Search Tips   |   Advanced Search

Portal v8.0 Install example

  1. Set file limits
  2. Install IBM Installation Manager 1.7.3
  3. Configure portal to use Oracle
  4. Create profile template
  5. Configure dmgr
  6. Federate primary node
  7. Create static cluster
  8. Install IHS
  9. Configure web server plugin
  10. IHS administration
  11. Configure portal to use LDAP
  12. Set wasadmins permissions
  13. Set ibm-allGroups
  14. Web Content View preferences
  15. Configure theme
  16. Customize IHS config
  17. On web server hosts, create directory...
  18. Configure network domains
  19. Syndication
  20. Export and import WCM libs
  21. Set permissions for web content
  22. Export/Import pages
  23. WebDAV
  24. Restart and sync
  25. Web server authentication
  26. Script to install Portal FP1
  27. Set up IHS SSL
  28. Create profile on secondary node

Set file limits

  1. As user root, edit...


    ...and set...

      wasadmin soft nofile 200000
      wasadmin hard nofile 200000

Install IBM Installation Manager 1.7.3

  1. Edit the response file...

      sudo mkdir /opt/IBM
      sudo chown wasadmin.wasadmin /opt/IBM
      sudo su - wasadmin
      cd /opt/shared_disk/migration/IIM_1.7.3
      cp install.xml install.xml.orig
      vi install.xml

    ...and change...

      <offering features='agent_core,agent_jre' 


      <offering profile='IBM Installation Manager' 

  2. Add the following

    <profile kind='self' 
             id='IBM Installation Manager'>
        <data key='eclipseLocation' 

    Your install.xml should look like...

      <?xml version="1.0" encoding="UTF-8"?>
      <agent-input clean='true' temporary='true'>
              <repository location='.'/>
              <offering profile='IBM Installation Manager' 
          <profile kind='self' 
                   id='IBM Installation Manager'>
              <data key='eclipseLocation' 

  3. Install Installation Manager...

      $ ./userinstc -log /tmp/IIM_install.log -acceptLicense
      Installed com.ibm.cic.agent_1.7.3000.20140521_1925 to the /opt/IBM/InstallationManager/eclipse directory.

  4. Install WAS JDK 7.0.6 WP

    $ cd /opt/IBM/InstallationManager/eclipse/tools
    $ ./imcl -acceptLicense -input /opt/shared_disk/migration/ResponseFiles/WP8001WAS8553JDK706.rsp \
             -log /tmp/WP8001WAS8553JDK706.log \
             -silent \
    Installed com.ibm.websphere.ND.v85_8.5.5003.20140730_1249 to the /opt/IBM/WebSphere/AppServer directory.
    Installed com.ibm.websphere.IBMJAVA.v70_7.0.6001.20140324_2202 to the /opt/IBM/WebSphere/AppServer directory.
    Installed com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20130123_1736 to the /opt/IBM/WebSphere/PortalServer directory.

    IBM JDK 7.1 was shipped and can be used with version WAS v8.5. With version 8.5 of Digital Experience during install WebSphere Application Server 8.5.5.x and JDK 7.0.0.x are deployed as prerequisites for Digital Experience. Starting with WebSphere Application Server Java 7.1.0.x was provided with the Application Server fix pack. We have functionally tested 7.1.0.x and also performance tested it and saw a very slight improvement. v7.1.0.x can be installed via the Installation Manager. After installing the JDK the command managesdk can be leveraged to switch the JDK used with the Digital Experience profile to 7.1.

  5. Install WebSphere Portal Enable CF13

      $ cd /opt/IBM/InstallationManager/eclipse/tools
      $ ./imcl -acceptLicense \
               -input /opt/shared_disk/migration/ResponseFiles/WP8001CF13.rsp \
               -log /tmp/WP8001CF13.log \
               -silent \
      Updated to com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20140723_2237 in the /opt/IBM/WebSphere/PortalServer directory.

  6. Update Portal with CF14

    1. Edit...


      ...and set...




      ..and set...


    2. Edit...


      ...and remove the following 2 lines...


    3. Edit...


      ...and add...


    4. Install CF14

        $ cd /opt/IBM/WebSphere/profiles/wp_profile/bin
        $ ./stopServer.sh WebSphere_Portal -user wasadmin -password mypassword
        $ cd /opt/IBM/InstallationManager/eclipse/tools
        $ ./imcl -acceptLicense \
               -input /opt/shared_disk/migration/ResponseFiles/WP8001CF14.rsp  \
               -log /tmp/WP8001CF14_DMGR_PORTAL_PROFILE.log \
               -silent  \
        Updated to com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20140723_2237 in the /opt/IBM/WebSphere/PortalServer directory.
        WARNING: WP_UPDATE_SKIP_CONFIG is set to true.  
        After exiting Installation Manager, configure your profiles manually to complete the upgrade or rollback.

    5. Edit...


      ...and add the following 2 lines...


    6. Edit...


      ...and remove the following line...


    7. Install PTF

        cd /opt/IBM/WebSphere/profiles/wp_profile/ConfigEngine/
        ./ConfigEngine.sh CONFIG-WP-PTF-CF -DWasPassword=mypassword -DPortalAdminPwd=mypassword

Configure portal to use Oracle

  1. Back up system

  2. Log on to the primary node and stop portal...

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh -username wasadmin -password password

  3. Backup original properties files

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine/properties
      cp wkplc.properties wkplc.properties.orig
      cp wkplc_comp.properties wkplc_comp.properties.orig
      cp wkplc_dbdomain.properties wkplc_dbdomain.properties.orig
      cp wkplc_dbtype.properties wkplc_dbtype.properties.orig
      cp wkplc_sourceDb.properties wkplc_sourceDb.properties.orig

  4. Edit wkplc.properties and set...


  5. Edit wkplc_dbtype.properties and set


  6. Set properties in wkplc_dbdomain.properties.

    For example...


  7. Double-check settings for accuracy

      for i in `echo feedback.DbUrl likeminds.DbUrl release.DbUrl community.DbUrl customization.DbUrl jcr.DbUrl feedback.DbName likeminds.DbName release.DbName community.DbName customization.DbName jcr.DbName feedback.DbType likeminds.DbType release.DbType community.DbType customization.DbType jcr.DbType feedback.DataSourceName likeminds.DataSourceName release.DataSourceName community.DataSourceName customization.DataSourceName jcr.DataSourceName feedback.DbSchema likeminds.DbSchema release.DbSchema community.DbSchema customization.DbSchema jcr.DbSchema feedback.DbUser likeminds.DbUser release.DbUser community.DbUser customization.DbUser jcr.DbUser feedback.DbPassword likeminds.DbPassword release.DbPassword community.DbPassword customization.DbPassword jcr.DbPassword feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser`
          grep ^${i} wkplc_dbdomain.properties | grep -v Zos

  8. Verify there are no trailing spaces

      grep " $" wkplc_dbdomain.properties

  9. Validate database configuration properties...

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh validate-database -DWasPassword=mypassword

  10. Stop the WebSphere_Portal server:

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password mypassword

  11. Transfer the database:

    Do not execute the database-transfer task as a background process. This might cause the task to stall.

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh database-transfer -DWasPassword=mypassword

    When complete, we should get success message...

      Tue May 13 23:02:21 EDT 2014

    If task fails, review log output...


    ...verify the values are correct in wkplc.properties, wkplc_dbdomain.properties, and wkplc_dbtype.properties files, then repeat this step.

    If task fails with error...

      Oracle SQL Error: SQLCODE=-204, SQLSTATE=42704, SQLERRMC=ICMSFQ04


      ./ConfigEngine.sh setup-database

    ...then try the database-transfer task again.

  12. Start the WebSphere Portal server.

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./startServer.sh WebSphere_Portal

  13. If node is part of a cluster, and if icm.properties is not identical between nodes, copy icm.properties from primary node to each secondary node.

