Create application server profiles
Overview
We can create a default profile/server when installing core product files for WAS ND. We can also create profiles post-install.
An application server profile has a default server, server1, and a default application that includes the Snoop servlet and the Hitcount servlet. We can federate the application server to a Dmgr profile, or use it as a standalone application server.
We can create an application server profile using either the Profile Management Tool (PMT) or the manageprofiles command. PMT is the graphical user interface for the manageprofiles command and is supported only on AIX, Linux, and Windows. On HP-UX, IBM i, and Solaris, use the manageprofiles command instead.
PMT has a typical profile creation process or an advanced profile creation process. The typical creation process uses default settings and assigns unique port values. We can optionally set values as allowed. The latter can accept the default values, or specify our own values.
Provide enough system temporary space to create a profile.
Create application server profiles
- Start the Profile Management Tool using one of the following methods...
- At the end of core product installation, select the check box to launch the Profile Management Tool.
- Open the WebSphere Customization Toolbox directly from a command prompt; then, open the Profile Management Tool.
cd install_root/bin/ProfileManagement
wct.batThe pmt.bat script will also start the WebSphere Customization Toolbox, but it is provided only for backward compatibility. It is deprecated from WebSphere Application Server V8.
- Select the WebSphere Customization Toolbox option from the First steps console; then, open the Profile Management Tool.
- (Windows) Use the Start menu to access the Customization Toolbox; then, open the Profile Management Tool.
- (Linux) Use the Linux operating system menus used to start programs to start the WebSphere Customization Toolbox; then, open the Profile Management Tool.
- Click Create on the Profiles tab to create a new profile.
The Profiles tab contains a list of profiles created on the machine. No action can be done on a selected profile unless the profile can be augmented. The Augment button is greyed out unless a profile that we select can be augmented.
The tool displays the Environment selection panel.
- Select Application server and click Next.
The Profile creation options panel is displayed.
- Select either Typical profile creation or Advanced profile creation, and click Next.
The Typical profile creation option creates a profile that uses default configuration settings. With the Advanced profile creation option, we can specify our own configuration values for a profile.
- If we selected Typical profile creation, then go to the step on administrative security.
- If we selected Advanced profile creation, then select the applications to deploy; and click Next.
The tool displays the Profile name and location panel.
- Specify a name for the profile and the directory path for the profile directory, or accept the default values. Then, click Next.
Profile naming guidelines: Double-byte characters are supported. The profile name can be any unique name with the following restrictions. Do not use any of the following characters when naming the profile:
- Spaces
- Special characters that are not supported within the name of a directory on the operating system, such as *&?
- Slashes (/) or (\)
Create an application server using configuration settings optimized for a development environment by checking...
Create the server using the development template
...on the Profile name and location panel of the Advanced profile creation path. The development template reduces startup time and allows the server to run on less powerful hardware.
Important: Do not use the development template for production servers.
The first profile created on a machine is the default profile. The default profile is the default target for commands that are issued from the bin directory in the product installation root. When only one profile exists on a machine, every command works on the single server process in the configuration. We can make another profile the default profile when we create that profile by checking...
Make this profile the default
...on the Profile name and location panel of the Advanced profile creation path. We can make another profile the default profile using the manageprofiles command after creating the profile.
When multiple profiles exist on a machine, certain commands require specified the profile to which the command applies if the profile is not the default profile. These commands use the -profileName parameter to identify which profile to address. We might find it easier to use the commands that are in the bin directory of each profile.
Use these commands to query the command shell to determine the calling profile and to address these commands to the calling profile.
The default profile name is <profile_type><profile_number>:
- <profile_type> is a value of AppSrv, Dmgr, Custom, AdminAgent, JobMgr, or SecureProxySrv.
- <profile_number> is a sequential number used to create a unique profile name
(AIX) (Linux) The default profile directory is app_server_root/profiles, where app_server_root is the installation root.
(Windows) The default profile directory is app_server_root\profiles, where app_server_root is the installation root.
Performance tuning setting:
Select the performance-tuning setting that most closely matches the type of environment in which the application server will run.
