Home | Tasks

Install Web Server - WebSphere Commerce v7

 

+

Search Tips   |   Advanced Search

Author: Michael Pareene
Ascendant Technology
michael.pareene@atech.com
612.220.8725


Contents

  1. Overview
  2. IHS pre-install
  3. IHS install
  4. IHS post-install



Overview

This document describes pre-install, install, and post-install tasks for IBM IHS v7 configured with WebSphere Commerce v7.

 


IHS v7 pre-install


  1. Create file systems
  2. admins creates file systems on web servers.

    /opt 20 GB
    /tmp 900 MB
    /home 1 GB

    admins creates the following directories on webservers. Directories should be owned by wasadmin:www, with 755 permissions...


  3. Install unzip
  4. Verify unzip 5.51 is installed to /opt/freeware with appropriate symbolic links in /usr/bin

    To verify...

    # unzip -v
    # ll /usr/bin/unzip
    # ll /opt/freeware/bin/unzip
    # rpm -qa | grep unzip

    The official, unofficial package for unzip is at...

    ftp://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/unzip/unzip-5.51-1.aix5.1.ppc.rpm

    Installed to /opt/freeware with appropriate symbolic links in /usr/bin

    To check...

    $ unzip -v


  5. Verify GNU wget 1.9 is installed
  6. Installed to /usr/local/bin

    To check...

    $ wget -V


  7. Verify lsof is installed
  8. Verify lsof is installed to /usr/sbin with appropriate symbolic link in /usr/local/sbin

    s1ad7c:/opt/install/IHS70/htdocs # lsof -v
    lsof version information:
        revision: 4.61
        latest revision: ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/
        latest FAQ: ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/FAQ
        latest man page: ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/lsof_man
        configuration info: 64 bit kernel
        constructed: Mon Sep 9 15:45:38 CDT 2002
        constructed by and on: root@vb01
        compiler: cc
        compiler version: C for AIX Compiler Version 6.0.0.0
        compiler flags: -DHASXOPT_ROOT 
                        -DHAS_NFS 
                        -DHASIPv6 
                        -DHASSTAT64 
                        -q64 
                        -DAIX_KERNBITS=64 
                        -DAIXA=1 
                        -DAIXV=5100 
                        -qmaxmem=16384 
                        -DLSOF_VSTR="5.1.0.0" -O
        loader flags: -L./lib -llsof
        system info: AIX vb01 1 5 000AD7BF4C00
    


  9. Configure sudo for wasadmin
  10. wasadmin should be able to execute the following commands as root...

    $ sudo -l
    User wasadmin may run the following commands on this host:
        (root) /usr/bin/topas
        (root) NOPASSWD: /usr/bin/svmon
        (root) NOPASSWD: /usr/local/bin/nmon
        (root) NOPASSWD: /opt/IHS70/bin/apachectl
        (root) NOPASSWD: /opt/IHS70/bin/adminctl
        (root) NOPASSWD: /opt/IHS70/UpdateInstaller/update.sh
        (root) NOPASSWD: /usr/sbin/slibclean
        (root) NOPASSWD: /opt/IHS70/UpdateInstaller/
        (root) NOPASSWD: /opt/install/FEP2/server
        (root) NOPASSWD: /opt/install/WC
        (root) NOPASSWD: /opt/IHS70/bin/cleanIHSlogs.sh
        (root) NOPASSWD: /etc/local/init.d/
        (root) NOPASSWD: /usr/sbin/sar
        (root) NOPASSWD: /var/adm/sa/
    


  11. Mount Celerra NFS filesystem .
  12. Web servers for each cell utilize NAS Services (Enterprise Replicated) on ECM Celerra for NAS.

    The NFS share is always called wsvr_dctm.

    Non production NFS servers include dctmhost01 and r1is15. Production NFS servers include r1is96/97/98/99 (High Availability).

    The filesystem should be mounted on...

    /opt/wsvr/dctm_nas

    To check...