    1. Stop the portal server on the secondary nodes.

    2. From the primary node...

        cd /opt/IBM/WebSphere/profiles/profilename/PortalServer/jcr/lib/com/ibm/icm/
        scp icm.properties wasadmin@secondary_node:/opt/IBM/WebSphere/profiles/profilename/PortalServer/jcr/lib/com/ibm/icm/

    3. Start the portal server on the secondary nodes.

Create profile template

In this section, we will create a backup of the primary node's wp_profile. We will also enable the Portal profile templates within the WebSphere Application Server Profile Management tool. This will allow us to create new Portal profiles in the future.

  1. Start the WebSphere_Portal server...

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./startServer.sh WebSphere_Portal

  2. Log in to the WebSphere Portal server and go to...

      Administration | Search Administration | Manage Search | Search Collections

  3. Click the Delete icon (trash can) for each search collection listed here.

  4. Log out of WebSphere Portal

  5. Stop the WebSphere_Portal server

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal -user wasadmin -password mypassword

  6. Edit...


    ...and change...




  7. Save icm.properties.

  8. From primary node, run...

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh enable-profiles -DWasPassword=mypassword

    This script will create a backup of your wp_profile configuration named Portal.car and save it to the following directory:


  9. Package profile templates into a single zip file:

      ./ConfigEngine.sh package-profiles -DWasPassword=mypassword

    The following file is created...


Configure dmgr

Before executing, review WP v8 Cluster Guide

  1. From the primary Portal node, copy fileForDmgr to dmgr host...

      cd /opt/IBM/WebSphere/PortalServer/
      scp -r filesForDmgr mpareene@dmgr.myco.com:/tmp

  2. Important: Stop the dmgr server

      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password foo!

  3. From the dmgr host, extract filesForDmgr.zip and copy files into place...

      cd /tmp/filesForDmgr
      unzip filesForDmgr.zip
      mkdir /opt/IBM/WebSphere/AppServer/bin/ProfileManagement/plugins
      cp -r bin/ProfileManagement/plugins/com.ibm.wp.dmgr.pmt_7.0.5 /opt/IBM/WebSphere/AppServer/bin/ProfileManagement/plugins
      cp lib/wkplc.comp.registry.jar /opt/IBM/WebSphere/AppServer/lib
      cp lib/wp.wire.jar /opt/IBM/WebSphere/AppServer/lib
      cp plugins/com.ibm.patch.was.plugin.jar /opt/IBM/WebSphere/AppServer/plugins
      cp plugins/com.ibm.wp.was.plugin.jar /opt/IBM/WebSphere/AppServer/plugins
      cp -r profileTemplates/management.portal.augment /opt/IBM/WebSphere/AppServer/profileTemplates
      cp profiles/Dmgr01/config/.repository/metadata_wkplc.xml /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/.repository

  4. On dmgr host, augment dmgr profile.

      cd /opt/IBM/WebSphere/AppServer/bin
      ./manageprofiles.sh -augment \
            -templatePath /opt/IBM/WebSphere/AppServer/profileTemplates/management.portal.augment \
            -profileName Dmgr01

    Augmenting the dmgr profile...

    • Increases the HTTP connection timeouts for the DMGR server
    • Increases the SOAP connector timeout for JMX in the DMGR server
    • Increases the JVM Maximum Heap size for the DMGR server
    • Enables Application Security
    • Creates a 'wasadmins' group in the default file repository
    • Adds your administrative user to the 'wasadmins' group.
    • Increases the soap timeout in soap.client.props.

  5. Start Dmgr

      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin

  6. Open dmgr console in browser. For example


  7. To help prevent user ID conflicts when we add the federated LDAP later, go to...

      Security | Global Security | User Account Repository | Available realm definitions | Configure

    ..and in the 'Primary administrative user name' field, change value to the fully distinguished name of the user...


  8. Click Apply, enter passwords in the next panel, then click OK and Save.

  9. Restart the deployment manager for the changes to take effect.

Federate primary node

  1. Ensure the time on the primary node is within 5 minutes of the time on the DMGR. Failure to do so will cause the addNode process to fail.

  2. Start the DMGR

      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin

  3. Stop WebSphere_Portal on the primary node...

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal -user wasadmin -password mypassword

  4. Add the Portal node.

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./addNode.sh dmgr.myco.com 8879 -username wasadmin -password mypass -includeapps

    To get SOAP port, from dmgr console...

      System Administration | Deployment Manager | Ports

    If the addNode script fails for any reason, complete the following steps before running again:

    1. Remove the node from the DMGR cell in case AddNode successfully completed that step before failing.

    2. Login to the DMGR and do the following (these may not exist, depending on where the failure occurred):

      1. Remove all Enterprise applications
      2. Remove the WebSphere_Portal server definition
      3. Remove the JDBC Provider information for WebSphere_Portal

  5. Restart the deployment manager

      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -user wasadmin -password mypassword

At this point, the WebSphere Portal server has been federated to the Deployment Manager. It is not yet in a cluster. It has also inherited the Deployment Manager's security configuration. Running Portal in a federated-only environment is not officially supported by IBM, so next we must build a cluster.

Create static cluster

  1. Log on to primary node and stop the WebSphere_Portal server

  2. Verify dmgr and node agent are running

      ./serverStatus.sh dmgr -user wasadmin -password mypassword
      ./serverStatus.sh nodeagent -user wasadmin -password mypassword

  3. Set environment-specific values in...


  4. Verify database user IDs and passwords are set in...


  5. Update the deployment manager configuration for the new WebSphere Portal server

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh cluster-node-config-post-federation -DWasPassword=mypassword

  6. Create the cluster definition and add the WebSphere_Portal server as a cluster member

      ./ConfigEngine.sh cluster-node-config-cluster-setup -DWasPassword=mypassword

  7. Open dmgr and verify cluster...

  8. Verify ports for new cluster member...

      Servers | Server Types | WebSphere Application Servers | new_cluster_member | Ports

    Note value WC_defaulthost which should be 10039.

  9. Make tarball backup

Install IHS

  1. Log on web server host(s)

    For example...

    • brandbweb1
    • brandbweb2

  2. Install Installation Manager

      cd /media/installmgr
      ./installc -acceptLicense
      cd /opt/IBM/InstallationManager/eclipse

  3. Add IHS to repository

    1. Start Installation Manager in console mode...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

    2. Select...

        P. Preferences | 1. Repositories | D. Add Repository

    3. For repository location...


    4. Save changes and exit...

        A. Apply changes | R. Return to main menu | X. Exit Installation Manager

    5. Confirm repository is available...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config

  4. Install IHS
    ./imcl install com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044 \
          -repositories  /media/WAS855_supp/repository.config \
          -installationDirectory /opt/IBM/WebSphere/IHS \
          -sharedResourcesDirectory /opt/IBM/WebSphere/IMShared \
          -log /tmp/imcl.log  \
          -acceptLicense \
          -properties user.ihs.httpPort=7001

  5. Edit...


    ...and set...

      Listen 8008
      User wasadmin
      Group staff
      ServerName myserver:8008

  6. Edit...


    ...and for TST, PRD, and PRDHA, set...

      Listen 7001
      ServerName myserver

    For DEV, set....

