+

Search Tips   |   Advanced Search

Example HCL Portal v8 implementation


The following is an example implementation plan for a configuration of HCL Portal (nee WebSphere Portal) at fictional myco.com. The environment integrates with IBM HTTP Server (IHS), Tivoli Directory Server, IBM DB2, and ESB gateways. Although software version is obsolete, the broader perspective offered still provides utility for those tasked with enterprise software implementation in general.

     

Pre-Install

     

Install WAS v8.5.5 and Portal v8.0.0.1


Deploy MyCo


Post-Install tasks


See also

  1. Test
  2. Production
  3. Change dmgr cellname
  4. Restart portal
  5. IHS


Overview

The following is an example of how to install WebSphere Portal v8, and then how to deploy the fictional MyCo's Prodline1 and Prodline2 branded applications and artifacts to their respective virtual hosts.

Note that the example is based on a specific deployment, and includes steps that you, in all likelihood, will not have to follow. These steps, revolving around setup of custom portal applications, are included for illustrative purposes.


Create /opt/IBM/Portal and /media filesystems

Create /opt/IBM/Portal and /media filesystems. Size of /opt/IBM/Portal should be at least 50 GB for lower level environments, and preferably 100 GB. /media is a shared directory containing WebSphere install images. Make sure /tmp has at least 3.5 GB free.

For example, on STG host...

stage ->df -g
Filesystem      GB blocks      Free %Used    Iused %Iused Mounted on
/dev/hd4             3.00      2.81    7%    11409     2% /
/dev/hd2            11.00      7.32   34%    59730     4% /usr
/dev/hd9var          4.00      3.62   10%     8988     2% /var
/dev/hd3             4.00      3.94    2%       96     1% /tmp
/dev/hd1             3.00      2.96    2%       79     1% /home
/dev/hd11admin       3.00      3.00    1%        9     1% /admin
/proc                   -         -    -         -     -  /proc
/dev/hd10opt         4.00      3.73    7%     8177     1% /opt
/dev/livedump        0.25      0.25    1%        4     1% /var/adm/ras/livedump
/dev/lvportalwps    90.00     89.63    1%        4     1% /opt/IBM/Portal
/dev/lvrafrepo      20.00     19.92    1%        4     1% /rafrepo
/dev/lvmedia        50.00     14.17   72%    33264     1% /media


Install and run Installation Manager

  1. On your local computer, download, install, and run XMing X server

  2. In putty, enable X11 forwarding...

      Connection | SSH | X11 | Enable X11 forwarding

    ...and compression...

      Connection | SSH | Enable compression

    ...and set cipher order...

      Blowfish
      -- warn below here --
      3DES
      DES
      AES

  3. Log on to target host as user root and configure X11. For example...

      username@hostname /home/username ->xauth list
      hostname/unix:11 MIT-MAGIC-COOKIE-1 0c723ae2ccd7660271b1bafc01b5d55f
      hostname/unix:10 MIT-MAGIC-COOKIE-1 d15b40a439806573a57f10099fa9cfaf
      username@hostname /home/username ->sudo su -
      root@hostname / ->xauth add hostname/unix:10 MIT-MAGIC-COOKIE-1 d15b40a439806573a57f10099fa9cfaf
      root@hostname / ->DISPLAY=localhost:10.0
      root@hostname / ->export DISPLAY
      root@hostname / ->xclock

    If xclock does not work, we might need to enable X11 in sshd...

    1. vi /etc/ssh/sshd_config
    2. Set X11Forwarding yes
    3. stopsrc -s sshd
    4. startsrc -s sshd
    5. Log out of the putty session
    6. Log back in

    If we are logging into target host from AIX jumpbox, use syntax...

      ssh -X -Y -C username@hostname

  4. Install Installation Manager

      cd /media/installmgr
      ./installc -acceptLicense
      cd /opt/IBM/InstallationManager/eclipse

For more information, see: Installation Manager 1.6.2


Install WAS v8.5.5 for dmgr

On hosts where dmgr is co-located with portal, we install WAS into /opt/IBM/Portal/WebSphere on the portal host. On hosts where dmgr is on its own host, we install into /opt/IBM/Portal/WebsphereMB on the dmgr host.

  1. On your local computer, start XMing X server

  2. Log on to target host as user root

  3. Verify ulimit for number of files and file blocks

      ulimit -n 20480
      ulimit -f unlimited

    To get current ulimit: ulimit -a

    To set, edit /etc/security/limits

  4. Set umask 022 in .profile

  5. Add WAS v8.5.5 to repository using Installation Manager

    Console mode:

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

      ...select...

        P. Preferences | 1. Repositories | D. Add Repository

    2. Set...

        /media/WAS855/repository.config

    3. Add repository for WAS 8.5.5 FP 1

        /media/WAS855_FP1/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
      
      Repositories:
           1. [X] /media/WAS855/repository.config
      
      Other Options:
           D. Add Repository
      
           S. [ ] Search service repositories during installation and updates
      
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu
      

    To add using GUI...

    1. Go to...

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Select...

        File | Preferences | Repositories | Add Respository

    3. Add WAS v8.5.5 repository...

        /media/WAS855/repository.config

    4. Click Apply

    5. Uncheck: "Search service repositories during installation and updates"

    6. Add repository for WAS 8.5.5 FP 1

        /media/WAS855_FP1/repository.config

  6. Install WAS v8.5.5 binaries for use by dmgr profile

    • Command-line method for dmgr that is not co-located with portal...
      
      ### Install WAS 8.5.5 only
      mkdir /opt/IBM/Portal/IMShared 
      cd /opt/IBM/InstallationManager/eclipse/tools 
      ./imcl install com.ibm.websphere.ND.v85_8.5.5000.20130514_1044 \
             -repositories /media/WAS855/repository.config  \
             -installationDirectory /opt/IBM/Portal/WAS1/AppServer  \
             -sharedResourcesDirectory /opt/IBM/Portal/IMShared  \
             -log /tmp/imcl.log  \
             -showProgress \
             -acceptLicense
      

      The version number can be found in the repository.xml file. For example

        <offering ... version='8.5.0.20110617_2222

      ...or by using listAvailablePackages. For example...

        ./imcl listAvailablePackages -repositories /media/WAS855_FP1/repository.config

    • GUI method...

      1. Start Installation Manager

          cd /opt/IBM/InstallationManager/eclipse
          ./IBMIM

        ...and go to...

          File | Preferences | Repositories | Add Respository

      2. Add WAS v8.5.5 repository...

          /media/WAS855/repository.config

        ...and then click Apply

      3. On IIM main page, click Install, select the WAS ND package, then click Next...

      4. Accept the license terms, then click Next

      5. Set location of Shared Resources Directory

          /opt/IBM/Portal/IMShared

      6. Set WAS home

        For Test, PRD, and Auth envs...

          /opt/IBM/Portal/WebSphere/AppServer

        For TST, PRD Primary, and PRD HA envs, where Prodline2 dmgr is co-located on same LPAR as Prodline1...

          /opt/IBM/Portal/WAS1/AppServer

      7. Select default features

      8. Accept summary information

        After install completes, select None, and then exit Installation Manager


Install WAS v8.5.5 binaries for use by portal profile

  1. Start Installation Manager in GUI mode

      cd /opt/IBM/InstallationManager/eclipse
      ./IBMIM

  2. On main Installation Manager panel, select Install.

    If dmgr is co-located on this host, you may get pop-up saying package is already installed. Select Continue in Installed Packages pop-up panel.

  3. Select IBM WAS ND v8.5.5.1 to install

  4. On next panel, accept license agreement

  5. For Shared Resources Directory, set...

      /opt/IBM/Portal/IMShared

  6. On the Install Packages screen, select...

      Create a new package group

    ...and for Installation Directory select...

      /opt/IBM/Portal/WAS1/AppServer

  7. Keep English as the only default language.

  8. Select features to install. We can keep the defaults.

  9. Review the summary information, then select Install

  10. On last screen, select None, then Finish


Upgrade WAS to v8.5.5 FP 1

Do this for WAS binaries on both the Dmgr host and on portal nodes.

Note that if included WAS FP1 in the repository when doing WAS install, this should already be done. To verify...

# cd opt/IBM/Portal/WebSphere/AppServer/bin 
# ./versionInfo.sh
--------------------------------------------------------------------------------
IBM WebSphere Product Installation Status Report
--------------------------------------------------------------------------------

Report at date and time May 19, 2014 6:45:30 PM EDT

Installation
--------------------------------------------------------------------------------
Product Directory        /opt/IBM/Portal/WebSphere/AppServer
Version Directory        /opt/IBM/Portal/WebSphere/AppServer/properties/version
DTD Directory            /opt/IBM/Portal/WebSphere/AppServer/properties/version/dtd
Log Directory            /var/ibm/InstallationManager/logs

Product List --------------------------------------------------------------------------------
ND                       installed

Installed Product
--------------------------------------------------------------------------------
Name                  IBM WebSphere Application Server Network Deployment
Version               8.5.5.1
ID                    ND
Build Level           cf011341.03
Build Date            10/18/13
Package               com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
Architecture          PPC64
Installed Features    IBM 64-bit WebSphere SDK for Java
                      WebSphere Application Server Full Profile
                      EJBDeploy tool for pre-EJB 3.0 modules
                      Embeddable EJB container
                      Stand-alone thin clients and resource adapters


# cd /opt/IBM/Portal/WAS1/AppServer/bin 
# ./versionInfo.sh
--------------------------------------------------------------------------------
IBM WebSphere Product Installation Status Report
--------------------------------------------------------------------------------

Report at date and time May 19, 2014 6:47:14 PM EDT

Installation
--------------------------------------------------------------------------------
Product Directory        /opt/IBM/Portal/WAS1/AppServer
Version Directory        /opt/IBM/Portal/WAS1/AppServer/properties/version
DTD Directory            /opt/IBM/Portal/WAS1/AppServer/properties/version/dtd
Log Directory            /var/ibm/InstallationManager/logs

Product List --------------------------------------------------------------------------------
ND                       installed

Installed Product
--------------------------------------------------------------------------------
Name                  IBM WebSphere Application Server Network Deployment
Version               8.5.5.1
ID                    ND
Build Level           cf011341.03
Build Date            10/18/13
Package               com.ibm.websphere.ND.v85_8.5.5001.20131018_2242
Architecture          PPC64
Installed Features    IBM 64-bit WebSphere SDK for Java
                      WebSphere Application Server Full Profile
                      EJBDeploy tool for pre-EJB 3.0 modules
                      Embeddable EJB container
                      Stand-alone thin clients and resource adapters

Before installing, make a backup of WAS file system.

To install silently using command-line, as user root...

cd /opt/IBM/InstallationManager/eclipse/tools 
./imcl install com.ibm.websphere.ND.v85_8.5.5001.20131018_2242 \
       -repositories /media/WAS855_FP1/repository.config  \
       -installationDirectory /opt/IBM/Portal/WAS1/AppServer  \
       -sharedResourcesDirectory /opt/IBM/Portal/IMShared  \
       -log /tmp/imcl.log  \
       -showProgress \
       -acceptLicense

To install using Installation Manager GUI...

  1. On the main IIM page, select Update

  2. On the "Select a package group to find updates for", select first package group

  3. On the panel, "Select updates to install", verify V8.5.5.1 is selected

  4. On the panel, "Select the features to install", keep defaults, then select Next

  5. On the Summary panel, select Update

  6. After it finishes, do the same for the second package group


Install Portal on primary node

  1. Configure portal repository

    Using console mode

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

    2. Select...

        P. Preferences | 1. Repositories | D. Add Repository

    3. Add repository...

        /media/Portal8/Setup/eimage/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
      
      Repositories:
           1. [X] /media/Portal8/Setup/eimage/repository.config
      
      Other Options:
           D. Add Repository
      
           S. [ ] Search service repositories during installation and updates
      
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu
      

    Using GUI...

    1. Run

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Add repository...

        /media/Portal8/Setup/eimage/repository.config

  2. Install Portal

    1. First, set up X11 like we did for installing WAS.

      If we cannot log on directly to host, for example, to get to PRD HA hosts we have to go through jump server, set up X11 forwarding. Basically you log on to the jump box, and then ssh to the target host using syntax...

        ssh -X -Y -C username@hostname

    2. Run IBMIM and then select Install

    3. On Install Packages panel, select IBM WebSphere Portal Server

    4. Accept license agreement

    5. Select "Create a new package group" and set Installation Directory to...

        /opt/IBM/Portal/WAS1/PortalServer

    6. For features, if this is a primary node, select...

      • Config Engine
      • Portal Server Binary
      • Portal Server Profile

      If this is a secondary node, do not select Portal Server Profile. See Installing addtional portal nodes

    7. On the next screen, select "Existing WebSphere Application Server Root Directory"

        /opt/IBM/Portal/WAS1/AppServer

    8. For Profile Template Type, select "Base"

    9. Set node and cell name...

        Cell p1cellP
        Node PrdNode01

      For username and password set...

      • wasadmin
      • password

      We will change password later when we configure LDAP

      The cell and node name for the portal MUST be different than the cell and node names for the dmgr cell.

      The cluster setup steps in this guide assume we use the same IDs for portal and dmgr. If you do NOT use the same ID, you may see unexpected problems when creating the cluster related to the user IDs..

    10. On the Summary page, click install...


Additional portal nodes


Overview

This section covers adding the additional node to the Deployment Manager cell and adding a new WebSphere_Portal server as a horizontal dynamic cluster member to the previously created dynamic cluster. Once this section is completed, you will have a functional two-node horizontal dynamic cluster using the federated LDAP security.

  1. Install Installation Manager

  2. Add WAS v8.5.5 and WAS FP1 to Installation Manager repository...

    1. Run...

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl -c

      ...select...

        P. Preferences | 1. Repositories | D. Add Repository

    2. Set...

        /opt/IBM/Portal/media/WAS855/repository.config

    3. Add repository for WAS 8.5.5 FP 1

        /opt/IBM/Portal/media/WAS855_FP1/repository.config

    4. Select "Search service repositories during installation and updates" to remove the check mark.
      =====> IBM Installation Manager> Preferences> Repositories
      
      Repositories:
           1. [X] /opt/IBM/Portal/media/WAS855/repository.config
      
      Other Options:
           D. Add Repository
      
           S. [ ] Search service repositories during installation and updates
      
           R. Restore Defaults
           A. Apply Changes and Return to Preferences Menu
           P. Temporarily Keep Changes and Return to Preferences Menu
      

  3. Install WAS v8.5.5 binaries

    1. Start Installation Manager GUI...

        cd /opt/IBM/InstallationManager/eclipse
        ./IBMIM

    2. Select Install, then select Continue in pop-up panel.

    3. On the Install Packages screen, select...

        Create a new package group

      ...and for Installation Directory select...

