Create a custom profile


 

+

Search Tips   |   Advanced Search

 

Overview

A custom profile is an empty node that we can customize to include appservers, clusters, or other Java processes, such as a messaging server.

By default, the PMT federates a custom node when creating a custom profile. Federating the node makes the node operational. You must have access to a running dmgr to federate the node. Otherwise, a connection error displays. You can federate the node later if we do not have access to a running dmgr, or for any other reason.

If the custom profile is on a machine that does not have a dmgr, then the dmgr must be accessible over the network to support the federation of the node.

We can create profiles with the PMT using the typical profile creation process or the advanced profile creation process. The typical profile creation process uses default settings and assigns unique port values. We can optionally set values as allowed. For the advanced profile creation process we can accept the default values, or specify our own values.

You must provide enough system temporary space to create a profile.

 

Solaris considerations

For Solaris: When you launch the PMT, the tool could lock up in the following situation for a non-root user: Log into a machine as root, use the SetPermissions utility to change the user from x to y. Assume that we are user x and log back into the machine. Launch the PMT, click...

Profile Management Tool Create

The next click after the click on Create could lock up the tool.

When you use the PMT with the Motif GUI on the Solaris operating system, the default size of the PMT might be too small to view all the messages and buttons of the PMT. To fix the problem, add the following lines to the APP_ROOT/.Xdefaults file:

 Eclipse*spacing:0 Eclipse*fontList:-misc-fixed-medium-r-normal-*-10-100-75-75-c-60-iso8859-1

After adding the lines, run the following command before launching the PMT:

xrdb -load user_home/.Xdefaults

 

Procedure

  1. Start the PMT...

    • At the end of installation, select the check box to launch the PMT.

    • Run from commandline...

      cd APP_ROOT/bin/ProfileManagement
      ./pmt.sh

    • Select the Profile Management Tool option from the First steps console.

      Start | Programs | IBM WebSphere | my_product | Profile Management Tool

  2. Click Create on the Profiles tab to create a new profile.

    The Profiles tab contains a list of profiles that have been created on the machine. No action can be done on a selected profile unless the profile can be augmented. The Augment button is greyed out unless a profile that you select can be augmented.

    The tool displays the Environment selection panel.

  3. Select the custom profile, and click Next.

    The Profile creation options panel is displayed.

  4. Select either Typical profile creation or Advanced profile creation, and click Next.

  5. If we selected Typical profile creation, go to federating the node.

  6. If we selected Advanced profile creation, then specify the custom profile name and the profile directory on the Profile name and location panel, or accept the defaults, and click Next.

    Double-byte characters are supported.

    Do not use any of the following characters when naming the profile:

    • Spaces
    • Special characters that are not supported within the name of a directory on the operating system, such as *&?
    • Slashes (/) or (\)

    The default profile

    The first profile created on a machine is the default target for commands issued from...

    WAS_HOME/bin

    When only one profile exists on a machine, every command works on the single server process in the configuration. We can make another profile the default profile by checking "Make this profile the default" during creation or using manageprofiles after profile creation.

    When multiple profiles specify profile name on command line, or use the commands in the bin directory of each profile.

    The default profile name is...

    <profile_type><profile_number>:

    ...where...

    • <profile_type> is a value of...

      • AppSrv
      • Dmgr
      • Custom
      • AdminAgent
      • JobMgr
      • SecureProxySrv

    • <profile_number> is a sequential number used to create a unique profile name

    The default profile directory is...

    APP_ROOT/profiles

    PMT then displays the Node and host names panel.

  7. Specify the node and host characteristics for the custom profile, and click Next.

    If we plan to migrate an installation of ND V5 to V6, use the same cell name for the V6 dmgr that you used for the V5 cell.

    A cell name must be unique...

    • In any circumstance in which WAS is running on the same physical machine or cluster of machines, such as a sysplex.

    • In any circumstance in which network connectivity between entities is required either between the cells or from a client that must communicate with each of the cells.

    • If cell namespaces are federated. Otherwise, we might encounter symptoms such as a javax.naming.NameNotFoundException error, in which case, create uniquely named cells.

    After migrating the cell, the V5 managed nodes are now managed by the V6 dmgr in compatibility mode. We can migrate individual V5 managed nodes in the cell to V6. To do so, create a V6 profile with the same node name as the V5 managed node.

    Avoid using reserved folder names as field values...

    Characteristics of the custom profile...

    Field Name Default Value Constraints Description
    Node name

    shortHostName
    Node
    NodeNumber
    where:

    • shortHostName is the short host name

    • NodeNumber is a sequential number starting at 01

    Avoid using the reserved terms.