      Listen 80
      ServerName myserver

    For all envs except DEV, we start IHS (apachectl start), as user wasadmin. For DEV, we start IHS as user root, even though User in httpd.conf is wasadmin

  7. Verify IHS version info


  8. Install plugins
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044 \
           -repositories  /media/WAS855_supp/repository.config \
           -installationDirectory /opt/IBM/WebSphere/Plugins \
           -sharedResourcesDirectory /opt/IBM/WebSphere/IMShared \
           -log /tmp/imcl.log  \

    To uninstall...

      imcl uninstallAll -installationDirectory /opt/IBM/WebSphere/IHS/Plugins

  9. Verify plugins version info


  10. Update both IHS and Plugin to v8.5.5.1

    1. Add the following to the Installation Manager repository


    2. Unselect...

        S. [ ] Search service repositories during installation and updates

    3. Start GUI Installation Manager

        cd /opt/IBM/InstallationManager/eclipse/

    4. Select Update, select IBM HTTP Server v8.5, then execute upgrade.

    5. Do the same for Web Server Plug-ins for IBM WebSphere Application Server v8.5

  11. Start web and admin servers

      /opt/IBM/WebSphere/IHS/bin/apachectl start
      /opt/IBM/WebSphere/IHS/bin/adminctl start
      ps -ef | grep http

    We should see...

        root  9633990        1   0 09:14:09      -  0:00 /opt/IBM/WebSphere/IHS/bin/httpd -f /opt/IBM/WebSphere/IHS/conf/admin.conf
      nobody 10420432 17563778   0 09:12:37      -  0:00 /opt/IBM/WebSphere/IHS/bin/httpd -d /opt/IBM/WebSphere/IHS -k start
    wasadmin 13697222  9633990   0 09:14:09      -  0:00 /opt/IBM/WebSphere/IHS/bin/httpd -f /opt/IBM/WebSphere/IHS/conf/admin.conf
        root 14876862  9633990   0 09:14:09      -  0:00 /opt/IBM/WebSphere/IHS/bin/httpd -f /opt/IBM/WebSphere/IHS/conf/admin.conf
        root 17563778        1   0 09:12:36      -  0:00 /opt/IBM/WebSphere/IHS/bin/httpd -d /opt/IBM/WebSphere/IHS -k start
      nobody 19398842 17563778   0 09:12:37      -  0:00 /opt/IBM/WebSphere/IHS/bin/httpd -d /opt/IBM/WebSphere/IHS -k start
      nobody 21430478 17563778   0 09:12:37      -  0:00 /opt/IBM/WebSphere/IHS/bin/httpd -d /opt/IBM/WebSphere/IHS -k start

Configure web server plugin

  1. Get version ID of WebSphere Customization Toolbox (WCT)

      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config

  2. Install WCT
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044 \
          -repositories  /media/WAS855_supp/repository.config \
          -installationDirectory /opt/IBM/WebSphere/Toolbox \
          -sharedResourcesDirectory /opt/IBM/WebSphere/IMShared \
          -log /tmp/imcl.log  \

  3. Start web server and admin server

      cd /opt/IBM/WebSphere/IHS/bin
      ./apachectl start
      ./adminctl start

  4. Run the WCT GUI...

      cd /opt/IBM/WebSphere/Toolbox/WCT

  5. Select and launch "Web Server Plug-ins Configuration Tool"

  6. Select "Add" to add a web server plug-ins location

  7. Add plug-in

      Name: Plugin01
      Location: /opt/IBM/WebSphere/Plugins

    Increment number based on node. For node2, name is Plugin02

  8. In the Web Server Plug-in Configurations panel, select "Create"

  9. Select IBM HTTP Server v8.5

  10. Select 64 bit architecture

  11. Specify httpd.conf location and port 7001.

  12. Set port, user ID, and password for IBM HTTP Server Administration

    Be sure to scroll down if you do not see password confirmation field.

  13. On the admistrator name and group panel, enter wasadmin and system.

  14. Enter a Web Server Definition name, for example, web1...

  15. Choose either local or remote install. If remote to a cluster, use host name of the dmgr.

    For remote install, use name of dmgr host, such as tdmgr.myco.com

  16. Review summary info then click Configure.

  17. We should get a success message

  18. Edit httpd.conf, and verify existence of plugin-in directives...

      LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
      WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver2/plugin-cfg.xml

  19. Copy web server definition script to target dmgr

      scp /opt/IBM/WebSphere/Plugins/bin/configureweb1.sh wasadmin@dmgr.myco.com:/tmp

  20. Log on to dmgr host and create web server definition...

      cd /opt/IBM/WebSphere/WebSphere/AppServer/profiles/Dmgr01/bin
      cp /tmp/configureweb1.sh .
      ./configureweb1.sh -user wasadmin -password mypassword

    Typical output...

    root@dmgr /opt/IBM/WebSphere/WebSphere/AppServer/profiles/Dmgr01/bin ->./configureweb1.sh -user wasadmin -password Wps
    Input parameters:
       Web server name             - web1
       Web server type             - IHS
       Web server install location - /opt/IBM/WebSphere/IHS
       Web server config location  - /opt/IBM/WebSphere/IHS/conf/httpd.conf
       Web server port             - 7001
       Map Applications            - MAP_ALL
       Plugin install location     - /opt/IBM/WebSphere/Plugins
       Web server node type        - unmanaged
       Web server node name        - brandbweb1.myco.com-node
       Web server host name        - brandbweb1.myco.com
       Web server operating system - aix
       IHS Admin port              - 8008
       IHS Admin user ID           - wasadmin
       IHS Admin password          - foo
       IHS service name            - ""

  21. Log on to dmgr console and verify web server definition was created.

  22. Synchronize nodes

  23. From dmgr console, generate plugin-cfg.xml files.

  24. Copy new plugin-cfg.xml files to respective web server hosts

      scp $DMGR/config/cells/MyCell/nodes/brandbweb1.myco.com-node/servers/web1/plugin-cfg.xml wasadmin@brandbweb1:/opt/IBM/WebSphere/Plugins/config/web1

  25. Restart IHS

      cd /opt/IBM/WebSphere/IHS/bin
      ./apachectl restart

  26. Verify the following host aliases are defined

      Virtual Hosts | default_host | Host Aliases

      Host Name Port
      * 9080
      * 80
      * 9443
      * 5060
      * 5061
      * 443
      * 10000
      * 10002
      * 10032
      * 10039
      * 10029
      * 6005

Optional: Set up IHS administration

  1. On each remote web server, run setupadm...

      sudo su - wasadmin
      cd /opt/IBM/WebSphere/IHS/bin
      ./setupadm -usr wasadmin \
                 -grp system \
                 -cfg /opt/IBM/WebSphere/IHS/conf/httpd.conf \
                 -adm /opt/IBM/WebSphere/IHS/conf/admin.conf \
                 -plg /opt/IBM/WebSphere/Plugins/config/web1/plugin-cfg.xml

    This gives the administration server read and write access to web server configuration data. Change webserver1 to the web server name


      ./adminctl restart
      ./apachectl restart

  2. Run htpasswd.

    The administration server is installed with authentication enabled and a blank admin.passwd password file . The administration server will not accept a connection without a valid user ID and password. This is done to protect the IHS configuration file from unauthorized access.

      ./htpasswd -cm /opt/IBM/WebSphere/IHS/conf/admin.passwd wasadmin

  3. Restart IHS.

  4. To test, log on to dmgr, then regenerate and propagate plugin for the web server.

    Propagation should be automatic at this point.

Configure portal to use LDAP

In this procedure we change the default user registry from file-based to LDAP.




WAS and portal administrative users are changed from...




These tasks only need to be run on the primary node.

  1. Create tarball of portal and dmgr filesystems

  2. Add the wpsadmin user as an administrative user on WAS.

    From dmgr console, go select...

    On the Manage Users panel, create wpsadmin user. Click the Group Membership button and assign Administration user role to wpsadmins

  3. Enable distinguished name logins.

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=mypassword

    This allows us to logon with the fully distinguished name...


    We enable fully distinguished name logins because the short name of our administrator, wasadmin, is in both the file and LDAP registries, and a short name search would not resolve correctly.