        /opt/IBM/Portal/WAS1/AppServer

    4. Select defaults for remainder of panels, then on summary page, select Install

    5. On last screen, select None, then Finish

  4. Install Fixes

    1. Add repository for WAS 8.5.5 FP 1

        /opt/IBM/Portal/media/WAS855_FP1/repository.config

      MyCo has WCM license, which is different from WCM Standard Edition (fewer entitlements). We install...

        8.0.0-WP-Server-FP001
        8.0.0-WP-WCM-FP001

      Uncheck: "Search service repositories during installation and updates"

    2. On the main IIM page, select Update

    3. On the "Select a package group to find updates for", select first package group

    4. On the panel, "Select updates to install", verify V8.5.5.1 is selected

    5. On the panel, "Select the features to install", keep defaults, then select Next

    6. On the Summary panel, select Update

  5. Install Portal v8.0

    1. Add repository...

        /opt/IBM/Portal/media/Portal8/Setup/eimage/repository.config

    2. On Install Packages panel, select IBM WebSphere Portal Server

    3. Select "Create a new package group" and set Installation Directory to...

        /opt/IBM/Portal/WAS1/PortalServer

    4. For features, select only...

      • Config Engine
      • Portal Server Binary

    5. On the next screen, select "Existing WebSphere Application Server Root Directory"

        /opt/IBM/Portal/WAS1/AppServer

    6. On the Summary page, click install...

    7. Once the installation completes, click the radio button for None and click Finish to exit the installer.

  6. Upgrade Portal v8 with FP1

    1. Review: Update Portal v8 with FP1

    2. Add FP1 to Installation Manager repository

        /opt/IBM/Portal/media/Portal8_FP1/repository.config

    3. From Installation Manager select "Update"

    4. If you have more than one fix in your repository, it will try to install them all. To install just FP1, de-select "Show recommended only", then select only "v8.0.0.1"

    5. Ignore warnings about needing to update wps.properties. Unlike primary node, we did a binary only install of portal on this host, so don't need to update wps.properties

    6. After upgrade finishes, make tarball backup

  7. Upgrade Portal v8 with CF09

    1. Download CF09

    2. Add CF09 to Installation Manager repository

    3. Change class loader from parent first to parent last.

    4. Stop all WebSphere processes

    5. Because no profile has been created yet, we do not need to update wps.properties to include profile name and location

    6. Add CF09 to repository

    7. Use Installation Manager to install

      To install manually..

      1. Determine offering ID...

          $ cd /opt/IBM/InstallationManager/eclipse/tools
          $ ./imcl listAvailablePackages -repositories /opt/IBM/Portal/media/CF09/repository.config
          com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755

      2. Install
        ./imcl install \
               com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755 \
               -repositories /opt/IBM/Portal/media/CF09/repository.config \
               -installationDirectory /opt/IBM/Portal/WAS1/PortalServer \
               -sharedResourcesDirectory /opt/IBM/IMShared \
               -log /tmp/imcl.log  \
               -acceptLicense  
        

    8. Start Portal

    9. Make tarball backup


  8. Create profiles on secondary nodes

    Do this step only after configuring the portal primary node with DB2 and LDAP

    1. From primary node, copy profileTemplates.zip to secondary nodes. For example...

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        scp profileTemplates.zip user1@prdhost2.myco.com:/tmp
        scp profileTemplates.zip user1@prdhost3.myco.com:/tmp
        scp profileTemplates.zip user1@prdhost4.myco.com:/tmp

    2. On target node, unzip profileTemplates.zip

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        mv /tmp/profileTemplates.zip .
        unzip profileTemplates.zip

    3. Update permissions...

        cd /opt/IBM/Portal/WAS1/PortalServer/
        find profileTemplates -name \* -exec chmod 755 {} \;

    4. Execute...

        cd /opt/IBM/Portal/WAS1/PortalServer/profileTemplates
        ./installPortalTemplates.sh /opt/IBM/Portal/WAS1/AppServer

    5. On each WebSphere Portal additional node...
      cd /opt/IBM/Portal/WAS1/AppServer/bin/ 
      ./manageprofiles.sh -create  \
                          -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
                          -profileName wp_profile  \
                          -profilePath /opt/IBM/Portal/WAS1/wp_profile \
                          -cellName P1Cell02 \
                          -nodeName P1Node02 \
                          -hostName prdhost2.myco.com
      
      cd /opt/IBM/Portal/WAS1/AppServer/bin/ 
      ./manageprofiles.sh -create  \
                          -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
                          -profileName wp_profile  \
                          -profilePath /opt/IBM/Portal/WAS1/wp_profile \
                          -cellName P1Cell03 \
                          -nodeName P1Node03 \
                          -hostName prdhost3.myco.com
      
      cd /opt/IBM/Portal/WAS1/AppServer/bin/ 
      ./manageprofiles.sh -create  \
                          -templatePath /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/managed.portal  \
                          -profileName wp_profile  \
                          -profilePath /opt/IBM/Portal/WAS1/wp_profile \
                          -cellName P1Cell04 \
                          -nodeName P1Node04 \
                          -hostName prdhost4.myco.com
      
      ...etc...
      

      Do NOT use the same node name as your primary node or any other node that may already be part of the DMGR cell. You will be unable to add this node to the DMGR cell if the node names are identical. Do NOT use the same cell name as the DMGR cell. Do NOT use the manageprofiles option to Federate the profile now. This results in an unusable Portal profile. A WebSphere_Portal server will NOT be created during the profile creation. The WebSphere_Portal server will be created after the node is added to the existing cluster.

    6. After creating the profile, edit...

        /opt/IBM/Portal/WAS1/PortalServer/wps.properties

      ...and verify the following is set...

        ProfileName=wp_profile
        ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

  9. Copy and configure DB2 client jars

    1. From primary node...

        cd /opt/IBM/Portal/WAS1/PortalServer
        scp -r db2drivers user1@prdhost2.myco.com:/tmp
        scp -r db2drivers user1@prdhost3.myco.com:/tmp
        scp -r db2drivers user1@prdhost4.myco.com:/tmp

      From secondary node

        cd /opt/IBM/Portal/WAS1/PortalServer
        cp -r /tmp/db2drivers .

    2. Edit...

        /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbtype.properties

      ...and set...

        db2.DbLibrary=/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc4.jar:/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc_license_cu.jar

  10. On remote dmgr host, ensure the Deployment Manager is started...

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

  11. Ensure that the time on the Deployment Manager server and the time on the additional Portal node server are no more than 5 minutes apart.

  12. Create backup of all nodes and dmgr

  13. Log on to each secondary host in turn, and add the node...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./addNode.sh prd2dmgr.myco.com 9879 -username wasadmin -password mypassword**

    Example output...

      ADMU0003I: Node P1Node02 has been successfully federated.

  14. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

    ...and set...

      WasUserid=uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com
      WasPassword=mypassword**
      PortalAdminId=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com
      PortalAdminPwd=mypassword**
      PortalAdminGroupId=cn=wpsadmins,cn=groups,ou=admins,dc=myco,dc=com
      WasRemoteHostName=prd2dmgr.myco.com
      WasSOAPPort=9879
      PrimaryNode=false
      ClusterName=P1Cluster

  15. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbdomain.properties

    ...and ensure that the database password values are all set correctly.

    Note that this file should be pre-populated with your database information from running the 'enable-profiles' script on the primary node earlier.

  16. Review settings in...

      /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbtype.properties

  17. Confirm the database properties are set up correctly on this node

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh validate-database -DWasPassword=mypassword**

    Example output:

      Wed Feb 26 15:24:28 EST 2014
      BUILD SUCCESSFUL

  18. Edit...

      /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/icm.properties

    ...and set...

      jcr.textsearch.enabled = false

  19. In the same file, set...

      jcr.admin.uniqueName=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com

  20. Start the nodeagent

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh

  21. Add node to cluster

      ./ConfigEngine.sh cluster-node-config-cluster-setup-additional -DWasPassword=mypassword**

  22. Execute appserver specific steps for setting up the following...

  23. Restart appserver and verify no errors in logs

  24. Verify we can access the new cluster member in a web browser using the port we identified earlier:


MemberNotFound Issue

Secondary portal site not rendering. Error in log...

We do not want to re-add file registry because that would break short name logon.

Startup errors...

Fix: Edit...

...and set...

...then restart appserver


Upgrade Portal v8 with FP1 and CF09

  1. Review Update Portal v8 with FP1

  2. If this is the primary node, verify...

      /opt/IBM/Portal/WAS1/PortalServer/wps.properties

    ...has profile name and profile home set...

      ProfileName=wp_profile
      ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

    If this is not the primary node, do not include any profile information in wps.properties.

  3. Stop all WebSphere processes

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password password

  4. Make a backup

  5. Start Installation Manager console mode

      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl -c

    ...and add FP1 to Installation Manager repository

      /media/Portal8_FP1/repository.config

    Uncheck: "Search service repositories during installation and updates"

  6. Install Portal FP1

    To install from command-line...

    To monitor progress...

      tail -f /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log

    When complete, you should see something like...

    **********************************************************************************
    * Configuration Engine finished at: 02/15/2014 09:45:028
    **********************************************************************************
    
    BUIUD SUCCESSFUL
    Total time: 26 minutes 2 seconds
    root@tstwps1 /opt/IBM/InstallationManager/eclipse ->
    

    To install with GUI, from Installation Manager select "Update".

    If there is more than one fix in the repository, IM will try to install them all. To install just FP1, de-select "Show recommended only", then select only "v8.0.0.1"

  7. Install Portal CF09

    1. Download CF09

    2. Add CF09 to Installation Manager repository

        /media/CF09/repository.config

    3. Change class loader from "parent first" to "parent last".

      This should not be necessary for a newly-installed portal, as "parent last" is the default setting.

    4. Stop all WebSphere processes

    5. Edit...

      ...and verify the following is set...

        ProfileName=wp_profile
        ProfileDirectory=/opt/IBM/Portal/WAS1/wp_profile

    6. Determine offering ID...

        $ cd /opt/IBM/InstallationManager/eclipse/tools
        $ ./imcl listAvailablePackages -repositories /media/CF09/repository.config

        Offering ID: com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755

    7. Install CF09 fixes
      ./imcl install \
             com.ibm.websphere.PORTAL.SERVER.v80_8.0.1.20131217_0755 \
             -repositories /media/CF09/repository.config \
             -installationDirectory /opt/IBM/Portal/WAS1/PortalServer \
             -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
             -log /tmp/imcl.log  \
             -acceptLicense  
      

    8. Monitor logs for success message

       /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log
      
      **********************************************************************************
      * Configuration Engine finished at: 02/16/2014 11:43:031
      **********************************************************************************
      BUIUD SUCCESSFUL
      Total time: 21 minutes 5 seconds
      

    9. Verify version information...
      root@prdhost2 -> cd /opt/IBM/Portal/WAS1/PortalServer/bin 
      root@prdhost2 -> ./WPVersionInfo.sh
      --------------------------------------------------------------------------------
      IBM WebSphere Portal Product Installation Status Report
      --------------------------------------------------------------------------------
      
      Report at date and time 2014-05-01T11:56:19-04:00
      
      
      Installation
      --------------------------------------------------------------------------------
      Product Directory   /opt/IBM/Portal/WAS1/PortalServer
      Version Directory   /opt/IBM/Portal/WAS1/PortalServer/version
      DTD Directory       /opt/IBM/Portal/WAS1/PortalServer/version/dtd
      Log Directory       /opt/IBM/Portal/WAS1/PortalServer/version/logs
      
      Technology List --------------------------------------------------------------------------------
      MP             installed
      WCM            installed
      CFGFW          installed
      
      Installed Product
      --------------------------------------------------------------------------------
      Name           IBM WebSphere Portal MultiPlatform
      Version        8.0.0.1
      ID             MP
      Build Level    wp8001CF09_001_27 2013-12-17
      Build Date     12/17/2013
      
      Package
      id             com.ibm.websphere.PORTAL.SERVER.v80
      name           IBM WebSphere Portal Server
      kind           offering
      version        8.0.1.20131217_0755
      Installed Features     Config Engine Installed Features     Portal Server Binary
      
      Installed Product
      --------------------------------------------------------------------------------
      Name           IBM Web Content Manager
      Version        8.0.0.1
      ID             WCM
      Build Level    wp8001CF09_001_27 (8001.CF09.6)
      Build Date     12/17/2013
      
      Installed Product
      --------------------------------------------------------------------------------
      Name           IBM WebSphere Portal Configuration Framework
      Version        8.0.0.1
      ID             CFGFW
      Build Level    wp8001CF09_001_27 2013-12-16
      Build Date     12/16/2013
      
      --------------------------------------------------------------------------------
      End Installation Status Report
      --------------------------------------------------------------------------------
      

    10. After success, make backup


Make tarball backup

Use the following script to back up file systems, Installation Manager configuration, and portal DB configuration.

Before starting, verify there is enough space...

Backup script...

