

    1. Add fixpack to Installation Manager repository

        /opt/IBM/Portal/media/Portal8_FP1/repository.config

    2. From Installation Manager select "Update"

    3. If we have more than one fix in your repository, it will try to install them all. To install just FP1, de-select "Show recommended only", then select only "v8.0.0.1"

    4. Ignore warnings about needing to update wps.properties. Unlike primary node, we did a binary only install of portal on this host, so don't need to update wps.properties

    5. After upgrade finishes, make tarball backup

  6. Upgrade Portal v8 with CF09

    1. Download CF09

    2. Add CF09 to Installation Manager repository

    3. Change class loader from parent first to parent last.

    4. Stop all WebSphere processes

    5. Because no profile has been created yet, we do not need to update wps.properties to include profile name and location

    6. Add CF09 to repository

    7. Use Installation Manager to install

      To install manually..

      1. Determine offering ID...

          $ cd /opt/IBM/InstallationManager/eclipse/tools
          $ ./imcl listAvailablePackages -repositories /opt/IBM/Portal/media/CF09/repository.config
          com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755

      2. Install
        ./imcl install \
               com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755 \
               -repositories /opt/IBM/Portal/media/CF09/repository.config \
               -installationDirectory /opt/IBM/Portal/WAS1/PortalServer \
               -sharedResourcesDirectory /opt/IBM/IMShared \
               -log /tmp/imcl.log  \
               -acceptLicense  
        

    8. Start Portal

    9. Make tarball backup


  7. Create profiles on secondary nodes

    Do this step only after configuring the portal primary node with DB2 and LDAP

    1. From primary node, copy profileTemplates.zip to secondary nodes. For example...

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        scp profileTemplates.zip user1@prdhost2.myco.com:/tmp
        scp profileTemplates.zip user1@prdhost3.myco.com:/tmp
        scp profileTemplates.zip user1@prdhost4.myco.com:/tmp

    2. On target node, unzip profileTemplates.zip

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        mv /tmp/profileTemplates.zip .
        unzip profileTemplates.zip

    3. Update permissions...

        cd /opt/IBM/Portal/WAS1/PortalServer/
        find profileTemplates -name \* -exec chmod 755 {} \;

    4. Execute...

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        ./installPortalTemplates.sh /opt/IBM/Portal/WAS1/AppServer

    5. On each WebSphere Portal additional node...
      cd /opt/IBM/Portal/WAS1/AppServer/bin/ 
      ./manageprofiles.sh -create  \
                          -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
                          -profileName wp_profile  \
                          -profilePath /opt/IBM/Portal/WAS1/wp_profile \
                          -cellName P1Cell02 \
                          -nodeName P1Node02 \
                          -hostName prdhost2.myco.com
      
      cd /opt/IBM/Portal/WAS1/AppServer/bin/ 
      ./manageprofiles.sh -create  \
                          -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
                          -profileName wp_profile  \
                          -profilePath /opt/IBM/Portal/WAS1/wp_profile \
                          -cellName P1Cell03 \
                          -nodeName P1Node03 \
                          -hostName prdhost3.myco.com
      
      cd /opt/IBM/Portal/WAS1/AppServer/bin/ 
      ./manageprofiles.sh -create  \
                          -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
                          -profileName wp_profile  \
                          -profilePath /opt/IBM/Portal/WAS1/wp_profile \
                          -cellName P1Cell04 \
                          -nodeName P1Node04 \
                          -hostName prdhost4.myco.com
      
      ...etc...
      

      Do NOT use the same node name as your primary node or any other node that may already be part of the DMGR cell. You will be unable to add this node to the DMGR cell if the node names are identical. Do NOT use the same cell name as the DMGR cell. Do NOT use the manageprofiles option to Federate the profile now. This results in an unusable Portal profile. A WebSphere_Portal server will NOT be created during the profile creation. The WebSphere_Portal server will be created after the node is added to the existing cluster.

    6. After creating the profile, edit...

        /opt/IBM/Portal/WAS1/PortalServer/wps.properties

      ...and verify the following is set...

        ProfileName=wp_profile
        ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

  8. Copy and configure DB2 client jars

    1. From primary node...

        cd /opt/IBM/Portal/WAS1/PortalServer
        scp -r db2drivers user1@prdhost2.myco.com:/tmp
        scp -r db2drivers user1@prdhost3.myco.com:/tmp
        scp -r db2drivers user1@prdhost4.myco.com:/tmp

      From secondary node

        cd /opt/IBM/Portal/WAS1/PortalServer
        cp -r /tmp/db2drivers .

    2. Edit...

        /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbtype.properties

      ...and set...

        db2.DbLibrary=/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc4.jar:/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc_license_cu.jar

  9. On remote dmgr host, ensure the Deployment Manager is started...

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

  10. Ensure that the time on the Deployment Manager server and the time on the additional Portal node server are no more than 5 minutes apart.

  11. Create backup of all nodes and dmgr

  12. Log on to each secondary host in turn, and add the node...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./addNode.sh prd2dmgr.myco.com 9879 -username wasadmin -password mypassword**

    Example output...

      ADMU0003I: Node P1Node02 has been successfully federated.

  13. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

    ...and set...

      WasUserid=uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com
      WasPassword=mypassword**
      PortalAdminId=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com
      PortalAdminPwd=mypassword**
      PortalAdminGroupId=cn=wpsadmins,cn=groups,ou=admins,dc=myco,dc=com
      WasRemoteHostName=prd2dmgr.myco.com
      WasSOAPPort=9879
      PrimaryNode=false
      ClusterName=P1Cluster

  14. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbdomain.properties

    ...and ensure that the database password values are all set correctly.

    Note that this file should be pre-populated with the database information from running the 'enable-profiles' script on the primary node earlier.

  15. Review settings in...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbtype.properties

  16. Confirm the database properties are set up correctly on this node

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh validate-database -DWasPassword=mypassword**

    Example output:

      Wed Feb 26 15:24:28 EST 2014
      BUILD SUCCESSFUL

  17. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/icm.properties

    ...and set...

      jcr.textsearch.enabled = false

  18. In the same file, set...

      jcr.admin.uniqueName=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com

  19. Start the nodeagent

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh

  20. Add node to cluster

      ./ConfigEngine.sh cluster-node-config-cluster-setup-additional -DWasPassword=mypassword**

  21. Execute appserver specific steps for setting up the following...

  22. Restart appserver and verify no errors in logs

  23. Verify we can access the new cluster member in a web browser using the port we identified earlier:


MemberNotFound Issue

Secondary portal site not rendering. Error in log...

We do not want to re-add file registry because that would break short name logon.

Startup errors...

Fix: Edit...

...and set...

...then restart appserver


Upgrade Portal v8 with FP1 and CF09

  1. If this is the primary node, verify...

      /opt/IBM/Portal/WAS1/PortalServer/wps.properties

    ...has profile name and profile home set...

      ProfileName=wp_profile
      ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

    If this is not the primary node, do not include any profile information in wps.properties.

  2. Stop all WebSphere processes

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password password

  3. Make a backup

  4. Start Installation Manager console mode

      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl -c

    ...and add FP1 to Installation Manager repository

      /media/Portal8_FP1/repository.config

    Uncheck: "Search service repositories during installation and updates"

  5. Install Portal FP1

    To install from command-line...

    To monitor progress...

      tail -f /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log

    When complete, you should see something like...

    **********************************************************************************
    * Configuration Engine finished at: 02/15/2014 09:45:028
    **********************************************************************************
    
    BUIUD SUCCESSFUL
    Total time: 26 minutes 2 seconds
    root@tstwps1 /opt/IBM/InstallationManager/eclipse ->
    

    To install with GUI, from Installation Manager select "Update".

    If there is more than one fix in the repository, IM will try to install them all. To install just FP1, de-select "Show recommended only", then select only "v8.0.0.1"

  6. Install Portal Cumulative Fix

    1. Add Fix to Installation Manager repository

        /media/CF09/repository.config

    2. Change class loader from "parent first" to "parent last".

      This should not be necessary for a newly-installed portal, as "parent last" is the default setting.

    3. Stop all WebSphere processes

    4. Edit...

        /opt/IBM/Portal/WAS1/PortalServer/wps.properties

      ...and verify the following is set...

        ProfileName=wp_profile
        ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

    5. Determine offering ID...

        $ cd /opt/IBM/InstallationManager/eclipse/tools
        $ ./imcl listAvailablePackages -repositories /media/CF09/repository.config

        Offering ID: com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755

    6. Install CF09 fixes
      ./imcl install \
             com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755 \
             -repositories /media/CF09/repository.config \
             -installationDirectory /opt/IBM/Portal/WAS1/PortalServer \
             -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
             -log /tmp/imcl.log  \
             -acceptLicense  
      

    7. Monitor logs for success message

       /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log
      
      **********************************************************************************
      * Configuration Engine finished at: 02/16/2014 11:43:031
      **********************************************************************************
      BUIUD SUCCESSFUL
      Total time: 21 minutes 5 seconds
      

    8. Verify version information...
      root@prdhost2 -> cd /opt/IBM/Portal/WAS1/PortalServer/bin 
      root@prdhost2 -> ./WPVersionInfo.sh
      --------------------------------------------------------------------------------
      IBM WebSphere Portal Product Installation Status Report
      --------------------------------------------------------------------------------
      
      Report at date and time 2014-05-01T11:56:19-04:00
      
      
      Installation
      --------------------------------------------------------------------------------
      Product Directory   /opt/IBM/Portal/WAS1/PortalServer
      Version Directory   /opt/IBM/Portal/WAS1/PortalServer/version
      DTD Directory       /opt/IBM/Portal/WAS1/PortalServer/version/dtd
      Log Directory       /opt/IBM/Portal/WAS1/PortalServer/version/logs
      
      Technology List --------------------------------------------------------------------------------
      MP             installed
      WCM            installed
      CFGFW          installed
      
      Installed Product
      --------------------------------------------------------------------------------
      Name           IBM WebSphere Portal MultiPlatform
      Version        8.0.0.1
      ID             MP
      Build Level    wp8001CF09_001_27 2013-12-17
      Build Date     12/17/2013
      
      Package
      id             com.ibm.websphere.PORTAL.SERVER.v80
      name           IBM WebSphere Portal Server
      kind           offering
      version        8.0.1.20131217_0755
      Installed Features     Config Engine Installed Features     Portal Server Binary
      
      Installed Product
      --------------------------------------------------------------------------------
      Name           IBM Web Content Manager
      Version        8.0.0.1
      ID             WCM
      Build Level    wp8001CF09_001_27 (8001.CF09.6)
      Build Date     12/17/2013
      
      Installed Product
      --------------------------------------------------------------------------------
      Name           IBM WebSphere Portal Configuration Framework
      Version        8.0.0.1
      ID             CFGFW
      Build Level    wp8001CF09_001_27 2013-12-16
      Build Date     12/16/2013
      
      --------------------------------------------------------------------------------
      End Installation Status Report
      --------------------------------------------------------------------------------
      

    9. After success, make backup


Make tarball backup

Use the following script to back up file systems, Installation Manager configuration, and portal DB configuration.