  4. Optional. If file registry password for wasadmin or wpsadmin is different than LDAP pass, change passwords in file based registry to match LDAP versions

  5. Log on to primary node and copy the parent properties into place...

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine/properties
      cp /opt/IBM/WebSphere/profiles/profilename/ConfigEngine/config/helpers/wp_add_federated_ids.properties .

  6. Edit wp_add_federated_ids.properties file and set properties.

    Here are settings for PRDHA...


    IBM Tivoli Directory Server supports the optional membership attribute...

    ...that offers a significant performance enhancement.

  7. Validate the properties:
    cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
    ./ConfigEngine.sh validate-federated-ldap  \
        -DparentProperties=/opt/IBM/WebSphere/profiles/profilename/ConfigEngine/properties/wp_add_federated_ids.properties  \
        -DSaveParentProperties=true  \

    Running with -DSaveParentProperties=true adds the new wp_add_federated_ids.properties to wkplc.properties.

  8. Add the federated LDAP to the cluster security configuration:

      ./ConfigEngine.sh wp-create-ldap -DWasPassword=mypassword

    The wp-create-ldap tasks adds the LDAP to the WAS security configuration. It does not remove the out-of-the-box file user registry. Both are in use.

    In the future, when we update LDAP properties, we run...

      ./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=mypassword

  9. Enable distinguished logins again (for luck)

      ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=mypassword

  10. Restart the dmgr, nodeagent, and WebSphere_Portal servers.

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password mypassword
      ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password mypassword

      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password mypassword
      sleep 5

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./startServer.sh WebSphere_Portal

  11. After restart, verify credentials are correct by logging on to WAS console and Portal.

    We will be unable to login to Portal using the short name. This will only be temporary and will be corrected at the end of these steps. To log on to console, use fully qualified id:


    If you go to the security configuration, we should see our new LDAP listed...

    Here is what the MyCo_LDAP1 repository identifier should look like...

    If logon fails, to revert...

    1. Turn off security...

        cd /opt/IBM/WebSphere/WebSphere/AppServer/profiles/Dmgr01/bin
        ./wsadmin.sh -conntype NONE
        WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
        WASX7029I: For help, enter: "$Help help"
        LOCAL OS security is off now but we need to restart server1 to make it affected.
        wsadmin>$AdminConfig save

      Another way to disable security is to edit...


      ...and for element...


      ...set attribute...


    2. Get the dmgr PID...

        ps -ef | grep dmgr

      ...and kill the dmgr process...

        kill PID

      Give it a minutes to finish. If regular kill does not work, run the sure kill...

        kill -9 PID

    3. Log on to the portal nodes, get the nodeagent and WebSphere_Portal processes...

        ps -ef | grep WebSphere_Portal
        ps -ef | grep nodeagent

      ...then kill those...

        kill PID

    4. Synchronize nodes...

        ./syncNode.sh tdmgr.myco.com 9879 -user wasadmin -password mypassword

      ...then restart

    5. Run startManager.sh

    6. Log on to dmgr console and go to...

        Security | Global security | Federated repositories | Manage repositories

      We can either try to fix the problem, or we can remove the LDAP realm using the "Remove" button.

    7. After clicking Remove, also delete LDAP repositories in...

        Global security > Federated repositories > Manage repositories

    8. From Global Security | Federated repositories, set...

        Allow operations if some of the repositories are down

      If you still get message saying LDAP exists, we can also remove bad LDAP realm by editing wkplc.properties and setting...


      ...then run...

        ./ConfigEngine.sh wp-delete-repository -DWasPassword=mypassword

    9. Restart portal processes

    10. Enable security. Edit...


      ...and for element...


      ...set attribute...


      Also change

        <security:Security ... appEnabled="false"


        <security:Security ... appEnabled="true" ...

    11. Restart portal processes

  12. Verify all defined attributes are available in your newly added ldap:

      ./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=foo!

  13. Reassign the WAS Administrator ID from the file registry to a user in the LDAP:
    ./ConfigEngine.sh wp-change-was-admin-user \
        -DWasPassword=mypassword \
        -DnewAdminId=uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com \

    For newAdminPw, use the password assigned to this user in the LDAP.

  14. Restart the dmgr, nodeagent and WebSphere_Portal servers...

      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password mypassword
      ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password mypassword

      ### On Dmgr
      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password mypassword
      sleep 5

      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./startServer.sh WebSphere_Portal

    Because we ran wp-modify-realm-enable-dn-login earlier, we use the fully distinguished name of the original file registry WAS admin user. The new LDAP-based WAS admin user will take effect after the servers have been restarted.

  15. Log on to Dmgr console and verify new credentials are working...

      User ID: uid=wasadmin,cn=users,ou=admins,dc=MyCo,dc=com
      Password: mypassword

  16. In wkplc.properties, if value for WasPassword= was removed, re-add using our new password.

  17. Reassign the WebSphere Portal Administrator ID and Group ID to a user and group within the LDAP:
    ./ConfigEngine.sh wp-change-portal-admin-user \
        -DWasPassword=mypassword \
        -DnewAdminId=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com \
        -DnewAdminPw=mypassword \

    For newAdminPw, use the password assigned to this user in the LDAP.

    This task updates PortalAdminId in wkplc.properties to reflect the ID value specified for 'newAdminId' and the PortalAdminGroupId value will be automatically updated to reflect the 'newAdminGroupId'.

  18. Review wkplc.properties and verify that PortalAdminPwd is set to foo

  19. Restart the Deployment Manager, nodeagent, and WebSphere_Portal server on the primary node

      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal  \
        -username uid=wasadmin,cn=users,ou=admins,dc=MyCo,dc=com  \
        -password mypassword
      ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=MyCo,dc=com  -password mypassword
      ### On Dmgr
      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=MyCo,dc=com  \
         -password mypassword
      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./startServer.sh WebSphere_Portal

  20. List the current user repositories:

      ./ConfigEngine.sh wp-query-repository -DWasPassword=mypassword

    For example...

      Existing Federated Repositories
      Repository Name : {BasicInformation} : {Details}
      MyCo_LDAP1 : 
            loginProperties=[uid, mail],

  21. Set entity types.

    Edit wkplc.properties and set...


    ...then run...

      ./ConfigEngine.sh wp-set-entitytypes -DWasPassword=mypassword

  22. Remove the default file user registry.

    Option for lower-level envs. Required for production environments.

    In wkplc.properties set...


    ...then run...

      ./ConfigEngine.sh wp-delete-repository -DWasPassword=mypassword

  23. Disable fully distinguished name logins and re-enable short name logins...

      ./ConfigEngine.sh wp-modify-realm-disable-dn-login -DWasPassword=mypassword

  24. Stop the dmgr, nodeagent, and WebSphere_Portal...

      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal  \
        -username uid=wasadmin,cn=users,ou=admins,dc=MyCo,dc=com  \
        -password mypassword
      ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=MyCo,dc=com  \
                    -password mypassword
      ### On Dmgr
      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=MyCo,dc=com  \
         -password mypassword
      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./startServer.sh WebSphere_Portal

  25. Verify we can log on to dmgr and portal using...

    • Login: wasadmin
    • Password: mypassword

  26. Stop processes and make tarball backup

      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal  \
        -username wasadmin \
        -password mypassword
      ./stopNode.sh -username wasadmin -password mypassword
      ### On Dmgr
      cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username wasadmin \
         -password mypassword
      ### On Portal primary node
      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./startServer.sh WebSphere_Portal

  27. Optional. Change poolTimeOut from 0 to 180 in...


At this point, we have completed building a single node cluster using a remote database and federated LDAP server.

If we see blank entries, or have users who can no longer view resources to which they previously had access, you may need to...

  1. On secondary nodes, update wkplc.properties with latest values

  2. Run update-jcr-admin on secondary nodes.

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh update-jcr-admin

See Fix Portal Access Control settings if user/group external identifiers have changed.