- Standard
- The standard settings are the standard out-of-the-box default configuration settings optimized for general-purpose usage.
- Peak
- The peak settings are appropriate for a production environment where application changes are rare and optimal runtime performance is important.
- Development
- The development settings are appropriate for a development environment where frequent application updates are performed and system resources are at a minimum. Do not use the development settings for production servers.
- On the Node and host names panel, specify the characteristics for the application server, and click Next.
Use unique names for each application server that we create.
Reserved names: Avoid using reserved folder names as field values. The use of reserved folder names can cause unpredictable results. The following terms are reserved folder names:
- cells
- nodes
- servers
- clusters
- applications
- deployments
Field Name Default Value Constraints Description Node name shortHostName
NodeNumberwhere:
- shortHostName is the short host name
- NodeNumber is a sequential number starting at 01
Avoid using the reserved terms. Select any name we want. To help organize the installation, use a unique name if we plan to create more than one application server on the machine. Server name server1 Use a unique name for the application server. The name is a logical name for the application server. Host name The long form of the DNS name. Addressable through the network. Use the DNS name or IP address of our machine to enable communication with the machine. See additional information about the host name following this table. Node name considerations: If we plan to migrate a previous installation of Network Deployment to v9.0 and migrate one of the managed nodes in the cell, use the same node name for the v9.0 application server that we used for the previous version's managed node.
Directory path considerations:
- (Windows) The installation directory path must be less than or equal to 260 characters.
- In the Profile Management Tool, fields for entering directory paths might not grey out when disabled and might have differing context menus from normal when you right-click them.
Host name considerations:
The host name is the network name for the physical machine on which the node is installed. The host name must resolve to a physical network node on the server. When multiple network cards exist in the server, the host name or IP address must resolve to one of the network cards. Remote nodes use the host name to connect to and communicate with this node. Selecting a host name that other machines can reach within the network is important. Do not use the generic identifier, localhost, for this value. Also, do not attempt to install WAS products on a machine with a host name that uses characters from a double-byte character set (DBCS). DBCS characters are not supported when used in the host name.
If we define coexisting nodes on the same computer with unique IP addresses, then define each IP address in a DNS look-up table. Configuration files for standalone application servers do not provide domain name resolution for multiple IP addresses on a machine with a single network address.
The value specified for the host name is used as the value of the hostName property in configuration documents for the standalone application server. Specify the host name value in one of the following formats:
- Fully qualified DNS host name string, such as xmachine.manhattan.ibm.com
- The default short DNS host name string, such as xmachine
- Numeric IP address, such as 127.1.255.3
The fully qualified DNS host name has the advantages of being unambiguous and flexible. We have the flexibility of changing the actual IP address for the host system without having to change the application server configuration. This value for the host name is particularly useful if we plan to change the IP address frequently when using Dynamic Host Configuration Protocol (DHCP) to assign IP addresses. A disadvantage of this format is dependency on DNS. If DNS is not available, then connectivity is compromised.
The short host name is also dynamically resolvable. A short name format has the added function of being redefined in the local hosts file so the system can run the application server, even when disconnected from the network. To run disconnected, define the short name as the loopback address, 127.0.0.1, in the hosts file to run disconnected. A disadvantage of this format is a dependency on DNS for remote access. If DNS is not available, then connectivity is compromised.
A numeric IP address has the advantage of not requiring name resolution through DNS. A remote node can connect to the node that you name with a numeric IP address without DNS being available. A disadvantage of this format is that the numeric IP address is fixed.
After specifying application server characteristics, the tool displays the Administrative security panel.
- Optionally enable administrative security, and click Next.
We can enable administrative security now during profile creation, or later from the console. If we enable administrative security now, then enter a user name and password to log onto the administrative console.
After specifying security characteristics, the tool displays the Security certificate panel if we previously selected Advanced profile creation.
- If we selected Typical profile creation at the beginning of these steps, go to the step that displays the Profile summary panel.
- Create a default personal certificate and a root signing certificate, or import a personal certificate and a root signing certificate from keystore files, and click Next.
Create both certificates, import both certificates, or create one certificate, and import the other certificate.