    $ df | grep dctm_nas
    dctmhost01:/SSC_general_np/wsvr_dctm    211394560  64651792   70%  3371953     5% /opt/wsvr/dctm_nas
    dctmhost01:/SSC_general_np/wsvr_dctm_2  356679680 353848880    1%  3371953     5% /opt/wsvr/dctm_nas2
    

    The NFS mount should be configured to automount. This can be verified in /etc/filesystems:

    /opt/wsvr/dctm_nas:
            dev             = "/wsvr_dctm"
            vfs             = nfs
            nodename        = r1is97
            mount           = true
            options         = bg,soft,intr,sec=sys
            account         = false
    

    Create "images" folder with owner:group as...

    wasadmin:was_group

    ...under...

    /opt/wsvr/dctm_nas


  13. Verify Asynchronous I/O
  14. $ lslpp -l bos.iocp.rte
      Fileset                      Level  State      Description
      ----------------------------------------------------------------------------
    Path: /usr/lib/objrepos
      bos.iocp.rte               7.1.0.0  COMMITTED  I/O Completion Ports API
    
    Path: /etc/objrepos
      bos.iocp.rte               7.1.0.0  COMMITTED  I/O Completion Ports API
    


  15. Set wasadmin's ulimits
  16. ulimit -a
    time(seconds)        unlimited
    file(blocks)         2097151
    data(kbytes)         unlimited
    stack(kbytes)        32768
    memory(kbytes)       32768
    coredump(blocks)     2097151
    nofiles(descriptors) 10000
    threads(per process) unlimited
    processes(per user)  unlimited
    


  17. Paging space
  18. 1GB page space per processor minimum (4GB total for production)

    lsps -a
    
    Page Space  Physical Volume   Volume Group    Size   %Used  Active  Auto  Type
    paging02    hdisk2            vg01          1024MB      48     yes   yes    lv
    paging01    hdisk2            vg01          1024MB      48     yes   yes    lv
    paging00    hdisk1            rootvg        1024MB      14     yes   yes    lv
    hd6         hdisk1            rootvg        1024MB      49     yes   yes    lv
    


  19. Virtual memory optimizations (for Live servers only)

  20. Network Interfaces (for Live servers only)
  21. Note: en0 is typically the corresponding back-end interface (172.x) and en1 is the corresponding front-end interface (192.x). This may differ on some machines.


  22. Default gateway for DMZ
  23. DMZ webservers should point to the back end firewall.

    In production, there are 2 firewalls...

    Not all webservers should point to the same firewall for redundancy and throughput.

    s1ad7c:/root # netstat -r | grep default
    default            eeee-vlan982-xxxx UG        6   4233044 en0      -      -
    


  24. Hosts
  25. lpar must have a resolvable fully qualified host name

    nslookup `hostname`
    Server:  <dns server hostname>
    Address:  <dns server  ip>
    
    Name:    <hostname>
    Address:  <ip>
    

    Hosts file


  26. SAFE requests
  27. Configure Documentum

    Documentum (DCTM) is part of ECM.


  28. Global Security Toolkit (Distr Infr)
  29. /usr/bin/gsk7ver | grep FileVersion
    @(#)FileVersion: 7.0.4.17

    Symbolic links...

    /usr/bin/gsk7ver -> /usr/opt/ibm/gskta/bin/gsk7ver
    /usr/bin/gsk7isppc -> /usr/opt/ibm/gskta/bin/gsk7isppc
    /usr/bin/gsk7ikm -> /usr/opt/ibm/gskta/bin/gsk7ikm
    /usr/bin/gsk7cmd -> /usr/opt/ibm/gskta/bin/gsk7cmd
    /usr/bin/gsk7capicmd -> /usr/opt/ibm/gskta/bin/gsk7capicmd

    ls -l /usr/bin/gsk*



IHS install

  1. Review install guide

  2. Log on to Web server as wasadmin

    We are installing as non-root user

  3. Unarchive IHS install media

    cd /opt/install
    mkdir IHS
    mv CZ7QJML.tar.gz IHS
    cd IHS
    gunzip CZ7QJML.tar.gz
    tar xvf CZ7QJML.tar
    cd /opt/install/IHS/WAS/disk1/IHS
    cp responsefile.txt responsefile.txt.bak

  4. Edit responsefile.txt and input appropriate settings

  5. Install IHS...

    ./install -options "responsefile.txt" -silent

    If you get error...

