+

Search Tips   |   Advanced Search

Portal v8 install example

Go to Active

     

Pre-Install

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
Install WCM Support Tool wpadmin Active Pend Pend Pend Pend Pend
Install IBM Support Assistant wpadmin Pend Pend Pend Pend Pend Pend
Install Apache Directory Studio wpadmin Pend





Install Fiddler wpadmin Pend





Review IBM's Digital Experience Wiki wpadmin Pend Pend Pend Pend Pend Pend
Review portal release notes wpadmin Pend Pend Pend Pend Pend Pend
Verify system requirements wpadmin Pend Pend Pend Pend Pend Pend
Verify clean logs for any existing systems wpadmin Pend Pend Pend Pend Pend Pend
Plan for DB schemas and users DBA Pend Pend Pend Pend Pend Pend
Decision: Enable or disable managed pages. DBA Pend Pend Pend Pend Pend Pend
Plan syndication relationships DBA Pend Pend Pend Pend Pend Pend
Create wasadmin service account Security Pend Pend Pend Pend Pend Pend
Create filesystems UNIX Pend Pend Pend Pend Pend Pend
Install gtk libraries UNIX Pend Pend Pend Pend Pend Pend rpm -qa
Create user accounts with sudo access UNIX Pend Pend Pend Pend Pend Pend user3, user1, user2
Mount /media drive UNIX Pend Pend Pend Pend Pend Pend 40+ GB
Set ulimit -n 10024 UNIX Pend Pend Pend Pend Pend Pend
Virtual Portal hostnames in DNS Middleware Pend Pend Pend Pend Pend Pend
Service integrarion security planning Middleware Pend Pend Pend Pend Pend Pend
Deny access to unknown hosts Security Pend Pend Pend Pend Pend Pend
 

Install WAS v8.5.5 and Portal v8.0.0.1

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
Install Installation Manager Middleware Pend Pend Pend Pend Pend Pend
Install WAS for dmgr Middleware Pend Pend Pend Pend Pend Pend
Install WAS for portal Middleware Pend Pend Pend Pend Pend Pend
Upgrade to WAS FP1 Middleware Pend Pend Pend Pend Pend Pend
Install portal on primary node Middleware Pend Pend Pend Pend Pend Pend
    Apply FP1 Middleware Pend Pend Pend Pend Pend Pend
    Apply CF10 Middleware Pend Pend Pend Pend Pend Pend
Install portal on secondary nodes Middleware             Pend Pend       Pend
    Apply FP1 Middleware             Pend Pend       Pend
    Apply CF09 Middleware             Pend Pend       Pend
Create Dmgr01 profile Middleware Pend Pend Pend Pend Pend Pend
Configure authoring portlet Middleware Pend Pend Pend Pend Pend Pend
Disable managed pages Middleware Pend Pend Pend Pend Pend Pend
Create profile template Middleware Pend Pend Pend Pend Pend Pend
Configure portal to use DB2 Middleware Pend Pend Pend Pend Pend Pend
Configure Dmgr Middleware Pend Pend Pend Pend Pend Pend
Federate primary node Middleware Pend Pend Pend Pend Pend Pend
Create static cluster Middleware Pend Pend Pend Pend Pend Pend
Configure LDAP on primary node Middleware Pend Pend Pend Pend Pend Pend
Add ha servers for LDAP Middleware

Pend Pend Pend Pend
Install IHS Middleware Pend Pend Pend Pend Pend Pend
Configure web server plug-in Middleware Pend Pend Pend Pend Pend Pend
Configure web server SSL certs Middleware Pend Pend Pend Pend Pend Pend
Set up passwordless scp between hosts Middleware Pend Pend Pend Pend Pend Pend See also Cygwin method
Generate version reports Middleware Pend Pend Pend Pend Pend Pend


Deploy MyCo

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
Configure default realm Middleware Pend Pend Pend Pend Pend Pend      
Configure myAdminRealm Middleware Pend Pend Pend Pend Pend Pend
MyCo shared libraries Middleware Pend Pend Pend Pend Pend Pend
Web container updates Middleware Pend Pend Pend Pend Pend Pend      
Mail session Middleware Pend Pend Pend Pend Pend Pend      
Configure object cache instances Middleware Pend Pend Pend Pend Pend Pend
Configure object pool Middleware Pend Pend Pend Pend Pend Pend
Global security updates Middleware Pend Pend Pend Pend Pend Pend      
Expression Language Middleware Pend Pend Pend Pend Pend Pend
Deploy war Middleware Pend Pend Pend Pend Pend Pend
Map portlets to shared libraries Middleware Pend Pend Pend Pend Pend Pend
Install global filters Middleware Pend Pend Pend Pend Pend Pend
Install Tealeaf processor Middleware Pend Pend Pend Pend Pend Pend
Resource Environment Provider Middleware Pend Pend Pend Pend Pend Pend
Install theme Middleware Pend Pend Pend Pend Pend Pend
Custom security configuration Middleware Pend Pend Pend Pend Pend Pend
Secure transports Middleware Pend Pend Pend Pend Pend Pend
Secure service integration Middleware Pend Pend Pend Pend Pend Pend
Web services message level security Middleware Pend Pend Pend Pend Pend Pend
Create virtual portal Middleware Pend Pend Pend Pend Pend Pend
Install multilingual system Middleware Pend Pend Pend Pend Pend Pend
Syndicate Middleware Pend Pend Pend Pend Pend Pend
Stage to production Middleware Pend Pend Pend Pend Pend Pend
    Build the initial release Middleware Pend Pend Pend Pend Pend Pend build-initial-release-paa
Configure custom PAA files Middleware Pend Pend Pend Pend Pend Pend
Export/Import WCM libs Middleware Pend Pend Pend Pend Pend Pend Optional. Alternative to syndication.
Set web content permissions Middleware Pend Pend Pend Pend Pend Pend
Export/Import pages Middleware Pend Pend Pend Pend Pend Pend
Error 404: There is no content available Middleware Pend Pend Pend Pend Pend Pend Deploy MyShop.war
Disallow direct servlet access Middleware Pend Pend Pend Pend Pend Pend
Create profiles on secondary nodes Middleware

Pend Pend
Pend
chown -R wasadmin filesystems Middleware Pend Pend Pend Pend Pend Pend Stop as root. Start as wasadmin.
Customize IHS config Middleware Pend Pend Pend Pend Pend Pend
Web service client configuration Middleware Pend Pend Pend Pend Pend Pend esbgateway issue
Web Content Viewer preferences Middleware Pend Pend Pend Pend Pend Pend


Post-Install tasks

Task Resource DEV STG TEST PRD AUTH PRDHA Notes
ibm-allGroups Middleware Pend Pend Pend Pend Pend Pend
Persist serverIOTimeoutRetry Middleware Pend Pend Pend Pend Pend Pend Set to 5
Max of historical log files Middleware


Pend Pend Pend Change from 3 to 6
Security hardening Middleware


Pend Pend Pend
Performance tuning Middleware


Pend Pend Pend
        Disable workflow actions Middleware




Pend Prod and perf only
        Context pool configuration Middleware




Pend Prod and perf only
Run MemberFixer in report mode Middleware Pend Pend Pend Pend Pend Pend Run in fix mode if report indicates issues.
Schedule syndication to occur at times when the server load is at its lowest. Middleware


Pend Pend Pend
Increase the total transaction lifetime timeout Middleware


Pend Pend Pend


See also

  1. Test
  2. Production
  3. Change dmgr cellname
  4. Restart portal
  5. IHS


Overview

The following is an example of how to install WebSphere Portal v8, and then how to deploy the fictional MyCo's Prodline1 and Prodline2 branded applications and artifacts to their respective virtual hosts.

Note the example is based on a specific deployment, and includes steps that you, in all likelihood, will not have to follow. These steps, revolving around setup of custom portal applications, are included for illustrative purposes.

The steps below are not necessarily in the correct order. To follow this procedure in the correct order, follow the Tasks in the table above, in the order they are presented.


Create /opt/IBM/Portal and /media filesystems

Create /opt/IBM/Portal and /media filesystems. Size of /opt/IBM/Portal should be at least 50 GB for lower level environments, and preferably 100 GB. /media is a shared directory containing WebSphere install images. Make sure /tmp has at least 3.5 GB free.

For example, on STG host...

stage ->df -g
Filesystem      GB blocks      Free %Used    Iused %Iused Mounted on
/dev/hd4             3.00      2.81    7%    11409     2% /
/dev/hd2            11.00      7.32   34%    59730     4% /usr
/dev/hd9var          4.00      3.62   10%     8988     2% /var
/dev/hd3             4.00      3.94    2%       96     1% /tmp
/dev/hd1             3.00      2.96    2%       79     1% /home
/dev/hd11admin       3.00      3.00    1%        9     1% /admin
/proc     -         -    -         -     -  /proc
/dev/hd10opt         4.00      3.73    7%     8177     1% /opt
/dev/livedump        0.25      0.25    1%        4     1% /var/adm/ras/livedump
/dev/lvportalwps    90.00     89.63    1%        4     1% /opt/IBM/Portal
/dev/lvrafrepo      20.00     19.92    1%        4     1% /rafrepo
/dev/lvmedia        50.00     14.17   72%    33264     1% /media


Install and run Installation Manager

  1. On your local computer, download, install, and run XMing X server

  2. In putty, enable X11 forwarding...

      Connection | SSH | X11 | Enable X11 forwarding

    ...and compression...

      Connection | SSH | Enable compression

    ...and set cipher order...

      Blowfish
      -- warn below here --
      3DES
      DES
      AES

  3. Log on to target host as user root and configure X11. For example...

      username@hostname /home/username ->xauth list
      hostname/unix:11 MIT-MAGIC-COOKIE-1 0c723ae2ccd7660271b1bafc01b5d55f
      hostname/unix:10 MIT-MAGIC-COOKIE-1 d15b40a439806573a57f10099fa9cfaf
      username@hostname /home/username ->sudo su -
      root@hostname / ->xauth add hostname/unix:10 MIT-MAGIC-COOKIE-1 d15b40a439806573a57f10099fa9cfaf
      root@hostname / ->DISPLAY=localhost:10.0
      root@hostname / ->export DISPLAY
      root@hostname / ->xclock

    If xclock does not work, we might need to enable X11 in sshd...

    1. vi /etc/ssh/sshd_config
    2. Set X11Forwarding yes
    3. stopsrc -s sshd
    4. startsrc -s sshd
    5. Log out of the putty session
    6. Log back in

    If we are logging into target host from AIX jumpbox, use syntax...

      ssh -X -Y -C username@hostname

  4. Install Installation Manager

      cd /media/installmgr
      ./installc -acceptLicense
      cd /opt/IBM/InstallationManager/eclipse

See: Installation Manager 1.6.2


Install WAS v8.5.5 for dmgr

On hosts where dmgr is co-located with portal, we install WAS into /opt/IBM/Portal/WebSphere on the portal host. On hosts where dmgr is on its own host, we install into /opt/IBM/Portal/WebsphereMB on the dmgr host.

  1. On your local computer, start XMing X server

  2. Log on to target host as user root

  3. Verify ulimit for number of files and file blocks

      ulimit -n 20480
      ulimit -f unlimited

    To get current ulimit: ulimit -a

    To set, edit /etc/security/limits

  4. Set umask 022 in .profile

  5. Add WAS v8.5.5 to repository using Installation Manager

    Console mode:

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

      ...select...

        P. Preferences | 1. Repositories | D. Add Repository

    2. Set...

        /media/WAS855/repository.config

    3. Add repository for WAS 8.5.5 FP 1

        /media/WAS855_FP1/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
       Repositories:
           1. [X] /media/WAS855/repository.config
       Other Options:
           D. Add Repository       S. [ ] Search service repositories during installation and updates
            R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu

    To add using GUI...

    1. Go to...

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Select...

        File | Preferences | Repositories | Add Respository

    3. Add WAS v8.5.5 repository...

        /media/WAS855/repository.config

    4. Click Apply

    5. Uncheck: "Search service repositories during installation and updates"

    6. Add repository for WAS 8.5.5 FP 1

        /media/WAS855_FP1/repository.config

  6. Install WAS v8.5.5 binaries for use by dmgr profile

    • Command-line method for dmgr that is not co-located with portal...
       ### Install WAS 8.5.5 only 
      mkdir /opt/IBM/Portal/IMShared  
      cd /opt/IBM/InstallationManager/eclipse/tools  
      ./imcl install com.ibm.websphere.ND.v85_8.5.5000.20130514_1044 \
             -repositories /media/WAS855/repository.config  \
             -installationDirectory /opt/IBM/Portal/WAS1/AppServer  \
             -sharedResourcesDirectory /opt/IBM/Portal/IMShared  \
             -log /tmp/imcl.log  \
             -showProgress \
             -acceptLicense

      The version number can be found in the repository.xml file. For example

        <offering ... version='8.5.0.20110617_2222

      ...or using listAvailablePackages. For example...

        ./imcl listAvailablePackages -repositories /media/WAS855_FP1/repository.config

    • GUI method...