    Use a unique name within the dmgr cell.

    If we plan to migrate a V5 managed node, then use the same node name for this V 6 custom profile.

    The name is used for administration within the dmgr cell to which the custom profile is added. Use a unique name within the dmgr cell.

    After migrating a V5 dmgr cell to a V6 dmgr, we can migrate the V5 custom profiles that are running in compatibility mode in the V6 dmgr.

    Host name

    The long form of the domain name server (DNS) name.

    The host name must be addressable through the network. Use the actual DNS name or IP address of the machine to enable communication with the machine. See additional information about the host name that follows this table.

    (Windows) The number of characters in the profiles_directory_path\profile_name directory must be less than or equal to 80 characters.

    The host name is the network name for the physical machine on which the node is installed. The host name must resolve to a physical network node on the server. When multiple network cards exist in the server, the host name or IP address must resolve to one of the network cards. Remote nodes use the host name to connect to and communicate with this node. Selecting a host name that other machines can reach within the network is important.

    Do not use the generic identifier, localhost, for this value. Also, do not attempt to install WAS products on a machine with a host name that uses characters from a DBCS, which are not supported when used in the host name.

    If we define coexisting nodes on the same computer with unique IP addresses, then define each IP address in a DNS look-up table. Configuration files for standalone appservers do not provide domain name resolution for multiple IP addresses on a machine with a single network address.

    The value specified for the host name is used as the value of the hostName property in configuration documents for the standalone appserver. Specify the host name value in one of the following formats:

    • Fully qualified DNS host name string, such as...

      machine1.manhattan.skywyradio.com

    • The default short DNS host name string, such as xmachine

    • Numeric IP address, such as 127.1.255.3

    The fully qualified DNS host name has the advantages of being unambiguous and flexible. we have the flexibility of changing the actual IP address for the host system without having to change the appserver configuration. This value for the host name is particularly useful if we plan to change the IP address frequently when using Dynamic Host Configuration Protocol (DHCP) to assign IP addresses. A disadvantage of this format is dependency on DNS. If DNS is not available, then connectivity is compromised.

    The short host name is also dynamically resolvable. A short name format has the added function of being redefined in the local hosts file so that the system can run the appserver, even when disconnected from the network. To run disconnected, define the short name as the loopback address, 127.0.0.1, in the hosts file to run disconnected. A disadvantage of this format is a dependency on DNS for remote access. If DNS is not available, then connectivity is compromised.

    A numeric IP address has the advantage of not requiring name resolution through DNS. A remote node can connect to the node that you name with a numeric IP address without DNS being available. A disadvantage of this format is that the numeric IP address is fixed. You must change the setting of the hostName property in Express configuration documents whenever you change the machine IP address. Therefore, do not use a numeric IP address if we use DHCP, or if we change IP addresses regularly. Another disadvantage of this format is that we cannot use the node if the host is disconnected from the network.

    After specifying custom profile characteristics, the tool displays the Federation panel.

  8. If administrative security is enabled for the dmgr, specify the host name and SOAP port of the dmgr, and the user name and password for the deployment manager. Click Next. After federation, the process in the custom profile is the node agent process, which is the agent of the dmgr for the custom node.

    The node agent responds to commands from the dmgr to perform tasks that include the following actions:

    • Create appserver processes, clusters, and cluster members

    • Starting and stopping appserver processes

    • Synchronizing configurations between the current edition on the dmgr and the copy that exists on the node

    • Delete appserver processes

    Should you federate the node?

    The recommendation is that you federate the custom node at this time. The dmgr must be running and accessible when you click Next on the Federation panel to federate the custom node. If the custom profile is on a machine that does not have a dmgr, then the dmgr must be running and accessible over the network to allow the federation of the node. If the dmgr is not running or not accessible before you click Next, but we can start it and make it accessible at this time, then do so. Otherwise, select the Federate the node later check box.

    If unsure whether the dmgr is running or accessible, then do not federate now. Federate the node when we can verify the availability of the dmgr.

    A possibility exists that the dmgr is reconfigured to use the non-default remote method invocation (RMI) as the preferred Java Management Extensions (JMX) connector. Click System Administration > Deployment manager > Administrative services in the admin console of the dmgr to verify the preferred connector type.

    If RMI is the preferred JMX connector, then use the addNode command to federate the custom profile later. Use the addNode command so that we can specify the JMX connector type and the RMI port.

    If the deployment manager uses the default SOAP JMX connector type, specify the host name and SOAP port and federate the node now to create a functional node that we can customize.