### backup.sh
### 
### If you get an EOF file message when running tar, 
### you may need to increase file size limits.

### Backup file system
cd /opt/IBM/Portal

cd /opt/IBM/Portal/WAS1/wp_profile/bin
./stopServer.sh WebSphere_Portal -username wasadmin -password password
cd /opt/IBM/Portal/WAS1/AppServer/bin
./stopNode.sh -username wasadmin -password password
cd /opt/IBM/Portal/WebSphere/AppServer/bin
./stopManager.sh -username wasadmin -password password

cd /opt/IBM/Portal

tar cvf WebSphere.tar WebSphere
gzip WebSphere.tar

tar cvf WAS1.tar WAS1
gzip WAS1.tar


### Backup Installation Manager Configuration
###
### Only need to execute before applying fixes
###

#tar cvf InstallationManager.tar /var/ibm/InstallationManager
#gzip InstallationManager.tar
#tar cvf IMShared.tar IMShared
#gzip IMShared.tar


cd /opt/IBM/Portal/WebSphere/AppServer/bin
./startManager.sh
cd /opt/IBM/Portal/WAS1/AppServer/bin
./startNode.sh
cd /opt/IBM/Portal/WAS1/wp_profile/bin
./startServer.sh WebSphere_Portal


### Backup Portal DB configuration
###
### Only need to execute before portal DB changes
###

cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/bin

### Backup base portal
./xmlaccess.sh -user wasadmin \
               -password password \
               -url http://tstwps1.myco.com:10039/wps/config \
               -in /opt/IBM/Portal/WAS1/PortalServer/doc/xml-samples/Export.xml  \
               -out /opt/IBM/Portal/SMExportBase.xml

### Backup virtual portal
./xmlaccess.sh -user wasadmin \
               -password password \
               -url http://tstwps1.myco.com:10039/wps/config/prd-vp  \
               -in /opt/IBM/Portal/WAS1/PortalServer/doc/xml-samples/Export.xml \
               -out /opt/IBM/Portal/SMExportVP.xml


Create Dmgr01 profile

  • Log on to target host as user root

  • Verify none of our custom ports are currently being used.

    Start the Prodline2 dmgr, then run...

      netstat -a | grep -E "8277|10809|10632|9879|10100|10401|10402|10403|10060|10043|10352|8060|12005|12006|10420|6555"

  • Create file...

    ...and set...

      CELL_DISCOVERY_ADDRESS=8277
      BOOTP1RAP_ADDRESS=10809
      IPC_CONNECTOR_ADDRESS=10632
      SOAP_CONNECTOR_ADDRESS=9879
      ORB_LISTENER_ADDRESS=10100
      SAS_SSL_SERVERAUTH_LISTENER_ADDRESS=10401
      CSIV2_SSL_MUTUALAUTH_LISTENER_ADDRESS=10402
      CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS=10403
      WC_adminhost=10060
      WC_adminhost_secure=10043
      DCS_UNICAP2_ADDRESS=10352
      XDAGENT_PORT=8060
      OVERLAY_UDP_LISTENER_ADDRESS=12005
      OVERLAY_TCP_LISTENER_ADDRESS=12006
      P1ATUS_LISTENER_ADDRESS=10420
      DataPowerMgr_inbound_secure=6555

  • Create Dmgr01 profile with non-standard ports

    cd /opt/IBM/Portal/WAS1/AppServer/bin
    ./manageprofiles.sh -create \
                        -profileName Dmgr01 \
                        -adminUserName wasadmin \
                        -adminPassword foo \
                        -enableAdminSecurity true \
                        -cellName p1cell \
                        -nodeName P1Node01 \
                        -portsFile /opt/IBM/Portal/WAS1/AppServer/properties/portdef.props \
                        -profilePath /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01 \
                        -enableService false \
                        -hostName prd2dmgr.myco.com \
                        -templatePath /opt/IBM/Portal/WAS1/AppServer/profileTemplates/management
    

    You should get message...

      INP1CONFSUCCESS: Success: Profile Dmgr01 now exists. Please consult /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/logs/AboutThisProfile.txt for more information about this profile.

    For password, use the same password used by the LDAP for user wasadmin. Having identical passwords will facilitate integrating LDAP later.

    To verify, start dmgr server...

      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./startManager.sh

    ...then pull up Dmgr console. For example, for PRD HA...

    For Test


    Configure the WCM authoring portlet

    1. From primary node, edit...

        /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

      ...and set...

        WasPassword=YourPwd
        PortalAdminPwd=YourPwd
        PWordDelete=false

    2. Run task to configure WCM authoring...

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh configure-wcm-authoring -DPortalAdminPwd=password -DWasUserid=wasadmin -DWasPassword=password

    3. Log on to portal and verify existence of authoring portlet


    Configure portal to use DB2

    1. Back up system

    2. Verify DB2 passwords are non-expiring

    3. Have DB2 administrator increase number of transaction logs to 200, and double default size of transaction logs.

    4. Log on to the primary node and stop portal...

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh -username wasadmin -password password

    5. Copy DB2 client jar files into place on each portal node...

        cd /opt/IBM/Portal/WAS1/PortalServer
        scp -r wasadmin@tstwps1.myco.com:/opt/IBM/Portal/WAS1/PortalServer/db2drivers .

      Note that if DB2 is upgraded, copy client jars from the DB2 server.

    6. Backup original properties files

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties
        cp wkplc.properties wkplc.properties.orig
        cp wkplc_comp.properties wkplc_comp.properties.orig
        cp wkplc_dbdomain.properties wkplc_dbdomain.properties.orig
        cp wkplc_dbtype.properties wkplc_dbtype.properties.orig
        cp wkplc_sourceDb.properties wkplc_sourceDb.properties.orig

    7. Edit wkplc.properties and set...

        WasPassword=MyPassword
        PortalAdminPwd=MyPassword
        PWordDelete=false

    8. Edit wkplc_dbtype.properties and set

        db2.DbDriver=com.ibm.db2.jcc.DB2Driver
        db2.DbLibrary=/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc4.jar:/opt/IBM/Portal/WAS1/PortalServer/db2drivers/db2jcc_license_cu.jar

    9. Edit wkplc_dbdomain.properties and set...

      • Test

          feedback.DbUrl=jdbc:db2://tstdb1.myco.com:60000/FDBKDB:returnAlias=0;
          likeminds.DbUrl=jdbc:db2://tstdb1.myco.com:60000/LMDB:returnAlias=0;
          release.DbUrl=jdbc:db2://tstdb1.myco.com:60000/RELDB:returnAlias=0;
          community.DbUrl=jdbc:db2://tstdb1.myco.com:60000/COMDB:returnAlias=0;
          customization.DbUrl=jdbc:db2://tstdb1.myco.com:60000/CUSDB:returnAlias=0;
          jcr.DbUrl=jdbc:db2://tstdb1.myco.com:60000/JCRDB:returnAlias=0;
          feedback.DbName=FDBKDB
          likeminds.DbName=LMDB
          release.DbName=RELDB
          community.DbName=COMDB
          customization.DbName=CUSDB
          jcr.DbName=JCRDB
          feedback.DbType=db2
          likeminds.DbType=db2
          release.DbType=db2
          community.DbType=db2
          customization.DbType=db2
          jcr.DbType=db2
          feedback.DataSourceName=wpdbDS_feedback
          likeminds.DataSourceName=wpdbDS_likeminds
          release.DataSourceName=wpdbDS_release
          community.DataSourceName=wpdbDS_community
          customization.DataSourceName=wpdbDS_customization
          jcr.DataSourceName=wpdbDS_jcr
          feedback.DbSchema=FEEDBACK
          likeminds.DbSchema=likeminds
          release.DbSchema=release
          community.DbSchema=community
          customization.DbSchema=customization
          jcr.DbSchema=jcr
          feedback.DbUser=db2inst
          likeminds.DbUser=db2inst
          release.DbUser=db2inst
          community.DbUser=db2inst
          customization.DbUser=db2inst
          jcr.DbUser=db2inst
          feedback.DbPassword=password
          likeminds.DbPassword=password
          release.DbPassword=password
          community.DbPassword=password
          customization.DbPassword=password
          jcr.DbPassword=password

      • Production

          feedback.DbUrl=jdbc:db2://pdb1.myco.com:60000/FDBKDB:returnAlias=0;
          likeminds.DbUrl=jdbc:db2://pdb1.myco.com:60000/LMDB:returnAlias=0;
          release.DbUrl=jdbc:db2://pdb1.myco.com:60000/RELDB:returnAlias=0;
          community.DbUrl=jdbc:db2://pdb1.myco.com:60000/COMDB:returnAlias=0;
          customization.DbUrl=jdbc:db2://pdb1.myco.com:60000/CUSDB:returnAlias=0;
          jcr.DbUrl=jdbc:db2://pdb1.myco.com:60000/JCRDB:returnAlias=0;
          feedback.DbName=FDBKDB
          likeminds.DbName=LMDB
          release.DbName=RELDB
          community.DbName=COMDB
          customization.DbName=CUSDB
          jcr.DbName=JCRDB
          feedback.DbType=db2
          likeminds.DbType=db2
          release.DbType=db2
          community.DbType=db2
          customization.DbType=db2
          jcr.DbType=db2
          feedback.DataSourceName=wpdbDS_feedback
          likeminds.DataSourceName=wpdbDS_likeminds
          release.DataSourceName=wpdbDS_release
          community.DataSourceName=wpdbDS_community
          customization.DataSourceName=wpdbDS_customization
          jcr.DataSourceName=wpdbDS_jcr
          feedback.DbSchema=FEEDBACK
          likeminds.DbSchema=likeminds
          release.DbSchema=release
          community.DbSchema=community
          customization.DbSchema=customization
          jcr.DbSchema=jcr
          feedback.DbUser=db2inst
          likeminds.DbUser=db2inst
          release.DbUser=db2inst
          community.DbUser=db2inst
          customization.DbUser=db2inst
          jcr.DbUser=db2inst
          feedback.DbPassword=foo
          likeminds.DbPassword=foo
          release.DbPassword=foo
          community.DbPassword=foo
          customization.DbPassword=foo
          jcr.DbPassword=foo
          feedback.DbRuntimeUser=db2inst
          likeminds.DbRuntimeUser=db2inst
          release.DbRuntimeUser=db2inst
          community.DbRuntimeUser=db2inst
          customization.DbRuntimeUser=db2inst
          jcr.DbRuntimeUser=db2inst
          feedback.DbRuntimeUser=foo
          likeminds.DbRuntimeUser=foo
          release.DbRuntimeUser=foo
          community.DbRuntimeUser=foo
          customization.DbRuntimeUser=foo
          jcr.DbRuntimeUser=foo

      • Production ha

          feedback.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/FDBKDB:returnAlias=0;
          likeminds.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/LMDB:returnAlias=0;
          release.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/RELDB:returnAlias=0;
          community.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/COMDB:returnAlias=0;
          customization.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/CUSDB:returnAlias=0;
          jcr.DbUrl=jdbc:db2://prdaltdb1.myco.com:60000/JCRDB:returnAlias=0;
          feedback.DbName=FDBKDB
          likeminds.DbName=LMDB
          release.DbName=RELDB
          community.DbName=COMDB
          customization.DbName=CUSDB
          jcr.DbName=JCRDB
          feedback.DbType=db2
          likeminds.DbType=db2
          release.DbType=db2
          community.DbType=db2
          customization.DbType=db2
          jcr.DbType=db2
          feedback.DataSourceName=wpdbDS_feedback
          likeminds.DataSourceName=wpdbDS_likeminds
          release.DataSourceName=wpdbDS_release
          community.DataSourceName=wpdbDS_community
          customization.DataSourceName=wpdbDS_customization
          jcr.DataSourceName=wpdbDS_jcr
          feedback.DbSchema=FEEDBACK
          likeminds.DbSchema=likeminds
          release.DbSchema=release
          community.DbSchema=community
          customization.DbSchema=customization
          jcr.DbSchema=jcr
          feedback.DbUser=db2inst
          likeminds.DbUser=db2inst
          release.DbUser=db2inst
          community.DbUser=db2inst
          customization.DbUser=db2inst
          jcr.DbUser=db2inst
          feedback.DbPassword=foo
          likeminds.DbPassword=foo
          release.DbPassword=foo
          community.DbPassword=foo
          customization.DbPassword=foo
          jcr.DbPassword=foo
          feedback.DbRuntimeUser=db2inst
          likeminds.DbRuntimeUser=db2inst
          release.DbRuntimeUser=db2inst
          community.DbRuntimeUser=db2inst
          customization.DbRuntimeUser=db2inst
          jcr.DbRuntimeUser=db2inst
          feedback.DbRuntimeUser=foo
          likeminds.DbRuntimeUser=foo
          release.DbRuntimeUser=foo
          community.DbRuntimeUser=foo
          customization.DbRuntimeUser=foo
          jcr.DbRuntimeUser=foo

    10. Verify settings in wkplc_dbdomain.properties...

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/
        for i in `echo feedback.DbUrl likeminds.DbUrl release.DbUrl community.DbUrl customization.DbUrl jcr.DbUrl feedback.DbName likeminds.DbName release.DbName community.DbName customization.DbName jcr.DbName feedback.DbType likeminds.DbType release.DbType community.DbType customization.DbType jcr.DbType feedback.DataSourceName likeminds.DataSourceName release.DataSourceName community.DataSourceName customization.DataSourceName jcr.DataSourceName feedback.DbSchema likeminds.DbSchema release.DbSchema community.DbSchema customization.DbSchema jcr.DbSchema feedback.DbUser likeminds.DbUser release.DbUser community.DbUser customization.DbUser jcr.DbUser feedback.DbPassword likeminds.DbPassword release.DbPassword community.DbPassword customization.DbPassword jcr.DbPassword feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser feedback.DbRuntimeUser likeminds.DbRuntimeUser release.DbRuntimeUser community.DbRuntimeUser customization.DbRuntimeUser jcr.DbRuntimeUser`
        do
            grep ^${i} wkplc_dbdomain.properties | grep -v Zos
        done

    11. Verify there are no trailing spaces

        grep " $" wkplc_dbdomain.properties

    12. Validate database configuration properties...

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh validate-database -DWasPassword=password

    13. Stop the WebSphere_Portal server:

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh WebSphere_Portal -username wasadmin -password password

    14. Transfer the database:

      Do not execute the database-transfer task as a background process. This might cause the task to stall.

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh database-transfer -DWasPassword=password

      When complete, you should get success message...

        BUIUD SUCCESSFUL
        Tue May 13 23:02:21 EDT 2014

      If task fails, review log output...

        /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/log/ConfigTrace.log

      ...verify the values are correct in wkplc.properties, wkplc_dbdomain.properties, and wkplc_dbtype.properties files, then repeat this step.

      If task fails with error...

        DB2 SQL Error: SQLCODE=-204, SQLP1ATE=42704, SQLERRMC=ICMSFQ04

      ...run...

        ./ConfigEngine.sh setup-database

      ...then try the database-transfer task again.

    15. Start the WebSphere Portal server.

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./startServer.sh WebSphere_Portal

    16. If node is part of a cluster, and if icm.properties is not identical between nodes, copy icm.properties from primary node to each secondary node.