      1. Start Installation Manager

          cd /opt/IBM/InstallationManager/eclipse
          ./IBMIM

        ...and go to...

          File | Preferences | Repositories | Add Respository

      2. Add WAS v8.5.5 repository...

          /media/WAS855/repository.config

        ...and then click Apply

      3. On IIM main page, click Install, select the WAS ND package, then click Next...

      4. Accept the license terms, then click Next

      5. Set location of Shared Resources Directory

          /opt/IBM/Portal/IMShared

      6. Set WAS home

        For Test, PRD, and Auth envs...

          /opt/IBM/Portal/WebSphere/AppServer

        For TST, PRD Primary, and PRD HA envs, where Prodline2 dmgr is co-located on same LPAR as Prodline1...

          /opt/IBM/Portal/WAS1/AppServer

      7. Select default features

      8. Accept summary information

        After install completes, select None, and then exit Installation Manager


Install WAS v8.5.5 binaries for use by portal profile

  1. Start Installation Manager in GUI mode

      cd /opt/IBM/InstallationManager/eclipse
      ./IBMIM

  2. On main Installation Manager panel, select Install.

    If dmgr is co-located on this host, we may get pop-up saying package is already installed. Select Continue in Installed Packages pop-up panel.

  3. Select IBM WAS ND v8.5.5.1 to install

  4. On next panel, accept license agreement

  5. For Shared Resources Directory, set...

      /opt/IBM/Portal/IMShared

  6. On the Install Packages screen, select...

      Create a new package group

    ...and for Installation Directory select...

      /opt/IBM/Portal/WAS1/AppServer

  7. Keep English as the only default language.

  8. Select features to install. We can keep the defaults.

  9. Review the summary information, then select Install

  10. On last screen, select None, then Finish


Upgrade WAS to v8.5.5 FP 1

Do this for WAS binaries on both the Dmgr host and on portal nodes.

Note that if you included WAS FP1 in the repository when doing WAS install, this should already be done. To verify...

# cd opt/IBM/Portal/WebSphere/AppServer/bin  # ./versionInfo.sh
--------------------------------------------------------------------------------
IBM WebSphere Product Installation Status Report
--------------------------------------------------------------------------------
 Report at date and time May 19, 2014 6:45:30 PM EDT
 Installation --------------------------------------------------------------------------------
Product Directory        /opt/IBM/Portal/WebSphere/AppServer
Version Directory        /opt/IBM/Portal/WebSphere/AppServer/properties/version
DTD Directory            /opt/IBM/Portal/WebSphere/AppServer/properties/version/dtd
Log Directory            /var/ibm/InstallationManager/logs
 Product List --------------------------------------------------------------------------------
ND         installed  Installed Product
--------------------------------------------------------------------------------
Name    IBM WebSphere Application Server Network Deployment v8.5.5.1
ID      ND
Build Level           cf011341.03
Build Date            10/18/13
Package com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
Architecture          PPC64
Installed Features    
    IBM 64-bit WebSphere SDK for Java         
    WebSphere Application Server Full Profile         
    EJBDeploy tool for pre-EJB 3.0 modules         
    Embeddable EJB container
    Stand-alone thin clients and resource adapters
# cd /opt/IBM/Portal/WAS1/AppServer/bin  
# ./versionInfo.sh
--------------------------------------------------------------------------------
IBM WebSphere Product Installation Status Report
--------------------------------------------------------------------------------
 Report at date and time May 19, 2014 6:47:14 PM EDT
 Installation --------------------------------------------------------------------------------
Product Directory        /opt/IBM/Portal/WAS1/AppServer
Version Directory        /opt/IBM/Portal/WAS1/AppServer/properties/version
DTD Directory            /opt/IBM/Portal/WAS1/AppServer/properties/version/dtd
Log Directory            /var/ibm/InstallationManager/logs
 Product List --------------------------------------------------------------------------------
ND         installed  Installed Product
--------------------------------------------------------------------------------
Name    IBM WebSphere Application Server Network Deployment v8.5.5.1
ID      ND
Build Level           cf011341.03
Build Date            10/18/13
Package com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
Architecture          PPC64
Installed Features    
    IBM 64-bit WebSphere SDK for Java         
    WebSphere Application Server Full Profile         
    EJBDeploy tool for pre-EJB 3.0 modules         
    Embeddable EJB container
    Stand-alone thin clients and resource adapters

Before installing, make a backup of WAS file system.

To install silently using command-line, as user root...

cd /opt/IBM/InstallationManager/eclipse/tools  
./imcl install com.ibm.websphere.ND.v85_8.5.5001.20131018_2242 \
       -repositories /media/WAS855_FP1/repository.config  \
       -installationDirectory /opt/IBM/Portal/WAS1/AppServer  \
       -sharedResourcesDirectory /opt/IBM/Portal/IMShared  \
       -log /tmp/imcl.log  \
       -showProgress \
       -acceptLicense

To install using Installation Manager GUI...

  1. On the main IIM page, select Update

  2. On the "Select a package group to find updates for", select first package group

  3. On the panel, "Select updates to install", verify V8.5.5.1 is selected

  4. On the panel, "Select the features to install", keep defaults, then select Next

  5. On the Summary panel, select Update

  6. After it finishes, do the same for the second package group


Install Portal on primary node

  1. Configure portal repository

    Using console mode

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

    2. Select...

        P. Preferences | 1. Repositories | D. Add Repository

    3. Add repository...

        /media/Portal8/Setup/eimage/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
       Repositories:
           1. [X] /media/Portal8/Setup/eimage/repository.config
       Other Options:
           D. Add Repository       
           S. [ ] Search service repositories during installation and updates
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu

    Using GUI...

    1. Run

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Add repository...

        /media/Portal8/Setup/eimage/repository.config

  2. Install Portal

    1. First, set up X11 like we did for installing WAS.

      If we cannot log on directly to host, for example, to get to PRD HA hosts we have to go through jump server, set up X11 forwarding. Basically you log on to the jump box, and then ssh to the target host using syntax...

        ssh -X -Y -C username@hostname

    2. Run IBMIM and then select Install

    3. On Install Packages panel, select IBM WebSphere Portal Server

    4. Accept license agreement

    5. Select "Create a new package group" and set Installation Directory to...

        /opt/IBM/Portal/WAS1/PortalServer

    6. For features, if this is a primary node, select...

      • Config Engine
      • Portal Server Binary
      • Portal Server Profile

      If this is a secondary node, do not select Portal Server Profile. See Installing addtional portal nodes

    7. On the next screen, select "Existing WebSphere Application Server Root Directory"

        /opt/IBM/Portal/WAS1/AppServer

    8. For Profile Template Type, select "Base"

    9. Set node and cell name...

      Cell p1cellP
      Node PrdNode01

      For username and password set...

      • wasadmin
      • password

      We will change password later when we configure LDAP

      The cell and node name for the portal MUST be different than the cell and node names for the dmgr cell.

      The cluster setup steps in this guide assume we use the same IDs for portal and dmgr. If we do NOT use the same ID, we may see unexpected problems when creating the cluster related to the user IDs..

    10. On the Summary page, click install...


Additional portal nodes


Overview

This section covers adding the additional node to the Deployment Manager cell and adding a new WebSphere_Portal server as a horizontal dynamic cluster member to the previously created dynamic cluster. Once this section is completed, we will have a functional two-node horizontal dynamic cluster using the federated LDAP security.

  1. Install Installation Manager

  2. Add WAS v8.5.5 and WAS FP1 to Installation Manager repository...

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

      ...select...

        P. Preferences | 1. Repositories | D. Add Repository

    2. Set...

        /opt/IBM/Portal/media/WAS855/repository.config

    3. Add repository for WAS 8.5.5 FP 1

        /opt/IBM/Portal/media/WAS855_FP1/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
       Repositories:
           1. [X] /opt/IBM/Portal/media/WAS855/repository.config
       Other Options:
           D. Add Repository       
           S. [ ] Search service repositories during installation and updates
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu

  3. Install WAS v8.5.5 binaries

    1. Start Installation Manager GUI...

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Select Install, then select Continue in pop-up panel.

    3. On the Install Packages screen, select...

        Create a new package group

      ...and for Installation Directory select...

        /opt/IBM/Portal/WAS1/AppServer

    4. Select defaults for remainder of panels, then on summary page, select Install

    5. On last screen, select None, then Finish

  4. Install Fixes

    1. Add repository for WAS 8.5.5 FP 1

        /opt/IBM/Portal/media/WAS855_FP1/repository.config

      MyCo has WCM license, which is different from WCM Standard Edition (fewer entitlements). We install...

        8.0.0-WP-Server-FP001
        8.0.0-WP-WCM-FP001

      Uncheck: "Search service repositories during installation and updates"

    2. On the main IIM page, select Update

    3. On the "Select a package group to find updates for", select first package group

    4. On the panel, "Select updates to install", verify V8.5.5.1 is selected

    5. On the panel, "Select the features to install", keep defaults, then select Next

    6. On the Summary panel, select Update

  5. Install Portal v8.0

    1. Add repository...

        /opt/IBM/Portal/media/Portal8/Setup/eimage/repository.config

    2. On Install Packages panel, select IBM WebSphere Portal Server

    3. Select "Create a new package group" and set Installation Directory to...

        /opt/IBM/Portal/WAS1/PortalServer

    4. For features, select only...

      • Config Engine
      • Portal Server Binary

    5. On the next screen, select "Existing WebSphere Application Server Root Directory"

        /opt/IBM/Portal/WAS1/AppServer

    6. On the Summary page, click install...

    7. Once the installation completes, click the radio button for None and click Finish to exit the installer.

  6. Upgrade Portal v8 with FP1

    1. Review: Update Portal v8 with FP1

    2. Add FP1 to Installation Manager repository

        /opt/IBM/Portal/media/Portal8_FP1/repository.config

    3. From Installation Manager select "Update"

    4. If we have more than one fix in the repository, it will try to install them all. To install just FP1, de-select "Show recommended only", then select only "V8.0.0.1"

    5. Ignore warnings about needing to update wps.properties. Unlike primary node, we did a binary only install of portal on this host, so don't need to update wps.properties

    6. After upgrade finishes, make tarball backup

  7. Upgrade Portal v8 with CF09

    1. Download CF09

    2. Add CF09 to Installation Manager repository

    3. Change class loader from parent first to parent last.

    4. Stop all WebSphere processes

    5. Because no profile has been created yet, we do not need to update wps.properties to include profile name and location

    6. Add CF09 to repository

    7. Use Installation Manager to install

      To install manually..

      1. Determine offering ID...

          $ cd /opt/IBM/InstallationManager/eclipse/tools
          $ ./imcl listAvailablePackages -repositories /opt/IBM/Portal/media/CF09/repository.config
          com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755

      2. Install
        ./imcl install \
               com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755 \
               -repositories /opt/IBM/Portal/media/CF09/repository.config \
               -installationDirectory /opt/IBM/Portal/WAS1/PortalServer \
               -sharedResourcesDirectory /opt/IBM/IMShared \
               -log /tmp/imcl.log  \
               -acceptLicense  
        

    8. Start Portal

    9. Make tarball backup


  8. Create profiles on secondary nodes

    Do this step only after configuring the portal primary node with DB2 and LDAP

    1. From primary node, copy profileTemplates.zip to secondary nodes. For example...

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        scp profileTemplates.zip user1@prdhost2.myco.com:/tmp
        scp profileTemplates.zip user1@prdhost3.myco.com:/tmp
        scp profileTemplates.zip user1@prdhost4.myco.com:/tmp

    2. On target node, unzip profileTemplates.zip

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        mv /tmp/profileTemplates.zip .
        unzip profileTemplates.zip

    3. Update permissions...

        cd /opt/IBM/Portal/WAS1/PortalServer/
        find profileTemplates -name \* -exec chmod 755 {} \;

    4. Execute...

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        ./installPortalTemplates.sh /opt/IBM/Portal/WAS1/AppServer

    5. On each WebSphere Portal additional node...
      cd /opt/IBM/Portal/WAS1/AppServer/bin/  
      ./manageprofiles.sh -create  \
            -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
            -profileName wp_profile  \
            -profilePath /opt/IBM/Portal/WAS1/wp_profile \
            -cellName P1Cell02 \
            -nodeName P1Node02 \
            -hostName prdhost2.myco.com
      cd /opt/IBM/Portal/WAS1/AppServer/bin/  
      ./manageprofiles.sh -create  \
            -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
            -profileName wp_profile  \
            -profilePath /opt/IBM/Portal/WAS1/wp_profile \
            -cellName P1Cell03 \
            -nodeName P1Node03 \
            -hostName prdhost3.myco.com
      cd /opt/IBM/Portal/WAS1/AppServer/bin/  
      ./manageprofiles.sh -create  \
            -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
            -profileName wp_profile  \
            -profilePath /opt/IBM/Portal/WAS1/wp_profile \
            -cellName P1Cell04 \
            -nodeName P1Node04 \
            -hostName prdhost4.myco.com
       ...etc...