When importing a personal certificate as the default personal certificate, import the root certificate that signed the personal certificate. Otherwise, the Profile Management Tool adds the signer of the personal certificate to the trust.p12 file.bprac
If we import the default personal certificate or the root signing certificate, specify the path and the password, and select the keystore type and the keystore alias for each certificate that we import.
- Verify that the certificate information is correct, and click Next.
If we create the certificates, we can use the default values or modify them to create new certificates. The default personal certificate is valid for one year by default and is signed by the root signing certificate. The root signing certificate is a self-signed certificate that is valid for 15 years by default. The default keystore password for the root signing certificate is WebAS. We should change the password. The password cannot contain any double-byte character set (DBCS) characters because certain keystore types, including PKCS12, do not support these characters. The keystore types supported depend on the providers in the java.security file.
When we create either or both certificates, or import either or both certificates, the keystore files created are key.p12, trust.p12, root-key.p12, default-signers.p12, deleted.p12, and ltpa.jceks. These files all have the same password when we create or import the certificates, which is either the default password, or a password specified. The key.p12 file contains the default personal certificate. The trust.p12 file contains the signer certificate from the default root certificate. The root-key.p12 file contains the root signing certificate. The default-signer.p12 file contains signer certificates that are added to any new keystore file that we create after the server is installed and running. By default, the default root certificate signer and a DataPower signer certificate is in the default-signer.p12 keystore file. The deleted.p12 keystore file is used to hold certificates deleted with the deleteKeyStore task so that they can be recovered if needed. The ltpa.jceks file contains server default Lightweight Third-Party Authentication (LTPA) keys that the servers in the environment use to communicate with each other.
An imported certificate is added to the key.p12 file or the root-key.p12 file.
If we import any certificates and the certificates do not contain the information that we want, click Back to import another certificate.
After displaying the Security certificate panels, the tool displays the Ports panel if we previously selected Advanced profile creation.
- Verify that the ports specified for the standalone application server are unique, and click Next.
If we chose not to deploy the administrative console, then the administrative console ports are disabled on the Ports panel.
Port conflict resolution
Ports are recognized as being in use if one of the following conditions exists:
- The ports are assigned to a profile created from an installation performed by the current user.
- The port is currently in use.
Validation of ports occurs when we access the Port value assignment panel. Conflicts can still occur between the Port value assignment panel and the Profile creation complete panel because ports are not assigned until profile creation completes.
If we suspect a port conflict, then we can investigate the port conflict after the profile is created. Determine the ports used during profile creation by examining the following files.
profile_root/properties/portdef.props file file
Included in this file are the keys and values used in setting the ports. If we discover ports conflicts, then we can reassign ports manually. To reassign ports, run the updatePorts.ant file using the ws_ant script.
(Windows) (Linux) The tool displays the Windows service definition panel if we are installing on a Windows operating system and the installation ID has the administrative group privilege. The tool displays the Linux service definition panel if we are installing on a supported Linux operating system and the ID that runs the Profile Management Tool is the root user.
- (Windows) (Linux) Choose whether to run the application server as a Windows service on a Windows operating system or as a Linux service on a Linux operating system, then click Next.
- (Windows) The Windows service definition panel is displayed for the Windows operating system only if the ID that installs the Windows service has the administrator group privilege. However, we can run the WASService.exe command to create the Windows service as long as the installer ID belongs to the administrator group. Read about automatically restarting server processes for more information.
(Windows) The product attempts to start Windows services for application server processes that are started by a startServer command. For example, if we configure an application server as a Windows service, and issue the startServer command, then the wasservice command attempts to start the defined service.
If we chose to install a local system service, then we do not have to specify your user ID or password. If we create a specified user type of service, then specify the user ID and the password for the user who runs the service. The user must have Log on as a service authority for the service to run correctly. If the user does not have Log on as a service authority, then the Profile Management tool automatically adds the authority.
To perform this profile creation task, the user ID must not contain spaces. In addition to belonging to the administrator group, the ID must also have the advanced user privilege of Log on as a service. The Installation program grants the user ID the advanced user access if the user ID does not already have the advanced user privileges and if the user ID belongs to the administrator group.