Before starting, verify there is enough space...

Backup script...

### backup.sh
### 
### If we get an EOF file message when running tar, 
### you may need to increase file size limits.

### Backup file system
cd /opt/IBM/Portal

cd /opt/IBM/Portal/WAS1/wp_profile/bin
./stopServer.sh WebSphere_Portal -username wasadmin -password password
cd /opt/IBM/Portal/WAS1/AppServer/bin
./stopNode.sh -username wasadmin -password password
cd /opt/IBM/Portal/WebSphere/AppServer/bin
./stopManager.sh -username wasadmin -password password

cd /opt/IBM/Portal

tar cvf WebSphere.tar WebSphere
gzip WebSphere.tar

tar cvf WAS1.tar WAS1
gzip WAS1.tar


### Backup Installation Manager Configuration
###
### Only need to execute before applying fixes
###

#tar cvf InstallationManager.tar /var/ibm/InstallationManager
#gzip InstallationManager.tar
#tar cvf IMShared.tar IMShared
#gzip IMShared.tar


cd /opt/IBM/Portal/WebSphere/AppServer/bin
./startManager.sh
cd /opt/IBM/Portal/WAS1/AppServer/bin
./startNode.sh
cd /opt/IBM/Portal/WAS1/wp_profile/bin
./startServer.sh WebSphere_Portal


### Backup Portal DB configuration
###
### Only need to execute before portal DB changes
###

cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/bin

### Backup base portal
./xmlaccess.sh -user wasadmin \
               -password password \
               -url http://tstwps1.myco.com:10039/wps/config \
               -in /opt/IBM/Portal/WAS1/PortalServer/doc/xml-samples/Export.xml  \
               -out /opt/IBM/Portal/SMExportBase.xml

### Backup virtual portal
./xmlaccess.sh -user wasadmin \
               -password password \
               -url http://tstwps1.myco.com:10039/wps/config/prd-vp  \
               -in /opt/IBM/Portal/WAS1/PortalServer/doc/xml-samples/ Export.xml \
               -out /opt/IBM/Portal/SMExportVP.xml


Create Dmgr01 profile

To verify, start dmgr server...

...then pull up Dmgr console. For example, for PRD HA...

For Test


Configure the WCM authoring portlet

  1. From primary node, edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

    ...and set...

      WasPassword=YourPwd
      PortalAdminPwd=YourPwd
      PWordDelete=false

  2. Run task to configure WCM authoring...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh configure-wcm-authoring -DPortalAdminPwd=password -DWasUserid=wasadmin -DWasPassword=password

  3. Log on to portal and verify existence of authoring portlet


Configure portal to use DB2

  1. Back up system

  2. Verify DB2 passwords are non-expiring

  3. Have DB2 administrator increase number of transaction logs to 200, and double default size of transaction logs.

  4. Log on to the primary node and stop portal...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh -username wasadmin -password password

  5. Copy DB2 client jar files into place on each portal node...

      cd /opt/IBM/Portal/WAS1/PortalServer
      scp -r wasadmin@tstwps1.myco.com:/opt/IBM/Portal/WAS1/PortalServer/db2drivers .

    Note that if DB2 is upgraded, copy client jars from the DB2 server.

  6. Backup original properties files

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties
      cp wkplc.properties wkplc.properties.orig
      cp wkplc_comp.properties wkplc_comp.properties.orig
      cp wkplc_dbdomain.properties wkplc_dbdomain.properties.orig
      cp wkplc_dbtype.properties wkplc_dbtype.properties.orig
      cp wkplc_sourceDb.properties wkplc_sourceDb.properties.orig

  7. Edit wkplc.properties and set...

      WasPassword=MyPassword
      PortalAdminPwd=MyPassword
      PWordDelete=false

  8. Edit wkplc_dbtype.properties and set

      db2.DbDriver=com.ibm.db2.jcc.DB2Driver
      db2.DbLibrary=/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc4.jar:/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc_license_cu.jar

  9. Edit wkplc_dbdomain.properties and set...

    • Test

        feedback.DbUrl=jdbc:db2://tstdb1.myco.com:60000/FDBKDB:returnAlias=0;
        likeminds.DbUrl=jdbc:db2://tstdb1.myco.com:60000/LMDB:returnAlias=0;
        release.DbUrl=jdbc:db2://tstdb1.myco.com:60000/RELDB:returnAlias=0;
        community.DbUrl=jdbc:db2://tstdb1.myco.com:60000/COMDB:returnAlias=0;
        customization.DbUrl=jdbc:db2://tstdb1.myco.com:60000/CUSDB:returnAlias=0;
        jcr.DbUrl=jdbc:db2://tstdb1.myco.com:60000/JCRDB:returnAlias=0;
        feedback.DbName=FDBKDB
        likeminds.DbName=LMDB
        release.DbName=RELDB
        community.DbName=COMDB
        customization.DbName=CUSDB
        jcr.DbName=JCRDB
        feedback.DbType=db2
        likeminds.DbType=db2
        release.DbType=db2
        community.DbType=db2
        customization.DbType=db2
        jcr.DbType=db2
        feedback.DataSourceName=wpdbDS_feedback
        likeminds.DataSourceName=wpdbDS_likeminds
        release.DataSourceName=wpdbDS_release
        community.DataSourceName=wpdbDS_community
        customization.DataSourceName=wpdbDS_customization
        jcr.DataSourceName=wpdbDS_jcr
        feedback.DbSchema=FEEDBACK
        likeminds.DbSchema=likeminds
        release.DbSchema=release
        community.DbSchema=community
        customization.DbSchema=customization
        jcr.DbSchema=jcr
        feedback.DbUser=db2inst
        likeminds.DbUser=db2inst
        release.DbUser=db2inst
        community.DbUser=db2inst
        customization.DbUser=db2inst
        jcr.DbUser=db2inst
        feedback.DbPassword=password
        likeminds.DbPassword=password
        release.DbPassword=password
        community.DbPassword=password
        customization.DbPassword=password
        jcr.DbPassword=password

    • Production

        feedback.DbUrl=jdbc:db2://pdb1.myco.com:60000/FDBKDB:returnAlias=0;
        likeminds.DbUrl=jdbc:db2://pdb1.myco.com:60000/LMDB:returnAlias=0;
        release.DbUrl=jdbc:db2://pdb1.myco.com:60000/RELDB:returnAlias=0;
        community.DbUrl=jdbc:db2://pdb1.myco.com:60000/COMDB:returnAlias=0;
        customization.DbUrl=jdbc:db2://pdb1.myco.com:60000/CUSDB:returnAlias=0;
        jcr.DbUrl=jdbc:db2://pdb1.myco.com:60000/JCRDB:returnAlias=0;
        feedback.DbName=FDBKDB
        likeminds.DbName=LMDB
        release.DbName=RELDB
        community.DbName=COMDB
        customization.DbName=CUSDB
        jcr.DbName=JCRDB
        feedback.DbType=db2
        likeminds.DbType=db2
        release.DbType=db2
        community.DbType=db2
        customization.DbType=db2
        jcr.DbType=db2
        feedback.DataSourceName=wpdbDS_feedback
        likeminds.DataSourceName=wpdbDS_likeminds
        release.DataSourceName=wpdbDS_release
        community.DataSourceName=wpdbDS_community
        customization.DataSourceName=wpdbDS_customization
        jcr.DataSourceName=wpdbDS_jcr
        feedback.DbSchema=FEEDBACK
        likeminds.DbSchema=likeminds
        release.DbSchema=release
        community.DbSchema=community
        customization.DbSchema=customization
        jcr.DbSchema=jcr
        feedback.DbUser=db2inst
        likeminds.DbUser=db2inst
        release.DbUser=db2inst
        community.DbUser=db2inst
        customization.DbUser=db2inst
        jcr.DbUser=db2inst
        feedback.DbPassword=foo
        likeminds.DbPassword=foo
        release.DbPassword=foo
        community.DbPassword=foo
        customization.DbPassword=foo
        jcr.DbPassword=foo
        feedback.DbRuntimeUser=db2inst
        likeminds.DbRuntimeUser=db2inst
        release.DbRuntimeUser=db2inst
        community.DbRuntimeUser=db2inst
        customization.DbRuntimeUser=db2inst
        jcr.DbRuntimeUser=db2inst
        feedback.DbRuntimeUser=foo
        likeminds.DbRuntimeUser=foo
        release.DbRuntimeUser=foo
        community.DbRuntimeUser=foo
        customization.DbRuntimeUser=foo
        jcr.DbRuntimeUser=foo