      Do NOT use the same node name as the primary node or any other node that may already be part of the DMGR cell. You will be unable to add this node to the DMGR cell if the node names are identical. Do NOT use the same cell name as the DMGR cell. Do NOT use the manageprofiles option to Federate the profile now. This results in an unusable Portal profile. A WebSphere_Portal server will NOT be created during the profile creation. The WebSphere_Portal server will be created after the node is added to the existing cluster.

    6. After creating the profile, edit...

        /opt/IBM/Portal/WAS1/PortalServer/wps.properties

      ...and verify the following is set...

        ProfileName=wp_profile
        ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

  9. Copy and configure DB2 client jars

    1. From primary node...

        cd /opt/IBM/Portal/WAS1/PortalServer
        scp -r db2drivers user1@prdhost2.myco.com:/tmp
        scp -r db2drivers user1@prdhost3.myco.com:/tmp
        scp -r db2drivers user1@prdhost4.myco.com:/tmp

      From secondary node

        cd /opt/IBM/Portal/WAS1/PortalServer
        cp -r /tmp/db2drivers .

    2. Edit...

        /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbtype.properties

      ...and set...

        db2.DbLibrary=/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc4.jar:/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc_license_cu.jar

  10. On remote dmgr host, ensure the Deployment Manager is started...

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

  11. Ensure the time on the Deployment Manager server and the time on the additional Portal node server are no more than 5 minutes apart.

  12. Create backup of all nodes and dmgr

  13. Log on to each secondary host in turn, and add the node...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./addNode.sh prd2dmgr.myco.com 9879 -username wasadmin -password mypassword**

    Example output...

      ADMU0003I: Node P1Node02 has been successfully federated.

  14. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

    ...and set...

      WasUserid=uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com
      WasPassword=mypassword**
      PortalAdminId=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com
      PortalAdminPwd=mypassword**
      PortalAdminGroupId=cn=wpsadmins,cn=groups,ou=admins,dc=myco,dc=com
      WasRemoteHostName=prd2dmgr.myco.com
      WasSOAPPort=9879
      PrimaryNode=false
      ClusterName=P1Cluster

  15. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbdomain.properties

    ...and ensure the database password values are all set correctly.

    Note that this file should be pre-populated with the database information from running the 'enable-profiles' script on the primary node earlier.

  16. Review settings in...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbtype.properties

  17. Confirm the database properties are set up correctly on this node

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh validate-database -DWasPassword=mypassword**

    Example output:

      Wed Feb 26 15:24:28 EST 2014
      BUILD SUCCESSFUL

  18. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/icm.properties

    ...and set...

      jcr.textsearch.enabled = false

  19. In the same file, set...

      jcr.admin.uniqueName=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com

  20. Start the nodeagent

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh

  21. Add node to cluster

      ./ConfigEngine.sh cluster-node-config-cluster-setup-additional -DWasPassword=mypassword**

  22. Execute appserver specific steps for setting up the following...

  23. Restart appserver and verify no errors in logs

  24. Verify we can access the new cluster member in a web browser using the port we identified earlier:


MemberNotFound Issue

Secondary portal site not rendering. Error in log...

We do not want to re-add file registry because that would break short name logon.

Startup errors...

Fix: Edit...

...and set...

...then restart appserver


Upgrade Portal v8 with FP1 and CF09

  1. Review Update Portal v8 with FP1

  2. If this is the primary node, verify...

      /opt/IBM/Portal/WAS1/PortalServer/wps.properties

    ...has profile name and profile home set...

      ProfileName=wp_profile
      ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

    If this is not the primary node, do not include any profile information in wps.properties.

  3. Stop all WebSphere processes

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password password

  4. Make a backup

  5. Start Installation Manager console mode

      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl -c

    ...and add FP1 to Installation Manager repository

      /media/Portal8_FP1/repository.config

    Uncheck: "Search service repositories during installation and updates"

  6. Install Portal FP1

    To install from command-line...

    To monitor progress...

      tail -f /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log

    When complete, we should see something like...

    **********************************************************************************
    * Configuration Engine finished at: 02/15/2014 09:45:028
    **********************************************************************************
     BUIUD SUCCESSFUL
    Total time: 26 minutes 2 seconds
    root@tstwps1 /opt/IBM/InstallationManager/eclipse ->

    To install with GUI, from Installation Manager select "Update". If there is more than one fix in the repository, IM will try to install them all. To install just FP1, de-select "Show recommended only", then select only "V8.0.0.1"

  7. Install Portal CF09

    1. Download CF09

    2. Add CF09 to Installation Manager repository

        /media/CF09/repository.config

    3. Change class loader from "parent first" to "parent last".

      This should not be necessary for a newly-installed portal, as "parent last" is the default setting.

    4. Stop all WebSphere processes

    5. Edit...

      ...and verify the following is set...

        ProfileName=wp_profile
        ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

    6. Determine offering ID...

        $ cd /opt/IBM/InstallationManager/eclipse/tools
        $ ./imcl listAvailablePackages -repositories /media/CF09/repository.config

        Offering ID: com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755

    7. Install CF09 fixes
      ./imcl install \
             com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755 \
             -repositories /media/CF09/repository.config \
             -installationDirectory /opt/IBM/Portal/WAS1/PortalServer \
             -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
             -log /tmp/imcl.log  \
             -acceptLicense  

    8. Monitor logs for success message

       /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log
       **********************************************************************************
      * Configuration Engine finished at: 02/16/2014 11:43:031
      **********************************************************************************
      BUIUD SUCCESSFUL
      Total time: 21 minutes 5 seconds

    9. Verify version information...
      root@prdhost2 -> cd /opt/IBM/Portal/WAS1/PortalServer/bin  root@prdhost2 -> ./WPVersionInfo.sh
      --------------------------------------------------------------------------------
      IBM WebSphere Portal Product Installation Status Report
      --------------------------------------------------------------------------------
       Report at date and time 2014-05-01T11:56:19-04:00
        Installation --------------------------------------------------------------------------------
      Product Directory   /opt/IBM/Portal/WAS1/PortalServer
      Version Directory   /opt/IBM/Portal/WAS1/PortalServer/version
      DTD Directory       /opt/IBM/Portal/WAS1/PortalServer/version/dtd
      Log Directory       /opt/IBM/Portal/WAS1/PortalServer/version/logs
       Technology List --------------------------------------------------------------------------------
      MP installed WCM installed CFGFW  installed  Installed Product
      --------------------------------------------------------------------------------
      Name           IBM WebSphere Portal MultiPlatform
      Version        8.0.0.1
      ID             MP
      Build Level    wp8001CF09_001_27 2013-12-17
      Build Date     12/17/2013
       Package
      id             com.ibm.websphere.PORTAL.SERVER.v80
      name           IBM WebSphere Portal Server kind           offering
      version        8.0.1.20131217_0755
      Installed Features     Config Engine Installed Features     Portal Server Binary
       Installed Product
      --------------------------------------------------------------------------------
      Name           IBM Web Content Manager Version        8.0.0.1
      ID             WCM Build Level    wp8001CF09_001_27 (8001.CF09.6)
      Build Date     12/17/2013
       Installed Product
      --------------------------------------------------------------------------------
      Name           IBM WebSphere Portal Configuration Framework
      Version        8.0.0.1
      ID             CFGFW
      Build Level    wp8001CF09_001_27 2013-12-16
      Build Date     12/16/2013
       --------------------------------------------------------------------------------
      End Installation Status Report
      --------------------------------------------------------------------------------

    10. After success, make backup


Make tarball backup

Use the following script to back up file systems, Installation Manager configuration, and portal DB configuration.

Before starting, verify there is enough space...

Backup script...

### backup.sh
###  
### If we get an EOF file message when running tar,  
### we may need to increase file size limits.
### Backup file system
cd /opt/IBM/Portal
cd /opt/IBM/Portal/WAS1/wp_profile/bin
./stopServer.sh WebSphere_Portal -username wasadmin -password password 
cd /opt/IBM/Portal/WAS1/AppServer/bin
./stopNode.sh -username wasadmin -password password 
cd /opt/IBM/Portal/WebSphere/AppServer/bin
./stopManager.sh -username wasadmin -password password  
cd /opt/IBM/Portal
tar cvf WebSphere.tar WebSphere
gzip WebSphere.tar
tar cvf WAS1.tar WAS1
gzip WAS1.tar
### Backup Installation Manager Configuration 
###
### Only need to execute before applying fixes
###
#tar cvf InstallationManager.tar /var/ibm/InstallationManager
#gzip InstallationManager.tar
#tar cvf IMShared.tar IMShared
#gzip IMShared.tar
cd /opt/IBM/Portal/WebSphere/AppServer/bin
./startManager.sh
cd /opt/IBM/Portal/WAS1/AppServer/bin
./startNode.sh
cd /opt/IBM/Portal/WAS1/wp_profile/bin
./startServer.sh WebSphere_Portal   
### Backup Portal DB configuration 
###
### Only need to execute before portal DB changes 
###
cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/bin
### Backup base portal 
./xmlaccess.sh -user wasadmin \
               -password password \
               -url http://tstwps1.myco.com:10039/wps/config \
               -in /opt/IBM/Portal/WAS1/PortalServer/doc/xml-samples/Export.xml  \
               -out /opt/IBM/Portal/SMExportBase.xml
 ### Backup virtual portal 
./xmlaccess.sh -user wasadmin \
 -password password \
 -url http://tstwps1.myco.com:10039/wps/config/prd-vp  \
 -in /opt/IBM/Portal/WAS1/PortalServer/doc/xml-samples/Export.xml \
 -out /opt/IBM/Portal/SMExportVP.xml


Create Dmgr01 profile

To verify, start dmgr server...

...then pull up Dmgr console. For example, for PRD HA...

For Test


Configure the WCM authoring portlet

  1. From primary node, edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

    ...and set...

      WasPassword=YourPwd
      PortalAdminPwd=YourPwd
      PWordDelete=false

  2. Run task to configure WCM authoring...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh configure-wcm-authoring -DPortalAdminPwd=password -DWasUserid=wasadmin -DWasPassword=password

  3. Log on to portal and verify existence of authoring portlet


Configure portal to use DB2

  1. Back up system

  2. Verify DB2 passwords are non-expiring

  3. Have DB2 administrator increase number of transaction logs to 200, and double default size of transaction logs.

  4. Log on to the primary node and stop portal...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh -username wasadmin -password password

  5. Copy DB2 client jar files into place on each portal node...

      cd /opt/IBM/Portal/WAS1/PortalServer
      scp -r wasadmin@tstwps1.myco.com:/opt/IBM/Portal/WAS1/PortalServer/db2drivers .

    Note that if DB2 is upgraded, copy client jars from the DB2 server.

  6. Backup original properties files

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties
      cp wkplc.properties wkplc.properties.orig
      cp wkplc_comp.properties wkplc_comp.properties.orig
      cp wkplc_dbdomain.properties wkplc_dbdomain.properties.orig
      cp wkplc_dbtype.properties wkplc_dbtype.properties.orig
      cp wkplc_sourceDb.properties wkplc_sourceDb.properties.orig

  7. Edit wkplc.properties and set...

      WasPassword=MyPassword
      PortalAdminPwd=MyPassword
      PWordDelete=false

  8. Edit wkplc_dbtype.properties and set

      db2.DbDriver=com.ibm.db2.jcc.DB2Driver
      db2.DbLibrary=/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc4.jar:/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc_license_cu.jar

  9. Edit wkplc_dbdomain.properties and set...

    • Test

        feedback.DbUrl=jdbc:db2://tstdb1.myco.com:60000/FDBKDB:returnAlias=0;
        likeminds.DbUrl=jdbc:db2://tstdb1.myco.com:60000/LMDB:returnAlias=0;
        release.DbUrl=jdbc:db2://tstdb1.myco.com:60000/RELDB:returnAlias=0;
        community.DbUrl=jdbc:db2://tstdb1.myco.com:60000/COMDB:returnAlias=0;
        customization.DbUrl=jdbc:db2://tstdb1.myco.com:60000/CUSDB:returnAlias=0;
        jcr.DbUrl=jdbc:db2://tstdb1.myco.com:60000/JCRDB:returnAlias=0;
        feedback.DbName=FDBKDB
        likeminds.DbName=LMDB
        release.DbName=RELDB
        community.DbName=COMDB
        customization.DbName=CUSDB
        jcr.DbName=JCRDB
        feedback.DbType=db2
        likeminds.DbType=db2
        release.DbType=db2
        community.DbType=db2
        customization.DbType=db2
        jcr.DbType=db2
        feedback.DataSourceName=wpdbDS_feedback
        likeminds.DataSourceName=wpdbDS_likeminds
        release.DataSourceName=wpdbDS_release
        community.DataSourceName=wpdbDS_community
        customization.DataSourceName=wpdbDS_customization
        jcr.DataSourceName=wpdbDS_jcr
        feedback.DbSchema=FEEDBACK
        likeminds.DbSchema=likeminds
        release.DbSchema=release
        community.DbSchema=community
        customization.DbSchema=customization
        jcr.DbSchema=jcr
        feedback.DbUser=db2inst
        likeminds.DbUser=db2inst
        release.DbUser=db2inst
        community.DbUser=db2inst
        customization.DbUser=db2inst
        jcr.DbUser=db2inst
        feedback.DbPassword=password
        likeminds.DbPassword=password
        release.DbPassword=password
        community.DbPassword=password
        customization.DbPassword=password
        jcr.DbPassword=password