Set wasadmins permissions

  1. Log into the ISC and go to Users and Groups
  2. Pick Administrative group Role
  3. Add a group and search for wasadmins
  4. Select all the roles
  5. And then save.

Set ibm-allGroups

If you did not set up ibm-allGroups membership attribute when configuring LDAP, we can do it after the fact by logging on to the console and going to...

    Global security > Federated repositories > MyCo_LDAP1 > Group attribute definition

Verify that...

    Global security > Federated repositories > MyCo_LDAP1 > Group attribute definition > Member attributes

...has uniqueMember set...

Enable SSL for LDAP

  1. Add LDAP signer certificate to the WAS installation

    1. Select...

        Security | SSL certificate and key management | SSL configurations | CellDefaultSSLSettings | Key stores and certificates | CellDefaultTrustStore | Signer certificates | Retrieve from port

    2. Set LDAP host name, SSL port (default 636), and alias of your choice

    3. Click "Retrieve signer information".

      This should pull the certificate directly from the LDAP server.

    4. Save the changes to the master configuration.

      We should now see your LDAP signer certificate stored in the trust store for the default SSL configuration...

    5. Restart dmgr

    6. On primary node, perform syncNode...

        ./syncNode.sh dmgr.myco.com 9879  \
                      -user wasadmin \
                      -password mypassword

    7. Restart WebSphere_Portal and node agent

  2. Update wkplc.properties and add...


  3. Update federated repository

      ./ConfigEngine.sh wp-update-ldap -DWasPassword=mypassword

Web Content View preferences

Define portlet preferences defined in the WCM Viewer portlet.

  1. Go to...

      Administration | Portlet Management | Portlets

  2. Search for "web content viewer" and then click the Configure portlet icon

  3. The Configure portlet panel appears...

  4. Set the following preferences...

    meta.tag.content.element.6 meta.og.description
    meta.tag.content.element.9 meta.og.image
    meta.tag.content.text.2 BrandA Wireless
    meta.tag.content.text.3 INDEX,FOLLOW
    meta.tag.content.text.7 BrandA Wireless
    meta.tag.name.0 title
    meta.tag.name.1 description
    meta.tag.name.2 author
    meta.tag.name.3 robots
    meta.tag.name.4 keywords
    meta.tag.name.5 og:title
    meta.tag.name.6 og:description
    meta.tag.name.7 og:site_name
    meta.tag.name.9 og:image

Restart WebSphere processes after setting these values.

Configure theme

  1. Install theme war.

    We can also export theme as EAR, and then install EAR in new environment.

    1. From dmgr console, select New Enterprise Application, then select...


    2. On panel "Select installation options", set name to TF_B_ModularTheme

    3. On panel "Map modules to servers", select both cluster and web server

    4. On panel "JSP reloading options for Web modules", keep defaults.

    5. On panel "Map shared libraries", keep defaults.

    6. On panel "Map shared library relationships", keep defaults.

    7. On panel "Map virtual hosts for Web modules", keep defaults.

    8. On panel "Map context roots for Web modules", set...


    9. On panel "Map JASPI provider", keep defaults.

    10. On panel "Display module build Ids", keep defaults.

    11. Review summary info, then select "Finish"...

    12. Synchronize nodes...

  2. Import theme data to WebDAV folders

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh webdav-deploy-zip-file \
          -DTargetURI=dav:fs-type1/themes/SIMPLEMobileTheme/ \
          -DZipFilePath=/tmp/deployment/original_deployment/themes/BModularTheme-bin.zip \

  3. Register theme

    1. Export theme xml from source Portal...

        cd /opt/IBM/WebSphere/PortalServer/bin
        ./xmlaccess.sh -in /tmp/deployment/themes ExportThemesAndSkins.xml  \
         -user wasadmin  \
         -password foo! \
         -url http://dpipsmwps1.myco.com:10039/wps/config \
         -out /tmp/deployment/original_deployment/themes/theme_output.xml

    2. Copy output file to:


    3. Edit output file and remove references to unwanted skins and themes.

    4. Change...




    5. Import theme to target Portal v8 dmgr

        cd /opt/IBM/WebSphere/PortalServer/bin
         ./xmlaccess.sh -in /tmp/deployment/original_deployment/themes/theme_output.xml  \
          -user wasadmin  \
          -password mypassword \
          -url http://brandbwps1.myco.com:10039/wps/config \
          -out /tmp/deployment/original_deployment/themes/import_theme_log.xml

  4. From dmgr console, go to...

      Enterprise Applications | TF_B_ModularTheme | Class loading and update detection

    ...and verify Class loader order is set to...

      Classes loaded with parent class loader first

    From the console, go to the Enterprise Applications panel and if TF_B_ModularTheme is not started, select...

    ...then click Start...

  5. Go to the Portal administration page and select...

      WebSphere Portal > Portal User Interface > Themes and Skins > B | Edit theme
    Change the default skin from the noSkin to Portal 8.0 noSkin.

  6. Fix hard-coded reference to 7002theme

  7. Restart portal appserver

Customize IHS config

  1. Generate plugin-cfg.xml files

    1. From WebSphere Console, go to the web servers and generate the latest and greatest plugin files.

    2. Copy new plugin-cfg.xml files to the web server hosts. For example, from dmgr host, run...

        cp /opt/IBM/WebSphere/WebSphere/AppServer/profiles/Dmgr01/config/cells/MyCell/nodes/brandbweb1.myco.com-node/servers/webserver1/plugin-cfg.xml /tmp/plugin-cfg1.xml
        cp /opt/IBM/WebSphere/WebSphere/AppServer/profiles/Dmgr01/config/cells/MyCell/nodes/brandbweb2.myco.com-node/servers/webserver2/plugin-cfg.xml /tmp/plugin-cfg2.xml
        chmod 666 /tmp/plugin-cfg1.xml
        chmod 666 /tmp/plugin-cfg2.xml

    3. On your client PC, run...

        scp mpareene@dmgr.myco.com:/tmp/plugin-cfg1.xml plugin-cfg1.xml
        scp mpareene@dmgr.myco.com:/tmp/plugin-cfg2.xml plugin2-cfg.xml

    4. mkdir /opt/IBM/WebSphere/IHS/logs/brandb

    5. Copy files up to web servers

        scp plugin-cfg1.xml mpareene@brandbweb1.myco.com:/tmp/plugin-cfg.xml
        scp plugin-cfg2.xml mpareene@brandbweb2.myco.com:/tmp/plugin-cfg.xml

      From webserver1 host...

        chmod 666 /tmp/plugin-cfg.xml
        cd /opt/IBM/WebSphere/Plugins/config/webserver1
        cp /tmp/plugin-cfg.xml .

      From webserver2 host...

        chmod 666 /tmp/plugin-cfg.xml
        cd /opt/IBM/WebSphere/Plugins/config/webserver2
        cp /tmp/plugin-cfg.xml .

  2. On web server hosts, modify httpd.conf to include MyCo directives.

  3. On web server hosts, create directory...


    ...and drop in copies of MyCo IHS config files modified to reflect our environment. Use these as reference...

Configure network domains

For each site we need to...

  1. Provision VIP.

  2. Configure DNS with fully-qualified domain names.

  3. Configure correct routing for each request

      User --> Load Balancer --> DataPower --> IHS web server --> portal

  4. Set CBO endpoint. For example, change...







To set up a syndication relationship...

  1. Ensure both the subscriber and syndicator are running, and they can connect other the network. For example...

      telnet auth.myco.com 10039

  2. On the subscriber server, create a shared credential vault slot by going to...

    ...and setting ID and password to be a working ID and password for accessing the syndicator portal.

  3. From subscriber, set URL of syndicator...

      Administration | Portal Content | Subscribers | Subscribe Now

    For example...