    • Production ha

        feedback.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/FDBKDB:returnAlias=0;
        likeminds.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/LMDB:returnAlias=0;
        release.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/RELDB:returnAlias=0;
        community.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/COMDB:returnAlias=0;
        customization.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/CUSDB:returnAlias=0;
        jcr.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/JCRDB:returnAlias=0;
        feedback.DbName=FDBKDB
        likeminds.DbName=LMDB
        release.DbName=RELDB
        community.DbName=COMDB
        customization.DbName=CUSDB
        jcr.DbName=JCRDB
        feedback.DbType=db2
        likeminds.DbType=db2
        release.DbType=db2
        community.DbType=db2
        customization.DbType=db2
        jcr.DbType=db2
        feedback.DataSourceName=wpdbDS_feedback
        likeminds.DataSourceName=wpdbDS_likeminds
        release.DataSourceName=wpdbDS_release
        community.DataSourceName=wpdbDS_community
        customization.DataSourceName=wpdbDS_customization
        jcr.DataSourceName=wpdbDS_jcr
        feedback.DbSchema=FEEDBACK
        likeminds.DbSchema=likeminds
        release.DbSchema=release
        community.DbSchema=community
        customization.DbSchema=customization
        jcr.DbSchema=jcr
        feedback.DbUser=db2inst
        likeminds.DbUser=db2inst
        release.DbUser=db2inst
        community.DbUser=db2inst
        customization.DbUser=db2inst
        jcr.DbUser=db2inst
        feedback.DbPassword=foo
        likeminds.DbPassword=foo
        release.DbPassword=foo
        community.DbPassword=foo
        customization.DbPassword=foo
        jcr.DbPassword=foo
        feedback.DbRuntimeUser=db2inst
        likeminds.DbRuntimeUser=db2inst
        release.DbRuntimeUser=db2inst
        community.DbRuntimeUser=db2inst
        customization.DbRuntimeUser=db2inst
        jcr.DbRuntimeUser=db2inst
        feedback.DbRuntimeUser=foo
        likeminds.DbRuntimeUser=foo
        release.DbRuntimeUser=foo
        community.DbRuntimeUser=foo
        customization.DbRuntimeUser=foo
        jcr.DbRuntimeUser=foo

  10. Verify settings in wkplc_dbdomain.properties...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/
      for i in `echo feedback.DbUrl likeminds.DbUrl release.DbUrl community.DbUrl customization.DbUrl jcr.DbUrl feedback.DbName likeminds.DbName release.DbName community.DbName customization.DbName jcr.DbName feedback.DbType likeminds.DbType release.DbType community.DbType customization.DbType jcr.DbType feedback.DataSourceName likeminds.DataSourceName release.DataSourceName community.DataSourceName customization.DataSourceName jcr.DataSourceName feedback.DbSchema likeminds.DbSchema release.DbSchema community.DbSchema customization.DbSchema jcr.DbSchema feedback.DbUser likeminds.DbUser release.DbUser community.DbUser customization.DbUser jcr.DbUser feedback.DbPassword likeminds.DbPassword release.DbPassword community.DbPassword customization.DbPassword jcr.DbPassword feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser`
      do
          grep ^${i} wkplc_dbdomain.properties | grep -v Zos
      done

  11. Verify there are no trailing spaces

      grep " $" wkplc_dbdomain.properties

  12. Validate database configuration properties...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh validate-database -DWasPassword=password

  13. Stop the WebSphere_Portal server:

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password password

  14. Transfer the database:

    Do not execute the database-transfer task as a background process. This might cause the task to stall.

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh database-transfer -DWasPassword=password

    When complete, you should get success message...

      BUIUD SUCCESSFUL
      Tue May 13 23:02:21 EDT 2014

    If task fails, review log output...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log

    ...verify the values are correct in wkplc.properties, wkplc_dbdomain.properties, and wkplc_dbtype.properties files, then repeat this step.

    If task fails with error...

      DB2 SQL Error: SQLCODE=-204, SQLP1ATE=42704, SQLERRMC=ICMSFQ04

    ...run...

      ./ConfigEngine.sh setup-database

    ...then try the database-transfer task again.

  15. Start the WebSphere Portal server.

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startServer.sh WebSphere_Portal

  16. If node is part of a cluster, and if icm.properties is not identical between nodes, copy icm.properties from primary node to each secondary node.

    1. Stop the portal server on the secondary nodes.

    2. From the primary node...

        cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/
        scp icm.properties wasadmin@secondary_node:/opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/

    3. Start the portal server on the secondary nodes.


Create profile template

  1. On the primary node, start the WebSphere_Portal server...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startServer.sh WebSphere_Portal

  2. Log in to the WebSphere Portal server

      http://myenv.myco.com:10039/wps/config

    ...and go to...

      Administration | Search Administration | Manage Search | Search Collections

  3. Click the Delete icon (trash can) for each search collection listed here.

  4. Log out of WebSphere Portal

  5. Stop the WebSphere_Portal server

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -user wasadmin -password password

  6. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/icm.properties

    ...and change...

      jcr.textsearch.enabled=true

    ...to...

      jcr.textsearch.enabled=false

  7. Save icm.properties.

  8. From primary node, run...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh enable-profiles -DWasPassword=mypassword

    This script will create a backup of the wp_profile configuration named Portal.car and save it to the following directory:

      /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/default.portal/configArchives/Portal.car

  9. Package profile templates into a single zip file:

      ./ConfigEngine.sh package-profiles -DWasPassword=mypassword

    The following file is created...

      /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/profileTemplates.zip


Configure dmgr

  1. From the primary Portal node, copy fileForDmgr to dmgr host...

      cd /opt/IBM/Portal/WAS1/PortalServer/
      scp -r filesForDmgr user1@prd2dmgr.myco.com:/tmp

  2. Important: Stop the dmgr server

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password foo

  3. From the dmgr host, extract filesForDmgr.zip and copy files into place...

      cd /tmp/filesForDmgr
      unzip filesForDmgr.zip
      mkdir /opt/IBM/Portal/WebSphere/AppServer/bin/ProfileManagement/plugins
      cp -r bin/ProfileManagement/plugins/com.ibm.wp.dmgr.pmt_7.0.5 /opt/IBM/Portal/WebSphere/AppServer/bin/ProfileManagement/plugins
      cp lib/wkplc.comp.registry.jar /opt/IBM/Portal/WebSphere/AppServer/lib
      cp lib/wp.wire.jar /opt/IBM/Portal/WebSphere/AppServer/lib
      cp plugins/com.ibm.patch.was.plugin.jar /opt/IBM/Portal/WebSphere/AppServer/plugins
      cp plugins/com.ibm.wp.was.plugin.jar /opt/IBM/Portal/WebSphere/AppServer/plugins
      cp -r profileTemplates/management.portal.augment /opt/IBM/Portal/WebSphere/AppServer/profileTemplates
      cp profiles/Dmgr01/config/.repository/metadata_wkplc.xml /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/config/.repository

  4. On dmgr host, augment dmgr profile.

    cd /opt/IBM/Portal/WebSphere/AppServer/bin
    ./manageprofiles.sh -augment \
                        -templatePath /opt/IBM/Portal/WebSphere/AppServer/profileTemplates/management.portal.augment \
                        -profileName Dmgr01
    

    Augmenting the dmgr profile...

    • Increases the HTTP connection timeouts for the DMGR server
    • Increases the SOAP connector timeout for JMX in the DMGR server
    • Increases the JVM Maximum Heap size for the DMGR server
    • Enables Application Security
    • Creates a 'wasadmins' group in the default file repository
    • Adds the administrative user to the 'wasadmins' group.
    • Increases the soap timeout in soap.client.props.

  5. Start Dmgr

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

  6. Open dmgr console in browser. For example, PRD HA...

  7. To help prevent user ID conflicts when we add the federated LDAP later, go to...

      Security | Global Security | User Account Repository | Available realm definitions | Configure

    ..and in the 'Primary administrative user name' field, change value to the fully distinguished name of the user...

      uid=wasadmin,o=defaultWIMFileBasedRealm

  8. Click Apply, enter passwords in the next panel, then click OK and Save.

  9. Restart the deployment manager for the changes to take effect.


Federate primary node

  1. Ensure the time on the primary node is within 5 minutes of the time on the DMGR. Failure to do so will cause the addNode process to fail.

  2. Start the DMGR

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

  3. Stop WebSphere_Portal on the primary node...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -user wasadmin -password password

  4. Add the Portal node.

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./addNode.sh prd2dmgr.myco.com 8879 -username wasadmin -password mypassword -includeapps

    To get SOAP port, from dmgr console...

      System Administration | Deployment Manager | Ports

    If the addNode script fails for any reason, complete the following steps before running again:

    1. Remove the node from the DMGR cell in case AddNode successfully completed that step before failing.

    2. Login to the DMGR and do the following (these may not exist, depending on where the failure occurred):

      1. Remove all Enterprise applications
      2. Remove the WebSphere_Portal server definition
      3. Remove the JDBC Provider information for WebSphere_Portal

  5. Restart the deployment manager

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password mypassword
      ./startManager.sh

At this point, the WebSphere Portal server has been federated to the Deployment Manager. It is not yet in a cluster. It has also inherited the Deployment Manager's security configuration. Running Portal in a federated-only environment is not officially supported by IBM, so next we must build a cluster.


Create static cluster

  1. Log on to primary node and stop the WebSphere_Portal server

  2. Verify dmgr and node agent are running

      ./serverStatus.sh dmgr -user wasadmin -password password
      ./serverStatus.sh nodeagent -user wasadmin -password password

  3. Set environment-specific values in...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

  4. Verify database user IDs and passwords are set in...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbdomain.properties

  5. Update the deployment manager configuration for the new WebSphere Portal server

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh cluster-node-config-post-federation -DWasPassword=password

  6. Create the cluster definition and add the WebSphere_Portal server as a cluster member

      ./ConfigEngine.sh cluster-node-config-cluster-setup -DWasPassword=password

  7. Verify ports for new cluster member...

      Servers | Server Types | WebSphere Application Servers | new_cluster_member | Ports

    Note value WC_defaulthost which should be 10039.

  8. Make tarball backup


Install IHS

  1. Log on web server host(s)

    For example, for PRD HA...