    • Production

        feedback.DbUrl=jdbc:db2://pdb1.myco.com:60000/FDBKDB:returnAlias=0;
        likeminds.DbUrl=jdbc:db2://pdb1.myco.com:60000/LMDB:returnAlias=0;
        release.DbUrl=jdbc:db2://pdb1.myco.com:60000/RELDB:returnAlias=0;
        community.DbUrl=jdbc:db2://pdb1.myco.com:60000/COMDB:returnAlias=0;
        customization.DbUrl=jdbc:db2://pdb1.myco.com:60000/CUSDB:returnAlias=0;
        jcr.DbUrl=jdbc:db2://pdb1.myco.com:60000/JCRDB:returnAlias=0;
        feedback.DbName=FDBKDB
        likeminds.DbName=LMDB
        release.DbName=RELDB
        community.DbName=COMDB
        customization.DbName=CUSDB
        jcr.DbName=JCRDB
        feedback.DbType=db2
        likeminds.DbType=db2
        release.DbType=db2
        community.DbType=db2
        customization.DbType=db2
        jcr.DbType=db2
        feedback.DataSourceName=wpdbDS_feedback
        likeminds.DataSourceName=wpdbDS_likeminds
        release.DataSourceName=wpdbDS_release
        community.DataSourceName=wpdbDS_community
        customization.DataSourceName=wpdbDS_customization
        jcr.DataSourceName=wpdbDS_jcr
        feedback.DbSchema=FEEDBACK
        likeminds.DbSchema=likeminds
        release.DbSchema=release
        community.DbSchema=community
        customization.DbSchema=customization
        jcr.DbSchema=jcr
        feedback.DbUser=db2inst
        likeminds.DbUser=db2inst
        release.DbUser=db2inst
        community.DbUser=db2inst
        customization.DbUser=db2inst
        jcr.DbUser=db2inst
        feedback.DbPassword=foo
        likeminds.DbPassword=foo
        release.DbPassword=foo
        community.DbPassword=foo
        customization.DbPassword=foo
        jcr.DbPassword=foo
        feedback.DbRuntimeUser=db2inst
        likeminds.DbRuntimeUser=db2inst
        release.DbRuntimeUser=db2inst
        community.DbRuntimeUser=db2inst
        customization.DbRuntimeUser=db2inst
        jcr.DbRuntimeUser=db2inst
        feedback.DbRuntimeUser=foo
        likeminds.DbRuntimeUser=foo
        release.DbRuntimeUser=foo
        community.DbRuntimeUser=foo
        customization.DbRuntimeUser=foo
        jcr.DbRuntimeUser=foo

    • Production ha

        feedback.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/FDBKDB:returnAlias=0;
        likeminds.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/LMDB:returnAlias=0;
        release.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/RELDB:returnAlias=0;
        community.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/COMDB:returnAlias=0;
        customization.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/CUSDB:returnAlias=0;
        jcr.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/JCRDB:returnAlias=0;
        feedback.DbName=FDBKDB
        likeminds.DbName=LMDB
        release.DbName=RELDB
        community.DbName=COMDB
        customization.DbName=CUSDB
        jcr.DbName=JCRDB
        feedback.DbType=db2
        likeminds.DbType=db2
        release.DbType=db2
        community.DbType=db2
        customization.DbType=db2
        jcr.DbType=db2
        feedback.DataSourceName=wpdbDS_feedback
        likeminds.DataSourceName=wpdbDS_likeminds
        release.DataSourceName=wpdbDS_release
        community.DataSourceName=wpdbDS_community
        customization.DataSourceName=wpdbDS_customization
        jcr.DataSourceName=wpdbDS_jcr
        feedback.DbSchema=FEEDBACK
        likeminds.DbSchema=likeminds
        release.DbSchema=release
        community.DbSchema=community
        customization.DbSchema=customization
        jcr.DbSchema=jcr
        feedback.DbUser=db2inst
        likeminds.DbUser=db2inst
        release.DbUser=db2inst
        community.DbUser=db2inst
        customization.DbUser=db2inst
        jcr.DbUser=db2inst
        feedback.DbPassword=foo
        likeminds.DbPassword=foo
        release.DbPassword=foo
        community.DbPassword=foo
        customization.DbPassword=foo
        jcr.DbPassword=foo
        feedback.DbRuntimeUser=db2inst
        likeminds.DbRuntimeUser=db2inst
        release.DbRuntimeUser=db2inst
        community.DbRuntimeUser=db2inst
        customization.DbRuntimeUser=db2inst
        jcr.DbRuntimeUser=db2inst
        feedback.DbRuntimeUser=foo
        likeminds.DbRuntimeUser=foo
        release.DbRuntimeUser=foo
        community.DbRuntimeUser=foo
        customization.DbRuntimeUser=foo
        jcr.DbRuntimeUser=foo

  10. Verify settings in wkplc_dbdomain.properties...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/
      for i in `echo feedback.DbUrl likeminds.DbUrl release.DbUrl community.DbUrl customization.DbUrl jcr.DbUrl feedback.DbName likeminds.DbName release.DbName community.DbName customization.DbName jcr.DbName feedback.DbType likeminds.DbType release.DbType community.DbType customization.DbType jcr.DbType feedback.DataSourceName likeminds.DataSourceName release.DataSourceName community.DataSourceName customization.DataSourceName jcr.DataSourceName feedback.DbSchema likeminds.DbSchema release.DbSchema community.DbSchema customization.DbSchema jcr.DbSchema feedback.DbUser likeminds.DbUser release.DbUser community.DbUser customization.DbUser jcr.DbUser feedback.DbPassword likeminds.DbPassword release.DbPassword community.DbPassword customization.DbPassword jcr.DbPassword feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser`
      do
          grep ^${i} wkplc_dbdomain.properties | grep -v Zos
      done

  11. Verify there are no trailing spaces

      grep " $" wkplc_dbdomain.properties

  12. Validate database configuration properties...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh validate-database -DWasPassword=password

  13. Stop the WebSphere_Portal server:

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password password

  14. Transfer the database:

    Do not execute the database-transfer task as a background process. This might cause the task to stall.

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh database-transfer -DWasPassword=password

    When complete, we should get success message...

      BUIUD SUCCESSFUL
      Tue May 13 23:02:21 EDT 2014

    If task fails, review log output...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log

    ...verify the values are correct in wkplc.properties, wkplc_dbdomain.properties, and wkplc_dbtype.properties files, then repeat this step.

    If task fails with error...

      DB2 SQL Error: SQLCODE=-204, SQLP1ATE=42704, SQLERRMC=ICMSFQ04

    ...run...

      ./ConfigEngine.sh setup-database

    ...then try the database-transfer task again.

  15. Start the WebSphere Portal server.

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startServer.sh WebSphere_Portal

  16. If node is part of a cluster, and if icm.properties is not identical between nodes, copy icm.properties from primary node to each secondary node.

    1. Stop the portal server on the secondary nodes.

    2. From the primary node...

        cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/
        scp icm.properties wasadmin@secondary_node:/opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/

    3. Start the portal server on the secondary nodes.


Create profile template

  1. On the primary node, start the WebSphere_Portal server...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startServer.sh WebSphere_Portal

  2. Log in to the WebSphere Portal server

      http://myenv.myco.com:10039/wps/config

    ...and go to...

      Administration | Search Administration | Manage Search | Search Collections

  3. Click the Delete icon (trash can) for each search collection listed here.

  4. Log out of WebSphere Portal

  5. Stop the WebSphere_Portal server

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -user wasadmin -password password

  6. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/icm.properties

    ...and change...

      jcr.textsearch.enabled=true

    ...to...

      jcr.textsearch.enabled=false

  7. Save icm.properties.

  8. From primary node, run...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh enable-profiles -DWasPassword=mypassword

    This script will create a backup of the wp_profile configuration named Portal.car to...

      /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/default.portal/configArchives/Portal.car

  9. Package profile templates into a single zip file:

      ./ConfigEngine.sh package-profiles -DWasPassword=mypassword

    The following file is created...

      /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/profileTemplates.zip


Configure dmgr

  1. From the primary Portal node, copy fileForDmgr to dmgr host...

      cd /opt/IBM/Portal/WAS1/PortalServer/
      scp -r filesForDmgr user1@prd2dmgr.myco.com:/tmp

  2. Important: Stop the dmgr server

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password foo

  3. From the dmgr host, extract filesForDmgr.zip and copy files into place...

      cd /tmp/filesForDmgr
      unzip filesForDmgr.zip
      mkdir /opt/IBM/Portal/WebSphere/AppServer/bin/ProfileManagement/plugins
      cp -r bin/ProfileManagement/plugins/com.ibm.wp.dmgr.pmt_7.0.5 /opt/IBM/Portal/WebSphere/AppServer/bin/ProfileManagement/plugins
      cp lib/wkplc.comp.registry.jar /opt/IBM/Portal/WebSphere/AppServer/lib
      cp lib/wp.wire.jar /opt/IBM/Portal/WebSphere/AppServer/lib
      cp plugins/com.ibm.patch.was.plugin.jar /opt/IBM/Portal/WebSphere/AppServer/plugins
      cp plugins/com.ibm.wp.was.plugin.jar /opt/IBM/Portal/WebSphere/AppServer/plugins
      cp -r profileTemplates/management.portal.augment /opt/IBM/Portal/WebSphere/AppServer/profileTemplates
      cp profiles/Dmgr01/config/.repository/metadata_wkplc.xml /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/config/.repository

  4. On dmgr host, augment dmgr profile.

    cd /opt/IBM/Portal/WebSphere/AppServer/bin
    ./manageprofiles.sh -augment \
          -templatePath /opt/IBM/Portal/WebSphere/AppServer/profileTemplates/management.portal.augment \
          -profileName Dmgr01

    Augmenting the dmgr profile...

    • Increases the HTTP connection timeouts for the DMGR server
    • Increases the SOAP connector timeout for JMX in the DMGR server
    • Increases the JVM Maximum Heap size for the DMGR server
    • Enable Application Security
    • Creates a 'wasadmins' group in the default file repository
    • Add the administrative user to the 'wasadmins' group.
    • Increases the soap timeout in soap.client.props.

  5. Start Dmgr

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

  6. Open dmgr console in browser. For example, PRD HA...

  7. To help prevent user ID conflicts when we add the federated LDAP later, go to...

      Security | Global Security | User Account Repository | Available realm definitions | Configure

    ..and in the 'Primary administrative user name' field, change value to the fully distinguished name of the user...

      uid=wasadmin,o=defaultWIMFileBasedRealm

  8. Click Apply, enter passwords in the next panel, then click OK and Save.

  9. Restart the deployment manager for the changes to take effect.


Federate primary node

  1. Ensure the time on the primary node is within 5 minutes of the time on the DMGR. Failure to do so will cause the addNode process to fail.

  2. Start the DMGR

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

  3. Stop WebSphere_Portal on the primary node...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -user wasadmin -password password

  4. Add the Portal node.

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./addNode.sh prd2dmgr.myco.com 8879 -username wasadmin -password mypassword -includeapps

    To get SOAP port, from dmgr console...

      System Administration | Deployment Manager | Ports

    If the addNode script fails for any reason, complete the following steps before running again:

    1. Remove the node from the DMGR cell in case AddNode successfully completed that step before failing.

    2. Login to the DMGR and do the following (these may not exist, depending on where the failure occurred):

      1. Remove all Enterprise applications
      2. Remove the WebSphere_Portal server definition
      3. Remove the JDBC Provider information for WebSphere_Portal

  5. Restart the deployment manager

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password mypassword
      ./startManager.sh

At this point, the WebSphere Portal server has been federated to the Deployment Manager. It is not yet in a cluster. It has also inherited the Deployment Manager's security configuration. Running Portal in a federated-only environment is not officially supported by IBM, so next we must build a cluster.


Create static cluster

  1. Log on to primary node and stop the WebSphere_Portal server

  2. Verify dmgr and node agent are running

      ./serverStatus.sh dmgr -user wasadmin -password password
      ./serverStatus.sh nodeagent -user wasadmin -password password

  3. Set environment-specific values in...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

  4. Verify database user IDs and passwords are set in...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbdomain.properties

  5. Update the deployment manager configuration for the new WebSphere Portal server

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh cluster-node-config-post-federation -DWasPassword=password

  6. Create the cluster definition and add the WebSphere_Portal server as a cluster member

      ./ConfigEngine.sh cluster-node-config-cluster-setup -DWasPassword=password

  7. Verify ports for new cluster member...

      Servers | Server Types | WebSphere Application Servers | new_cluster_member | Ports

    Note value WC_defaulthost which should be 10039.

  8. Make tarball backup


Install IHS

  1. Log on web server host(s)

    For example, for PRD HA...