    Warning: A supported operating system was not detected.

    ...replace maintenance.xml.

  6. Look for INSTCONFSUCCESS message in...

    /opt/IHS70/logs/install/log.txt
    /opt/IHS70/Plugins/logs/install/log.txt

  7. Enable ftp service

    Edit /etc/services and enable sftp port 115

    $ grep ftp /etc/services | grep 115
    sftp                    115/tcp         # Simple File Transfer Protocol
    sftp                    115/udp         # Simple File Transfer Protocol
    

  8. Start the Web server

    sudo /opt/IHS70/bin/apachectl -k start -f /opt/IHS70/conf/httpd.conf

  9. Edit...

    /opt/IHS70/conf/admin.conf

    ...and set default user and group...

    User wasadmin
    Group www

  10. Start IHS administration server

    cd /opt/IHS70/bin
    sudo ./adminctl start

    To add a new admin user:

    ./htpasswd -cb ../conf/admin.passwd username password

    For example

    ./htpasswd -cb ../conf/admin.passwd wasadmin foo

  11. Pull up home page...

    http://s1ad6c.myco.com


Install Web fixes

  1. Install the WAS Update Installer on Web server

    • Download the most recent Update Installer package that matches your platform

    • Copy UpdateInstaller to...

      /opt/install/UpdateInstaller_WAS

    • Edit response file...

      cd /opt/install/UpdateInstaller_WAS/UpdateInstaller/
      vi responsefile.updiinstaller.txt

    • Install the WAS Update Installer

      ./install -silent -options "responsefile.updiinstaller.txt"

    • Check log to verify install success

      /opt/WAS70/UpdateInstaller/logs/install/log.txt

  2. Apply latest Fix Pack for IHS and Plug-in

    We install 64-bit IHS fix packs.

    We install 32-bit Plugin fix packs.

    • Log on as user wasadmin

    • Stop web and admin servers...

      cd /opt/IHS70/bin
      sudo ./apachectl stop
      sudo ./adminctl stop

    • Copy IHS *.pak file to maintenance directory

      cd /opt/install/FixPacks_WAS
      cp 7.0.0-WS-IHS-AixPPC64-FP0000013.pak /opt/IHS70/UpdateInstaller/maintenance

    • Edit response file with your parameters...

      /opt/IHS70/UpdateInstaller/responsefiles/install.txt

    • Install IHS maintenance

      cd /opt/IHS70/UpdateInstaller/
      ./update.sh -options responsefiles/install.txt -silent

    • Verify version....

      cd /opt/IHS70/bin/
      ./versionInfo.sh

    • Copy Plugin *.pak file to maintenance directory

      cd /opt/install/FixPacks_WAS
      cp 7.0.0-WS-PLG-AixPPC32-FP0000013.pak /opt/IHS70/UpdateInstaller/maintenance

    • Edit response file with your parameters...

      /opt/IHS70/UpdateInstaller/responsefiles/install.txt

    • Install Plugin maintenance

      cd /opt/IHS70/UpdateInstaller/
      ./update.sh -options responsefiles/install.txt -silent

    • Verify version....

      cd /opt/IHS70/Plugins/bin
      ./versionInfo.sh

    • Check log for install success message...

      /opt/IHS70/Plugins/logs/update/7.0.0-WS-PLG-AixPPC32-FP0000013.install

    • Start the Web server

      cd /opt/IHS70/bin
      sudo ./apachectl start
      sudo ./adminctl start

      You can stop / start all web servers in a cluster by running bounceweb.sh

    For more information, see Install Web server plug-in maintenance

 

Configure SSL key database and certificate


  1. Log on as user wasadmin

  2. Set environment

    export PATH=/opt/IHS70/bin:$PATH

  3. Verify path

    s1ad7c:/root # which gsk7cmd
    /opt/IHS70/bin/gsk7cmd
    

  4. Create key directory

    cd /opt/IHS70
    mkdir keys

  5. Create a key database

    gsk7cmd -keydb -create -db /opt/IHS70/keys/env.kdb -pw wcs7 -type cms -expire 360 -stash