      1. Stop the portal server on the secondary nodes.

      2. From the primary node...

          cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/
          scp icm.properties wasadmin@secondary_node:/opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/

      3. Start the portal server on the secondary nodes.


    Create profile template

    1. On the primary node, start the WebSphere_Portal server...

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./startServer.sh WebSphere_Portal

    2. Log in to the WebSphere Portal server

        http://myenv.myco.com:10039/wps/config

      ...and go to...

        Administration | Search Administration | Manage Search | Search Collections

    3. Click the Delete icon (trash can) for each search collection listed here.

    4. Log out of WebSphere Portal

    5. Stop the WebSphere_Portal server

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh WebSphere_Portal -user wasadmin -password password

    6. Edit...

        /opt/IBM/Portal/WAS1/wp_profile/PortalServer/jcr/lib/com/ibm/icm/icm.properties

      ...and change...

        jcr.textsearch.enabled=true

      ...to...

        jcr.textsearch.enabled=false

    7. Save icm.properties.

    8. From primary node, run...

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh enable-profiles -DWasPassword=mypassword

      This script will create a backup of the wp_profile configuration named Portal.car and save it to the following directory:

        /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/default.portal/configArchives/Portal.car

    9. Package profile templates into a single zip file:

        ./ConfigEngine.sh package-profiles -DWasPassword=mypassword

      The following file is created...

        /opt/IBM/Portal/WAS1/PortalServer/profileTemplates/profileTemplates.zip


    Configure dmgr

    1. From the primary Portal node, copy fileForDmgr to dmgr host...

        cd /opt/IBM/Portal/WAS1/PortalServer/
        scp -r filesForDmgr user1@prd2dmgr.myco.com:/tmp

    2. Important: Stop the dmgr server

        cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
        ./stopManager.sh -user wasadmin -password foo

    3. From the dmgr host, extract filesForDmgr.zip and copy files into place...

        cd /tmp/filesForDmgr
        unzip filesForDmgr.zip
        mkdir /opt/IBM/Portal/WebSphere/AppServer/bin/ProfileManagement/plugins
        cp -r bin/ProfileManagement/plugins/com.ibm.wp.dmgr.pmt_7.0.5 /opt/IBM/Portal/WebSphere/AppServer/bin/ProfileManagement/plugins
        cp lib/wkplc.comp.registry.jar /opt/IBM/Portal/WebSphere/AppServer/lib
        cp lib/wp.wire.jar /opt/IBM/Portal/WebSphere/AppServer/lib
        cp plugins/com.ibm.patch.was.plugin.jar /opt/IBM/Portal/WebSphere/AppServer/plugins
        cp plugins/com.ibm.wp.was.plugin.jar /opt/IBM/Portal/WebSphere/AppServer/plugins
        cp -r profileTemplates/management.portal.augment /opt/IBM/Portal/WebSphere/AppServer/profileTemplates
        cp profiles/Dmgr01/config/.repository/metadata_wkplc.xml /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/config/.repository

    4. On dmgr host, augment dmgr profile.

      cd /opt/IBM/Portal/WebSphere/AppServer/bin
      ./manageprofiles.sh -augment \
                          -templatePath /opt/IBM/Portal/WebSphere/AppServer/profileTemplates/management.portal.augment \
                          -profileName Dmgr01
      

      Augmenting the dmgr profile...

      • Increases the HTTP connection timeouts for the DMGR server
      • Increases the SOAP connector timeout for JMX in the DMGR server
      • Increases the JVM Maximum Heap size for the DMGR server
      • Enables Application Security
      • Creates a 'wasadmins' group in the default file repository
      • Adds the administrative user to the 'wasadmins' group.
      • Increases the soap timeout in soap.client.props.

    5. Start Dmgr

        cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
        ./startManager.sh

    6. Open dmgr console in browser. For example, PRD HA...

    7. To help prevent user ID conflicts when we add the federated LDAP later, go to...

        Security | Global Security | User Account Repository | Available realm definitions | Configure

      ..and in the 'Primary administrative user name' field, change value to the fully distinguished name of the user...

        uid=wasadmin,o=defaultWIMFileBasedRealm

    8. Click Apply, enter passwords in the next panel, then click OK and Save.

    9. Restart the deployment manager for the changes to take effect.


    Federate primary node

    1. Ensure the time on the primary node is within 5 minutes of the time on the DMGR. Failure to do so will cause the addNode process to fail.

    2. Start the DMGR

        cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
        ./startManager.sh

    3. Stop WebSphere_Portal on the primary node...

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh WebSphere_Portal -user wasadmin -password password

    4. Add the Portal node.

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./addNode.sh prd2dmgr.myco.com 8879 -username wasadmin -password mypassword -includeapps

      To get SOAP port, from dmgr console...

        System Administration | Deployment Manager | Ports

      If the addNode script fails for any reason before running again:

      1. Remove the node from the DMGR cell in case AddNode successfully completed that step before failing.

      2. Login to the DMGR and do the following (these may not exist, depending on where the failure occurred):

        1. Remove all Enterprise applications
        2. Remove the WebSphere_Portal server definition
        3. Remove the JDBC Provider information for WebSphere_Portal

    5. Restart the deployment manager

        cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
        ./stopManager.sh -user wasadmin -password mypassword
        ./startManager.sh

    At this point, the WebSphere Portal server has been federated to the Deployment Manager. It is not yet in a cluster. It has also inherited the Deployment Manager's security configuration. Running Portal in a federated-only environment is not officially supported by IBM, so next we must build a cluster.


    Create static cluster

    1. Log on to primary node and stop the WebSphere_Portal server

    2. Verify dmgr and node agent are running

        ./serverStatus.sh dmgr -user wasadmin -password password
        ./serverStatus.sh nodeagent -user wasadmin -password password

    3. Set environment-specific values in...

        /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc.properties

    4. Verify database user IDs and passwords are set in...

        /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wkplc_dbdomain.properties

    5. Update the deployment manager configuration for the new WebSphere Portal server

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh cluster-node-config-post-federation -DWasPassword=password

    6. Create the cluster definition and add the WebSphere_Portal server as a cluster member

        ./ConfigEngine.sh cluster-node-config-cluster-setup -DWasPassword=password

    7. Verify ports for new cluster member...

        Servers | Server Types | WebSphere Application Servers | new_cluster_member | Ports

      Note value WC_defaulthost which should be 10039.

    8. Make tarball backup


    Install IHS

    1. Log on web server host(s)

      For example, for PRD HA...

      • webserver1
      • webserver2

    2. Install Installation Manager

        cd /media/installmgr
        ./installc -acceptLicense
        cd /opt/IBM/InstallationManager/eclipse

    3. Add IHS to repository

      1. Start Installation Manager in console mode...

          cd /opt/IBM/InstallationManager/eclipse/tools
          ./imcl -c

      2. Select...

          P. Preferences | 1. Repositories | D. Add Repository

      3. For repository location...

          /media/WAS855_supp/repository.config

      4. Save changes and exit...

          A. Apply changes | R. Return to main menu | X. Exit Installation Manager

      5. Confirm repository is available...

          cd /opt/IBM/InstallationManager/eclipse/tools
          ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config
          com.ibm.websphere.APPCLIENT.v85_8.5.5000.20130514_1044
          com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044
          com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044
          com.ibm.websphere.PLUGCLIENT.v85_8.5.5000.20130514_1044
          com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044

    4. Install IHS
      ./imcl install com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044 \
            -repositories  /media/WAS855_supp/repository.config \
            -installationDirectory /opt/IBM/Portal/IHS \
            -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
            -log /tmp/imcl.log  \
            -acceptLicense \
            -properties user.ihs.httpPort=7001
      

    5. Edit...

        /opt/IBM/Portal/IHS/conf/admin.conf

      ...and set...

        Listen 8008
        User wasadmin
        Group staff
        ServerName myserver:8008

    6. Edit...

        /opt/IBM/Portal/IHS/conf/httpd.conf

      ...and for TST, PRD Primary, and PRD HA, set...

        Listen 7001
        ServerName myserver

      For Test, set....

        Listen 80
        ServerName myserver

      For all envs except DEV, we start IHS (apachectl start), as user wasadmin. For Test, we start IHS as user root, even though User in httpd.conf is wasadmin

    7. Verify IHS version info

        /opt/IBM/Portal/IHS/bin/versionInfo.sh

    8. Install plugins
      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl install com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044 \
             -repositories  /media/WAS855_supp/repository.config \
             -installationDirectory /opt/IBM/Portal/Plugins \
             -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
             -log /tmp/imcl.log  \
             -acceptLicense
      

      To uninstall...

        imcl uninstallAll -installationDirectory /opt/IBM/Portal/IHS/Plugins

    9. Verify plugins version info

        /opt/IBM/Portal/Plugins/bin/versionInfo.sh

    10. Update both IHS and Plugin to v8.5.5.1

      1. Add the following to the Installation Manager repository

          /media/WAS855_supp_FP1/repository.config
          /media/WAS855_supp_WCT_FP1/repository.config

      2. Unselect...

          S. [ ] Search service repositories during installation and updates

      3. Start GUI Installation Manager

          cd /opt/IBM/InstallationManager/eclipse/
          ./IBMIM

      4. Select Update, select IBM HTTP Server V8.5, then execute upgrade.

      5. Do the same for Web Server Plug-ins for IBM WebSphere Application Server V8.5

    11. Start web and admin servers

        /opt/IBM/Portal/IHS/bin/apachectl start
        /opt/IBM/Portal/IHS/bin/adminctl start
        ps -ef | grep http

      You should see...

          root  9633990        1   0 09:14:09      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -f /opt/IBM/Portal/IHS/conf/admin.conf
        nobody 10420432 17563778   0 09:12:37      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
      wasadmin 13697222  9633990   0 09:14:09      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -f /opt/IBM/Portal/IHS/conf/admin.conf
          root 14876862  9633990   0 09:14:09      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -f /opt/IBM/Portal/IHS/conf/admin.conf
          root 17563778        1   0 09:12:36      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
        nobody 19398842 17563778   0 09:12:37      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
        nobody 21430478 17563778   0 09:12:37      -  0:00 /opt/IBM/Portal/IHS/bin/httpd -d /opt/IBM/Portal/IHS -k start
      


    Configure web server plugin

    1. Get version ID of WebSphere Customization Toolbox (WCT)

        cd /opt/IBM/InstallationManager/eclipse/tools
        ./imcl listAvailablePackages -repositories /media/WAS855_supp/repository.config
        com.ibm.websphere.APPCLIENT.v85_8.5.5000.20130514_1044
        com.ibm.websphere.IHS.v85_8.5.5000.20130514_1044
        com.ibm.websphere.PLG.v85_8.5.5000.20130514_1044
        com.ibm.websphere.PLUGCLIENT.v85_8.5.5000.20130514_1044
        com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044

    2. Install WCT
      cd /opt/IBM/InstallationManager/eclipse/tools
      ./imcl install com.ibm.websphere.WCT.v85_8.5.5000.20130514_1044 \
            -repositories  /media/WAS855_supp/repository.config \
            -installationDirectory /opt/IBM/Portal/Toolbox \
            -sharedResourcesDirectory /opt/IBM/Portal/IMShared \
            -log /tmp/imcl.log  \
            -acceptLicense 
      

    3. Start web server and admin server

        cd /opt/IBM/Portal/IHS/bin
        ./apachectl start
        ./adminctl start

    4. Run the WCT GUI...

        cd /opt/IBM/Portal/Toolbox/WCT
        ./wct.sh

    5. Select and launch "Web Server Plug-ins Configuration Tool"

    6. Select "Add" to add a web server plug-ins location

    7. Add plug-in

        Name: Plugin01
        Location: /opt/IBM/Portal/Plugins

      Increment number based on node. For node2, name is Plugin02

    8. In the Web Server Plug-in Configurations panel, select "Create"

    9. Select IBM HTTP Server v8.5

    10. Select 64 bit architecture

    11. Specify httpd.conf location and port 7001.

    12. Set port, user ID, and password for IBM HTTP Server Administration

      Be sure to scroll down if you do not see password confirmation field.

    13. On the admistrator name and group panel, enter wasadmin and system.

    14. Enter a Web Server Definition name, for example, PRDweb1...

    15. Choose either local or remote install. If remote to a cluster, use host name of the dmgr.

      For remote install, use name of dmgr host, such as testdmgr.myco.com

    16. Review summary info then click Configure.

    17. You should get a success message

    18. Edit httpd.conf, and verify existence of plugin-in directives...

        LoadModule was_aPRD22_module /opt/IBM/Portal/Plugins/bin/64bits/mod_was_aPRD22_http.so
        WebSpherePluginConfig /opt/IBM/Portal/Plugins/config/webserver2/plugin-cfg.xml

    19. Copy web server definition script to target dmgr

        scp /opt/IBM/Portal/Plugins/bin/configurePRDweb1.sh wasadmin@prd2dmgr.myco.com:/tmp

    20. Log on to dmgr host and create web server definition...

        cd /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin
        cp /tmp/configurePRDweb1.sh .
        ./configurePRDweb1.sh -user wasadmin -password password

      Typical output...

      root@prd2dmgr /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin ->./configurePRDweb1.sh -user wasadmin -password Wps>
      
      Input parameters:
      
         Web server name             - PRDweb1
         Web server type             - IHS
         Web server install location - /opt/IBM/Portal/IHS
         Web server config location  - /opt/IBM/Portal/IHS/conf/httpd.conf
         Web server port             - 7001
         Map Applications            - MAP_ALL
         Plugin install location     - /opt/IBM/Portal/Plugins
         Web server node type        - unmanaged
         Web server node name        - ihsnode1
         Web server host name        - webserver1.myco.com
         Web server operating system - aix
         IHS Admin port              - 8008
         IHS Admin user ID           - wasadmin
         IHS Admin password          - foo**
         IHS service name            - ""
      

    21. Log on to dmgr console and verify web server definition was created.

    22. Synchronize nodes

    23. From dmgr console, generate plugin-cfg.xml files.

    24. Copy new plugin-cfg.xml files to respective web server hosts

        DMGR=/opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01
        scp $DMGR/config/cells/p1cell/nodes/ihsnode1/servers/PRDweb1/plugin-cfg.xml wasadmin@webserver1:/opt/IBM/Portal/Plugins/config/PRDweb1

    25. Restart IHS

        cd /opt/IBM/Portal/IHS/bin
        ./apachectl restart

    26. Verify the following host aliases are defined

        Virtual Hosts | default_host | Host Aliases

          Host Name Port
          * 9080
          * 80
          * 9443
          * 5060
          * 5061
          * 443
          * 10000
          * 10002
          * 10032
          * 10039
          * 10029
          * 6005


    Configure portal to use LDAP

    These tasks only need to be run on the primary node.