    • webserver1
    • webserver2

  2. Install Installation Manager

      cd /media/installmgr
      ./installc -acceptLicense
      cd /opt/IBM/InstallationManager/eclipse

  3. Add IHS to repository

    1. Start Installation Manager in console mode...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

    2. Select...

        P. Preferences | 1. Repositories | D. Add Repository

    3. For repository location...

        /media/WAS855_supp/repository.config

    4. Save changes and exit...

        A. Apply changes | R. Return to main menu | X. Exit Installation Manager

    5. Confirm repository is available...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config
        com.ibm.websphere.APPCLIENT.v85_8.5.5000.20130514_1044
        com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044
        com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044
        com.ibm.websphere.PLUGCLIENT.v85_8.5.5000.20130514_1044
        com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044

  4. Install IHS
    ./imcl install com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044 \
          -repositories  /media/WAS855_supp/repository.config \
          -installationDirectory /opt/IBM/IHS \
          -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
          -log /tmp/imcl.log  \
          -acceptLicense \
          -properties user.ihs.httpPort=7001

  5. Edit...

      /opt/IBM/IHS/conf/admin.conf

    ...and set...

      Listen 8008
      User wasadmin
      Group staff
      ServerName myserver:8008

  6. Edit...

      /opt/IBM/IHS/conf/httpd.conf

    ...and for TST, PRD Primary, and PRD HA, set...

      Listen 7001
      ServerName myserver

    For Test, set....

      Listen 80
      ServerName myserver

    For all envs except DEV, we start IHS (apachectl start), as user wasadmin. For Test, we start IHS as user root, even though User in httpd.conf is wasadmin

  7. Verify IHS version info

      /opt/IBM/IHS/bin/versionInfo.sh

  8. Install plugins
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044 \
           -repositories  /media/WAS855_supp/repository.config \
           -installationDirectory /opt/IBM/Portal/Plugins \
           -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
           -log /tmp/imcl.log  \
           -acceptLicense

    To uninstall...

      imcl uninstallAll -installationDirectory /opt/IBM/IHS/Plugins

  9. Verify plugins version info

      /opt/IBM/Portal/Plugins/bin/versionInfo.sh

  10. Update both IHS and Plugin to v8.5.5.1

    1. Add the following to the Installation Manager repository

        /media/WAS855_supp_FP1/repository.config
        /media/WAS855_supp_WCT_FP1/repository.config

    2. Unselect...

        S. [ ] Search service repositories during installation and updates

    3. Start GUI Installation Manager

        cd /opt/IBM/InstallationManager/eclipse/
        ./IBMIM

    4. Select Update, select IBM HTTP Server v8.5, then execute upgrade.

    5. Do the same for Web Server Plug-ins for IBM WebSphere Application Server v8.5

  11. Start web and admin servers

      /opt/IBM/IHS/bin/apachectl start
      /opt/IBM/IHS/bin/adminctl start
      ps -ef | grep http

    We should see...

        root  9633990        1   0 09:14:09      -  0:00 /opt/IBM/IHS/bin/httpd -f /opt/IBM/IHS/conf/admin.conf
      nobody 10420432 17563778   0 09:12:37      -  0:00 /opt/IBM/IHS/bin/httpd -d /opt/IBM/IHS -k start wasadmin 13697222  9633990   0 09:14:09      -  0:00 /opt/IBM/IHS/bin/httpd -f /opt/IBM/IHS/conf/admin.conf
        root 14876862  9633990   0 09:14:09      -  0:00 /opt/IBM/IHS/bin/httpd -f /opt/IBM/IHS/conf/admin.conf
        root 17563778        1   0 09:12:36      -  0:00 /opt/IBM/IHS/bin/httpd -d /opt/IBM/IHS -k start   nobody 19398842 17563778   0 09:12:37      -  0:00 /opt/IBM/IHS/bin/httpd -d /opt/IBM/IHS -k start   nobody 21430478 17563778   0 09:12:37      -  0:00 /opt/IBM/IHS/bin/httpd -d /opt/IBM/IHS -k start


Configure web server plugin

  1. Get version ID of WebSphere Customization Toolbox (WCT)

      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config
      com.ibm.websphere.APPCLIENT.v85_8.5.5000.20130514_1044
      com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044
      com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044
      com.ibm.websphere.PLUGCLIENT.v85_8.5.5000.20130514_1044
      com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044

  2. Install WCT
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044 \
          -repositories  /media/WAS855_supp/repository.config \
          -installationDirectory /opt/IBM/Portal/Toolbox \
          -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
          -log /tmp/imcl.log  \
          -acceptLicense 

  3. Start web server and admin server

      cd /opt/IBM/IHS/bin
      ./apachectl start
      ./adminctl start

  4. Run the WCT GUI...

      cd /opt/IBM/Portal/Toolbox/WCT
      ./wct.sh

  5. Select and launch "Web Server Plug-ins Configuration Tool"

  6. Select "Add" to add a web server plug-ins location

  7. Add plug-in

      Name: Plugin01
      Location: /opt/IBM/Portal/Plugins

    Increment number based on node. For node2, name is Plugin02

  8. In the Web Server Plug-in Configurations panel, select "Create"

  9. Select IBM HTTP Server v8.5

  10. Select 64 bit architecture

  11. Specify httpd.conf location and port 7001.

  12. Set port, user ID, and password for IBM HTTP Server Administration

    Be sure to scroll down if we do not see password confirmation field.

  13. On the admistrator name and group panel, enter wasadmin and system.

  14. Enter a Web Server Definition name, for example, PRDweb1...

  15. Choose either local or remote install. If remote to a cluster, use host name of the dmgr.

    For remote install, use name of dmgr host, such as testdmgr.myco.com

  16. Review summary info then click Configure.

  17. We should get a success message

  18. Edit httpd.conf, and verify existence of plugin-in directives...

      LoadModule was_aPRD22_module /opt/IBM/Portal/Plugins/bin/64bits/mod_was_aPRD22_http.so
      WebSpherePluginConfig /opt/IBM/Portal/Plugins/config/webserver2/plugin-cfg.xml

  19. Copy web server definition script to target dmgr

      scp /opt/IBM/Portal/Plugins/bin/configurePRDweb1.sh wasadmin@prd2dmgr.myco.com:/tmp

  20. Log on to dmgr host and create web server definition...

      cd /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin
      cp /tmp/configurePRDweb1.sh .
      ./configurePRDweb1.sh -user wasadmin -password password

    Typical output...

    root@prd2dmgr /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin ->./configurePRDweb1.sh -user wasadmin -password Wps>
     Input parameters:
        Web server name             - PRDweb1
       Web server type             - IHS
       Web server install location - /opt/IBM/IHS
       Web server config location  - /opt/IBM/IHS/conf/httpd.conf
       Web server port             - 7001
       Map Applications            - MAP_ALL
       Plugin install location     - /opt/IBM/Portal/Plugins
       Web server node type        - unmanaged
       Web server node name        - ihsnode1
       Web server host name        - webserver1.myco.com
       Web server operating system - aix
       IHS Admin port              - 8008
       IHS Admin user ID           - wasadmin
       IHS Admin password          - foo**
       IHS service name            - ""

  21. Log on to dmgr console and verify web server definition was created.

  22. Synchronize nodes

  23. From dmgr console, generate plugin-cfg.xml files.

  24. Copy new plugin-cfg.xml files to respective web server hosts

      DMGR=/opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01
      scp $DMGR/config/cells/p1cell/nodes/ihsnode1/servers/PRDweb1/plugin-cfg.xml wasadmin@webserver1:/opt/IBM/Portal/Plugins/config/PRDweb1

  25. Restart IHS

      cd /opt/IBM/IHS/bin
      ./apachectl restart

  26. Verify the following host aliases are defined

      Virtual Hosts | default_host | Host Aliases

      Host Name Port
      * 9080
      * 80
      * 9443
      * 5060
      * 5061
      * 443
      * 10000
      * 10002
      * 10032
      * 10039
      * 10029
      * 6005


Set up web server ssl certificates

  1. Create self-signed key database and cert

    • Linux

        cd /IHS_HOME/bin
        
        ./gskcapicmd -keydb  \
                     -create  \
                     -db /usr/IBM/HTTPServer/ihsserverkey.kdb  \
                     -pw password  \
                     -type cms  \
                     -expire 1000  \
                     -stash
        
        ./gskcapicmd -cert  \
                     -create  \
                     -db /usr/IBM/HTTPServer/ihsserverkey.kdb  \
                     -pw password  \
                     -size 1024  \
                     -dn "CN=myhost,OU=IHS,ST=NJ,C=US"  \
                     -label HTTPCert  \
                     -default_cert yes  \
                     -expire 1000
        

    • Windows

        cd C:\IBM\HTTPServer\bin

        gskcapicmd -keydb -create -db C:\IBM\HTTPServer\key.kdb -pw mypassword -type cms -expire 1000 -stash

        gskcapicmd -cert -create -db C:\IBM\HTTPServer\key.kdb -pw mypassword -size 1024 -label HTTPCert -default_cert yes -expire 1000 -dn "CN=myco,dc=foo,dc=bar"

    • Edit...

        /IHS_HOME/conf/httpd.conf

      ...and set...

        LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
        Listen 0.0.0.0:443
        <IfModule mod_ibm_ssl.c>
        <VirtualHost *:443>
        ServerName me-portal2
        SSLEnable
        SSLServerCert HTTPCert
        SSLProtocolDisable SSLv3 SSLv2
        SSLClientAuth none
        <VirtualHost>
        <IfModule>
        SSLDisable
        KeyFile "c:\IBM/HTTPServer\key.kdb"
        SSLStashFile "C:\IBM\HTTPServer\key.sth"
        SSLClientAuth none
        SSLV2Timeout 100
        SSLV3Timeout 1000

    • Restart http server...

        /usr/IBM/HTTPServer/bin/apachectl restart

    • From browser, test secure connection...

        https://myhost


Configure portal to use LDAP

These tasks only need to be run on the primary node.

  1. Create tarball of portal and dmgr filesystems

  2. Add the wpsadmin user as an administrative user on WAS.

    From dmgr console, go select...

    On the Manage Users panel, create wpsadmin user. Click the Group Membership button and assign Administration user role to wpsadmins

  3. Enable distinguished name logins.

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=password

    This allows us to logon with the fully distinguished name...

      uid=wasadmin,o=defaultWIMFileBasedRealm

    We enable fully distinguished name logins because the short name of our administrator, wasadmin, is in both the file and LDAP registries, and a short name search would not resolve correctly.

  4. Optional. If file registry password for wasadmin or wpsadmin is different than LDAP pass, change passwords in file based registry to match LDAP versions

  5. Log on to primary node and copy the parent properties into place...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties
      cp /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/config/helpers/wp_add_federated_ids.properties .

  6. Edit wp_add_federated_ids.properties file and set properties.

    Here are settings for PRD HA...

      federated.ldap.id=MyCo_LDAP1
      federated.ldap.host=prdtds1.myco.com
      federated.ldap.port=389
      federated.ldap.bindDN=cn=root
      federated.ldap.bindPassword=password
      federated.ldap.ldapServerType=IDS
      federated.ldap.baseDN=dc=myco,dc=com
      federated.ldap.gc.name=ibm-allGroups

    Here is copy of Portal v7 PRD Primary wkplc.properties to use as template

    • prdtds1.myco.com 636 (PRD Primary)
    • prdtds2.myco.com 636 (PRD Primary)
    • prdtds1.myco.com 636 (PRD HA)
    • prdtds2.myco.com 636 (PRD HA)

    IBM Tivoli Directory Server supports the optional membership attribute...

    ...that offers a significant performance enhancement.

  7. Validate the properties:
    cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
    ./ConfigEngine.sh validate-federated-ldap  \
        -DparentProperties=/opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wp_add_federated_ids.properties  \
        -DSaveParentProperties=true  \
        -DWasPassword=password

    Running with -DSaveParentProperties=true adds the new wp_add_federated_ids.properties to wkplc.properties.

  8. Add the federated LDAP to the cluster security configuration:

      ./ConfigEngine.sh wp-create-ldap -DWasPassword=password

    The wp-create-ldap tasks adds the LDAP to the WAS security configuration. Does not remove the out-of-the-box file user registry. Both are in use.

    In the future, when we update LDAP properties, we run...

      ./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=password

  9. Enable distinguished logins again (for luck)

      ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=password

  10. Restart the dmgr, nodeagent, and WebSphere_Portal servers.

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      sleep 5
      ./startManager.sh

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal

  11. After restart, verify credentials are correct by logging on to WAS console and Portal.

    We will be unable to login to Portal using the short name. This will only be temporary and will be corrected at the end of these steps. To log on to console, use fully qualified id:

      uid=wasadmin,o=defaultWIMFileBasedRealm

    If logon fails, to revert...

    1. Turn off security...

        cd /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin
        ./wsadmin.sh -conntype NONE
        WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
        WASX7029I: For help, enter: "$Help help"
        wsadmin>securityoff
        LOCAL OS security is off now but restart server1 to make it affected.
        wsadmin>$AdminConfig save
        wsadmin>exit

      Another way to disable security is to edit...

        /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/config/cells/p1cell/security.xml

      ...and for element...