    • webserver1
    • webserver2

  2. Install Installation Manager

      cd /media/installmgr
      ./installc -acceptLicense
      cd /opt/IBM/InstallationManager/eclipse

  3. Add IHS to repository

    1. Start Installation Manager in console mode...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

    2. Select...

        P. Preferences | 1. Repositories | D. Add Repository

    3. For repository location...

        /media/WAS855_supp/repository.config

    4. Save changes and exit...

        A. Apply changes | R. Return to main menu | X. Exit Installation Manager

    5. Confirm repository is available...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config
        com.ibm.websphere.APPCLIENT.v85_8.5.5000.20130514_1044
        com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044
        com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044
        com.ibm.websphere.PLUGCLIENT.v85_8.5.5000.20130514_1044
        com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044

  4. Install IHS
    ./imcl install com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044 \
          -repositories  /media/WAS855_supp/repository.config \
          -installationDirectory /opt/IBM/Portal/IHS \
          -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
          -log /tmp/imcl.log  \
          -acceptLicense \
          -properties user.ihs.httpPort=7001
    

  5. Edit...

      /opt/IBM/Portal/IHS/conf/admin.conf

    ...and set...

      Listen 8008
      User wasadmin
      Group staff
      ServerName myserver:8008

  6. Edit...

      /opt/IBM/Portal/IHS/conf/httpd.conf

    ...and for TST, PRD Primary, and PRD HA, set...

      Listen 7001
      ServerName myserver

    For Test, set....

      Listen 80
      ServerName myserver

    For all envs except DEV, we start IHS (apachectl start), as user wasadmin. For Test, we start IHS as user root, even though User in httpd.conf is wasadmin

  7. Verify IHS version info

      /opt/IBM/Portal/IHS/bin/versionInfo.sh

  8. Install plugins
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044 \
           -repositories  /media/WAS855_supp/repository.config \
           -installationDirectory /opt/IBM/Portal/Plugins \
           -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
           -log /tmp/imcl.log  \
           -acceptLicense
    

    To uninstall...

      imcl uninstallAll -installationDirectory /opt/IBM/Portal/IHS/Plugins

  9. Verify plugins version info

      /opt/IBM/Portal/Plugins/bin/versionInfo.sh

  10. Update both IHS and Plugin to v8.5.5.1

    1. Add the following to the Installation Manager repository

        /media/WAS855_supp_FP1/repository.config
        /media/WAS855_supp_WCT_FP1/repository.config

    2. Unselect...

        S. [ ] Search service repositories during installation and updates

    3. Start GUI Installation Manager

        cd /opt/IBM/InstallationManager/eclipse/
        ./IBMIM

    4. Select Update, select IBM HTTP Server V8.5, then execute upgrade.

    5. Do the same for Web Server Plug-ins for IBM WebSphere Application Server V8.5

  11. Start web and admin servers

      /opt/IBM/Portal/IHS/bin/apachectl start
      /opt/IBM/Portal/IHS/bin/adminctl start
      ps -ef | grep http

    You should see...

        root  9633990        1   0 09:14:09      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -f /opt/IBM/Portal/IHS/conf/admin.conf
      nobody 10420432 17563778   0 09:12:37      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
    wasadmin 13697222  9633990   0 09:14:09      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -f /opt/IBM/Portal/IHS/conf/admin.conf
        root 14876862  9633990   0 09:14:09      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -f /opt/IBM/Portal/IHS/conf/admin.conf
        root 17563778        1   0 09:12:36      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
      nobody 19398842 17563778   0 09:12:37      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
      nobody 21430478 17563778   0 09:12:37      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
    


Configure web server plugin

  1. Get version ID of WebSphere Customization Toolbox (WCT)

      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config
      com.ibm.websphere.APPCLIENT.v85_8.5.5000.20130514_1044
      com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044
      com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044
      com.ibm.websphere.PLUGCLIENT.v85_8.5.5000.20130514_1044
      com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044

  2. Install WCT
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044 \
          -repositories  /media/WAS855_supp/repository.config \
          -installationDirectory /opt/IBM/Portal/Toolbox \
          -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
          -log /tmp/imcl.log  \
          -acceptLicense 
    

  3. Start web server and admin server

      cd /opt/IBM/Portal/IHS/bin
      ./apachectl start
      ./adminctl start

  4. Run the WCT GUI...

      cd /opt/IBM/Portal/Toolbox/WCT
      ./wct.sh

  5. Select and launch "Web Server Plug-ins Configuration Tool"

  6. Select "Add" to add a web server plug-ins location

  7. Add plug-in

      Name: Plugin01
      Location: /opt/IBM/Portal/Plugins

    Increment number based on node. For node2, name is Plugin02

  8. In the Web Server Plug-in Configurations panel, select "Create"

  9. Select IBM HTTP Server v8.5

  10. Select 64 bit architecture

  11. Specify httpd.conf location and port 7001.

  12. Set port, user ID, and password for IBM HTTP Server Administration

    Be sure to scroll down if we do not see password confirmation field.

  13. On the admistrator name and group panel, enter wasadmin and system.

  14. Enter a Web Server Definition name, for example, PRDweb1...

  15. Choose either local or remote install. If remote to a cluster, use host name of the dmgr.

    For remote install, use name of dmgr host, such as testdmgr.myco.com

  16. Review summary info then click Configure.

  17. You should get a success message

  18. Edit httpd.conf, and verify existence of plugin-in directives...

      LoadModule was_aPRD22_module /opt/IBM/Portal/Plugins/bin/64bits/mod_was_aPRD22_http.so
      WebSpherePluginConfig /opt/IBM/Portal/Plugins/config/webserver2/plugin-cfg.xml

  19. Copy web server definition script to target dmgr

      scp /opt/IBM/Portal/Plugins/bin/configurePRDweb1.sh wasadmin@prd2dmgr.myco.com:/tmp

  20. Log on to dmgr host and create web server definition...

      cd /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin
      cp /tmp/configurePRDweb1.sh .
      ./configurePRDweb1.sh -user wasadmin -password password

    Typical output...

    root@prd2dmgr /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin ->./configurePRDweb1.sh -user wasadmin -password Wps>
    
    Input parameters:
    
       Web server name             - PRDweb1
       Web server type             - IHS
       Web server install location - /opt/IBM/Portal/IHS
       Web server config location  - /opt/IBM/Portal/IHS/conf/httpd.conf
       Web server port             - 7001
       Map Applications            - MAP_ALL
       Plugin install location     - /opt/IBM/Portal/Plugins
       Web server node type        - unmanaged
       Web server node name        - ihsnode1
       Web server host name        - webserver1.myco.com
       Web server operating system - aix
       IHS Admin port              - 8008
       IHS Admin user ID           - wasadmin
       IHS Admin password          - foo**
       IHS service name            - ""
    

  21. Log on to dmgr console and verify web server definition was created.

  22. Synchronize nodes

  23. From dmgr console, generate plugin-cfg.xml files.

  24. Copy new plugin-cfg.xml files to respective web server hosts

      DMGR=/opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01
      scp $DMGR/config/cells/p1cell/nodes/ihsnode1/servers/PRDweb1/plugin-cfg.xml wasadmin@webserver1:/opt/IBM/Portal/Plugins/config/PRDweb1

  25. Restart IHS

      cd /opt/IBM/Portal/IHS/bin
      ./apachectl restart

  26. Verify the following host aliases are defined

      Virtual Hosts | default_host | Host Aliases

      Host Name Port
      * 9080
      * 80
      * 9443
      * 5060
      * 5061
      * 443
      * 10000
      * 10002
      * 10032
      * 10039
      * 10029
      * 6005


Configure portal to use LDAP

These tasks only need to be run on the primary node.

  1. Create tarball of portal and dmgr filesystems

  2. Add the wpsadmin user as an administrative user on WAS.

    From dmgr console, go select...

      Users and Groups | Manage Users | Create

    On the Manage Users panel, create wpsadmin user. Click the Group Membership button and assign Administration user role to wpsadmins

  3. Enable distinguished name logins.

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=password

    This allows us to logon with the fully distinguished name...

      uid=wasadmin,o=defaultWIMFileBasedRealm

    We enable fully distinguished name logins because the short name of our administrator, wasadmin, is in both the file and LDAP registries, and a short name search would not resolve correctly.

  4. Optional. If file registry password for wasadmin or wpsadmin is different than LDAP pass, change passwords in file based registry to match LDAP versions

  5. Log on to primary node and copy the parent properties into place...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties
      cp /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/config/helpers/wp_add_federated_ids.properties .

  6. Edit wp_add_federated_ids.properties file and set properties.

    Here are settings for PRD HA...

      federated.ldap.id=MyCo_LDAP1
      federated.ldap.host=prdtds1.myco.com
      federated.ldap.port=389
      federated.ldap.bindDN=cn=root
      federated.ldap.bindPassword=password
      federated.ldap.ldapServerType=IDS
      federated.ldap.baseDN=dc=myco,dc=com
      federated.ldap.gc.name=ibm-allGroups

    Here is copy of Portal v7 PRD Primary wkplc.properties to use as template

    • prdtds1.myco.com 636 (PRD Primary)
    • prdtds2.myco.com 636 (PRD Primary)
    • prdtds1.myco.com 636 (PRD HA)
    • prdtds2.myco.com 636 (PRD HA)

    IBM Security Directory Server supports the optional membership attribute...

      federated.ldap.gc.name=ibm-allGroups

    ...that offers a significant performance enhancement.

  7. Validate the properties:
    cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
    ./ConfigEngine.sh validate-federated-ldap  \
                      -DparentProperties=/opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wp_add_federated_ids.properties  \
                      -DSaveParentProperties=true  \
                      -DWasPassword=password
    

    Running with -DSaveParentProperties=true adds the new wp_add_federated_ids.properties to wkplc.properties.

  8. Add the federated LDAP to the cluster security configuration:

      ./ConfigEngine.sh wp-create-ldap -DWasPassword=password

    The wp-create-ldap tasks adds the LDAP to the WAS security configuration. It does not remove the out-of-the-box file user registry. Both are in use.