    AD Stage example...

    gsk7cmd -keydb -create -db /opt/IHS70/keys/ADStage.kdb -pw wcs7 -type cms -expire 720 -stash

  6. Generate self-signed certificate

    AD Stage example...

    gsk7cmd -cert -create -db /opt/IHS70/keys/ADStage.kdb -pw wcs7 -size 1024 -dn "CN=s1ad6c.myco.com,O=mysite,OU=IHS,ST=TX,C=US" -label IHS -default_cert yes -expire 720

    AD Deliv example...

    gsk7cmd -cert -create -db /opt/IHS70/ihsserverkey.kdb -pw wcs7 -size 1024 -dn "CN=s1ad7c.myco.com,O=mysite,OU=IHS,ST=TX,C=US" -label IHS -default_cert yes -expire 360

    ST Delivery example...

    gsk7cmd -cert -create -db /opt/IHS70/ihsserverkey.kdb -pw wcs7 -size 1024 -dn "CN=s1st5c.myco.com,O=mysite,OU=IHS,ST=TX,C=US" -label IHS -default_cert yes -expire 360

    QA Live example...

    gsk7cmd -cert -create -db /opt/IHS70/ihsserverkey.kdb -pw wcs7 -size 1024 -dn "CN=s1qa8c.myco.com,O=mysite,OU=IHS,ST=TX,C=US" -label IHS -default_cert yes -expire 360
    gsk7cmd -cert -create -db /opt/IHS70/ihsserverkey.kdb -pw wcs7 -size 1024 -dn "CN=s1qa9c.myco.com,O=mysite,OU=IHS,ST=TX,C=US" -label IHS -default_cert yes -expire 360

    QA Stage example...

    gsk7cmd -cert -create -db /opt/IHS70/ihsserverkey.kdb -pw wcs7 -size 1024 -dn "CN=s1qa4c.myco.com,O=mysite,OU=IHS,ST=TX,C=US" -label IHS -default_cert yes -expire 360

  7. Edit /opt/IHS70/conf/httpd.conf

  8. Set SSL stanza. For example...
    LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
    Listen 443
    <VirtualHost *:443>
    SSLEnable
    SSLProtocolDisable SSLv2
    </VirtualHost>
    KeyFile /opt/IHS70/ADStage.kdb
    SSLDisable
    

  9. Restart IHS

    sudo /opt/IHS70/bin/apachectl stop
    sudo /opt/IHS70/bin/apachectl start

    You can stop / start all web servers in a cluster by running bounceweb.sh

  10. Check for errors...

    /opt/IHS70/logs/error_log

  11. Test by pulling up secure page...

    https://s1ad7c.myco.com

  12. Add links to index page

Production live requires a Verisign certificate with host secure2.myco.com

  1. Generate certificate request and submit to VeriSign

  2. Request a secure certificate from a VeriSign

  3. Set the production key file as the current key file.

  4. Receive the certificate and test the production key file.


Generate Web server definition in WAS console

If your web server definition is not in admin console, to create...

  1. Log on to web server and copy definition script from web server to appserver. For example...

    cd /opt/IHS70/Plugins/bin
    scp configureWebServerName.sh wasadmin@AppServerName:/opt/WAS70/AppServer/profiles/MyCo/bin

  2. Log on to appserver and run...

    cd /opt/WAS70/AppServer/profiles/MyCo/bin
    ./configures1st5cWeb1.sh

  3. Log on admin console and verify definition

  4. Verify virtual hosts are defined for Web server ports

    Virtual Hosts > default_host > Host Aliases

    If you add a virtual host, cycle the appserver



IHS post-install


  1. Search Engine Optimization (SEO) rewrites
  2. Add Search Engine Optimization rewrites for 443 in httpd.conf

    RewriteEngine on
    RewriteCond %{QUERY_STRING} ^pn=Know_How(.*)$ [NC]
    RewriteRule ^(.*)$ http://ext.myco.com/how-to/how-to.html? [L,R]