    1. Create tarball of portal and dmgr filesystems

    2. Add the wpsadmin user as an administrative user on WAS.

      From dmgr console, go select...

        Users and Groups | Manage Users | Create

      On the Manage Users panel, create wpsadmin user. Click the Group Membership button and assign Administration user role to wpsadmins

    3. Enable distinguished name logins.

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=password

      This allows us to logon with the fully distinguished name...

        uid=wasadmin,o=defaultWIMFileBasedRealm

      We enable fully distinguished name logins because the short name of our administrator, wasadmin, is in both the file and LDAP registries, and a short name search would not resolve correctly.

    4. Optional. If file registry password for wasadmin or wpsadmin is different than LDAP pass, change passwords in file based registry to match LDAP versions

    5. Log on to primary node and copy the parent properties into place...

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties
        cp /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/config/helpers/wp_add_federated_ids.properties .

    6. Edit wp_add_federated_ids.properties file and set properties.

      Here are settings for PRD HA...

        federated.ldap.id=MyCo_LDAP1
        federated.ldap.host=prdtds1.myco.com
        federated.ldap.port=389
        federated.ldap.bindDN=cn=root
        federated.ldap.bindPassword=password
        federated.ldap.ldapServerType=IDS
        federated.ldap.baseDN=dc=myco,dc=com
        federated.ldap.gc.name=ibm-allGroups

      Here is copy of Portal v7 PRD Primary wkplc.properties to use as template

      • prdtds1.myco.com 636 (PRD Primary)
      • prdtds2.myco.com 636 (PRD Primary)
      • prdtds1.myco.com 636 (PRD HA)
      • prdtds2.myco.com 636 (PRD HA)

      IBM Tivoli Directory Server supports the optional membership attribute...

        federated.ldap.gc.name=ibm-allGroups

      ...that offers a significant performance enhancement.

    7. Validate the properties:
      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh validate-federated-ldap  \
                        -DparentProperties=/opt/IBM/Portal/WAS1/wp_profile/ConfigEngine/properties/wp_add_federated_ids.properties  \
                        -DSaveParentProperties=true  \
                        -DWasPassword=password
      

      Running with -DSaveParentProperties=true adds the new wp_add_federated_ids.properties to wkplc.properties.

    8. Add the federated LDAP to the cluster security configuration:

        ./ConfigEngine.sh wp-create-ldap -DWasPassword=password

      The wp-create-ldap tasks adds the LDAP to the WAS security configuration. It does not remove the out-of-the-box file user registry. Both are in use.

      In the future, when we update LDAP properties, we run...

        ./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=password

    9. Enable distinguished logins again (for luck)

        ./ConfigEngine.sh wp-modify-realm-enable-dn-login -DWasPassword=password

    10. Restart the dmgr, nodeagent, and WebSphere_Portal servers.

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
        ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password

        cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
        ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
        sleep 5
        ./startManager.sh

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./startNode.sh
        ./startServer.sh WebSphere_Portal

    11. After restart, verify credentials are correct by logging on to WAS console and Portal.

      We will be unable to login to Portal using the short name. This will only be temporary and will be corrected at the end of these steps. To log on to console, use fully qualified id:

        uid=wasadmin,o=defaultWIMFileBasedRealm

      If logon fails, to revert...

      1. Turn off security...

          cd /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/bin
          ./wsadmin.sh -conntype NONE
          WASX7357I: By request, this scripting client is not connected to any server process. Certain configuration and application operations will be available in local mode.
          WASX7029I: For help, enter: "$Help help"
          wsadmin>securityoff
          LOCAL OS security is off now but you need to restart server1 to make it affected.
          wsadmin>$AdminConfig save
          wsadmin>exit

        Another way to disable security is to edit...

          /opt/IBM/Portal/WAS1/AppServer/profiles/Dmgr01/config/cells/p1cell/security.xml

        ...and for element...

          <security:Security

        ...set attribute...

          enabled="false"

      2. Get the dmgr PID...

          ps -ef | grep dmgr

        ...and kill the dmgr process...

          kill PID

        Give it a minutes to finish. If regular kill does not work, run the sure kill...

          kill -9 PID

      3. Log on to the portal nodes, get the nodeagent and WebSphere_Portal processes...

          ps -ef | grep WebSphere_Portal
          ps -ef | grep nodeagent

        ...then kill those...

          kill PID

      4. Synchronize nodes...

          ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password password

        ...then restart

      5. Run startManager.sh

      6. Log on to dmgr console and go to...

          Security | Global security | Federated repositories | Manage repositories

      7. We can either try to fix the problem, or we can remove the LDAP realm

      8. Restart portal processes

    12. Verify all defined attributes are available in the newly added ldap:

        ./ConfigEngine.sh wp-validate-federated-ldap-attribute-config -DWasPassword=foo

    13. Reassign the WAS Administrator ID from the file registry to a user in the LDAP:
      ./ConfigEngine.sh wp-change-was-admin-user \
                        -DWasPassword=password \
                        -DnewAdminId=uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com \
                        -DnewAdminPw=password
      

      For newAdminPw, use the password assigned to this user in the LDAP.

    14. Restart the dmgr, nodeagent and WebSphere_Portal servers...

        ### On Portal primary node
        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh WebSphere_Portal -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
        ./stopNode.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password

        ### On Dmgr
        cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
        ./stopManager.sh -username uid=wasadmin,o=defaultWIMFileBasedRealm -password password
        sleep 5
        ./startManager.sh

        ### On Portal primary node
        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./startNode.sh
        ./startServer.sh WebSphere_Portal

      Because we ran wp-modify-realm-enable-dn-login earlier, we use the fully distinguished name of the original file registry WAS admin user. The new LDAP-based WAS admin user will take effect after the servers have been restarted.

    15. Log on to Dmgr console and verify new credentials are working...

        User ID: uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com
        Password: password

    16. In wkplc.properties, if value for WasPassword= was removed, re-add using our new password.

    17. Reassign the WebSphere Portal Administrator ID and Group ID to a user and group within the LDAP:
      ./ConfigEngine.sh wp-change-portal-admin-user \
                        -DWasPassword=password \
                        -DnewAdminId=uid=wpsadmin,cn=users,ou=admins,dc=myco,dc=com \
                        -DnewAdminPw=password \
                        -DnewAdminGroupId=cn=wpsadmins,cn=groups,ou=admins,dc=myco,dc=com
      

      For newAdminPw, use the password assigned to this user in the LDAP.

      This task updates PortalAdminId in wkplc.properties to reflect the ID value specified for 'newAdminId' and the PortalAdminGroupId value will be automatically updated to reflect the 'newAdminGroupId'.

    18. Review wkplc.properties and verify that PortalAdminPwd is set to foo**

    19. Restart the Deployment Manager, nodeagent, and WebSphere_Portal server on the primary node

      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal  \
                      -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                      -password password
      
      ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  -password password
      
      ### On Dmgr
      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                       -password password
      ./startManager.sh
      
      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal
      

    20. List the current user repositories:

        ./ConfigEngine.sh wp-query-repository -DWasPassword=password

      For example, here is LDAP for STG...

      cell="p1cellD"
      engineinstalllocation="/opt/IBM/Portal/WAS1/wp_profile/ConfigEngine"
      enginerootdir="/opt/IBM/Portal/WAS1/ConfigEngine"
      pathseparator=":"
      osarch="ppc64"
      
      Existing Federated Repositories
      Repository Name : {BasicInformation} : {Details}
      ***************************************
      MyCo_LDAP1 : 
      {  
            repositoryType=LDAP,
            specificRepositoryType=IDS,
            host=devtds.myco.com}, 
            ldapServerType=IDS,
            supportTransactions=false,
            supportExternalName=false,
            supportChangeLog=native,
            searchTimeLimit=120000,
            certificateMapMode=EXACT_DN,
            sslConfiguration=,
            translateRDN=false,
            certificateFilter=,
            supportAsyncMode=false,
            adapterClassName=com.ibm.ws.wim.adapter.ldap.LdapAdapter,
            searchCountLimit=500,
            primaryServerQueryTimeInterval=15,
            supportSorting=false,
            returnToPrimaryServer=true,
            supportPaging=false,
            id=MyCo_LDAP1,
            loginProperties=[uid, mail],
      )
      

    21. Set entity types.

      Edit wkplc.properties and set...

        personAccountParent=cn=users,ou=admins,dc=myco,dc=com
        groupParent=cn=groups,ou=admins,dc=myco,dc=com
        personAccountRdnProperties=uid
        groupRdnProperties=cn

      ...then run...

        ./ConfigEngine.sh wp-set-entitytypes -DWasPassword=password

    22. Remove the default file user registry.

      Option for lower-level envs. Required for production environments.

      In wkplc.properties set...

        federated.delete.baseentry=o=defaultWIMFileBasedRealm
        federated.delete.id=InternalFileRepository

      ...then run...

        ./ConfigEngine.sh wp-delete-repository -DWasPassword=password

    23. Disable fully distinguished name logins and re-enable short name logins...

        ./ConfigEngine.sh wp-modify-realm-disable-dn-login -DWasPassword=password

    24. Stop the dmgr, nodeagent, and WebSphere_Portal...

      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal  \
                      -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                      -password password
      
      ./stopNode.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                    -password password
      
      ### On Dmgr
      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username uid=wasadmin,cn=users,ou=admins,dc=myco,dc=com  \
                       -password password
      ./startManager.sh
      
      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal
      

    25. Verify we can log on to dmgr and portal using

      • Login: wasadmin
      • Password: password

    26. Stop processes and make backup

      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal  \
                      -username wasadmin \
                      -password password
      
      ./stopNode.sh -username wasadmin -password password
      
      ### On Dmgr
      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username wasadmin \
                       -password password
      ./startManager.sh
      
      ### On Portal primary node
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal
      

    27. Optional. Change poolTimeOut from 0 to 180 in...

        /opt/IBM/Portal/WAS1/wp_profile/config/cells/p1cell/wim/config/wimconfig.xml
        /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/config/cells/p1cell/wim/config/wimconfig.xml


    Add ha servers for LDAP

    To manually add ha LDAP servers, from WAS Admin Console go to...

      Security | Global security | Federated repositories | MyCo_LDAP1 | Failover server used when primary is not available:

    ...and add additional LDAP server names and ports. For example, for PRD HA

    • prdtds1.myco.com 389
    • prdtds2.myco.com 389

    At this point, you have completed building a single node cluster using a remote database and federated LDAP server.

    If you see blank entries, or have users who can no longer view resources to which they previously had access, you may need to...

    1. On secondary nodes, update wkplc.properties with latest values

    2. Run update-jcr-admin on secondary nodes.

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh update-jcr-admin

    See Fix Portal Access Control settings if user/group external identifiers have changed.


    Set wasadmins permissions

    1. Log into the ISC and go to Users and Groups
    2. Pick Administrative group Role
    3. Add a group and search for wasadmins
    4. Select all the roles
    5. And then save.


    Set ibm-allGroups

    If you did not set up ibm-allGroups membership attribute when configuring LDAP, we can do it after the fact by logging on to the console and going to...

      Global security > Federated repositories > MyCo_LDAP1 > Group attribute definition

    Verify that...

      Global security > Federated repositories > MyCo_LDAP1 > Group attribute definition > Member attributes

    ...has uniqueMember set...


    Enable SSL for LDAP

    1. Add LDAP signer certificate to the WAS installation

      1. Select...

          Security | SSL certificate and key management | SSL configurations | CellDefaultSSLSettings | Key stores and certificates | CellDefaultTrustStore | Signer certificates | Retrieve from port

      2. Set LDAP host name, SSL port (default 636), and alias of your choice

      3. Click "Retrieve signer information".

        This should pull the certificate directly from the LDAP server.

      4. Save the changes to the master configuration.

      5. Restart dmgr

      6. On primary node, perform syncNode...

        ./syncNode.sh prd2dmgr.myco.com 9879  \
                      -user wasadmin \
                      -password password
        

      7. Restart WebSphere_Portal and node agent

    2. Update wkplc.properties and add...

        federated.ldap.sslEnabled=true
        federated.ldap.sslConfiguration=CellDefaultSSLSettings

    3. Update federated repository

        ./ConfigEngine.sh wp-update-ldap -DWasPassword=password


    Configure default realm

    We add base entries using portal tools. We could also have them manually through dmgr console.

    1. Edit wkplc.properties and set...

      ...then execute...

        ./ConfigEngine.sh wp-create-base-entry

    2. Set

      ...then execute...

        ./ConfigEngine.sh wp-create-base-entry

    3. Remove original (full repository) Base Entry

      ...then execute...

        ./ConfigEngine.sh wp-delete-base-entry

    4. Synchronize nodes and restart Cluster


    Configure myAdminRealm

    1. Log on to primary node

    2. Edit wkplc.properties and set...

      Create myAdminRealm

        ./ConfigEngine.sh wp-create-realm
        [wplc-create-realm] Realm myAdminRealm was created successfully.
        [wplc-create-realm] Status = Complete
        
        action-post-config:
        Tue Jan 28 15:56:38 CST 2014
        
        BUIUD SUCCESSFUL
        Total time: 10 seconds
        

      We run this on primary node only

    3. Add base entry to myAdminRealm

      Edit wkplc.properties, and set...

      ...then execute...