    In the future, when we update LDAP properties, we run...

      ./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=password

  9. Enable distinguished logins again (for luck)

      ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=password

  10. Restart the dmgr, nodeagent, and WebSphere_Portal servers.

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      sleep 5
      ./startManager.sh

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal

  11. After restart, verify credentials are correct by logging on to WAS console and Portal.

    We will be unable to login to Portal using the short name. This will only be temporary and will be corrected at the end of these steps. To log on to console, use fully qualified id:

      uid=wasadmin,o=defaultWIMFileBasedRealm

    If logon fails, to revert...

    1. Turn off security...

        cd /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin
        ./wsadmin.sh -conntype NONE
        WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
        WASX7029I: For help, enter: "$Help help"
        wsadmin>securityoff
        LOCAL OS security is off now but you need to restart server1 to make it affected.
        wsadmin>$AdminConfig save
        wsadmin>exit

      Another way to disable security is to edit...

        /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/config/cells/p1cell/security.xml

      ...and for element...

        <security:Security

      ...set attribute...

        enabled="false"

    2. Get the dmgr PID...

        ps -ef | grep dmgr

      ...and kill the dmgr process...

        kill PID

      Give it a minutes to finish. If regular kill does not work, run the sure kill...

        kill -9 PID

    3. Log on to the portal nodes, get the nodeagent and WebSphere_Portal processes...

        ps -ef | grep WebSphere_Portal
        ps -ef | grep nodeagent

      ...then kill those...

        kill PID

    4. Synchronize nodes...

        ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password password

      ...then restart

    5. Run startManager.sh

    6. Log on to dmgr console and go to...

        Security | Global security | Federated repositories | Manage repositories

    7. We can either try to fix the problem, or we can remove the LDAP realm

    8. Restart portal processes

  12. Verify all defined attributes are available in the newly added ldap:

      ./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=foo

  13. Reassign the WAS Administrator ID from the file registry to a user in the LDAP:
    ./ConfigEngine.sh wp-change-was-admin-user \
                      -DWasPassword=password \
                      -DnewAdminId=uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com \
                      -DnewAdminPw=password
    

    For newAdminPw, use the password assigned to this user in the LDAP.

  14. Restart the dmgr, nodeagent and WebSphere_Portal servers...

      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password

      ### On Dmgr
      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      sleep 5
      ./startManager.sh

      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal

    Because we ran wp-modify-realm-enable-dn-login earlier, we use the fully distinguished name of the original file registry WAS admin user. The new LDAP-based WAS admin user will take effect after the servers have been restarted.

  15. Log on to Dmgr console and verify new credentials are working...

      User ID: uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com
      Password: password

  16. In wkplc.properties, if value for WasPassword= was removed, re-add using our new password.

  17. Reassign the WebSphere Portal Administrator ID and Group ID to a user and group within the LDAP:
    ./ConfigEngine.sh wp-change-portal-admin-user \
                      -DWasPassword=password \
                      -DnewAdminId=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com \
                      -DnewAdminPw=password \
                      -DnewAdminGroupId=cn=wpsadmins,cn=groups,ou=admins,dc=myco,dc=com
    

    For newAdminPw, use the password assigned to this user in the LDAP.

    This task updates PortalAdminId in wkplc.properties to reflect the ID value specified for 'newAdminId' and the PortalAdminGroupId value will be automatically updated to reflect the 'newAdminGroupId'.

  18. Review wkplc.properties and verify that PortalAdminPwd is set to foo**

  19. Restart the Deployment Manager, nodeagent, and WebSphere_Portal server on the primary node

    ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./stopServer.sh WebSphere_Portal  \
                    -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                    -password password
    
    ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  -password password
    
    ### On Dmgr
    cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
    ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                     -password password
    ./startManager.sh
    
    ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./startNode.sh
    ./startServer.sh WebSphere_Portal
    

  20. List the current user repositories:

      ./ConfigEngine.sh wp-query-repository -DWasPassword=password

    For example, here is LDAP for STG...

    cell="p1cellD"
    engineinstalllocation="/opt/IBM/Portal/WAS1/wp_profile/ConfigEngine"
    enginerootdir="/opt/IBM/Portal/WAS1/ConfigEngine"
    pathseparator=":"
    osarch="ppc64"
    
    Existing Federated Repositories
    Repository Name : {BasicInformation} : {Details}
    ***************************************
    MyCo_LDAP1 : 
    {  
          repositoryType=LDAP,
          specificRepositoryType=IDS,
          host=devtds.myco.com}, 
          ldapServerType=IDS,
          supportTransactions=false,
          supportExternalName=false,
          supportChangeLog=native,
          searchTimeLimit=120000,
          certificateMapMode=EXACT_DN,
          sslConfiguration=,
          translateRDN=false,
          certificateFilter=,
          supportAsyncMode=false,
          adapterClassName=com.ibm.ws.wim.adapter.ldap.LdapAdapter,
          searchCountLimit=500,
          primaryServerQueryTimeInterval=15,
          supportSorting=false,
          returnToPrimaryServer=true,
          supportPaging=false,
          id=MyCo_LDAP1,
          loginProperties=[uid, mail],
    )
    

  21. Set entity types.

    Edit wkplc.properties and set...

      personAccountParent=cn=users,ou=admins,dc=myco,dc=com
      groupParent=cn=groups,ou=admins,dc=myco,dc=com
      personAccountRdnProperties=uid
      groupRdnProperties=cn

    ...then run...

      ./ConfigEngine.sh wp-set-entitytypes -DWasPassword=password

  22. Remove the default file user registry.

    Option for lower-level envs. Required for production environments.

    In wkplc.properties set...

      federated.delete.baseentry=o=defaultWIMFileBasedRealm
      federated.delete.id=InternalFileRepository

    ...then run...

      ./ConfigEngine.sh wp-delete-repository -DWasPassword=password

  23. Disable fully distinguished name logins and re-enable short name logins...

      ./ConfigEngine.sh wp-modify-realm-disable-dn-login -DWasPassword=password

  24. Stop the dmgr, nodeagent, and WebSphere_Portal...

    ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./stopServer.sh WebSphere_Portal  \
                    -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                    -password password
    
    ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                  -password password
    
    ### On Dmgr
    cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
    ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                     -password password
    ./startManager.sh
    
    ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./startNode.sh
    ./startServer.sh WebSphere_Portal
    

  25. Verify we can log on to dmgr and portal using

    • Login: wasadmin
    • Password: password

  26. Stop processes and make backup

    ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./stopServer.sh WebSphere_Portal  \
                    -username wasadmin \
                    -password password
    
    ./stopNode.sh -username wasadmin -password password
    
    ### On Dmgr
    cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
    ./stopManager.sh -username wasadmin \
                     -password password
    ./startManager.sh
    
    ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./startNode.sh
    ./startServer.sh WebSphere_Portal
    

  27. Optional. Change poolTimeOut from 0 to 180 in...

      /opt/IBM/Portal/WAS1/wp_profile/config/cells/p1cell/wim/config/wimconfig.xml
      /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/config/cells/p1cell/wim/config/wimconfig.xml


Add ha servers for LDAP

To manually add ha LDAP servers, from WAS Admin Console go to...

...and add additional LDAP server names and ports. For example, for PRD HA

At this point, you have completed building a single node cluster using a remote database and federated LDAP server.

If we see blank entries, or have users who can no longer view resources to which they previously had access, you may need to...

  1. On secondary nodes, update wkplc.properties with latest values

  2. Run update-jcr-admin on secondary nodes.

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh update-jcr-admin

See Fix Portal Access Control settings if user/group external identifiers have changed.


Set wasadmins permissions

  1. Log into the ISC and go to Users and Groups
  2. Pick Administrative group Role
  3. Add a group and search for wasadmins
  4. Select all the roles
  5. And then save.


Set ibm-allGroups

If we did not set up ibm-allGroups membership attribute when configuring LDAP, we can do it after the fact by logging on to the console and going to...

Verify that...

...has uniqueMember set...


Enable SSL for LDAP

  1. Add LDAP signer certificate to the WAS installation

    1. Select...

        Security | SSL certificate and key management | SSL configurations | CellDefaultSSLSettings | Key stores and certificates | CellDefaultTrustStore | Signer certificates | Retrieve from port

    2. Set LDAP host name, SSL port (default 636), and alias of your choice

    3. Click "Retrieve signer information".

      This should pull the certificate directly from the LDAP server.

    4. Save the changes to the master configuration.

    5. Restart dmgr

    6. On primary node, perform syncNode...

      ./syncNode.sh prd2dmgr.myco.com 9879  \
                    -user wasadmin \
                    -password password
      

    7. Restart WebSphere_Portal and node agent

  2. Update wkplc.properties and add...

      federated.ldap.sslEnabled=true
      federated.ldap.sslConfiguration=CellDefaultSSLSettings

  3. Update federated repository

      ./ConfigEngine.sh wp-update-ldap -DWasPassword=password


Configure default realm

We add base entries using portal tools. We could also have them manually through dmgr console.

  1. Edit wkplc.properties and set...

    ...then execute...

      ./ConfigEngine.sh wp-create-base-entry

  2. Set

    ...then execute...

      ./ConfigEngine.sh wp-create-base-entry

  3. Remove original (full repository) Base Entry

    ...then execute...

      ./ConfigEngine.sh wp-delete-base-entry

  4. Synchronize nodes and restart Cluster


Configure myAdminRealm

  1. Log on to primary node

  2. Edit wkplc.properties and set...

    Create myAdminRealm

      ./ConfigEngine.sh wp-create-realm
      [wplc-create-realm] Realm myAdminRealm was created successfully.
      [wplc-create-realm] Status = Complete
      
      action-post-config:
      Tue Jan 28 15:56:38 CST 2014
      
      BUIUD SUCCESSFUL
      Total time: 10 seconds
      

    We run this on primary node only

  3. Add base entry to myAdminRealm

    Edit wkplc.properties, and set...

    ...then execute...