        <security:Security

      ...set attribute...

        enabled="false"

    2. Get the dmgr PID...

        ps -ef | grep dmgr

      ...and kill the dmgr process...

        kill PID

      Give it a minutes to finish. If regular kill does not work, run the sure kill...

        kill -9 PID

    3. Log on to the portal nodes, get the nodeagent and WebSphere_Portal processes...

        ps -ef | grep WebSphere_Portal
        ps -ef | grep nodeagent

      ...then kill those...

        kill PID

    4. Synchronize nodes...

        ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password password

      ...then restart

    5. Run startManager.sh

    6. Log on to dmgr console and go to...

        Security | Global security | Federated repositories | Manage repositories

    7. We can either try to fix the problem, or we can remove the LDAP realm

    8. Restart portal processes

  12. Verify all defined attributes are available in the newly added ldap:

      ./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=foo

  13. Reassign the WAS Administrator ID from the file registry to a user in the LDAP:
    ./ConfigEngine.sh wp-change-was-admin-user \
        -DWasPassword=password \
        -DnewAdminId=uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com \
        -DnewAdminPw=password

    For newAdminPw, use the password assigned to this user in the LDAP.

  14. Restart the dmgr, nodeagent and WebSphere_Portal servers...

      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password

      ### On Dmgr
      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
      sleep 5
      ./startManager.sh

      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal

    Because we ran wp-modify-realm-enable-dn-login earlier, we use the fully distinguished name of the original file registry WAS admin user. The new LDAP-based WAS admin user will take effect after the servers have been restarted.

  15. Log on to Dmgr console and verify new credentials are working...

      User ID: uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com
      Password: password

  16. In wkplc.properties, if value for WasPassword= was removed, re-add using our new password.

  17. Reassign the WebSphere Portal Administrator ID and Group ID to a user and group within the LDAP:
    ./ConfigEngine.sh wp-change-portal-admin-user \
        -DWasPassword=password \
        -DnewAdminId=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com \
        -DnewAdminPw=password \
        -DnewAdminGroupId=cn=wpsadmins,cn=groups,ou=admins,dc=myco,dc=com

    For newAdminPw, use the password assigned to this user in the LDAP.

    This task updates PortalAdminId in wkplc.properties to reflect the ID value specified for 'newAdminId' and the PortalAdminGroupId value will be automatically updated to reflect the 'newAdminGroupId'.

  18. Review wkplc.properties and verify that PortalAdminPwd is set to foo**

  19. Restart the Deployment Manager, nodeagent, and WebSphere_Portal server on the primary node

    ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./stopServer.sh WebSphere_Portal  \
                    -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                    -password password  
    ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  -password password  
    ### On Dmgr
    cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
    ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                     -password password 
    ./startManager.sh
     ### On Portal primary node
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./startNode.sh
    ./startServer.sh WebSphere_Portal

  20. List the current user repositories:

      ./ConfigEngine.sh wp-query-repository -DWasPassword=password

    For example, here is LDAP for STG...

    cell="p1cellD"
    engineinstalllocation="/opt/IBM/Portal/WAS1/wp_profile/ConfigEngine"
    enginerootdir="/opt/IBM/Portal/WAS1/ConfigEngine"
    pathseparator=":"
    osarch="ppc64"
     Existing Federated Repositories
    Repository Name : {BasicInformation} : {Details}
    ***************************************
    MyCo_LDAP1 :  {repositoryType=LDAP, specificRepositoryType=IDS, host=devtds.myco.com},        
          ldapServerType=IDS,
          supportTransactions=false,
          supportExternalName=false,
          supportChangeLog=native,
          searchTimeLimit=120000,
          certificateMapMode=EXACT_DN,
          sslConfiguration=,
          translateRDN=false,
          certificateFilter=,
          supportAsyncMode=false,
          adapterClassName=com.ibm.ws.wim.adapter.ldap.LdapAdapter,
          searchCountLimit=500,
          primaryServerQueryTimeInterval=15,
          supportSorting=false,
          returnToPrimaryServer=true,
          supportPaging=false,
          id=MyCo_LDAP1,
          loginProperties=[uid, mail],
    )

  21. Set entity types.

    Edit wkplc.properties and set...

      personAccountParent=cn=users,ou=admins,dc=myco,dc=com
      groupParent=cn=groups,ou=admins,dc=myco,dc=com
      personAccountRdnProperties=uid
      groupRdnProperties=cn

    ...then run...

      ./ConfigEngine.sh wp-set-entitytypes -DWasPassword=password

  22. Remove the default file user registry.

    Option for lower-level envs. Required for production environments.

    In wkplc.properties set...

      federated.delete.baseentry=o=defaultWIMFileBasedRealm
      federated.delete.id=InternalFileRepository

    ...then run...

      ./ConfigEngine.sh wp-delete-repository -DWasPassword=password

  23. Disable fully distinguished name logins and re-enable short name logins...

      ./ConfigEngine.sh wp-modify-realm-disable-dn-login -DWasPassword=password

  24. Stop the dmgr, nodeagent, and WebSphere_Portal...

    ### On Portal primary node 
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./stopServer.sh WebSphere_Portal  \
                   -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                   -password password  
    ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                  -password password  ### On Dmgr
    cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
    ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
       -password password ./startManager.sh
     ### On Portal primary node 
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./startNode.sh
    ./startServer.sh WebSphere_Portal

  25. Verify we can log on to dmgr and portal using

    • Login: wasadmin
    • Password: password

  26. Stop processes and make backup

    ### On Portal primary node 
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./stopServer.sh WebSphere_Portal  \
                    -username wasadmin \
                    -password password  
    ./stopNode.sh -username wasadmin -password password  
    ### On Dmgr
    cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
    ./stopManager.sh -username wasadmin -password password 
    ./startManager.sh
     ### On Portal primary node 
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./startNode.sh
    ./startServer.sh WebSphere_Portal

  27. Optional. Change poolTimeOut from 0 to 180 in...

      /opt/IBM/Portal/WAS1/wp_profile/config/cells/p1cell/wim/config/wimconfig.xml
      /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/config/cells/p1cell/wim/config/wimconfig.xml


Add ha servers for LDAP

To manually add ha LDAP servers, from WAS Admin Console go to...

...and add additional LDAP server names and ports. For example, for PRD HA

At this point, we have completed building a single node cluster using a remote database and federated LDAP server.

If we see blank entries, or have users who can no longer view resources to which they previously had access, we may need to...

  1. On secondary nodes, update wkplc.properties with latest values

  2. Run update-jcr-admin on secondary nodes.

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh update-jcr-admin

See Fix Portal Access Control settings if user/group external identifiers have changed.


Set wasadmins permissions

  1. Log into the ISC and go to Users and Groups
  2. Pick Administrative group Role
  3. Add a group and search for wasadmins
  4. Select all the roles
  5. And then save.


Set ibm-allGroups

If we did not set up ibm-allGroups membership attribute when configuring LDAP, we can do it after the fact by logging on to the console and going to...

Verify that...

...has uniqueMember set...


Enable SSL for LDAP

  1. Add LDAP signer certificate to the WAS installation

    1. Select...

        Security | SSL certificate and key management | SSL configurations | CellDefaultSSLSettings | Key stores and certificates | CellDefaultTrustStore | Signer certificates | Retrieve from port

    2. Set LDAP host name, SSL port (default 636), and alias of your choice

    3. Click "Retrieve signer information".

      This should pull the certificate directly from the LDAP server.

    4. Save the changes to the master configuration.

    5. Restart dmgr

    6. On primary node, perform syncNode...

      ./syncNode.sh prd2dmgr.myco.com 9879  \
                    -user wasadmin \
                    -password password

    7. Restart WebSphere_Portal and node agent

  2. Update wkplc.properties and add...

      federated.ldap.sslEnabled=true
      federated.ldap.sslConfiguration=CellDefaultSSLSettings

  3. Update federated repository

      ./ConfigEngine.sh wp-update-ldap -DWasPassword=password


Configure default realm

We add base entries using portal tools. We could also have them manually through dmgr console.

  1. Edit wkplc.properties and set...

    ...then execute...

      ./ConfigEngine.sh wp-create-base-entry

  2. Set

    ...then execute...

      ./ConfigEngine.sh wp-create-base-entry

  3. Remove original (full repository) Base Entry

    ...then execute...

      ./ConfigEngine.sh wp-delete-base-entry

  4. Synchronize nodes and restart Cluster


Configure myAdminRealm

  1. Log on to primary node

  2. Edit wkplc.properties and set...

    Create myAdminRealm

      ./ConfigEngine.sh wp-create-realm
      [wplc-create-realm] Realm myAdminRealm was created successfully.
      [wplc-create-realm] Status = Complete  action-post-config:
      Tue Jan 28 15:56:38 CST 2014
       BUIUD SUCCESSFUL
      Total time: 10 seconds

    We run this on primary node only

  3. Add base entry to myAdminRealm

    Edit wkplc.properties, and set...

    ...then execute...

      ./ConfigEngine.sh wp-add-realm-baseentry
      [wplc-add-realm-baseentry] Create base entry result: [CWWIM5028I  The configuration 
      is saved in a temporary workspace.  [wplc-add-realm-baseentry] 
      Base entry ou=STG,ou=stageusers,dc=myco,dc=com was added successfully.
      [wplc-add-realm-baseentry] Status = Complete  action-post-config:
      Tue Jan 28 16:15:30 CST 2014
       BUIUD SUCCESSFUL
      Total time: 11 seconds

  4. Stop WebSphere_Portal, nodeagent, run syncNode, then restart


Shared Libraries

  1. Copy deployment.tar.gz to each target portal node...

      scp deployment.tar.gz wasadmin@targethost:/tmp

  2. Log on to each portal node and unarchive deployment.tar.gz...

      cd /tmp
      gunzip deployment.tar.gz
      tar xvf deployment.tar

  3. Copy library files to portal file system...

      cp -r deployment/myco_*_lib /opt/IBM/Portal/WAS1/wp_profile

  4. In Dmgr console, create shared library resources

      Environment | Shared Libraries

    Cluster scope

    Name Description Classpath
    PortletLib Portlet shared classes ${USER_INSTALL_ROOT}/myco_portlet_lib
    ServerLib Cluster Level Shared Library for Server loaded class paths ${USER_INSTALL_ROOT}/myco_server_lib
    ServicesLib Services classes to map to Application class paths ${USER_INSTALL_ROOT}/myco_services_lib

  5. In Dmgr console, map ServerLib to Server Classloader

  6. Synchronize nodes

  7. Restart portal servers

  8. Monitor portal logs...

      /opt/IBM/Portal/WAS1/wp_profile/logs/WebSphere_Portal/SystemOut.log


Web container updates

For ALL Portal appservers, go to...

...and add...


Mail session

Go to...

...and add...

Name Prodline2 Mail Session
JNDI Name mail/Prodline2Session
Server smtp.myco.com


Configure object cache instances

Go to...

...and on cluster scope, create...

Name JNDI name Cache size
Catalog_User_Cache services/cache/Catalog/usercache 2000
WEB_EN_Scripts_Cache services/cache/Catalog/WEB/EN/scripts_cache 5000
WEB_ES_Scripts_Cache services/cache/Catalog/WEB/ES/scripts_cache 5000

Use defaults for other values.


Configure Object Pools


Global security updates

Add "mail" as login property

...and set...


Disallow direct servlet access

By default, users can access servlets by their class name instead of an alias. For example, to call the servlet defined in the com.ibm.itso.MyServlet, specify a URI, such as...

We want to disable this feature. Even if servlet URLs are secured, a malicious attacker might be able to bypass the normal URL-based security.

To disallow direct access to servlets, go to...

...and set to true...

Name Default
com.ibm.ws.webcontainer.disallowserveservletsbyclassname false


Web Services

  1. Log on to dmgr console and go to...

      Services | Policy sets | Application policy sets | New

  2. For name, enter...

      MyCo SOAP Services Policy

    ...for the name and click Apply

  3. Click Add and select HTTP Transport

  4. Set the connection timeout to 30 seconds.

  5. Accept the default values for all other properties and click OK

  6. Click Add and select WS-Security

  7. Click Save

  8. Expand...

  9. Specify MyCo SOAP Binding as the name

  10. Click Add and select HTTP transport

  11. Enter the following values and click OK

    • DEV

      Host devesbgateway.myco.com
      Port 80

    • STG

      Host stage-soa3.myco.com
      Port 9001

    • TST

      Host tstesbgateway.myco.com
      Port 80

    • PRD HA

      Host esbgateway.myco.com
      Port 80

    • PRD HA

      Host haesbgateway.myco.com
      Port 80

    Username and password for all of the above...

    User name weblogic
    Password password

  12. Verify connectivity to gateway. For example...

      $ telnet esbgateway.myco.com 80
      Trying 10.11.11.24...
      Connected to esbgateway.myco.com.
      Escape character is '^]'.