    Federating when the dmgr is not available

    If we federate a custom node when the dmgr is not running or is not accessible, then an error message is displayed. If the deployment manager becomes unavailable during the profile creation process, then the installation indicator in the logs is INSTCONFFAIL, to indicate a complete failure. The resulting custom profile is unusable. You must delete the profile. Read about deleting a profile for more information.

    If we chose to federate now, and you previously selected Advanced profile creation, then the Security certificate panel displays next. Go to the step on creating and importing certificates.

    Otherwise, the Profile Creation Summary panel displays for the typical profile creation option. Go to the step on creating the custom profile.

  9. Create a default personal certificate and a root signing certificate, or import a personal certificate and a root signing certificate from keystore files, and click Next.

    We can create both certificates, import both certificates, or create one certificate, and import the other certificate.

    Best practice: When you import a personal certificate as the default personal certificate, import the root certificate that signed the personal certificate. Otherwise, the PMT adds the signer of the personal certificate to the trust.p12 file

    If we import the default personal certificate or the root signing certificate, specify the path and the password, and select the keystore type and the keystore alias for each certificate that you import.

  10. Verify that the certificate information is correct, and click Next.

    If we create the certificates, we can use the default values or modify them to create new certificates. The default personal certificate is valid for one year by default and is signed by the root signing certificate. The root signing certificate is a self-signed certificate that is valid for 15 years by default. The default keystore password for the root signing certificate is WebAS. You should change the password. The password cannot contain any double-byte character set (DBCS) characters because certain keystore types, including PKCS12, do not support these characters. The keystore types that are supported depend on the providers in the java.security file.

    When you create either or both certificates, or import either or both certificates, the keystore files that are created are key.p12, trust.p12, root-key.p12, default-signers.p12, deleted.p12, and ltpa.jceks. These files all have the same password when creating or import the certificates, which is either the default password, or a password specified. The key.p12 file contains the default personal certificate. The trust.p12 file contains the signer certificate from the default root certificate. The root-key.p12 file contains the root signing certificate. The default-signer.p12 file contains signer certificates that are added to any new keystore file created after the server is installed and running. By default, the default root certificate signer and a DataPower signer certificate is in the default-signer.p12 keystore file. The deleted.p12 keystore file is used to hold certificates deleted with the deleteKeyStore task so that they can be recovered if needed. The ltpa.jceks file contains server default LTPA keys that the servers in the environment use to communicate with each other.

    An imported certificate is added to the key.p12 file or the root-key.p12 file.

    If we import any certificates and the certificates do not contain the information that you want, click Back to import another certificate.

    After displaying the Security certificate panels, the tool displays the Ports panel if we previously selected Advanced profile creation.

  11. Verify that the ports within the custom profile are unique, or intentionally conflicting, and click Next.

    Port conflict resolution If we suspect a port conflict, then we can investigate the port conflict after the profile is created. Determine the ports that are used during profile creation by examining the following files.

    • (Linux) [HP-UX] [Solaris]

      [AIX] $PROFILE_ROOT/properties/portdef.props file

    • (Windows) $PROFILE_ROOT\properties\portdef.props file

    Included in this file are the keys and values that are used in setting the ports. If we discover ports conflicts, then we can reassign ports manually. To reassign ports, run the updatePorts.ant file by using the ws_ant script.

    The Profile Creation Summary panel is displayed.

  12. Click Create to create the custom profile, or click Back to change the characteristics of the custom profile.

    If we previously chose to federate the custom node on the Federation panel, the dmgr had to be running and accessible. The dmgr must be running and accessible when you click Create. If we think the deployment manager might no longer be running or might have become inaccessible, then start the dmgr and make it accessible, or make it accessible if it is already running.

    The Profile creation progress panel, which shows the configuration commands that are running, is displayed.

    When the profile creation completes, the tool displays the Profile creation complete panel.

  13. Optionally, select Launch the First steps console. Click Finish to exit.

    With the First steps console, we can create additional profiles and start the application server.

 

Results

You created a custom profile. The node within the profile is empty until you federate the node and use the dmgr to customize the node.

The directory structure shows the new profile folder within the profiles directory. The profile folder has the same name as the profile created.

Refer to the description of the manageprofiles command to learn about creating a profile using a command instead of the PMT.

The PMT creates a log during profile creation. The logs are in the install_dir/logs/manageprofiles directory. The files are named in this pattern: manageprofiles_create_profile_name.log.

 

Next steps

Federate the node into the dmgr cell if we did not already do so when creatingd the node. Then, use the dmgr to create an appserver on the node.

Deploy an application to get started.

Read about fast paths for WAS to get started deploying applications.


Profiles: File-system requirements

 

Related information


Delete a profile