    RewriteRule /(.*?)\s+(.+) /$1+$2 [N]
    RewriteCond %{REQUEST_URI} ^.*/Navigation(.*)$ [NC]
    RewriteRule /.*h_d1/([a-zA-z]*)-(.+)/([a-zA-Z]+)-(.+)/([a-zA-Z]+)-(.+)/h_d2/(.+) /webapp/catalog/servlet/$7?%{QUERY_STRING}&$1=$2&$3=$4&$5=$6 [PT]

    RewriteCond %{REQUEST_URI} ^.*/ProductDisplay(.*)$ [NC]
    RewriteRule /.*h_d1/([a-zA-z]*)-(.+)/([a-zA-Z]+)-(.+)/([a-zA-Z]+)-(.+)/h_d2/(.+) /webapp/wcs/stores/servlet/$7?%{QUERY_STRING}&$1=$2&$3=$4&$5=$6 [PT]

    RewriteCond %{REQUEST_URI} ^.*/Navigation(.*)$ [NC]
    RewriteRule /.*h_d1/([a-zA-z]*)-(.+)/([a-zA-Z]+)-(.+)/h_d2/(.+) /webapp/catalog/servlet/$5?%{QUERY_STRING}&$1=$2&$3=$4 [PT]

    RewriteCond %{REQUEST_URI} ^.*/ProductDisplay(.*)$ [NC]
    RewriteRule /.*h_d1/([a-zA-z]*)-(.+)/([a-zA-Z]+)-(.+)/h_d2/(.+) /webapp/wcs/stores/servlet/$5?%{QUERY_STRING}&$1=$2&$3=$4 [PT]
    RewriteCond %{REQUEST_URI} ^.*/MyCoPlsLocalize(.*)$ [NC]
    RewriteRule /.*h_d1/([a-zA-z]*)-(.+)/([a-zA-Z]+)-(.+)/h_d2/(.+) /webapp/wcs/stores/servlet/$5?%{QUERY_STRING}&$1=$2&$3=$4 [PT]

    RewriteRule /.*h_d1/([a-zA-z]*)-(.+)/h_d2/(.+) /webapp/catalog/servlet/$3?%{QUERY_STRING}&$1=$2 [PT]
    RewriteRule /webapp/wcs/stores/servlet/HomePageView /webapp/catalog/servlet/HomePageView?langId=-1&storeId=10051&catalogId=10053 [NC,PT,L,QSA]
    RewriteRule ^/$ /webapp/catalog/servlet/HomePageView?storeId=10051&catalogId=10053&langId=-1 [NC,PT,L,QSA]
    RewriteRule /webapp/wcs/stores/servlet/ContentView /webapp/catalog/servlet/ContentView?langId=-1&storeId=10051&catalogId=10053 [PT,L,QSA]
    RewriteRule /webapp/wcs/stores/servlet/MyCoAdminSearch /webapp/catalog/servlet/MyCoAdminSearch?langId=-1&storeId=10051&catalogId=10053 [PT,L,QSA]
    RewriteRule /webapp/wcs/stores/servlet/SiteMapView /webapp/catalog/servlet/SiteMap?langId=-1&storeId=10051&catalogId=10053 [PT,L,QSA]
    RewriteRule /webapp/catalog/servlet/MyCoProductCompare /webapp/wcs/stores/servlet/MyCoProductCompare?langId=-1&storeId=10051&catalogId=10053 [PT,L,QSA]


  3. Content directories
  4. The www group should have full access to...

    /opt/wsvr/docs

    The index page, myco_index.html, should be owned by wasadmin/www

    The index page for Test webserver instance, myco_test.html, should be owned by wasadmin/www and should be present only on the Staging Webservers.

    The Error page myco_error_page_404.html, should be owned by wasadmin/www

    Offline page, myco_index_closed.html plus corresponding images, should be owned by wasadmin/www. All necessary files can be found in closed_OLD.zip

    Server status pages...