  4. Enter a value for the syndicator name.

    This value is used for the syndicator item created on the syndicator server. Enter a name that identifies the syndication relationship. Name must be unique, and cannot be the same as an existing syndicator name.

  5. Enter a value for the subscriber item.

    This value is used for the subscriber item created on the subscriber server.

  6. Select the credential vault slot created earlier, then click Next

  7. Select the libraries to subscribe to...

    For BrandA, select...

    • BrandA Design
    • BrandA EN
    • BrandA ES
    • ImageRendering
    • MyProducts
    • MultiLingual

  8. Click Finish.

  9. To begin syndication, click either Update Subscriber or Rebuild Subscriber button.

During the syndication we will see a Status of Active along with Last Update

Do not stop the Portal server while the syndication is running. Wait for Complete status. Clicking on Last Update will show you a report indicating progress. Unfortunately, during initial syndication, update status in the report will not change from ICE-INITIAL, so the report is kind of useless.

A better option is to monitor Portal JVM log...

    tail -f /opt/IBM/WebSphere/profiles/profilename/logs/WebSphere_Portal

To add additional WCM libraries after creating the syndication relationship, go to the syndication portal and click the Edit icon...

Export/Import WCM libs

With this step we export the contents of a web content library in source portal, and import this library into target web content server. This procedure is only suitable for populating new items. For ongoing updates, deletes and moves, set up syndication.

To use portal multilingual features, execute multilingual deploy tasks BEFORE importing WCM libs. Do NOT copy over any multilingual-related libraries. Run the mls deploy tasks first.

  1. From source portal server, as user wasadmin, export all WCM libraries...

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh export-wcm-data \
          -Dexport.allLibraries=true  \
          -DWasPassword=mypassword \

    To specify a virtual portal: -DVirtualPortalHostName

  2. Tail logs during export...

      tail -f /opt/IBM/WebSphere/profiles/profilename/logs/WebSphere_Portal/SystemOut.log

  3. On target host, as user wasadmin, create import directory...

      mkdir /opt/IBM/WebSphere/profiles/profilename/PortalServer/wcm/ilwwcm/system/import

  4. Copy output file to target portal server

      cd /opt/IBM/WebSphere/profiles/profilename/PortalServer/wcm/ilwwcm/system/export
      scp -r dirname wasadmin@remotehost:/opt/IBM/WebSphere/profiles/profilename/PortalServer/wcm/ilwwcm/system/import

  5. Increase total transaction lifetime timeout and maximum transaction timeout to 360 seconds in...

      Servers | Server Types | WebSphere application servers | portal_server | Container Services | Transaction Service

  6. Log on to target portal server and import WCM libraries...

      cd /opt/IBM/WebSphere/profiles/profilename/ConfigEngine
      ./ConfigEngine.sh import-wcm-data -DWasPassword=mypassword -DPortalAdminPwd=mypassword

Set permissions for web content

  1. Log on to the portal and go to...

      Administration | Portal Content | Web Content Libraries | Set Access on Root

  2. Edit the User role

  3. Add members "All Authenticated Portal Users" and "Anonymous Portal User" to User role.

Export and import pages

For this step we export pages from source portal A, and then import those pages to target portal B. For the export to work, enable support for JavaScript and disable pop-up blocking in the browser settings. I have had success using out-of-the box Firefox as the browser.

  1. Backup target portal

  2. Log on to source virtual portal administration page as user wasadmin. For example...

  3. Click the "Administration" link on the bottom left of the page.

  4. Go to...

      Administration | Manage Pages | Content Root

    ...and click the Export button for the Welcome to B page...

    Output is written by default to pageExport.xml.

  5. If we are migrating v7 pages to a v8 portal...

    1. Review pageExportBPRD.xml, and verify object IDs for noskin and theme match those in the theme import file.

    2. Review the B_* portlets in pageExport.xml and compare their object IDs to those found in...

        Portal | Administration | Portal Settings | Custom Unique Names | Portlets

    3. Edit pageExportBPRD.xml

      1. Remove references to the following skins and themes

          <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S4" uniquename="ibm.portal.skin.IBM"/>
          <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S2" uniquename="wps.skin.thinSkin"/>
          <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S6" uniquename="wps.skin.noSkin"/>
          <skin action="locate" domain="rel" objectid="ZK_B8LUIVAH2REB10IL4GGE622OE6"/>
          <theme action="locate" domain="rel" objectid="ZJ_D0JM3QAH2B7H30IJRMH0GP3007" uniquename="com.MyCo.portal.B_BlankTheme"/>

      2. Change references to cloned Web Content Viewers...

          Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O4
          Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O6

        ...to original Web Content Viewer...

          portlet Z3_CGAH47L00OJ790IAH1AFAN1G56 name=Web Content Viewer (JSR 286)

      3. Remove the following undefined skin component

          <component action="update" 

  6. From target virtual portal, go to...

      Administration | Import XML

    ...and select the virtual portal export file created earlier, pageExportBPRD.xml.


Appendix Foo - WebDAV

Make WebDAV connection to target portal environment. Best client is "AnyClient".

Appendix Foo - Restart WebSphere_Portal, nodeagent, and sync

DEV and SIT restart...

    cd /opt/IBM/WebSphere/profiles/profilename/bin
    ./stopServer.sh WebSphere_Portal -username wasadmin -password mypassword
    ./stopNode.sh -username wasadmin -password mypassword
    cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
    ./stopManager.sh -username wasadmin -password mypassword
    cd /opt/IBM/WebSphere/profiles/profilename/bin
    ./startServer.sh WebSphere_Portal

TST restart

  1. On primary node

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password foo!
      ./stopNode.sh -username wasadmin -password foo!

  2. On secondary node

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password foo!
      ./stopNode.sh -username wasadmin -password foo!

  3. On Dmgr

      cd /opt/IBM/WebSphere/WebSphere/AppServer/bin
      ./stopManager.sh -username wasadmin -password foo!

  4. On primary node

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./syncNode.sh tdmgr.myco.com 9879 -user wasadmin -password foo!
      ./startServer.sh WebSphere_Portal

  5. On secondary node

      cd /opt/IBM/WebSphere/profiles/profilename/bin
      ./syncNode.sh tdmgr.myco.com 9879 -user wasadmin -password foo!
      ./startServer.sh WebSphere_Portal

Appendix Foo - Web server authentication

This is not part of portal install. This is to add a documentation site to web server, and to add authentication to the site.

  1. Log on to server hosting IHS, and sudo to root

  2. Edit...

    ..and add stanza...

      <Directory /opt/IBM/WebSphere/IHS/htdocs/install>
          AuthType Basic
          AuthName "Portal v8 install documentation"
          AuthUserFile "/opt/IBM/WebSphere/IHS/htdocs/install/auth"
          Require valid-user
          Order allow,deny
          Allow from all

  3. Create password file and add wasadmin user

      cd /opt/IBM/WebSphere/IHS/htdocs/install
      ../../bin/htpasswd -c /opt/IBM/WebSphere/IHS/htdocs/install/auth wasadmin

    To add user to existing password file...

      ../../bin/htpasswd /opt/IBM/WebSphere/IHS/htdocs/install/auth username

  4. Make password file readable by httpd daemon

      chmod 666 /opt/IBM/WebSphere/IHS/htdocs/install/auth

  5. Restart web server...

      /opt/IBM/WebSphere/IHS/bin/apachectl restart

Appendix Foo - Script to install Portal FP1

    ### installFP1.sh
    ### Update Portal v8 with FP1. Before running, in wkplc.properties, set...
    ### - Set PortalAdminPwd and WasPassword
    ### - Set PWordDelete=false
    ### To generate encrypted password used below...
    ### ./IBMIM -silent -noSplash encryptString mypassword

    ### Stop WebSphere processes
    cd /opt/IBM/WebSphere
    cd /opt/IBM/WebSphere/profiles/profilename/bin
    ./stopServer.sh WebSphere_Portal -username wasadmin -password foo!
    cd /opt/IBM/WebSphere/AppServer/bin
    ./stopNode.sh -username wasadmin -password foo!
    cd /opt/IBM/WebSphere/AppServer/bin
    ./stopManager.sh -username wasadmin -password foo!