        ./ConfigEngine.sh wp-add-realm-baseentry
        [wplc-add-realm-baseentry] Create base entry result: [CWWIM5028I  The configuration is saved in a temporary workspace. 
        [wplc-add-realm-baseentry] Base entry ou=STG,ou=stageusers,dc=myco,dc=com was added successfully.
        [wplc-add-realm-baseentry] Status = Complete
        
        action-post-config:
        Tue Jan 28 16:15:30 CST 2014
        
        BUIUD SUCCESSFUL
        Total time: 11 seconds
        

    4. Stop WebSphere_Portal, nodeagent, run syncNode, then restart


    Shared Libraries

    1. Copy deployment.tar.gz to each target portal node...

        scp deployment.tar.gz wasadmin@targethost:/tmp

    2. Log on to each portal node and unarchive deployment.tar.gz...

        cd /tmp
        gunzip deployment.tar.gz
        tar xvf deployment.tar

    3. Copy library files to portal file system...

        cp -r deployment/myco_*_lib /opt/IBM/Portal/WAS1/wp_profile

    4. In Dmgr console, create shared library resources

        Environment | Shared Libraries

      Cluster scope

        Name Description Classpath
        PortletLib Portlet shared classes ${USER_INSTALL_ROOT}/myco_portlet_lib
        ServerLib Cluster Level Shared Library for Server loaded class paths ${USER_INSTALL_ROOT}/myco_server_lib
        ServicesLib Services classes to map to Application class paths ${USER_INSTALL_ROOT}/myco_services_lib

    5. In Dmgr console, map ServerLib to Server Classloader

    6. Synchronize nodes

    7. Restart portal servers

    8. Monitor portal logs...

        /opt/IBM/Portal/WAS1/wp_profile/logs/WebSphere_Portal/SystemOut.log


    Web container updates

    For ALL Portal appservers, go to...

      Application Servers | WebSphere Portal[N] | Web Container | Custom Properties

    ...and add...

      Name: com.ibm.ws.webcontainer.httpOnlyCookies
      Value: *


    Mail session

    Go to...

      Resources | Mail | Mail providers | Built-In Mail Provider (Cluster Scope) | Mail Sessions

    ...and add...

      Name Prodline2 Mail Session
      JNDI Name mail/Prodline2Session
      Server smtp.myco.com


    Configure object cache instances

    Go to...

      Resources | Cache Instances | Object cache instances | New

    ...and on cluster scope, create...

      Name JNDI name Cache size
      Catalog_User_Cache services/cache/Catalog/usercache 2000
      WEB_EN_Scripts_Cache services/cache/Catalog/WEB/EN/scripts_cache 5000
      WEB_ES_Scripts_Cache services/cache/Catalog/WEB/ES/scripts_cache 5000

    Use defaults for other values.


    Configure Object Pools

    • Resources | Object pool managers

      Cell scope

        Name My Http Connection Pool Manager
        JNDI name opm/Catalog/HTTPPoolManager
        Description My Connection Pool for Prodline1
        Custom object pools

          Pool class name com.myco.portal.net.http.PoolableConnection
          Pool implementation class name com.myco.portal.net.http.ConnectionPool

        Name TeaHttpPoolManager
        JNDI name opm/nuLeefHttpPoolManager
        Description Provides IUD service check based on destination phone number
        Custom object pools

          Pool class name com.myco.portal.net.http.PoolableConnection
          Pool implementation class name com.myco.portal.net.http.ConnectionPool

    • Object pool managers > My Http Connection Pool Manager > Custom object pools > com.myco.portal.net.http.PoolableConnection > Custom properties

      PRD Primary, PRD HA, and TST...

        closeOnReturn true
        connectionTimeout 10000
        host esbgateway.myco.com (PRD Primary)
        haesbgateway.myco.com (PRD HA)
        tstesbgateway.myco.com (TST)
        port 80
        timeout 100000
        uri /facade?xmldoc=

    DEV and STG...

      closeOnReturn true
      connectionTimeout 10000
      host stage.myco.com
      port 7001
      timeout 100000
      uri /facade?xmldoc=


    Global security updates

    Add "mail" as login property

      Security | Global security | Federated repositories | Configure | MyCo_LDAP1 | Federated repository properties for login

    ...and set...

      uid;mail


    Disallow direct servlet access

    By default, users can access servlets by their class name instead of an alias. For example, to call the servlet defined in the com.ibm.itso.MyServlet, specify a URI, such as...

      /servlet/com.ibm.itso.MyServlet

    We want to disable this feature. Even if servlet URLs are secured, a malicious attacker might be able to bypass the normal URL-based security.

    To disallow direct access to servlets, go to...

      Servers | Server Types | WebSphere appservers | server | Web Container Settings | Web container | Additional Properties | Custom Properties | New

    ...and set to true...

      Name Default
      com.ibm.ws.webcontainer.disallowserveservletsbyclassname false


    Web Services

    1. Log on to dmgr console and go to...

        Services | Policy sets | Application policy sets | New

    2. For name, enter...

        MyCo SOAP Services Policy

      ...for the name and click Apply

    3. Click Add and select HTTP Transport

    4. Set the connection timeout to 30 seconds.

    5. Accept the default values for all other properties and click OK

    6. Click Add and select WS-Security

    7. Click Save

    8. Expand...

    9. Specify MyCo SOAP Binding as the name

    10. Click Add and select HTTP transport

    11. Enter the following values and click OK

      • DEV

          Host devesbgateway.myco.com
          Port 80

      • STG

          Host stage-soa3.myco.com
          Port 9001

      • TST

          Host tstesbgateway.myco.com
          Port 80

      • PRD HA

          Host esbgateway.myco.com
          Port 80

      • PRD HA

          Host haesbgateway.myco.com
          Port 80

      Username and password for all of the above...

        User name weblogic
        Password password

    12. Verify connectivity to gateway. For example...

        $ telnet esbgateway.myco.com 80
        Trying 10.11.11.24...
        Connected to esbgateway.myco.com.
        Escape character is '^]'.

    13. Click Add then select WS-Security

        WS-Security | Authentication and protection | Authentication tokens | New Token | Token Generator

    14. Enter the following properties...

        Name UsernameToken1
        Token type Username Token v1.0

    15. Accept all other default values and click Apply

    16. Click the Callback handler link and enter...

        User name weblogic
        Password password

    17. From dmgr console, go to...

        Application policy sets | MyCo SOAP Services Policy | WS-Security | Main policy | Request token policies

      ...and add

        Token type UserName
        Username token name auth_token
        WS-Security version WS-Security 1.0

      Select OK and then Save

    18. Go to...

        Application policy sets | MyCo SOAP Services Policy | WS-Security | Main Policy

      ...and deselect the Message level protection.

      Select OK and SAVE

    19. Synchronize nodes, then restart dmgr and portal appservers.

    20. Install MyCoServices.ear file

      Note that this file needs to be customized for each environment.

      1. Log on to dmgr console and run...

          Applications | New Application | New Enterprise Application | Local file system | Choose File | MyCoServices.ear | Detailed | Show all installation options | Next

      2. Accept defaults for...

          Select installation options

      3. Accept defaults for...

          Map modules to servers

      4. On panel...

          Map shared libraries

        1. Select the checkbox next to MyCoServicesEAR

        2. Click button...

            Reference shared libraries

        3. Scroll down to MyCoServicesLib, select, then move to Selected column

      5. On the panel...

          Provide JNDI names for beans

        ...for each bean, set target resource JNDI name to...

          ejb/BeanName

        For example, for myCustomService, the name should be...

          ejb/myCustomService

      6. Accept the default values for the rest of the panels, then click Finish.

    21. Select...

        Applications | Application Types | WebSphere Enterprise Applications | MyCoServicesEAR | Service client policy sets and bindings

    22. Select all checkboxes, then click...

        Attach Client Policy Set | MyCo SOAP Services Policy

    23. Select all checkboxes, then click...

        Assign Binding | MyCo SOAP Binding

    24. Click Save

    25. Restart the application


    Web Content View preferences

    Define portlet preferences defined in the WCM Viewer portlet.

    1. Log in to the WebSphere Portal server

        http://myenv.myco.com:10039/wps/config

      ...and go to...

        Administration | Portlet Management | Portlets

    2. Search for "web content viewer" and then click the Configure portlet icon

    3. The Configure portlet panel appears...

    4. Set the following preferences...

        meta.tag.content.element.6 meta.og.description
        meta.tag.content.element.9 meta.og.image
        meta.tag.content.text.2 Prodline2
        meta.tag.content.text.3 INDEX,FOLLOW
        meta.tag.content.text.7 Prodline2
        meta.tag.name.0 title
        meta.tag.name.1 description
        meta.tag.name.2 author
        meta.tag.name.3 robots
        meta.tag.name.4 keywords
        meta.tag.name.5 og:title
        meta.tag.name.6 og:description
        meta.tag.name.7 og:site_name
        meta.tag.name.9 og:image


    Expression Language

    Apply EL string checking bypass

    1. Go to...

        Servers | Server Types | WebSphere Application Servers | server-name | Java and Process Management | Process Definition | Java Virtual Machine | Custom Properties.

    2. Create a new custom property definition by clicking New and setting...

        org.apache.el.parser.SKIP_IDENTIFIER_CHECK true

      The absence of the custom property definition is the same as setting Value to false.)

    3. Click OK.

    4. Save changes and synchronized with cell nodes

    5. Restart appservers


    Deploy war

    Execute these tasks from primary node only.

    1. Upload deployment.tar.gz to the target primary node.

    2. Log on to primary node and unarchive files

        cd /tmp
        gunzip deployment.tar.gz
        tar xvf deployment.tar

    3. Deploy MyCo portlets...
      cd /opt/IBM/Portal/WAS1/PortalServer/bin
      ./xmlaccess.sh -in /tmp/deployment/portlets/DeployMyCoPortlets.xml \
                     -user wasadmin  \
                     -password  mypassword \
                     -url http://prdhost1.myco.com:10039/wps/config \
                     -out /tmp/deployment/portlets/DeployMyCoPortlets_out.xml
      

    4. Log on to Portal Administration and verify roles "All Authenticated Portal Users" and "Anonymous Portal User" are assigned to MyCo portlets.


    Map Portlets to Shared Libraries

    Log on to deployment manager host and run...

      cd /opt/IBM/Portal/WebSphere/AppServer/bin
      ./wsadmin.sh -lang jython -f /tmp/edit_app_libraries.py -username wasadmin -password mypassword

    Restart portal processes after executing this script.

    Verify the following have property library mappings and portal security...

    • SettingsPortlets.war
    • CancellationOrderPortlet.war
    • LocationPortlet.war
    • ProtectionPortlets.war
    • Upgrade.war
    • UnsubscribePortlet
    • PA_Marketing
    • MyCoMyAccountPortlet.war
    • MyCoAccountSummaryPortlet

    For example...


    Resource Environment Providers

    Go to...

      Resources | Resource Environment | Resource Environment Providers

    ...and add custom properties. Cluster scope. Use source environment as a reference for resource environment entries and corresponding custom properties


    • WP_AuthenticationService | Custom Properties

      Install TeaLeaf application before setting these properties. Changing the following may affect logon and logout, so if we are having issues authenticating to portal pages, for example, if My Account button leads to blank page, you may need to change these back to the default settings...

        Name Default value
        logout.explicit.filterchain com.ibm.wps.auth.impersonation.impl.ImpersonationLogoutFilter

      Description MyCo value
      sessionvalidation.filterchain com.myco.portal.LocaleParamFilter;com.myco.portal.SSLSessionValidator;com.myco.portal.TeaLeafCookieFilter
      logout.implicit.filterchain com.myco.portal.filters.logout.TNSCookieInvalidatorLogoutFilter;com.myco.portal.filters.logout.CacheInvalidatingLogoutFilter
      logout.explicit.filterchain com.myco.portal.filters.logout.TNSCookieInvalidatorLogoutFilter;com.myco.portal.filters.logout.CacheInvalidatingLogoutFilter
      filterchain.properties.com.myco.portal.SSLSessionValidator.sslRequiredProperty SSLRequired
      filterchain.properties.com.myco.portal.SSLSessionValidator.secureCookiePath /
      filterchain.properties.com.myco.portal.SSLSessionValidator.secureCookieName com.myco.SSL


  • WP_ConfigService | Custom Properties


  • WP_NavigatorService


  • WP_StateManagerService

      preprocessors com.ibm.wps.state.preprocessors.locale.CookieSupportedLanguagePreProcessor, com.ibm.wps.state.preprocessors.urlmapping.URLMappingPreProcessor, com.ibm.wps.resolver.friendly.preprocessors.FriendlyPreProcessor, com.ibm.wps.resolver.portal.ResolvedPreprocessor, com.ibm.wps.state.preprocessors.selection.StandardPortalSelectionImpl, com.ibm.wps.state.preprocessors.selection.FragmentSelectionImpl, com.ibm.wps.state.preprocessors.selection.ResourceSelectionImpl, com.ibm.wps.state.preprocessors.eclipse.ExtensionPreProcessor, com.ibm.wps.state.preprocessors.portlet.RequestParameterMerger
      com.ibm.wps.state.preprocessors.locale.CookieSupportedLanguagePreProcessor.cookie.maxage -1


  • SiteDetailsProvider | Referenceables

      Factory Class Name com.myco.portal.portlet.rep.MyCoSiteDetailsProvider
      Class Name com.myco.portal.portlet.rep.MyCoSiteDetailsProvider


  • SiteDetailsProvider | Resource environment entries

      Name JNDI name Scope Provider
      stage.myco.com
      test.myco.com
      auth.myco.com
      dev.myco.com
      prod.myco.com
      prodha.myco.com
      www.myco.com
      rep/site/details/stage.myco.com
      rep/site/details/test.myco.com
      rep/site/details/auth.myco.com
      rep/site/details/dev.myco.com
      rep/site/details/prod.myco.com
      rep/site/details/prodha.myco.com
      rep/site/details/www.myco.com
      Cluster=P1Cluster SiteDetailsProvider
      all_sites rep/site/details/all_sites Cluster=P1Cluster SiteDetailsProvider

    Create one entry based on the current environment. Before production cutover, after internal DNS change, add entry for www.myco.com


  • Resource environment providers > SiteDetailsProvider > Resource environment entries > all_sites > Custom properties

    We set false for production, true for all other environments.

      Name Value
      STAGING_ENABLED false
      SCRIPT_STAGING false

    Setting false for STAGING_ENABLED and SCRIPT_STAGING here and below turns off the "Enable/Disable Staging Mode" option on the home page...