  13. Click Add then select WS-Security

      WS-Security | Authentication and protection | Authentication tokens | New Token | Token Generator

  14. Enter the following properties...

    Name UsernameToken1
    Token type Username Token v1.0

  15. Accept all other default values and click Apply

  16. Click the Callback handler link and enter...

    User name weblogic
    Password password

  17. From dmgr console, go to...

      Application policy sets | MyCo SOAP Services Policy | WS-Security | Main policy | Request token policies

    ...and add

    Token type UserName
    Username token name auth_token
    WS-Security version WS-Security 1.0

    Select OK and then Save

  18. Go to...

      Application policy sets | MyCo SOAP Services Policy | WS-Security | Main Policy

    ...and deselect the Message level protection.

    Select OK and SAVE

  19. Synchronize nodes, then restart dmgr and portal appservers.

  20. Install MyCoServices.ear file

    Note that this file needs to be customized for each environment.

    1. Log on to dmgr console and run...

        Applications | New Application | New Enterprise Application | Local file system | Choose File | MyCoServices.ear | Detailed | Show all installation options | Next

    2. Accept defaults for...

        Select installation options

    3. Accept defaults for...

        Map modules to servers

    4. On panel...

        Map shared libraries

      1. Select the checkbox next to MyCoServicesEAR

      2. Click button...

          Reference shared libraries

      3. Scroll down to MyCoServicesLib, select, then move to Selected column

    5. On the panel...

        Provide JNDI names for beans

      ...for each bean, set target resource JNDI name to...

        ejb/BeanName

      For example, for myCustomService, the name should be...

        ejb/myCustomService

    6. Accept the default values for the rest of the panels, then click Finish.

  21. Select...

      Applications | Application Types | WebSphere Enterprise Applications | MyCoServicesEAR | Service client policy sets and bindings

  22. Select all checkboxes, then click...

      Attach Client Policy Set | MyCo SOAP Services Policy

  23. Select all checkboxes, then click...

      Assign Binding | MyCo SOAP Binding

  24. Click Save

  25. Restart the application


Web Content View preferences

Define portlet preferences defined in the WCM Viewer portlet.

  1. Log in to the WebSphere Portal server

      http://myenv.myco.com:10039/wps/config

    ...and go to...

      Administration | Portlet Management | Portlets

  2. Search for "web content viewer" and then click the Configure portlet icon

  3. The Configure portlet panel appears...

  4. Set the following preferences...

    meta.tag.content.element.6 meta.og.description
    meta.tag.content.element.9 meta.og.image
    meta.tag.content.text.2 Prodline2
    meta.tag.content.text.3 INDEX,FOLLOW
    meta.tag.content.text.7 Prodline2
    meta.tag.name.0 title
    meta.tag.name.1 description
    meta.tag.name.2 author
    meta.tag.name.3 robots
    meta.tag.name.4 keywords
    meta.tag.name.5 og:title
    meta.tag.name.6 og:description
    meta.tag.name.7 og:site_name
    meta.tag.name.9 og:image


Expression Language

Apply EL string checking bypass

  1. Go to...

      Servers | Server Types | WebSphere Application Servers | server-name | Java and Process Management | Process Definition | Java Virtual Machine | Custom Properties.

  2. Create a new custom property definition by clicking New and setting...

      org.apache.el.parser.SKIP_IDENTIFIER_CHECK true

    The absence of the custom property definition is the same as setting Value to false.)

  3. Click OK.

  4. Save changes and synchronized with cell nodes

  5. Restart appservers


Deploy war

Execute these tasks from primary node only.

  1. Upload deployment.tar.gz to the target primary node.

  2. Log on to primary node and unarchive files

      cd /tmp
      gunzip deployment.tar.gz
      tar xvf deployment.tar

  3. Deploy MyCo portlets...
    cd /opt/IBM/Portal/WAS1/PortalServer/bin
    ./xmlaccess.sh -in /tmp/deployment/portlets/DeployMyCoPortlets.xml \
     -user wasadmin  \
     -password  mypassword \
     -url http://prdhost1.myco.com:10039/wps/config \
     -out /tmp/deployment/portlets/DeployMyCoPortlets_out.xml

  4. Log on to Portal Administration and verify roles "All Authenticated Portal Users" and "Anonymous Portal User" are assigned to MyCo portlets.


Map Portlets to Shared Libraries

Log on to deployment manager host and run...

Restart portal processes after executing this script.

Verify the following have property library mappings and portal security...

For example...


Resource Environment Providers

Go to...

...and add custom properties. Cluster scope. Use source environment as a reference for resource environment entries and corresponding custom properties

Restart WebSphere processes after setting these values.


Configure PRD Theme

  1. Configure resource providers before installing theme

  2. Install PRD theme war.

    We can also export theme as EAR, and then install EAR in new environment.

    1. From dmgr console, select...

        New Enterprise Application | Path to the new application | Local File System | ModularTheme.war

    2. On panel Select installation options set name to ModularTheme

    3. On panel Map modules to servers select both cluster and web server

    4. On panel JSP reloading options for Web modules keep defaults.

    5. On panel Map shared libraries keep defaults.

    6. On panel Map shared library relationships keep defaults.

    7. On panel Map virtual hosts for Web modules keep defaults.

    8. On panel Map context roots for Web modules set...

        /wps/ModularTheme

    9. On panel Map JASPI provider keep defaults.

    10. On panel Display module build Ids keep defaults.

    11. Review summary info, then select Finish

    12. Synchronize nodes...

  3. Import theme data to WebDAV folders
      
    cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
    ./ConfigEngine.sh webdav-deploy-zip-file \
        -DTargetURI=dav:fs-type1/themes/CatalogTheme/ \
        -DZipFilePath=/tmp/deployment/themes/ModularTheme-bin.zip \
        -DUpdateMode=merge 

  4. Migrate theme

    Note we are getting theme from a Portal v7 environment, and then importing into a Portal v8 environment.

    1. Export theme xml from source portal...
      cd /opt/IBM/Portal/WAS1/PortalServer/bin
      ./xmlaccess.sh -in /tmp/deployment/themes/ExportThemesAndSkins.xml  \
       -user wasadmin  \
       -password foo \
       -url http://pwps1.myco.com:10039/wps/config \
       -out /tmp/deployment/themes/theme_output.xml

    2. Copy output file to:

        target_host:/home/wasadmin/deployment/themes

    3. Edit output file and remove references to unwanted skins and themes.

    4. Change...

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="PortalConfig_7.0.0.xsd"

      ...to...

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="PortalConfig_8.0.0.xsd"

    5. Import theme to target Portal v8 dmgr
      cd /opt/IBM/Portal/WAS1/PortalServer/bin
       ./xmlaccess.sh -in /tmp/deployment/themes/theme_output.xml  \
        -user wasadmin  \
        -password mypassword \
        -url http://prdhost1.myco.com:10039/wps/config \
        -out /tmp/deployment/themes/import_theme_log.xml

  5. From dmgr console, go to...

      Enterprise Applications | ModularTheme | Class loading and update detection

    ...and verify Class loader order is set to...

      Classes loaded with parent class loader first

  6. Go to the Enterprise Applications panel, then select and start the ModularTheme...

  7. Go to the Portal administration page...

      http://test.myco.com/wps/myportal/Administration

    ...and select...

      Portal User Interface | Themes and Skins | MyTheme | Edit theme

    Change the default skin from the 7.0.0.2 noSkin to Portal 8.0 noSkin.

  8. Fix hard-coded reference to 7002theme

  9. Restart portal appserver


Install global filters

Use WAS console to install MyCoGlobalFilters-1.0.war

Map module to cluster only.

Context root: /globalportalfilters


Install Tealeaf processor

Use WAS console to install MyCoTealeafProcessor.war

Context root: /tealeaf

Map to cluster and web server


Customize IHS config

  1. From WebSphere Console, go to the Web servers panel, and regenerate plugin-xml files.

  2. Copy new plugin-cfg.xml files to the web server hosts.

    Firewall rules prevent us from propagating, or using scp, to copy regenerated plugin-cfg.xml files to their respective web servers. To accomplish, we perform the task below.

    1. On dmgr host, copy new plugin-xml files to /tmp and set perms...

        cp $DMGR_PROFILE/config/cells/p1cell/nodes/ihsnode1/servers/webserver1/plugin-cfg.xml /tmp/plugin-cfg1.xml
        cp $DMGR_PROFILE/config/cells/p1cell/nodes/ihsnode2/servers/webserver2/plugin-cfg.xml /tmp/plugin-cfg2.xml
        chmod 666 /tmp/plugin-cfg1.xml
        chmod 666 /tmp/plugin-cfg2.xml

    2. Download files to your client PC...

        scp user1@prd2dmgr.myco.com:/tmp/plugin-cfg1.xml plugin-cfg1.xml
        scp user1@prd2dmgr.myco.com:/tmp/plugin-cfg2.xml plugin2-cfg.xml

    3. Copy files up to web servers...

        scp plugin-cfg1.xml user1@webserver1.myco.com:/tmp/plugin-cfg.xml
        scp plugin-cfg2.xml user1@webserver2.myco.com:/tmp/plugin-cfg.xml

      From webserver1 host, change perms and copy into place...

        chmod 666 /tmp/plugin-cfg.xml
        cd /opt/IBM/Portal/Plugins/config/webserver1
        cp /tmp/plugin-cfg.xml .

      From webserver2 host, change perms and copy into place...

        chmod 666 /tmp/plugin-cfg.xml
        cd /opt/IBM/Portal/Plugins/config/webserver2
        cp /tmp/plugin-cfg.xml .

  3. On web server hosts, modify httpd.conf to include MyCo directives.


Create PRD Virtual Portal

  1. Go to...

    ...and create...

    Virtual portal title Prodline1_Virtual_Portal
    URL Context prd-vp
    Virtual portal hostname myhost.myco.com
    User realm myAdminRealm
    Initial admin user group wpsadmins

  2. Enter the virtual portal by clicking the URL Context link

    If VIP, DNS, DataPower, or IHS are not configured for routing success, to access the new virtual portal via the hostname, set up an alias on your client PC. Edit...

      c:/windows/system32/drivers/etc/hosts

    ...and set hostname to...

      10.22.40.111 portal_primary_node

    For example, for PRD...

      10.22.40.111 prod.myco.com

    We should now be able to get to the virtual portal by going to the Manage Virtual Portals page and clicking on the hostname for the virtual portal.

  3. From the virtual portal, set Administration label name...

      Administration | Portal Settings | URL Mapping | New Context | Administration | OK

    Click the Edit Mapping icon map label and map to the Administration page.

    Note that if we are unable to get to the virtual portal administration page to set up the friendly URL, we can copy and paste the URL from another site. For example, the following URL takes us to the TST Administration page...

      http://test.myco.com/wps/myportal/!ut/p/a1/04_Sj9CPykssy0xPLM!/

    Use the part of the link after myportal/


Syndication

To set up a syndication relationship...

  1. Install multilingual

    Do this before BEFORE syndicating or importing WCM libraries.

  2. Ensure both the subscriber and syndicator are running, and they can access each other over a network. For example...

      telnet test.myco.com 10039

  3. On the subscriber server, log in to IBM WebSphere Portal.

  4. Create a shared credential vault slot to allow us to access the syndicator

    ID and password should be a valid ID and password for accessing the syndicator portal. For example: wasadmin / foo

  5. Go to...

      Administration | Portal Content | Subscribers | Subscribe Now

  6. Enter the syndicator URL. For example...

      http://test.myco.com:10039/wps/wcm

  7. Set the syndicator name.

  8. Set the subscriber.

  9. Select the credential vault slot created earlier.

  10. Click Next

  11. Select the libraries to subscribe to. For example...

    For PRD, select...

    • Prodline1 Design
    • Prodline1 EN
    • Prodline1 ES
    • Prodline2 Design
    • Prodline2
    • Prodline2 ES
    • ImageRendering
    • Units
    • ML_Configuration7

  12. Click Finish.

  13. To begin syndication, click either Update Subscriber or Rebuild Subscriber button.

During the syndication we will see a Status of Active along with Last Update

Avoid stopping the Portal server while the syndication is running. Wait for Complete status. Clicking on Last Update will render a progressa.

Monitor Portal JVM logs on both syndicator and subscriber...

To add additional WCM libraries after creating the syndication relationship, go to the syndication portal and click the Edit icon...

See also: Syndication


Export/Import WCM libs

Note that this step is an alternative to syndication.

With this step we export the contents of a web content library in source portal, and import this data into target web content server. This procedure is only suitable for populating new items. For ongoing updates, deletes and moves, we will use syndication.

Note: If we have not yet run the multilingual deploy tasks, do NOT copy over any multilingual-related libraries. Run the mls deploy tasks first.