    ### Backup file system
    cd /opt/IBM/WebSphere
    tar cvf WebSpherePostPortal.tar WebSphere
    gzip WebSpherePostPortal.tar
    tar cvf WebSphere1PostPortal.tar WebSphere1
    gzip WebSphere1PostPortal.tar

    ### Backup Installation Manager
    tar cvf InstallationManagerPostPortal.tar /var/ibm/InstallationManager
    gzip InstallationManagerPostPortal.tar
    tar cvf IMSharedPostPortal.tar /usr/IBM/IMShared
    gzip IMSharedPostPortal.tar

    ### Install FP
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.PORTAL.SERVER.v80 -repositories /media/Portal8_FP1/repository.config -properties user.wp.portal.userid,,com.ibm.websphere.PORTAL.SERVER.v80=wasadmin,user.wp.portal.password,,com.ibm.websphere.PORTAL.SERVER.v80=zvgGAF0Fb/j9MaftrK1Uww==,user.wp.was.userid,,com.ibm.websphere.PORTAL.SERVER.v80=wasadmin -installationDirectory /opt/IBM/WebSphere/PortalServer -acceptLicense

    ### Start WebSphere processes
    cd /opt/IBM/WebSphere/AppServer/bin
    cd /opt/IBM/WebSphere/AppServer/bin
    cd /opt/IBM/WebSphere/profiles/profilename/bin
    ./startServer.sh WebSphere_Portal

Set up IHS SSL

This needs to be done for authoring server

  1. Create key DB and certificate

      mkdir /opt/IBM/WebSphere/IHS/keys
      cd /opt/IBM/WebSphere/IHS/keys
    /path/to/gsk7cmd -keydb -create -db authoring.kdb -pw password -type cms -expire 360 -stash /path/to/gsk7cmd -cert -create -db authoring.kdb -pw password -size 1024 -dn "CN=hostname,O=MyCo,OU=IHS,ST=FL,C=US" -label IHS -default_cert yes -expire 360

  2. Edit httpd.conf and set...

      LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
      Listen 443
      <VirtualHost *:443>
      SSLProtocolDisable SSLv2
      KeyFile /opt/IBM/WebSphere/IHS/key/authoring,kdb

  3. Restart IHS

Create profile on secondary node

Do this step only after configuring the portal primary node with Oracle and LDAP

  1. From primary node, copy profileTemplates.zip to secondary nodes. For example...

      cd /opt/IBM/Portal/WebSphere1/PortalServer/profileTemplates
      scp profileTemplates.zip mpareene@brandbwps2.myco.com:/tmp
      scp profileTemplates.zip mpareene@brandbwps3.myco.com:/tmp
      scp profileTemplates.zip mpareene@brandbwps4.myco.com:/tmp

  2. On target node, unzip profileTemplates.zip

      cd /opt/IBM/Portal/WebSphere1/PortalServer/profileTemplates
      mv /tmp/profileTemplates.zip .
      unzip profileTemplates.zip

  3. Update permissions...

      cd /opt/IBM/Portal/WebSphere1/PortalServer/
      find profileTemplates -name \* -exec chmod 755 {} \;

  4. Execute...

      cd /opt/IBM/Portal/WebSphere1/PortalServer/profileTemplates
      ./installPortalTemplates.sh /opt/IBM/Portal/WebSphere1/AppServer

  5. On each WebSphere Portal additional node...
    cd /opt/IBM/Portal/WebSphere1/AppServer/bin/ 
    ./manageprofiles.sh -create  \
          -templatePath /opt/IBM/Portal/WebSphere1/PortalServer/profileTemplates/managed.portal  \
          -profileName wp_profile  \
          -profilePath /opt/IBM/Portal/WebSphere1/wp_profile \
          -cellName Cell02 \
          -nodeName Node02 \
          -hostName brandbwps2.myco.com
    cd /opt/IBM/Portal/WebSphere1/AppServer/bin/ 
    ./manageprofiles.sh -create  \
          -templatePath /opt/IBM/Portal/WebSphere1/PortalServer/profileTemplates/managed.portal  \
          -profileName wp_profile  \
          -profilePath /opt/IBM/Portal/WebSphere1/wp_profile \
          -cellName Cell03 \
          -nodeName Node03 \
          -hostName brandbwps3.myco.com
    cd /opt/IBM/Portal/WebSphere1/AppServer/bin/ 
    ./manageprofiles.sh -create  \
          -templatePath /opt/IBM/Portal/WebSphere1/PortalServer/profileTemplates/managed.portal  \
          -profileName wp_profile  \
          -profilePath /opt/IBM/Portal/WebSphere1/wp_profile \
          -cellName Cell04 \
          -nodeName Node04 \
          -hostName brandbwps4.myco.com

    Do NOT use the same node name as your primary node or any other node that may already be part of the DMGR cell. You will be unable to add this node to the DMGR cell if the node names are identical. Do NOT use the same cell name as the DMGR cell. Do NOT use the manageprofiles option to Federate the profile now. This results in an unusable Portal profile. A WebSphere_Portal server will NOT be created during the profile creation. The WebSphere_Portal server will be created after the node is added to the existing cluster.

  6. After creating the profile, edit...


    ...and verify the following is set...


  7. On remote dmgr host, ensure the Deployment Manager is started...

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin

  8. Ensure that the time on the Deployment Manager server and the time on the additional Portal node server are no more than 5 minutes apart.

  9. Create backup of all nodes and dmgr

  10. Log on to each secondary host in turn, and add the node...

      cd /opt/IBM/Portal/WebSphere1/wp_profile/bin
      ./addNode.sh dmgr.myco.com 9879 -username wasadmin -password mypassword

    Example output...

      ADMU0003I: Node Node02 has been successfully federated.

  11. Edit...


    ...and set...


  12. Edit...


    ...and ensure that the database password values are all set correctly.

    Note that this file should be pre-populated with our database information from running the 'enable-profiles' script on the primary node earlier.

  13. Review settings in...


  14. Confirm the database properties are set up correctly on this node

      cd /opt/IBM/Portal/WebSphere1/wp_profile/ConfigEngine
      ./ConfigEngine.sh validate-database -DWasPassword=mypassword

    Example output:

      Wed Feb 26 15:24:28 EST 2014

  15. Edit...


    ...and set...

      jcr.textsearch.enabled = false

  16. In the same file, set...


  17. Start the nodeagent

      cd /opt/IBM/Portal/WebSphere1/wp_profile/bin

  18. Add node to cluster

      ./ConfigEngine.sh cluster-node-config-cluster-setup-additional -DWasPassword=mypassword

  19. Execute appserver specific steps for setting up the following...

  20. Restart appserver and verify no errors in logs

  21. Verify we can access the new cluster member in a web browser using the port we identified earlier:



Portal promotion steps

This is example for QA env.

  1. Disable managed pages

  2. Install New MyCo Mobile Theme

    1. Check-out theme ear from SVN


      Export the MyCoTheme folder

    2. Install theme ear



        Applications -> New Application -> New Enterprise Application -> Browse to MyCoMobileEnabledDynamicEAR.ear -> Next -> Fast Path -> Next -> Next

      Select the Module and map to PortalCluster

      Select Apply -> Next -> Finish -> Save

    3. Install WebDav Components

      cd /opt/IBM/WebSphere/profiles/wp_profile/ConfigEngine
      ./ConfigEngine.sh webdav-deploy-zip-file \
          -DTargetURI=dav:fs-type1/themes/MyCoMobileTheme/ \

  3. From Console, go to...

      Resource -> Resource Environment -> Resource Environment Providers -> WP DynamicContentSpotMappings -> Custom Properties -->

    ...and set...