We can also create other Windows services after the installation is complete to start other server processes. Read about automatically restarting server processes for more information.
We can remove the Windows service that is added during profile creation during profile deletion. We can also remove the Windows service with the wasservice command.
IPv6 considerations
Profiles created to run as a Windows service fail to start when using Internet Protocol v6 (IPv6) if the service is configured to run as local system. Create a user-specific environment variable to enable IPv6. Since this environment variable is a user variable instead of a local system variable, only a Windows service that runs as that specific user can access this environment variable. By default, when a new profile is created and configured to run as a Windows service, the service is set to run as local system. When the Windows service for the product tries to run, the service is unable to access the user environment variable that specifies IPv6, and thus, tries to start as Internet Protocol Version 4 (IPv4). The server does not start correctly in this case. To resolve the problem, when creating the profile, specify that the Windows service for the product runs with the same user ID from which the environment variable that specifies IPv6 is defined, instead of as local system.
Default values for the Windows service
(Windows) The following default values for the Windows service definition panel exist:
- The default is to run as a Windows service.
- The service process is selected to run as a system account.
- The user account is the current user name. User name requirements are the requirements that the Windows operating system imposes for a user ID.
- The startup type is automatic. The values for the startup type are those values that the Windows operating system imposes. To have a startup type other than automatic, we can either select another available option from the menu or change the startup type after creating the profile. We can also remove the created service after profile creation, and add it later with the desired startup type. We can choose not to create a service at profile creation time and optionally create the service later with the desired startup type.
- (Linux) The Linux service definition panel is displayed if the current operating system is a supported version of Linux operating systems, and the current user has the appropriate permissions.
The product attempts to start Linux services for application server processes that are started by a startServer command. For example, if we configure an application server as a Linux service and issue the startServer command, then the wasservice command attempts to start the defined service.
By default, the product is not selected to run as a Linux service.
To create the service, the user that runs the Profile Management Tool must be the root user. If we run the Profile Management Tool with a non-root user ID, then the Linux service definition panel is not displayed, and no service is created.
When we create a Linux service, specify a user name from which the service runs.
To delete a Linux service, the user must be the root user or have appropriate privileges for deleting the service. Otherwise, a removal script is created that the root user can run to delete the service for the user.
If we previously selected Advanced profile creation, the next panel displays the web server definition panel.
- For advanced profile creation, if we choose to include a web server definition in the profile now, specify the web server characteristics on the panels, and click Next until completing the web server definition panels.
If we use a web server to route requests to the product, then we need to include a web server definition. We can include the definition now, or define the web server to the product later. If we define the Web server definition during the creation of this profile, then we can install the web server and its plug-in after creating the profile. However, install both to the paths specified on the web server definition panels. If we define the web server to the product after we create this profile, then define the Web server in a separate profile.
The tool displays the Profile Creation Summary panel.
- Click Create to create the application server, or click Back to change the characteristics of the application server.
The Profile creation progress panel, which shows the configuration commands running, is displayed.
When the profile creation completes, the tool displays the Profile creation complete panel.
- Optionally, select Launch the First steps console. Click Finish to exit.
With the First steps console, we can create additional profiles and start the application server.
Created an application server profile. The node within the profile has an application server named server1.
Refer to the description of the manageprofiles command to learn about creating a profile using a command instead of the Profile Management Tool.
The PMT can lock up in the following situation for a non-root user: Log into a machine as root, use the SetPermissions utility to change the user from x to y. Assume that we are user x and log back into the machine. Launch the Profile Management Tool, click Profile Management Tool, and click Create. The next click after the click on Create could lock up the tool.
What to do next
Deploy an application to get started.
Read about fast paths for the product to get started deploying applications.
When creating the application server profile, a default server1 process is created. We can federate the server1 node into the deployment manager cell with the addNode command or from the administrative console of the deployment manager. The server1 process must be running to begin the federation from the deployment manager.
If we include all of the applications from the application server, then the act of federation installs the applications on the deployment manager where they can be redeployed.
Profiles: File-system requirements