      ./ConfigEngine.sh wp-add-realm-baseentry
      [wplc-add-realm-baseentry] Create base entry result: [CWWIM5028I  The configuration is saved in a temporary workspace. 
      [wplc-add-realm-baseentry] Base entry ou=STG,ou=stageusers,dc=myco,dc=com was added successfully.
      [wplc-add-realm-baseentry] Status = Complete
      
      action-post-config:
      Tue Jan 28 16:15:30 CST 2014
      
      BUIUD SUCCESSFUL
      Total time: 11 seconds
      

  4. Stop WebSphere_Portal, nodeagent, run syncNode, then restart


Shared Libraries

  1. Copy deployment.tar.gz to each target portal node...

      scp deployment.tar.gz wasadmin@targethost:/tmp

  2. Log on to each portal node and unarchive deployment.tar.gz...

      cd /tmp
      gunzip deployment.tar.gz
      tar xvf deployment.tar

  3. Copy library files to portal file system...

      cp -r deployment/myco_*_lib /opt/IBM/Portal/WAS1/wp_profile

  4. In Dmgr console, create shared library resources

      Environment | Shared Libraries

    Cluster scope

    Name Description Classpath
    PortletLib Portlet shared classes ${USER_INSTALL_ROOT}/myco_portlet_lib
    ServerLib Cluster Level Shared Library for Server loaded class paths ${USER_INSTALL_ROOT}/myco_server_lib
    ServicesLib Services classes to map to Application class paths ${USER_INSTALL_ROOT}/myco_services_lib

  5. In Dmgr console, map ServerLib to Server Classloader

  6. Synchronize nodes

  7. Restart portal servers

  8. Monitor portal logs...

      /opt/IBM/Portal/WAS1/wp_profile/logs/WebSphere_Portal/SystemOut.log


Web container updates

For ALL Portal appservers, go to...

...and add...


Mail session

Go to...

...and add...

Name Prodline2 Mail Session
JNDI Name mail/Prodline2Session
Server smtp.myco.com


Configure object cache instances

Go to...

...and on cluster scope, create...

Name JNDI name Cache size
Catalog_User_Cache services/cache/Catalog/usercache 2000
WEB_EN_Scripts_Cache services/cache/Catalog/WEB/EN/scripts_cache 5000
WEB_ES_Scripts_Cache services/cache/Catalog/WEB/ES/scripts_cache 5000

Use defaults for other values.


Configure Object Pools


Global security updates

Add "mail" as login property

...and set...


Disallow direct servlet access

By default, users can access servlets by their class name instead of an alias. For example, to call the servlet defined in the com.ibm.itso.MyServlet, specify a URI, such as...

We want to disable this feature. Even if servlet URLs are secured, a malicious attacker might be able to bypass the normal URL-based security.

To disallow direct access to servlets, go to...

...and set to true...

Name Default
com.ibm.ws.webcontainer.disallowserveservletsbyclassname false


Web Services

  1. Log on to dmgr console and go to...

      Services | Policy sets | Application policy sets | New

  2. For name, enter...

      MyCo SOAP Services Policy

    ...for the name and click Apply

  3. Click Add and select HTTP Transport

  4. Set the connection timeout to 30 seconds.

  5. Accept the default values for all other properties and click OK

  6. Click Add and select WS-Security

  7. Click Save

  8. Expand...

  9. Specify MyCo SOAP Binding as the name

  10. Click Add and select HTTP transport

  11. Enter the following values and click OK

    • DEV

      Host devesbgateway.myco.com
      Port 80

    • STG

      Host stage-soa3.myco.com
      Port 9001

    • TST

      Host tstesbgateway.myco.com
      Port 80

    • PRD HA

      Host esbgateway.myco.com
      Port 80

    • PRD HA

      Host haesbgateway.myco.com
      Port 80

    Username and password for all of the above...

    User name weblogic
    Password password

  12. Verify connectivity to gateway. For example...

      $ telnet esbgateway.myco.com 80
      Trying 10.11.11.24...
      Connected to esbgateway.myco.com.
      Escape character is '^]'.

  13. Click Add then select WS-Security

      WS-Security | Authentication and protection | Authentication tokens | New Token | Token Generator

  14. Enter the following properties...

    Name UsernameToken1
    Token type Username Token v1.0

  15. Accept all other default values and click Apply

  16. Click the Callback handler link and enter...

    User name weblogic
    Password password

    Token Policies

  17. From dmgr console, go to...

      Application policy sets | MyCo SOAP Services Policy | WS-Security | Main policy | Request token policies

    ...and add

    Token type UserName
    Username token name auth_token
    WS-Security version WS-Security 1.0

    Select OK and then Save

  18. Go to...

      Application policy sets | MyCo SOAP Services Policy | WS-Security | Main Policy

    ...and deselect the Message level protection.

    Select OK and SAVE

  19. Synchronize nodes, then restart dmgr and portal appservers.

  20. Install MyCoServices.ear file

    Note that this file needs to be customized for each environment.

    1. Log on to dmgr console and run...

        Applications | New Application | New Enterprise Application | Local file system | Choose File | MyCoServices.ear | Detailed | Show all installation options | Next

    2. Accept defaults for...

        Select installation options

    3. Accept defaults for...

        Map modules to servers

    4. On panel...

        Map shared libraries

      1. Select the checkbox next to MyCoServicesEAR

      2. Click button...

          Reference shared libraries

      3. Scroll down to MyCoServicesLib, select, then move to Selected column

    5. On the panel...

        Provide JNDI names for beans

      ...for each bean, set target resource JNDI name to...

        ejb/BeanName

      For example, for myCustomService, the name should be...

        ejb/myCustomService

    6. Accept the default values for the rest of the panels, then click Finish.

  21. Select...

      Applications | Application Types | WebSphere Enterprise Applications | MyCoServicesEAR | Service client policy sets and bindings

  22. Select all checkboxes, then click...

      Attach Client Policy Set | MyCo SOAP Services Policy

  23. Select all checkboxes, then click...

      Assign Binding | MyCo SOAP Binding

  24. Click Save

  25. Restart the application


Web Content View preferences

Define portlet preferences defined in the WCM Viewer portlet.

  1. Log in to the WebSphere Portal server

      http://myenv.myco.com:10039/wps/config

    ...and go to...

      Administration | Portlet Management | Portlets

  2. Search for "web content viewer" and then click the Configure portlet icon

  3. The Configure portlet panel appears...

  4. Set the following preferences...

    meta.tag.content.element.6 meta.og.description
    meta.tag.content.element.9 meta.og.image
    meta.tag.content.text.2 Prodline2
    meta.tag.content.text.3 INDEX,FOLLOW
    meta.tag.content.text.7 Prodline2
    meta.tag.name.0 title
    meta.tag.name.1 description
    meta.tag.name.2 author
    meta.tag.name.3 robots
    meta.tag.name.4 keywords
    meta.tag.name.5 og:title
    meta.tag.name.6 og:description
    meta.tag.name.7 og:site_name
    meta.tag.name.9 og:image


Expression Language

Apply EL string checking bypass

  1. Go to...

      Servers | Server Types | WebSphere Application Servers | server-name | Java and Process Management | Process Definition | Java Virtual Machine | Custom Properties.

  2. Create a new custom property definition by clicking New and setting...

      org.apache.el.parser.SKIP_IDENTIFIER_CHECK true

    The absence of the custom property definition is the same as setting Value to false.)

  3. Click OK.

  4. Save changes and synchronized with cell nodes

  5. Restart appservers


Deploy war

Execute these tasks from primary node only.

  1. Upload deployment.tar.gz to the target primary node.

  2. Log on to primary node and unarchive files

      cd /tmp
      gunzip deployment.tar.gz
      tar xvf deployment.tar

  3. Deploy MyCo portlets...
    cd /opt/IBM/Portal/WAS1/PortalServer/bin
    ./xmlaccess.sh -in /tmp/deployment/portlets/DeployMyCoPortlets.xml \
                   -user wasadmin  \
                   -password  mypassword \
                   -url http://prdhost1.myco.com:10039/wps/config \
                   -out /tmp/deployment/portlets/DeployMyCoPortlets_out.xml
    

  4. Log on to Portal Administration and verify roles "All Authenticated Portal Users" and "Anonymous Portal User" are assigned to MyCo portlets.


Map Portlets to Shared Libraries

Log on to deployment manager host and run...

Restart portal processes after executing this script.

Verify the following have property library mappings and portal security...

For example...


Resource Environment Providers

Go to...

...and add custom properties. Cluster scope. Use source environment as a reference for resource environment entries and corresponding custom properties

Restart WebSphere processes after setting these values.


Configure PRD Theme

  1. Configure resource providers before installing theme

  2. Install PRD theme war.

    We can also export theme as EAR, and then install EAR in new environment.

    1. From dmgr console, select...

        New Enterprise Application | Path to the new application | Local File System | ModularTheme.war

    2. On panel Select installation options set name to ModularTheme

    3. On panel Map modules to servers select both cluster and web server

    4. On panel JSP reloading options for Web modules keep defaults.

    5. On panel Map shared libraries keep defaults.

    6. On panel Map shared library relationships keep defaults.

    7. On panel Map virtual hosts for Web modules keep defaults.

    8. On panel Map context roots for Web modules set...

        /wps/ModularTheme

    9. On panel Map JASPI provider keep defaults.

    10. On panel Display module build Ids keep defaults.

    11. Review summary info, then select Finish

    12. Synchronize nodes...

  3. Import theme data to WebDAV folders
     
    cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
    ./ConfigEngine.sh webdav-deploy-zip-file \
                      -DTargetURI=dav:fs-type1/themes/CatalogTheme/ \
                      -DZipFilePath=/tmp/deployment/themes/ModularTheme-bin.zip \
                      -DUpdateMode=merge 
    

  4. Migrate theme

    Note that we are getting theme from a Portal v7 environment, and then importing into a Portal v8 environment.