  1. Install multilingual

    This must be done before BEFORE importing WCM libs

  2. From source portal server, as user wasadmin, export all WCM libraries...

    cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
    ./ConfigEngine.sh export-wcm-data \
        -Dexport.allLibraries=true  \
        -DWasPassword=password \
        -DPortalAdminPwd=password

    Note we can optionally specify a virtual portal: -DVirtualPortalHostName

    We can tail logs during export...

      tail -f /opt/IBM/Portal/WAS1/wp_profile/logs/WebSphere_Portal/SystemOut.log

  3. On target host, as user wasadmin, create import directory...

      mkdir /opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/import

  4. Copy output file to target portal server

      cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/export
      scp -r dirname wasadmin@remotehost:/opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/import

  5. Increase total transaction lifetime timeout and maximum transaction timeout to 360 seconds in...

      Servers | Server Types | WebSphere appservers | portal_server | Container Services | Transaction Service

  6. Log on to target portal server and import WCM libraries...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh import-wcm-data -DWasPassword=password -DPortalAdminPwd=password


Set permissions for web content

  1. Log on to the portal and go to...

      Administration | Portal Content | Web Content Libraries | Set Access on Root

  2. Edit the User role

  3. Add members "All Authenticated Portal Users" and "Anonymous Portal User" to User role.


Export/Import pages

For this step we export pages from source portal A, and then import those pages to target portal B. For the export to work, enable support for JavaScript and disable pop-up blocking in the browser settings. I have had success using out-of-the box Firefox as the browser.

  1. Backup target portal

  2. Log on to source virtual portal administration page as user wasadmin.

    For example...

  3. Click the "Administration" link on the bottom left of the page.

  4. Go to...

      Administration | Manage Pages | Content Root

    ...and click the Export button for the Welcome to Prodline1 page...

    Output is written by default to pageExport.xml.

  5. If we are migrating v7 pages to a v8 portal...

    1. Review pageExport.xml, and verify object IDs for noskin and theme match those in the theme import file.

    2. Review custom portlets in pageExport.xml, and compare their object IDs to those found in...

        Portal | Administration | Portal Settings | Custom Unique Names | Portlets

    3. Edit pageExport.xml

      1. Remove references to the following skins and themes. For example...

        <skin action="locate" 
               domain="rel" 
               objectid="ZK_CGAH47L008LG50IAHUR9Q330S4" 
               uniquename="ibm.portal.skin.IBM"/>
        <skin action="locate" 
               domain="rel" 
               objectid="ZK_CGAH47L008LG50IAHUR9Q330S2" 
               uniquename="wps.skin.thinSkin"/>
        <skin action="locate" 
               domain="rel" 
               objectid="ZK_CGAH47L008LG50IAHUR9Q330S6" 
               uniquename="wps.skin.noSkin"/>
        <skin action="locate" domain="rel" objectid="ZK_B8LUIVAH2REB10IL4GGE622OE6"/>
        <theme action="locate" 
               domain="rel" 
               objectid="ZJ_D0JM3QAH2B7H30IJRMH0GP3007" 
               uniquename="com.myco.portal.P2_BlankTheme"/>

      2. Change references to cloned Web Content Viewers...

          Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O4
          Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O6

        ...to original Web Content Viewer...

          portlet Z3_CGAH47L00OJ790IAH1AFAN1G56 name=Web Content Viewer (JSR 286)

      3. Remove the following undefined skin component

        <component action="update" active="true" deletable="undefined" domain="rel" modifiable="true" objectid="Z7_D0JM3QAH2RH750IPHCSG7N0OF3" ordinal="3400" orientation="H" skinref="undefined" type="container" width="undefined">

  6. From target virtual portal, go to...

      Administration | Import XML

    ...and select the virtual portal export file created earlier.

  7. Import the pages.


Example: Security Configuration

The following is an example security configuration. Your steps and values will differ.

See also: Secure WebSphere Portal v8.5

LDAP Custom Attribute Configuration

Configuration supports the "mycoPerson" custom class and "contObjid" custom attribute.

  1. Log on to primary node and Install WIMSYSTEM application...

    • TST and PRD

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh wp-la-install-ear -DServerName=dmgr -DNodeName=P1Node01

    • PRD

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh wp-la-install-ear -DServerName=dmgr -DNodeName=DmgrNode

    To get dmgr node name, go to...

      System Administration | Deployment manager | Runtime

    In the WAS console, target host and node should be the deployment manager

  2. Restart dmgr, appserver, and node agent

  3. Update wkplc.properties for custom attribute.

    • PRD HA

        la.providerURL=corbaloc:iiop:prd2dmgr:10809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    • PRD Primary

        la.providerURL=corbaloc:iiop:prddmgr:10809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    • TST

        la.providerURL=corbaloc:iiop:testdmgr:10809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    • PRD

        la.providerURL=corbaloc:iiop:stage:9809
        la.propertyName=contObjid
        la.entityTypes=PersonAccount
        la.dataType=P1RING
        la.multiValued=false
        repositoryId=

    la.providerURL uses the Bootstrap Address port of the dmgr...

      System administration | Deployment manager | Ports

  4. Add attribute:

      ./ConfigEngine.sh wp-add-property

      ** Note this will prompt for credentials

  5. Update wkplc.properties for attribute mapping:

      user.attributes.required=sn,ibm-primaryEmail
      federated.ldap.attributes.mapping.ldapName=contObjid,mail,userPassword
      federated.ldap.attributes.mapping.portalName=contObjid,ibm-primaryEmail,password
      ...
      federated.ldap.attributes.mapping.entityTypes=PersonAccount

  6. Map new attributes:

      ./ConfigEngine.sh wp-update-federated-ldap-attribute-config

  7. Restart

  8. On secondary nodes...

    1. On secondary nodes, update wkplc.properties with latest values

    2. Run update-jcr-admin on secondary nodes.

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh update-jcr-admin

  9. Update wkplc.properties for custom person class:

      federated.ldap.et.personaccount.objectClasses=inetOrgPerson;Person;mycoPerson
      federated.ldap.et.personaccount.objectClassesForCreate=inetOrgPerson;mycoPerson
      federated.ldap.loginProperties=uid;mail

  10. Update the objectClasses

      ./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=mypassword

  11. Update wkplc.properties for the following values:

  12. Delete PersonAccount entity type

      ./ConfigEngine.sh wp-delete-ldap-entitytype

  13. Recreate PersonAccount entity type

      ./ConfigEngine.sh wp-create-ldap-entitytype

  14. Restart

  15. On secondary nodes...

    1. On secondary nodes, update wkplc.properties with latest values

    2. Run update-jcr-admin on secondary nodes.

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh update-jcr-admin


Multilingual system

Important: Do not syndicate or import any WCM libraries before configuring MLS. Configure MLS first.

To enable multilingual, on each portal node in the cluster, run...

  1. Set WasPassword and PortalAdminPwd in wkplc.properties

  2. Run...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh register-wcm-mls
      ./ConfigEngine.sh deploy-wcm-mls
      ./ConfigEngine.sh import-wcm-mls-data -DVirtualPortalContext=prd-vp

  3. To have the home page render in Espanol, log on to the virtual portal, then select...

      Administration | Manage Pages | Content Root | Welcome to Prodline1 | Edit Page Layout | Web Content Viewer portlet | Edit Shared Settings | Advanced Options | Plug-ins | Context Processors | com.ibm.workplace.wcm.ml.contextprocessor.MLContextProcessor

  4. Click OK and restart portal cluster.

    See: Multilingual deployment, installation, and configuration



Appendix


Test env


Production env

Note there are two production instances. One in PRD Primary data center, and one in PRD HA data center. Both share the same topology.


Appendix - Databases

Env Host Port User Pass DBs
DEV devdb2 60004 db2admin foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
STG stgdb2 60004 db2adm2 foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
TST tstdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD Primary Prodline1 prddb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD Primary Prodline2 prd2db1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD HA Prodline1 prdaltdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
PRD HA Prodline2 prd2altdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB

Version: DB2 v9.7 FP 6.

DB backups to...


Verify password aging is disabled for DB2 service accounts

Verify db2adm1 and db2adm2 passwords are non-expiring, with password aging disabled. If passwords expire, portal instances will not start.


Change dmgr cellname to p1cell

To change a dmgr cell name...

  1. Stop the Deployment Manager:

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password foo

    Start the WSADMIN environment...

      ./wsadmin.sh -conntype NONE -lang jython

  2. From the WSADMIN prompt run...

      AdminTask.renameCell('[-newCellName p1cell -regenCerts false]')
      AdminConfig.save()
      exit

  3. Edit setupCmdLine.sh script and update the WAS_CELL parameter.

  4. Start the Deployment Manager and check the SystemOut.log file for any errors.


Restart WebSphere_Portal, nodeagent, and sync

DEV and PRD restart...

TST restart

  1. On primary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password foo
      ./stopNode.sh -username wasadmin -password foo

  2. On secondary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal_P1Node02 -username wasadmin -password foo
      ./stopNode.sh -username wasadmin -password foo

  3. On Dmgr

      cd /opt/IBM/Portal/WAS1/AppServer/bin
      ./stopManager.sh -username wasadmin -password foo
      ./startManager.sh

  4. On primary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password foo
      ./startNode.sh
      ./startServer.sh WebSphere_Portal

  5. On secondary node

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password foo
      ./startNode.sh
      ./startServer.sh WebSphere_Portal_P1Node02


Configure DB2 for large files in WCM

This is optional and is not currently configured in any MyCo environments

For WCM, we update the database configuration to support large files...


Team


Web server authentication

This is not part of portal install. This is to add a documentation site to web server, and to add authentication to the site.

  1. Log on to server hosting IHS, and sudo to root

  2. Edit...

    ..and add stanza...

      <Directory /opt/IBM/IHS/htdocs/install>
          AuthType Basic
          AuthName "Portal v8 install documentation"
          AuthUserFile "/opt/IBM/IHS/htdocs/install/auth"
          Require valid-user
          Order allow,deny
          Allow from all </Directory>

  3. Create password file and add wasadmin user

      cd /opt/IBM/IHS/htdocs/install
      ../../bin/htpasswd -c /opt/IBM/IHS/htdocs/install/auth wasadmin

    To add user to existing password file...

      ../../bin/htpasswd /opt/IBM/IHS/htdocs/install/auth username

  4. Make password file readable by httpd daemon

      chmod 666 /opt/IBM/IHS/htdocs/install/auth

  5. Restart web server...

      /opt/IBM/IHS/bin/apachectl restart


Script to install Portal FP1

### installFP1.sh
###
### Update Portal v8 with FP1. Before running, in wkplc.properties, set...
###
###  - Set PortalAdminPwd and WasPassword
###  - Set PWordDelete=false
###
###  To generate encrypted password used below...
###
###     
./IBMIM -silent -noSplash encryptString mypassword  
### Stop WebSphere processes 
cd /opt/IBM/Portal
cd /opt/IBM/Portal/WAS1/wp_profile/bin
./stopServer.sh WebSphere_Portal -username wasadmin -password foo
cd /opt/IBM/Portal/WAS1/AppServer/bin
./stopNode.sh -username wasadmin -password foo
cd /opt/IBM/Portal/WebSphere/AppServer/bin
./stopManager.sh -username wasadmin -password foo
### Backup file system 
cd /opt/IBM/Portal
tar cvf WebSpherePostPortal.tar WebSphere
gzip WebSpherePostPortal.tar
tar cvf WAS1PostPortal.tar WAS1
gzip WAS1PostPortal.tar
### Backup Installation Manager 
tar cvf InstallationManagerPostPortal.tar /var/ibm/InstallationManager
gzip InstallationManagerPostPortal.tar
tar cvf IMSharedPostPortal.tar /usr/IBM/IMShared
gzip IMSharedPostPortal.tar
### Install FP
cd /opt/IBM/InstallationManager/eclipse/tools
./imcl install com.ibm.websphere.PORTAL.SERVER.v80  \
      -repositories /media/Portal8_FP1/repository.config  \
      -properties user.wp.portal.userid,,com.ibm.websphere.PORTAL.SERVER.v80=wasadmin,user.wp.portal.password,,com.ibm.websphere.PORTAL.SERVER.v80=zvgGAF0Fb/j9MaftrK1Uww==,user.wp.was.userid,,com.ibm.websphere.PORTAL.SERVER.v80=wasadmin   \
      -installationDirectory /opt/IBM/Portal/WAS1/PortalServer  \
      -acceptLicense   
### Start WebSphere processes 
cd /opt/IBM/Portal/WebSphere/AppServer/bin
./startManager.sh
cd /opt/IBM/Portal/WAS1/AppServer/bin
./startNode.sh
cd /opt/IBM/Portal/WAS1/wp_profile/bin
./startServer.sh WebSphere_Portal


Set up IHS SSL

  1. Create DB for keys

    mkdir /opt/IBM/IHS/keys
    cd /opt/IBM/IHS/keys
     /path/to/gsk7cmd -keydb \
       -create \
       -db myKeys.kdb \
       -pw password \
       -type cms \
       -expire 360 \
       -stash
    
    

    Create certificate and store in key database. /path/to/gsk7cmd -cert \ -create \ -db myKeys.kdb \ -pw password \ -size 1024 \ -dn "CN=hostname,O=MyCo,OU=IHS,ST=CO,C=US" \ -label IHS \ -default_cert yes \ -expire 360

  2. Edit httpd.conf and set...

    LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
     Listen 443
     <VirtualHost *:443>
         SSLEnable
         SSLProtocolDisable SSLv2
         </VirtualHost>
         48800le /opt/IBM/IHS/key/myKeys.kdb
     SSLDisable

  3. Restart IHS


Autologin

host:port/wps/guest/cxml/04_SD9ePMtCP1I800I_KydQvyHFUBADPmuQy?userid=wpadmin&password=foo