    Google site verification (Prod only)

    googledfad5f648e0270c1.html

    All files should be owned by wasadmin/www


  5. Aliases
  6. If the server is not Staging, no aliases will change. If, however, the environment is Staging, the following substitutions may need to be made:


  7. Mime magic
  8. Copy the following files to /opt/IHS70/conf...


  9. Web server logs
  10. The web server logs directory is...

    /opt/IHS70/logs


  11. Ports
  12. During intial install and configuration, we can run with Listen ports 80 and 443 as user root. After load balancer is up and running, change file and process ownership from root to wasadmin, and set non-admin Listen ports.


  13. Log rotation
  14. To configure IHS log rotation...

    1. Edit httpd.conf

    2. Comment out existing CustomLog...

      #CustomLog logs/access_log common

    3. Add following directives...

      # Rotate the logfile whenever it reaches a size of 50 megabytes
      CustomLog "| /opt/IHS70/bin/rotatelogs /opt/IHS70/logs/access_log 50M" common
      CustomLog "| /opt/IHS70/bin/rotatelogs /opt/IHS70/logs/error_log 50M" common

    4. Restart IHS

      sudo ../bin/apachectl restart

    If rotatelog does not work, to rotate logs manually while not dropping any user connections...

    mv access_log access_log.old
    mv error_log error_log.old
    apachectl graceful
    sleep 600
    gzip access_log.old error_log.old


  15. Configure test page for all web servers
  16. To verify location of document root, log on to s1np1a and run...

    cd $REPORTS
    sh ./httpd.conf.sh
    grep DocumentRoot *_httpd.conf | grep -v \#

    Sample output...

    s1ad6c_httpd.conf:DocumentRoot "/opt/IHS70/htdocs"
    s1ad7c_httpd.conf:DocumentRoot "/opt/IHS70/htdocs"
    s1qa4c_httpd.conf:DocumentRoot "/opt/IHS70/htdocs"
    s1qa8c_httpd.conf:DocumentRoot "/opt/IHS70/htdocs"
    s1qa9c_httpd.conf:DocumentRoot "/opt/IHS70/htdocs"
    s1st5c_httpd.conf:DocumentRoot "/opt/IHS70/htdocs"
    s1st6c_httpd.conf:DocumentRoot "/opt/IHS70/htdocs"

    To copy files...

    cd $REPORTS
    for i in `cat sweb.out`
    do
        scp testpage.html ${i}:/opt/IHS70/htdocs
        scp testpage.html ${i}:/opt/IHS70/htdocs/notfound.html
        ssh -f $i  chmod 644 /opt/IHS70/htdocs/*.html
    done
    

    To test...

    for i in `cat sweb.out`
    do
        wget http://${i}/testpage.html
    done
    



Commerce v5.6 instructions

The following may or may not be required in Commerce v7 environments.


Verify nmon v10r is installed

Install to /usr/local/bin

To verify...

nmon -V


Cleanlog script

The cleanlogs.sh script should be copied to /opt/el/bin. This script will be invoked as part of the scheduled Site Offline (CloseLive.sh) maestro job. This script should be owned by wasadmin/www.

Copy the httpLogCompress.sh and httpLogSave.sh scripts to /opt/el/bin folder on Live Webservers.


Application webserver scripts directory

Run...

mkdir /opt/IHS70/scripts
chmod 775 /opt/IHS70/scripts
chown wasadmin:www /opt/IHS70/scripts


IHS70 script

Live:

A symbolic link, /etc/local/init.d/ibmihs_myco, should be created pointing to /etc/local/init.d/ibmihs. This symbolic link will be referred to in the distmond configuration and used to start/stop the apache instance as well as rotate_logs, etc.

Staging:

A symbolic link, /etc/local/init.d/ibmihs_myco, should be created pointing to /etc/local/init.d/ibmihs. This symbolic link will be referred to in the distmond configuration and used to start/stop the apache instance as well as rotate_logs, etc.

A symbolic link, /etc/local/init.d/ibmihs_mycostg, should be created pointing to /etc/local/init.d/ibmihs. This symbolic link will be referred to in the distmond configuration and used to start/stop the apache instance as well as rotate_logs, etc.


DISTMOND