    1. Export theme xml from source portal...
      cd /opt/IBM/Portal/WAS1/PortalServer/bin
      ./xmlaccess.sh -in /tmp/deployment/themes/ExportThemesAndSkins.xml  \
                     -user wasadmin  \
                     -password foo \
                     -url http://pwps1.myco.com:10039/wps/config \
                     -out /tmp/deployment/themes/theme_output.xml
      

    2. Copy output file to:

        target_host:/home/wasadmin/deployment/themes

    3. Edit output file and remove references to unwanted skins and themes.

    4. Change...

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="PortalConfig_7.0.0.xsd"

      ...to...

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="PortalConfig_8.0.0.xsd"

    5. Import theme to target Portal v8 dmgr
      cd /opt/IBM/Portal/WAS1/PortalServer/bin
       ./xmlaccess.sh -in /tmp/deployment/themes/theme_output.xml  \
                      -user wasadmin  \
                      -password mypassword \
                      -url http://prdhost1.myco.com:10039/wps/config \
                      -out /tmp/deployment/themes/import_theme_log.xml
      

  5. From dmgr console, go to...

      Enterprise Applications | ModularTheme | Class loading and update detection

    ...and verify Class loader order is set to...

      Classes loaded with parent class loader first

  6. Go to the Enterprise Applications panel, then select and start the ModularTheme...

  7. Go to the Portal administration page...

      http://test.myco.com/wps/myportal/Administration

    ...and select...

      Portal User Interface | Themes and Skins | MyTheme | Edit theme

    Change the default skin from the 7.0.0.2 noSkin to Portal 8.0 noSkin.

  8. Fix hard-coded reference to 7002theme

  9. Restart portal appserver


Install global filters

Use WAS console to install MyCoGlobalFilters-1.0.war

Map module to cluster only.

Context root: /globalportalfilters


Install Tealeaf processor

Use WAS console to install MyCoTealeafProcessor.war

Context root: /tealeaf

Map to cluster and web server


Customize IHS config

  1. From WebSphere Console, go to the Web servers panel, and regenerate plugin-xml files.

  2. Copy new plugin-cfg.xml files to the web server hosts.

    Firewall rules prevent us from propagating, or using scp, to copy regenerated plugin-cfg.xml files to their respective web servers. To accomplish, we perform the task below.

    1. On dmgr host, copy new plugin-xml files to /tmp and set perms...

        cp $DMGR_PROFILE/config/cells/p1cell/nodes/ihsnode1/servers/webserver1/plugin-cfg.xml /tmp/plugin-cfg1.xml
        cp $DMGR_PROFILE/config/cells/p1cell/nodes/ihsnode2/servers/webserver2/plugin-cfg.xml /tmp/plugin-cfg2.xml
        chmod 666 /tmp/plugin-cfg1.xml
        chmod 666 /tmp/plugin-cfg2.xml

    2. Download files to the client PC...

        scp user1@prd2dmgr.myco.com:/tmp/plugin-cfg1.xml plugin-cfg1.xml
        scp user1@prd2dmgr.myco.com:/tmp/plugin-cfg2.xml plugin2-cfg.xml

    3. Copy files up to web servers...

        scp plugin-cfg1.xml user1@webserver1.myco.com:/tmp/plugin-cfg.xml
        scp plugin-cfg2.xml user1@webserver2.myco.com:/tmp/plugin-cfg.xml

      From webserver1 host, change perms and copy into place...

        chmod 666 /tmp/plugin-cfg.xml
        cd /opt/IBM/Portal/Plugins/config/webserver1
        cp /tmp/plugin-cfg.xml .

      From webserver2 host, change perms and copy into place...

        chmod 666 /tmp/plugin-cfg.xml
        cd /opt/IBM/Portal/Plugins/config/webserver2
        cp /tmp/plugin-cfg.xml .

  3. On web server hosts, modify httpd.conf to include MyCo directives.


Create PRD Virtual Portal

  1. Go to...

    ...and create...

    Virtual portal title Prodline1_Virtual_Portal
    URL Context prd-vp
    Virtual portal hostname myhost.myco.com
    User realm myAdminRealm
    Initial admin user group wpsadmins

  2. Enter the virtual portal by clicking the URL Context link

    If VIP, DNS, DataPower, or IHS are not configured for routing success, to access the new virtual portal via the hostname, set up an alias on the client PC. Edit...

      c:/windows/system32/drivers/etc/hosts

    ...and set hostname to...

      10.22.40.111 portal_primary_node

    For example, for PRD...

      10.22.40.111 prod.myco.com

    You should now be able to get to the virtual portal by going to the Manage Virtual Portals page and clicking on the hostname for the virtual portal.

  3. From the virtual portal, set Administration label name...

      Administration | Portal Settings | URL Mapping | New Context | Administration | OK

    Click the Edit Mapping icon map label and map to the Administration page.

    Note that if we are unable to get to the virtual portal administration page to set up the friendly URL, we can copy and paste the URL from another site. For example, the following URL takes you to the TST Administration page...

      http://test.myco.com/wps/myportal/!ut/p/a1/04_Sj9CPykssy0xPLMnMz0vMAfGjzOKd3R09TMx9DAwsjF2NDDzNA52Mw4w9Ddz9TfXD9aPwKzEjpMAEqsAAB3A00C_Izg4CAPyxWkA!/

    Use the part of the link after myportal/


Syndication

To set up a syndication relationship...

  1. Install multilingual

    Do this before BEFORE syndicating or importing WCM libraries.

  2. Ensure both the subscriber and syndicator are running, and that they can access each other over a network. For example...

      telnet test.myco.com 10039

  3. On the subscriber server, log in to IBM WebSphere Portal.

  4. Create a shared credential vault slot to allow us to access the syndicator

    ID and password should be a valid ID and password for accessing the syndicator portal. For example: wasadmin / foo

  5. Go to...

      Administration | Portal Content | Subscribers | Subscribe Now

  6. Enter the syndicator URL. For example...

      http://test.myco.com:10039/wps/wcm

  7. Set the syndicator name.

  8. Set the subscriber.

  9. Select the credential vault slot created earlier.

  10. Click Next

  11. Select the libraries to subscribe to. For example...

    For PRD, select...

    • Prodline1 Design
    • Prodline1 EN
    • Prodline1 ES
    • Prodline2 Design
    • Prodline2
    • Prodline2 ES
    • ImageRendering
    • Units
    • ML_Configuration7

  12. Click Finish.

  13. To begin syndication, click either Update Subscriber or Rebuild Subscriber button.

During the syndication you will see a Status of Active along with Last Update

Avoid stopping the Portal server while the syndication is running. Wait for Complete status. Clicking on Last Update will render a progressa.

Monitor Portal JVM logs on both syndicator and subscriber...

To add additional WCM libraries after creating the syndication relationship, go to the syndication portal and click the Edit icon...


Export/Import WCM libs

Note that this step is an alternative to syndication.

With this step we export the contents of a web content library in source portal, and import this data into target web content server. This procedure is only suitable for populating new items. For ongoing updates, deletes and moves, we will use syndication.

Note: If we have not yet run the multilingual deploy tasks, do NOT copy over any multilingual-related libraries. Run the mls deploy tasks first.

  1. Install multilingual

    This must be done before BEFORE importing WCM libs

  2. From source portal server, as user wasadmin, export all WCM libraries...

    cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
    ./ConfigEngine.sh export-wcm-data \
                      -Dexport.allLibraries=true  \
                      -DWasPassword=password \
                      -DPortalAdminPwd=password
    

    Note that we can optionally specify a virtual portal: -DVirtualPortalHostName

    We can tail logs during export...

      tail -f /opt/IBM/Portal/WAS1/wp_profile/logs/WebSphere_Portal/SystemOut.log

  3. On target host, as user wasadmin, create import directory...

      mkdir /opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/import

  4. Copy output file to target portal server

      cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/export
      scp -r dirname wasadmin@remotehost:/opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/import

  5. Increase total transaction lifetime timeout and maximum transaction timeout to 360 seconds in...

      Servers | Server Types | WebSphere appservers | portal_server | Container Services | Transaction Service

  6. Log on to target portal server and import WCM libraries...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh import-wcm-data -DWasPassword=password -DPortalAdminPwd=password


Set permissions for web content

  1. Log on to the portal and go to...

      Administration | Portal Content | Web Content Libraries | Set Access on Root

  2. Edit the User role

  3. Add members "All Authenticated Portal Users" and "Anonymous Portal User" to User role.


Export/Import pages

For this step we export pages from source portal A, and then import those pages to target portal B. For the export to work, enable support for JavaScript and disable pop-up blocking in the browser settings. I have had success using out-of-the box Firefox as the browser.

  1. Backup target portal

  2. Log on to source virtual portal administration page as user wasadmin.

    For example...

  3. Click the "Administration" link on the bottom left of the page.

  4. Go to...

      Administration | Manage Pages | Content Root

    ...and click the Export button for the Welcome to Prodline1 page...

    Output is written by default to pageExport.xml.

  5. If we are migrating v7 pages to a v8 portal...

    1. Review pageExport.xml, and verify object IDs for noskin and theme match those in the theme import file.

    2. Review custom portlets in pageExport.xml, and compare their object IDs to those found in...

        Portal | Administration | Portal Settings | Custom Unique Names | Portlets

    3. Edit pageExport.xml

      1. Remove references to the following skins and themes. For example...

        <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S4" uniquename="ibm.portal.skin.IBM"/>
        <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S2" uniquename="wps.skin.thinSkin"/>
        <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S6" uniquename="wps.skin.noSkin"/>
        <skin action="locate" domain="rel" objectid="ZK_B8LUIVAH2REB10IL4GGE622OE6"/>
        <theme action="locate" domain="rel" objectid="ZJ_D0JM3QAH2B7H30IJRMH0GP3007" uniquename="com.myco.portal.P2_BlankTheme"/>
        

      2. Change references to cloned Web Content Viewers...

          Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O4
          Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O6

        ...to original Web Content Viewer...

          portlet Z3_CGAH47L00OJ790IAH1AFAN1G56 name=Web Content Viewer (JSR 286)

      3. Remove the following undefined skin component

        <component action="update" 
                   active="true" 
                   deletable="undefined" 
                   domain="rel" 
                   modifiable="true" 
                   objectid="Z7_D0JM3QAH2RH750IPHCSG7N0OF3" 
                   ordinal="3400" 
                   orientation="H" 
                   skinref="undefined" 
                   type="container" 
                   width="undefined">
        

  6. From target virtual portal, go to...

      Administration | Import XML

    ...and select the virtual portal export file created earlier.