      MyCoMobileTheme_asa res:/wps/themeModules/modules/asa/jsp/asa.jsp, wp_analytics
      MyCoMobileTheme_asaHead res:/wps/themeModules/modules/asa/jsp/head.jsp, wp_analytics
      MyCoMobileTheme_asaPortlet res:/wps/themeModules/modules/asa/jsp/asaPortlet.jsp, wp_analytics
      MyCoMobileTheme_commonActions res:/MyCoMobileTheme/themes/html/dynamicSpots/commonActions.jsp
      MyCoMobileTheme_crumbTrail res:/MyCoMobileTheme/themes/html/dynamicSpots/crumbTrail.jsp?rootClass=wpthemeCrumbTrail&startLevel=2
      MyCoMobileTheme_footer res:/MyCoMobileTheme/themes/html/dynamicSpots/footer.jsp
      MyCoMobileTheme_head res:/MyCoMobileTheme/themes/html/dynamicSpots/head.jsp
      MyCoMobileTheme_layout lm:template
      MyCoMobileTheme_mobileSearch mvc:smartphone/tablet@res:/wps/themeModules/themes/html/dynamicSpots/modules/search/search.jsp
      MyCoMobileTheme_mobileNav mvc:smartphone/tablet@res:/MyCoMobileTheme/themes/html/dynamicSpots/mobileNavigation.jsp
      MyCoMobileTheme_pageModeToggle res:/MyCoMobileTheme/themes/html/dynamicSpots/pageModeToggle.jsp, wp_toolbar
      MyCoMobileTheme_preview res:/wps/themeModules/modules/pagebuilder/jsp/preview.jsp,wp_preview
      MyCoMobileTheme_primaryNav res:/MyCoMobileTheme/themes/html/dynamicSpots/navigation.jsp?rootClass=wpthemePrimaryNav%20wpthemeLeft&startLevel=1
      MyCoMobileTheme_projectMenu res:/wps/themeModules/modules/pagebuilder/jsp/projectMenu.jsp,wp_project_menu
      MyCoMobileTheme_search res:/wps/themeModules/themes/html/dynamicSpots/modules/search/search.jsp
      MyCoMobileTheme_secondaryNav res:/MyCoMobileTheme/themes/html/dynamicSpots/navigation.jsp?rootClass=wpthemeSecondaryNav&startLevel=2&levelsDisplayed=2
      MyCoMobileTheme_sideNav res:/MyCoMobileTheme/themes/html/dynamicSpots/sideNavigation.jsp?startLevel=2
      MyCoMobileTheme_status res:/MyCoMobileTheme/themes/html/dynamicSpots/status.jsp, wp_status_bar
      MyCoMobileTheme_toolbar res:/wps/themeModules/modules/pagebuilder/jsp/toolbar.jsp,wp_toolbar
      MyCoMobileTheme_topNav res:/MyCoMobileTheme/themes/html/dynamicSpots/navigation.jsp?rootClass=wpthemeHeaderNav&startLevel=0&primeRoot=true

  4. Register theme

    1. Export theme from dev...
      cd /opt/IBM/WebSphere/PortalServer/bin
      ./xmlaccess.sh -in /opt/IBM/WebSphere/PortalServer/doc/xml-samples/ExportThemesAndSkins.xml  \
       -url http://dev:14000/wps/config \
       -out /tmp/theme_output.xml \
       -user wpsadmin\
       -password mypassword

    2. Clean up to only have myco themes and skins

      We need the following themes and skins...

        <skin objectid="ZK_DA9O9B1A0O41F0AIA6D56I12V3" uniquename="MyCoNoSkin"/>
        <skin objectid="ZK_DA9O9B1A0O41F0AIA6D56I12V1" uniquename="MyCoHidden"/>
        <skin objectid="ZK_DA9O9B1A0O41F0AIA6D56I12V5" uniquename="MyCoStandard"/>
        <skin objectid="ZK_VCMO9B1A00RID0IA81U58B3080" uniquename="myco.skin.MyCoSkin"/>
        <skin objectid="ZK_VCMO9B1A0GL950IAQ00TNO2047" uniquename="myco.skin.MyCoCommNewsSkin"/>
        <theme objectid="ZJ_DA9O9B1A0O41F0AIA6D56I12V7" uniquename="MyCoTheme"/>

      We also need the following themes and skins, but they should already be installed, so no need to import...

        <skin objectid="ZK_CGAH47L0084G00I4BONHCQ10C1" uniquename="wps.skin.noSkin"/>
        <skin objectid="ZK_DA9O9B1A0GPE90AICVHIM12O44" uniquename="ibm.portal.80Hidden"/>
        <skin objectid="ZK_DA9O9B1A0GPE90AICVHIM12O42" uniquename="ibm.portal.80Standard"/>
        <skin objectid="ZK_DA9O9B1A0GPE90AICVHIM12O46" uniquename="ibm.portal.80NoSkin"/>
        <theme objectid="ZJ_DA9O9B1A0GPE90AICVHIM12O41" uniquename="ibm.portal.80Theme"/>

    3. Copy file to new host

    4. Import into QA
      cd /opt/IBM/WebSphere/PortalServer/bin
      ./xmlaccess.sh -in /home/wasadmin/theme_output.xml 
       -user "cn=adminqa,OU=Service Accounts,OU=WepSphere,OU=Enterprise Services,DC=myco,DC=ad,DC=local" 
       -password mypass
       -url http://qa:14000/wps/config 
       -out /home/wasadmin/import_theme_log.xml

  5. Install custom wars...

    • CommunityNews286.war
    • LoginPortlet.war
    • Theme Analyzer
    • Extended Cached Monitor
    • SplitSecond_war

  6. Copy the following files from Portal v6 Production to new portal v8 env...


  7. From Portal v8 WAS console, create...

      Shared Libraries > JWLLib

    ...for each of the following scopes..

    • cells:cell:nodes:nodedmgr:servers:dmgr
    • cells:cell:nodes:node1:servers:server1
    • cells:cell:nodes:node2:servers:server1

    For each JWLLib, set Classpath...


  8. Optional. MyCo is not currently using even though it is installed in PROD

    Copy into place...


    From Portal v8 WAS console, create...

    ...for each of the following scopes...

    • cells:cell:nodes:node1
    • cells:cell:nodes:node2

    For each SDIMediatorsLib, set Classpath...


    Add SDOMediatorLib to...

      Application servers > WebSphere_Portal > Class loader > Classloader_1257635966844 > Library Reference


Multilingual system

Important: Do not syndicate any WCM libraries before the MLS configuration.

On each portal node in the cluster, run...

  1. Set WasPassword and PortalAdminPwd in wkplc.properties

  2. Run...

      cd /opt/IBM/Portal/WebSphere1/wp_profile/ConfigEngine
      ./ConfigEngine.sh register-wcm-mls
      ./ConfigEngine.sh deploy-wcm-mls
      ./ConfigEngine.sh import-wcm-mls-data -DVirtualPortalContext=brandb-vp

  3. To have the home page render in Espanol...

    1. Log on to the virtual portal

    2. From Administration | Manage Pages | Content Root | Welcome to BrandB | Edit Page Layout

    3. For the Web Content Viewer portlet, select Edit Shared Settings

    4. Go to Advanced Options and highlight com.ibm.workplace.wcm.ml.contextprocessor.MLContextProcessor in the Context Processors panel.

    5. Click OK

  4. Restart WebSphere Portal.

See: Multilingual deployment, installation, and configuration