  • SiteDetailsProvider | Resource environment entries | env.myco.com | Custom properties

      Name Value
      PARENT_BASE_DN_OVERRIDE ou=users,dc=myco,dc=com
      WCM_BRAND_NAME PRD
      TNS_BASE_URL https://stg.tns.myco.com/index.html (STG)
      https://tst.tns.myco.com/index.html (DEV and TST)
      https://tns.myco.com/index.html (PRD)
      SUPPORTED_LOCALES EN,ES
      SOURCE_SYSTEM WEB
      SHOW_EMPTY_SCRIPT_IDS false
      SCRIPT_STAGING_IMG_PATH /wps/contenthandler/dav/fs-type1/themes/CatalogTheme/css/images/plus.gif
      SCRIPT_STAGING_COOKIE_NAME staging_mode
      SCRIPT_STAGING false
      GLOBAL_SCRIPT_VALUES company_name=;company_website=www.myco.com;toll_free_number=1-877-867-5309;
      FLOW_NAMES PURCHASE=PURCHASE;PURCHASE_ERROR_FLOW=P1PURCHASE;PORT_IN=PORT_IN;UPGRADE=P1_UPGRADE;MIN_AND_PIN_REFILL=P1_REDEMPTION;ADD_NOW=ADD_NOW;ADD_TO_QUEUE=ADD_TO_QUEUE;BUY_SERVICE_PLAN=BUY_SERVICE_PLAN;ENROLL_IN_AUTO_REFILL=ENROLL_IN_AUTO_REFILL;ADD_SERVICE_PLAN_NOW=ADD_SERVICE_PLAN_NOW;PURCHASE_ONE_P2EP=PURCHASE_ONE_P2EP;BALANCE_INQUIRY=BALANCE_INQUIRY;POINT=P1_POINT;MOBILE_WEB=P1_ACCESSORIES;FORGOT_USERNAME=FORGOT_USERNAME;REDEMPTION=P1_REDEMPTION;BUY_IUD_PLAN=BUY_IUD_PLAN
      DEFAULT_LOCALE EN
      My_POOL_JNDI opm/Catalog/HTTPPoolManager
      AGENT My
      BRAND_NAME Catalog
      TNS_COOKIE_NAME TNS_XWebObjid
      TNS_RESPONSE_ENCODING URLBASE64
      TNS_COOKIE_DOMAIN myco.com
      TNS_COOKIE_MAX_AGE 1800
      TNS_VENDOR_ID DBG
      TNS_APP_ID TNS
      TNS_ENCRYPT_METHOD PGP
      TNS_ENCRYPT_P2D PGPSTD


  • MapQuestDetailsProvider | Referenceables

      Factory class name Class name
      com.myco.portal.portlet.rep.MyCoSiteDetailsProvider com.myco.portal.portlet.rep.MyCoSiteDetailsProvider


  • MapQuestDetailsProvider | Resource environment entries

      Name JNDI name Scope Provider
      stage.myco.com
      test.myco.com
      auth.myco.com
      dev.myco.com
      prod.myco.com
      www.myco.com
      prodha.myco.com
      rep/mapquest/details/stage.myco.com
      rep/mapquest/details/test.myco.com
      rep/mapquest/details/auth.myco.com
      rep/mapquest/details/dev.myco.com
      rep/mapquest/details/prod.myco.com
      rep/mapquest/details/www.myco.com
      rep/mapquest/details/prodha.myco.com
      Cluster=P1Cluster MapQuestDetailsProvider

    Create one entry based on the current environment. Before production cutover, after internal DNS change, add entry for www.myco.com


  • MapQuestDetailsProvider | Resource environment entries | env.myco.com | Custom properties

      Name Value
      MQ_SPATIAL_SERVER_PORT 80
      MQ_SPATIAL_SERVER_PATH mq
      MQ_SPATIAL_SERVER_PASSWORD MyPassword
      MQ_SPATIAL_SERVER_NAME spatial.access.mapquest.com
      MQ_SPATIAL_SERVER_CLIENT_ID 37706
      MQ_ROUTE_SERVER_PORT 80
      MQ_ROUTE_SERVER_PATH mq
      MQ_ROUTE_SERVER_PASSWORD MyPassword
      MQ_ROUTE_SERVER_NAME route.access.mapquest.com
      MQ_ROUTE_SERVER_CLIENT_ID 37706
      MQ_MAP_SERVER_PORT 80
      MQ_MAP_SERVER_PATH mq
      MQ_MAP_SERVER_PASSWORD MyPassword
      MQ_MAP_SERVER_NAME map.access.mapquest.com
      MQ_MAP_SERVER_CLIENT_ID 37706
      MQ_GEOCODE_SERVER_PORT 80
      MQ_GEOCODE_SERVER_PATH mq
      MQ_GEOCODE_SERVER_PASSWORD MyPassword
      MQ_GEOCODE_SERVER_NAME geocode.access.mapquest.com
      MQ_GEOCODE_SERVER_CLIENT_ID 37706
      MQA.MQ_37706_SM2 false
      OBSOLETE? MQ_DATABASE_POOL_NAME MQA.MQ_37706_SM2

    Restart WebSphere processes after setting these values.


    Configure PRD Theme

    1. Configure resource providers before installing theme

    2. Install PRD theme war.

      We can also export theme as EAR, and then install EAR in new environment.

      1. From dmgr console, select...

          New Enterprise Application | Path to the new application | Local File System | ModularTheme.war

      2. On panel Select installation options set name to ModularTheme

      3. On panel Map modules to servers select both cluster and web server

      4. On panel JSP reloading options for Web modules keep defaults.

      5. On panel Map shared libraries keep defaults.

      6. On panel Map shared library relationships keep defaults.

      7. On panel Map virtual hosts for Web modules keep defaults.

      8. On panel Map context roots for Web modules set...

          /wps/ModularTheme

      9. On panel Map JASPI provider keep defaults.

      10. On panel Display module build Ids keep defaults.

      11. Review summary info, then select Finish

      12. Synchronize nodes...

    3. Import theme data to WebDAV folders
       
      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh webdav-deploy-zip-file \
                        -DTargetURI=dav:fs-type1/themes/CatalogTheme/ \
                        -DZipFilePath=/tmp/deployment/themes/ModularTheme-bin.zip \
                        -DUpdateMode=merge 
      

    4. Migrate theme

      Note that we are getting theme from a Portal v7 environment, and then importing into a Portal v8 environment.

      1. Export theme xml from source portal...
        cd /opt/IBM/Portal/WAS1/PortalServer/bin
        ./xmlaccess.sh -in /tmp/deployment/themes/ExportThemesAndSkins.xml  \
                       -user wasadmin  \
                       -password foo \
                       -url http://pwps1.myco.com:10039/wps/config \
                       -out /tmp/deployment/themes/theme_output.xml
        

      2. Copy output file to:

          target_host:/home/wasadmin/deployment/themes

      3. Edit output file and remove references to unwanted skins and themes.

      4. Change...

          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:noNamespaceSchemaLocation="PortalConfig_7.0.0.xsd"

        ...to...

          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:noNamespaceSchemaLocation="PortalConfig_8.0.0.xsd"

      5. Import theme to target Portal v8 dmgr
        cd /opt/IBM/Portal/WAS1/PortalServer/bin
         ./xmlaccess.sh -in /tmp/deployment/themes/theme_output.xml  \
                        -user wasadmin  \
                        -password mypassword \
                        -url http://prdhost1.myco.com:10039/wps/config \
                        -out /tmp/deployment/themes/import_theme_log.xml
        

    5. From dmgr console, go to...

        Enterprise Applications | ModularTheme | Class loading and update detection

      ...and verify Class loader order is set to...

        Classes loaded with parent class loader first

    6. Go to the Enterprise Applications panel, then select and start the ModularTheme...

    7. Go to the Portal administration page...

        http://test.myco.com/wps/myportal/Administration

      ...and select...

        Portal User Interface | Themes and Skins | MyTheme | Edit theme

      Change the default skin from the 7.0.0.2 noSkin to Portal 8.0 noSkin.

    8. Fix hard-coded reference to 7002theme

    9. Restart portal appserver


    Install global filters

    Use WAS console to install MyCoGlobalFilters-1.0.war

    Map module to cluster only.

    Context root: /globalportalfilters


    Install Tealeaf processor

    Use WAS console to install MyCoTealeafProcessor.war

    Context root: /tealeaf

    Map to cluster and web server


    Customize IHS config

    1. From WebSphere Console, go to the Web servers panel, and regenerate plugin-xml files.

    2. Copy new plugin-cfg.xml files to the web server hosts.

      Firewall rules prevent us from propagating, or using scp, to copy regenerated plugin-cfg.xml files to their respective web servers. To accomplish, we perform the task below.

      1. On dmgr host, copy new plugin-xml files to /tmp and set perms...

          cp $DMGR_PROFILE/config/cells/p1cell/nodes/ihsnode1/servers/webserver1/plugin-cfg.xml /tmp/plugin-cfg1.xml
          cp $DMGR_PROFILE/config/cells/p1cell/nodes/ihsnode2/servers/webserver2/plugin-cfg.xml /tmp/plugin-cfg2.xml
          chmod 666 /tmp/plugin-cfg1.xml
          chmod 666 /tmp/plugin-cfg2.xml

      2. Download files to your client PC...

          scp user1@prd2dmgr.myco.com:/tmp/plugin-cfg1.xml plugin-cfg1.xml
          scp user1@prd2dmgr.myco.com:/tmp/plugin-cfg2.xml plugin2-cfg.xml

      3. Copy files up to web servers...

          scp plugin-cfg1.xml user1@webserver1.myco.com:/tmp/plugin-cfg.xml
          scp plugin-cfg2.xml user1@webserver2.myco.com:/tmp/plugin-cfg.xml

        From webserver1 host, change perms and copy into place...

          chmod 666 /tmp/plugin-cfg.xml
          cd /opt/IBM/Portal/Plugins/config/webserver1
          cp /tmp/plugin-cfg.xml .

        From webserver2 host, change perms and copy into place...

          chmod 666 /tmp/plugin-cfg.xml
          cd /opt/IBM/Portal/Plugins/config/webserver2
          cp /tmp/plugin-cfg.xml .

    3. On web server hosts, modify httpd.conf to include MyCo directives.


    Create PRD Virtual Portal

    1. Go to...

      ...and create...

        Virtual portal title Prodline1_Virtual_Portal
        URL Context prd-vp
        Virtual portal hostname myhost.myco.com
        User realm myAdminRealm
        Initial admin user group wpsadmins

    2. Enter the virtual portal by clicking the URL Context link

      If VIP, DNS, DataPower, or IHS are not configured for routing success, to access the new virtual portal via the hostname, set up an alias on your client PC. Edit...

        c:/windows/system32/drivers/etc/hosts

      ...and set hostname to...

        10.22.40.111 portal_primary_node

      For example, for PRD...

        10.22.40.111 prod.myco.com

      You should now be able to get to the virtual portal by going to the Manage Virtual Portals page and clicking on the hostname for the virtual portal.

    3. From the virtual portal, set Administration label name...

        Administration | Portal Settings | URL Mapping | New Context | Administration | OK

      Click the Edit Mapping icon map label and map to the Administration page.

      Note that if we are unable to get to the virtual portal administration page to set up the friendly URL, we can copy and paste the URL from another site. For example, the following URL takes you to the TST Administration page...

        http://test.myco.com/wps/myportal/!ut/p/a1/04_Sj9CPykssy0xPLMnMz0vMAfGjzOKd3R09TMx9DAwsjF2NDDzNA52Mw4w9Ddz9TfXD9aPwKzEjpMAEqsAAB3A00C_Izg4CAPyxWkA!/

      Use the part of the link after myportal/


    Syndication

    To set up a syndication relationship...

    1. Install multilingual

      Do this before BEFORE syndicating or importing WCM libraries.

    2. Ensure both the subscriber and syndicator are running, and that they can access each other over a network. For example...

        telnet test.myco.com 10039

    3. On the subscriber server, log in to IBM WebSphere Portal.

    4. Create a shared credential vault slot to allow us to access the syndicator

      ID and password should be a valid ID and password for accessing the syndicator portal. For example: wasadmin / foo

    5. Go to...

        Administration | Portal Content | Subscribers | Subscribe Now

    6. Enter the syndicator URL. For example...

        http://test.myco.com:10039/wps/wcm

    7. Set the syndicator name.

    8. Set the subscriber.

    9. Select the credential vault slot created earlier.

    10. Click Next

    11. Select the libraries to subscribe to. For example...

      For PRD, select...

      • Prodline1 Design
      • Prodline1 EN
      • Prodline1 ES
      • Prodline2 Design
      • Prodline2
      • Prodline2 ES
      • ImageRendering
      • Units
      • ML_Configuration7

    12. Click Finish.

    13. To begin syndication, click either Update Subscriber or Rebuild Subscriber button.

    During the syndication you will see a Status of Active along with Last Update

    Avoid stopping the Portal server while the syndication is running. Wait for Complete status. Clicking on Last Update will render a progressa.

    Monitor Portal JVM logs on both syndicator and subscriber...

      tail -f /opt/IBM/Portal/WAS1/wp_profile/logs/WebSphere_Portal

    To add additional WCM libraries after creating the syndication relationship, go to the syndication portal and click the Edit icon...


    Export/Import WCM libs

    Note that this step is an alternative to syndication.

    With this step we export the contents of a web content library in source portal, and import this data into target web content server. This procedure is only suitable for populating new items. For ongoing updates, deletes and moves, we will use syndication.

    Note: If you have not yet run the multilingual deploy tasks, do NOT copy over any multilingual-related libraries. Run the mls deploy tasks first.

    1. Install multilingual

      This must be done before BEFORE importing WCM libs

    2. From source portal server, as user wasadmin, export all WCM libraries...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh export-wcm-data \
                        -Dexport.allLibraries=true  \
                        -DWasPassword=password \
                        -DPortalAdminPwd=password
      

      Note that we can optionally specify a virtual portal: -DVirtualPortalHostName

      We can tail logs during export...

        tail -f /opt/IBM/Portal/WAS1/wp_profile/logs/WebSphere_Portal/SystemOut.log

    3. On target host, as user wasadmin, create import directory...

        mkdir /opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/import

    4. Copy output file to target portal server

        cd /opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/export
        scp -r dirname wasadmin@remotehost:/opt/IBM/Portal/WAS1/wp_profile/PortalServer/wcm/ilwwcm/system/import

    5. Increase total transaction lifetime timeout and maximum transaction timeout to 360 seconds in...

        Servers | Server Types | WebSphere appservers | portal_server | Container Services | Transaction Service

    6. Log on to target portal server and import WCM libraries...

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh import-wcm-data -DWasPassword=password -DPortalAdminPwd=password


    Set permissions for web content

    1. Log on to the portal and go to...

        Administration | Portal Content | Web Content Libraries | Set Access on Root

    2. Edit the User role

    3. Add members "All Authenticated Portal Users" and "Anonymous Portal User" to User role.


    Export/Import pages

    For this step we export pages from source portal A, and then import those pages to target portal B. For the export to work, enable support for JavaScript and disable pop-up blocking in the browser settings. I have had success using out-of-the box Firefox as the browser.