  7. Import the pages.


Custom Security Configuration

LDAP Custom Attribute Configuration

Configuration supports the "mycoPerson" custom class and "contObjid" custom attribute.

  1. Log on to primary node and Install WIMSYSTEM application...

    • TST and PRD

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh wp-la-install-ear -DServerName=dmgr -DNodeName=P1Node01

    • PRD

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh wp-la-install-ear -DServerName=dmgr -DNodeName=DmgrNode

    To get dmgr node name, go to...

      System Administration | Deployment manager | Runtime

    In the WAS console, target host and node should be the deployment manager

  2. Restart dmgr, appserver, and node agent

  3. Update wkplc.properties for custom attribute.

    • PRD HA

        la.providerURL=corbaloc:iiop:prd2dmgr:10809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    • PRD Primary

        la.providerURL=corbaloc:iiop:prddmgr:10809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    • TST

        la.providerURL=corbaloc:iiop:testdmgr:10809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    • PRD

        la.providerURL=corbaloc:iiop:stage:9809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    la.providerURL uses the Bootstrap Address port of the dmgr...

      System administration | Deployment manager | Ports

  4. Add attribute:

      ./ConfigEngine.sh wp-add-property

      ** Note this will prompt for credentials

  5. Update wkplc.properties for attribute mapping:

      user.attributes.required=sn,ibm-primaryEmail
      federated.ldap.attributes.mapping.ldapName=contObjid,mail,userPassword
      federated.ldap.attributes.mapping.portalName=contObjid,ibm-primaryEmail,password
      ...
      federated.ldap.attributes.mapping.entityTypes=PersonAccount

  6. Map new attributes:

      ./ConfigEngine.sh wp-update-federated-ldap-attribute-config

  7. Restart

  8. On secondary nodes...

    1. On secondary nodes, update wkplc.properties with latest values

    2. Run update-jcr-admin on secondary nodes.

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh update-jcr-admin

  9. Update wkplc.properties for custom person class:

      federated.ldap.et.personaccount.objectClasses=inetOrgPerson;Person;mycoPerson
      federated.ldap.et.personaccount.objectClassesForCreate=inetOrgPerson;mycoPerson
      federated.ldap.loginProperties=uid;mail

  10. Update the objectClasses

      ./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=mypassword

  11. Update wkplc.properties for the following values:

  12. Delete PersonAccount entity type

      ./ConfigEngine.sh wp-delete-ldap-entitytype

  13. Recreate PersonAccount entity type

      ./ConfigEngine.sh wp-create-ldap-entitytype

  14. Restart

  15. On secondary nodes...

    1. On secondary nodes, update wkplc.properties with latest values

    2. Run update-jcr-admin on secondary nodes.

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh update-jcr-admin


Multilingual system

Important: Do not syndicate or import any WCM libraries before configuring MLS. Configure MLS first.

To enable multilingual, on each portal node in the cluster, run...

  1. Set WasPassword and PortalAdminPwd in wkplc.properties

  2. Run...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh register-wcm-mls
      ./ConfigEngine.sh deploy-wcm-mls
      ./ConfigEngine.sh import-wcm-mls-data -DVirtualPortalContext=prd-vp

  3. To have the home page render in Espanol, log on to the virtual portal, then select...

      Administration | Manage Pages | Content Root | Welcome to Prodline1 | Edit Page Layout | Web Content Viewer portlet | Edit Shared Settings | Advanced Options | Plug-ins | Context Processors | com.ibm.workplace.wcm.ml.contextprocessor.MLContextProcessor

  4. Click OK and restart portal cluster.

    For more information, see: Multilingual deployment, installation, and configuration


Appendix


Test env


Production env

Note that there are two production instances. One in PRD Primary data center, and one in PRD HA data center. Both share the same topology.


Appendix - Databases

Env Host Port User Pass DBs
DEV devdb2 60004 db2admin foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
STG stgdb2 60004 db2adm2 foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
TST tstdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD Primary Prodline1 prddb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD Primary Prodline2 prd2db1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD HA Prodline1 prdaltdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD HA Prodline2 prd2altdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB

Version: DB2 v9.7 FP 6.

DB backups to...


Verify password aging is disabled for DB2 service accounts

Verify db2adm1 and db2adm2 passwords are non-expiring, with password aging disabled. If passwords expire, portal instances will not start.


Change dmgr cellname to p1cell

To change a dmgr cell name...

  1. Stop the Deployment Manager:

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password foo

    Start the WSADMIN environment...

      ./wsadmin.sh -conntype NONE -lang jython

  2. From the WSADMIN prompt run...

      AdminTask.renameCell('[-newCellName p1cell -regenCerts false]')
      AdminConfig.save()
      exit

  3. Edit setupCmdLine.sh script and update the WAS_CELL parameter.

  4. Start the Deployment Manager and check the SystemOut.log file for any errors.


Restart WebSphere_Portal, nodeagent, and sync

DEV and PRD restart...

TST restart

  1. On primary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password foo
      ./stopNode.sh -username wasadmin -password foo

  2. On secondary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal_P1Node02 -username wasadmin -password foo
      ./stopNode.sh -username wasadmin -password foo

  3. On Dmgr

      cd /opt/IBM/Portal/WAS1/AppServer/bin
      ./stopManager.sh -username wasadmin -password foo
      ./startManager.sh

  4. On primary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password foo
      ./startNode.sh
      ./startServer.sh WebSphere_Portal

  5. On secondary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password foo
      ./startNode.sh
      ./startServer.sh WebSphere_Portal_P1Node02


Configure DB2 for large files in WCM

This is optional and is not currently configured in any MyCo environments

For WCM, we update the database configuration to support large files...


Web server authentication

This is not part of portal install. This is to add a documentation site to web server, and to add authentication to the site.

  1. Log on to server hosting IHS, and sudo to root

  2. Edit...

    ..and add stanza...

      <Directory /opt/IBM/Portal/IHS/htdocs/install>
          AuthType Basic
          AuthName "Portal v8 install documentation"
          AuthUserFile "/opt/IBM/Portal/IHS/htdocs/install/auth"
          Require valid-user
          Order allow,deny
          Allow from all
      </Directory>
      

  3. Create password file and add wasadmin user

      cd /opt/IBM/Portal/IHS/htdocs/install
      ../../bin/htpasswd -c /opt/IBM/Portal/IHS/htdocs/install/auth wasadmin

    To add user to existing password file...

      ../../bin/htpasswd /opt/IBM/Portal/IHS/htdocs/install/auth username

  4. Make password file readable by httpd daemon

      chmod 666 /opt/IBM/Portal/IHS/htdocs/install/auth

  5. Restart web server...

      /opt/IBM/Portal/IHS/bin/apachectl restart


Script to install Portal FP1


Set up IHS SSL

  1. Create DB for keys

    mkdir /opt/IBM/Portal/IHS/keys
    cd /opt/IBM/Portal/IHS/keys
    
    /path/to/gsk7cmd -keydb \
                     -create \
                     -db myKeys.kdb \
                     -pw password \
                     -type cms \
                     -expire 360 \
                     -stash
    
    

    Create certificate and store in key database. /path/to/gsk7cmd -cert \ -create \ -db myKeys.kdb \ -pw password \ -size 1024 \ -dn "CN=hostname,O=MyCo,OU=IHS,ST=CO,C=US" \ -label IHS \ -default_cert yes \ -expire 360

  2. Edit httpd.conf and set...

    LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
     Listen 443
     <VirtualHost *:443>
         SSLEnable
         SSLProtocolDisable SSLv2
         </VirtualHost>
         KeyFile /opt/IBM/Portal/IHS/key/myKeys.kdb
     SSLDisable
    

  3. Restart IHS


Example documentation entry page

Prodline1 Links

Authoring

  1. Dmgr
  2. Primary
  3. auth.myco.com

DEV

  1. Dmgr
  2. Primary
  3. IHS web server
  4. dev.myco.com

STG

  1. Dmgr
  2. Primary
  3. VP admin (alt)
  4. stage.myco.com

TEST

  1. Dmgr
  2. Primary
  3. Secondary
  4. test.myco.com
  5. VP admin
  6. server-status

PRD Primary

  1. Dmgr
  2. Primary
  3. Secondary 2
  4. Secondary 3
  5. Secondary 4
  6. www.myco.com
  7. prod.myco.com

PRD HA

  1. Dmgr
  2. Primary
  3. Secondary 2
  4. Secondary 3
  5. Secondary 4
  6. prodha.myco.com


Prodline2 Links

Authoring

  1. Dmgr
  2. Primary
  3. auth.prodline2.com
  4. affiliate.prodline2.com
  5. Virtual Portals

DEV

  1. Dmgr
  2. Primary
  3. dev.prodline2.com

STG

  1. Dmgr
  2. Primary
  3. VP admin (alt)
  4. stage.prodline2.com

TEST

  1. Dmgr
  2. Primary
  3. Secondary
  4. server-status Web1
  5. server-status Web2
  6. test.prodline2.com
  7. Cache Monitor
  8. Web1 server-status

PRD Primary

  1. Dmgr
  2. Primary
  3. Secondary 2
  4. Secondary 3
  5. Secondary 4
  6. Cache Monitor
  7. server-status Web1
  8. server-status Web2
  9. www.prodline2.com
  10. prod.prodline2.com
  11. affiliate.prodline2.com

PRD HA

  1. Dmgr
  2. Primary
  3. Secondary 2
  4. Secondary 3
  5. Secondary 4
  6. prodha.prodline2.com
  7. prodhaaffiliate.prodline2.com