    1. Backup target portal

    2. Log on to source virtual portal administration page as user wasadmin.

      For example...

    3. Click the "Administration" link on the bottom left of the page.

    4. Go to...

        Administration | Manage Pages | Content Root

      ...and click the Export button for the Welcome to Prodline1 page...

      Output is written by default to pageExport.xml.

    5. If we are migrating v7 pages to a v8 portal...

      1. Review pageExport.xml, and verify object IDs for noskin and theme match those in the theme import file.

      2. Review custom portlets in pageExport.xml, and compare their object IDs to those found in...

          Portal | Administration | Portal Settings | Custom Unique Names | Portlets

      3. Edit pageExport.xml

        1. Remove references to the following skins and themes. For example...

          <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S4" uniquename="ibm.portal.skin.IBM"/>
          <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S2" uniquename="wps.skin.thinSkin"/>
          <skin action="locate" domain="rel" objectid="ZK_CGAH47L008LG50IAHUR9Q330S6" uniquename="wps.skin.noSkin"/>
          <skin action="locate" domain="rel" objectid="ZK_B8LUIVAH2REB10IL4GGE622OE6"/>
          <theme action="locate" domain="rel" objectid="ZJ_D0JM3QAH2B7H30IJRMH0GP3007" uniquename="com.myco.portal.P2_BlankTheme"/>
          

        2. Change references to cloned Web Content Viewers...

            Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O4
            Web Content Viewer (JSR 286).$cloned.Z3_D0JM3QAH2379F0I310AG6720O6

          ...to original Web Content Viewer...

            portlet Z3_CGAH47L00OJ790IAH1AFAN1G56 name=Web Content Viewer (JSR 286)

        3. Remove the following undefined skin component

          <component action="update" 
                     active="true" 
                     deletable="undefined" 
                     domain="rel" 
                     modifiable="true" 
                     objectid="Z7_D0JM3QAH2RH750IPHCSG7N0OF3" 
                     ordinal="3400" 
                     orientation="H" 
                     skinref="undefined" 
                     type="container" 
                     width="undefined">
          

    6. From target virtual portal, go to...

        Administration | Import XML

      ...and select the virtual portal export file created earlier.

    7. Import the pages.


    Custom Security Configuration

    LDAP Custom Attribute Configuration

    Configuration supports the "mycoPerson" custom class and "contObjid" custom attribute.

    1. Log on to primary node and Install WIMSYSTEM application...

      • TST and PRD

          cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
          ./ConfigEngine.sh wp-la-install-ear -DServerName=dmgr -DNodeName=P1Node01

      • PRD

          cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
          ./ConfigEngine.sh wp-la-install-ear -DServerName=dmgr -DNodeName=DmgrNode

      To get dmgr node name, go to...

        System Administration | Deployment manager | Runtime

      In the WAS console, target host and node should be the deployment manager

    2. Restart dmgr, appserver, and node agent

    3. Update wkplc.properties for custom attribute.

      • PRD HA

          la.providerURL=corbaloc:iiop:prd2dmgr:10809
          la.propertyName=contObjid
          la.entityTypes=PersonAccount
          la.dataType=P1RING
          la.multiValued=false
          repositoryId=

      • PRD Primary

          la.providerURL=corbaloc:iiop:prddmgr:10809
          la.propertyName=contObjid
          la.entityTypes=PersonAccount
          la.dataType=P1RING
          la.multiValued=false
          repositoryId=

      • TST

          la.providerURL=corbaloc:iiop:testdmgr:10809
          la.propertyName=contObjid
          la.entityTypes=PersonAccount
          la.dataType=P1RING
          la.multiValued=false
          repositoryId=

      • PRD

          la.providerURL=corbaloc:iiop:stage:9809
          la.propertyName=contObjid
          la.entityTypes=PersonAccount
          la.dataType=P1RING
          la.multiValued=false
          repositoryId=

      la.providerURL uses the Bootstrap Address port of the dmgr...

        System administration | Deployment manager | Ports

    4. Add attribute:

        ./ConfigEngine.sh wp-add-property

        ** Note this will prompt for credentials

    5. Update wkplc.properties for attribute mapping:

        user.attributes.required=sn,ibm-primaryEmail
        federated.ldap.attributes.mapping.ldapName=contObjid,mail,userPassword
        federated.ldap.attributes.mapping.portalName=contObjid,ibm-primaryEmail,password
        ...
        federated.ldap.attributes.mapping.entityTypes=PersonAccount

    6. Map new attributes:

        ./ConfigEngine.sh wp-update-federated-ldap-attribute-config

    7. Restart

    8. On secondary nodes...

      1. On secondary nodes, update wkplc.properties with latest values

      2. Run update-jcr-admin on secondary nodes.

          cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
          ./ConfigEngine.sh update-jcr-admin

    9. Update wkplc.properties for custom person class:

        federated.ldap.et.personaccount.objectClasses=inetOrgPerson;Person;mycoPerson
        federated.ldap.et.personaccount.objectClassesForCreate=inetOrgPerson;mycoPerson
        federated.ldap.loginProperties=uid;mail

    10. Update the objectClasses

        ./ConfigEngine.sh wp-update-federated-ldap -DWasPassword=mypassword

    11. Update wkplc.properties for the following values:

    12. Delete PersonAccount entity type

        ./ConfigEngine.sh wp-delete-ldap-entitytype

    13. Recreate PersonAccount entity type

        ./ConfigEngine.sh wp-create-ldap-entitytype

    14. Restart

    15. On secondary nodes...

      1. On secondary nodes, update wkplc.properties with latest values

      2. Run update-jcr-admin on secondary nodes.

          cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
          ./ConfigEngine.sh update-jcr-admin


    Multilingual system

    Important: Do not syndicate or import any WCM libraries before configuring MLS. Configure MLS first.

    To enable multilingual, on each portal node in the cluster, run...

    1. Set WasPassword and PortalAdminPwd in wkplc.properties

    2. Run...

        cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
        ./ConfigEngine.sh register-wcm-mls
        ./ConfigEngine.sh deploy-wcm-mls
        ./ConfigEngine.sh import-wcm-mls-data -DVirtualPortalContext=prd-vp

    3. To have the home page render in Espanol, log on to the virtual portal, then select...

        Administration | Manage Pages | Content Root | Welcome to Prodline1 | Edit Page Layout | Web Content Viewer portlet | Edit Shared Settings | Advanced Options | Plug-ins | Context Processors | com.ibm.workplace.wcm.ml.contextprocessor.MLContextProcessor

    4. Click OK and restart portal cluster.

      For more information, see: Multilingual deployment, installation, and configuration


    Architecture summary

    There is Primary data center instance (PRD), and a secondary data center instance (PRDHA). Both share the above topology.


    Appendix - Databases

      Env Host Port User Pass DBs
      DEV devdb2 60004 db2admin foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
      STG stgdb2 60004 db2adm2 foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
      TST tstdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
      PRD Primary Prodline1 prddb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
      PRD Primary Prodline2 prd2db1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
      PRD HA Prodline1 prdaltdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB
      PRD HA Prodline2 prd2altdb1 60000 db2inst foo FDBKDB COMDB JCRDB RELDB LMDB CUSDB

    Version: DB2 v9.7 FP 6.

    DB backups to...

    • /db2data/db2backups
    • /db2data/archived_logs
    • /db2data/old_archive_file


    Verify password aging is disabled for DB2 service accounts

    Verify db2adm1 and db2adm2 passwords are non-expiring, with password aging disabled. If passwords expire, portal instances will not start.


    Change dmgr cellname to p1cell

    To change a dmgr cell name...

    1. Stop the Deployment Manager:

        cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
        ./stopManager.sh -user wasadmin -password foo

      Start the WSADMIN environment...

        ./wsadmin.sh -conntype NONE -lang jython

    2. From the WSADMIN prompt run...

        AdminTask.renameCell('[-newCellName p1cell -regenCerts false]')
        AdminConfig.save()
        exit

    3. Edit setupCmdLine.sh script and update the WAS_CELL parameter.

    4. Start the Deployment Manager and check the SystemOut.log file for any errors.


    Restart WebSphere_Portal, nodeagent, and sync

    DEV and PRD restart...

      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./stopServer.sh WebSphere_Portal -username wasadmin -password password
      ./stopNode.sh -username wasadmin -password password
      cd /opt/IBM/Portal/WebSphere/AppServer/profiles/Dmgr01/bin
      ./stopManager.sh -username wasadmin -password password
      ./startManager.sh
      cd /opt/IBM/Portal/WAS1/wp_profile/bin
      ./startNode.sh
      ./startServer.sh WebSphere_Portal

    TST restart

    1. On primary node

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh WebSphere_Portal -username wasadmin -password foo
        ./stopNode.sh -username wasadmin -password foo

    2. On secondary node

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./stopServer.sh WebSphere_Portal_P1Node02 -username wasadmin -password foo
        ./stopNode.sh -username wasadmin -password foo

    3. On Dmgr

        cd /opt/IBM/Portal/WAS1/AppServer/bin
        ./stopManager.sh -username wasadmin -password foo
        ./startManager.sh

    4. On primary node

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password foo
        ./startNode.sh
        ./startServer.sh WebSphere_Portal

    5. On secondary node

        cd /opt/IBM/Portal/WAS1/wp_profile/bin
        ./syncNode.sh testdmgr.myco.com 9879 -user wasadmin -password foo
        ./startNode.sh
        ./startServer.sh WebSphere_Portal_P1Node02


    Configure DB2 for large files in WCM

    This is optional and is not currently configured in any MyCo environments

    For WCM, we update the database configuration to support large files...

      cd /opt/IBM/Portal/WAS1/wp_profile/ConfigEngine
      ./ConfigEngine.sh datasource-enable-fully-materialize-lob-data -DWasPassword=foo


    Web server authentication

    This is not part of portal install. This is to add a documentation site to web server, and to add authentication to the site.

    1. Log on to server hosting IHS, and sudo to root

    2. Edit...

      ..and add stanza...

        <Directory /opt/IBM/Portal/IHS/htdocs/install>
            AuthType Basic
            AuthName "Portal v8 install documentation"
            AuthUserFile "/opt/IBM/Portal/IHS/htdocs/install/auth"
            Require valid-user
            Order allow,deny
            Allow from all
        </Directory>
        

    3. Create password file and add wasadmin user

        cd /opt/IBM/Portal/IHS/htdocs/install
        ../../bin/htpasswd -c /opt/IBM/Portal/IHS/htdocs/install/auth wasadmin

      To add user to existing password file...

        ../../bin/htpasswd /opt/IBM/Portal/IHS/htdocs/install/auth username

    4. Make password file readable by httpd daemon

        chmod 666 /opt/IBM/Portal/IHS/htdocs/install/auth

    5. Restart web server...

        /opt/IBM/Portal/IHS/bin/apachectl restart


    Script to install Portal FP1

    ### installFP1.sh
    ###
    ### Update Portal v8 with FP1. Before running, in wkplc.properties, set...
    ###
    ###  - Set PortalAdminPwd and WasPassword
    ###  - Set PWordDelete=false
    ###
    ###  To generate encrypted password used below...
    ###
    ###     ./IBMIM -silent -noSplash encryptString mypassword
    
    ### Stop WebSphere processes
    cd /opt/IBM/Portal
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./stopServer.sh WebSphere_Portal -username wasadmin -password foo
    cd /opt/IBM/Portal/WAS1/AppServer/bin
    ./stopNode.sh -username wasadmin -password foo
    cd /opt/IBM/Portal/WebSphere/AppServer/bin
    ./stopManager.sh -username wasadmin -password foo
    
    ### Backup file system
    cd /opt/IBM/Portal
    tar cvf WebSpherePostPortal.tar WebSphere
    gzip WebSpherePostPortal.tar
    tar cvf WAS1PostPortal.tar WAS1
    gzip WAS1PostPortal.tar
    
    ### Backup Installation Manager
    tar cvf InstallationManagerPostPortal.tar /var/ibm/InstallationManager
    gzip InstallationManagerPostPortal.tar
    tar cvf IMSharedPostPortal.tar /usr/IBM/IMShared
    gzip IMSharedPostPortal.tar
    
    ### Install FP
    cd /opt/IBM/InstallationManager/eclipse/tools
    ./imcl install com.ibm.websphere.PORTAL.SERVER.v80  \
          -repositories /media/Portal8_FP1/repository.config  \
          -properties user.wp.portal.userid,,com.ibm.websphere.PORTAL.SERVER.v80=wasadmin,user.wp.portal.password,,com.ibm.websphere.PORTAL.SERVER.v80=zvgGAF0Fb/j9MaftrK1Uww==,user.wp.was.userid,,com.ibm.websphere.PORTAL.SERVER.v80=wasadmin   \
          -installationDirectory /opt/IBM/Portal/WAS1/PortalServer  \
          -acceptLicense 
    
    ### Start WebSphere processes
    cd /opt/IBM/Portal/WebSphere/AppServer/bin
    ./startManager.sh
    cd /opt/IBM/Portal/WAS1/AppServer/bin
    ./startNode.sh
    cd /opt/IBM/Portal/WAS1/wp_profile/bin
    ./startServer.sh WebSphere_Portal
    


    Set up IHS SSL

    1. Create DB for keys

      mkdir /opt/IBM/Portal/IHS/keys
      cd /opt/IBM/Portal/IHS/keys
      
      /path/to/gsk7cmd -keydb \
                       -create \
                       -db myKeys.kdb \
                       -pw password \
                       -type cms \
                       -expire 360 \
                       -stash
      
      

      Create certificate and store in key database. /path/to/gsk7cmd -cert \ -create \ -db myKeys.kdb \ -pw password \ -size 1024 \ -dn "CN=hostname,O=MyCo,OU=IHS,ST=CO,C=US" \ -label IHS \ -default_cert yes \ -expire 360

    2. Edit httpd.conf and set...

      LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
       Listen 443
       <VirtualHost *:443>
           SSLEnable
           SSLProtocolDisable SSLv2
           </VirtualHost>
           KeyFile /opt/IBM/Portal/IHS/key/myKeys.kdb
       SSLDisable
      

    3. Restart IHS


    Example documentation entry page


    Prodline1 Links


    Prodline2 Links