Sa106 – practical solutions for connections administrators
1. MWLUG 2014
SA106 –Practical Solutions for Connections Administrators
Sharon Bellamy –Senior Engineer -Rock Team
2. Who am I?
Sharon Bellamy
Mum of three, Star Wars & Disney fan –Mandalorian costumer & admin for iCosplay anti-bullying campaign
Administrator and Implementer
Specializes in IBM Connections, WebSphere and other collaboration solutions
Working with WAS based products since 2003
Lover of Linux
Christoph Stoettner
Bavarian, Dad of two, likes hiking
Administrator and implementer
Specialized in the infrastructure of IBM Connections and IBM Domino
Lover of Linux
3. Agenda
Installing and ConfiguringBusiness as Usual
•Autostart
IBM WebSphere
IBM HTTP Server
•Performance Tuning DataSources
•Setting J2EE Security Roles
•Configure JVM Log Files
•Set JVM Heap Sizes
•Check External ID against LDAP
•Activate and Deactivate Users
•Synchronize User External IDs
•Work with Policies
•Adding Policies to personal or community libraries
•Database reorganization
These scripts were written for Connections 4.5 –Most will work with V5. There are a few issues with the member scripts, we hope to have updated V5 scripts available very soon.
4. Agenda (cont..)
TroubleshootingDocumenting
•Application state
•Database access
•JVM Heap Sizes
•JVM Log Settings
•Used Ports within WebSphere
•WebSphere Variables
These scripts were written for Connections 4.5 –Most will work with V5. There are a few issues with the member scripts, we hope to have updated V5 scripts available very soon.
5. Disclaimer & Caution
•With scripts
•Shell / BASH / ZSH / KSH / SH, Jython / JACL
•PowerShell / Batch / VB, SQL
•You can...
•Save a lot of time!
•Change tons of stuff in seconds!
•TIPS:
•Create Backups
•Install to a Test system (if you don’t have one –BUILD ONE)
•Document your changes BACKUPbefore you make any changes
The use of all scripts shown in these slides or downloaded from our repositoriesare WITHOUT WARRANTY and at your own risk!
6. Using the scripts
•Using the Community Scripts
•Download links at the end of this presentation
•Extract zip to DMGR/bin
–all files are in subfolder ibmcnx
–rename ibmcnx_sample.properties to ibmcnx.properties*
–edit ibmcnx.properties*
–configure loading the db2 jdbc driver*
*(more details in resources section of the presentation and at http://scripting101.org/ blog/documentation)
8. Auto starting WebSphere
•Number of ways of starting WebSphere/Connections
Manually -takes time and requires much typing or copy and pasting to the command line.
Automatically -via a service can often be the easiest way to start the servers (assuming the monitoring policy is set correctly).
Using a script –run one command and start all the connections servers in one swoop.
9. Registering WAS services
• Registering a Linux service
Registering WebSphere as a Linux service is straight forward. Use the
wasservice script - which is held in the <WAS_HOME>/bin directory
(default is /opt/IBM/WebSphere/AppServer/bin)
Running the wasservice commands with the appropriate arguments (see example above for syntax),
will create a service for the Deployment manager and Nodeagent servers. Adding the –stopArgs will allow
you to add the wasadmin user and password here so it is not held in a file or is required when the service
runs. Adding the –stopservers argument to the nodeagent server will stop the WebSphere servers on the
node when the nodeagent is stopped.
If you now list the contents of /etc/init.d the services can be seen.
10. Registering WAS services
• Registering a windows service
Once the wasservice command has been run successfully, the new services will be visible under
Registering a WebSphere windows services are very similar to adding a Linux service.
From the <WAS Profile>bin directory
wasservice –add <service name> -serverName <name of server> -profilePath <path to server profile>
To enable the server to restart automatically and to encode the user name and password, additional
parameters are required.
-encodeParams –restart true -startType automatic -stopArgs “-username wasadmin –password password ”
And to the nodeagent add the additional
-encodeParams –restart true -startType automatic -stopArgs '-username wasadmin –password password -stopservers'
11. Setting the monitoring policy
• Using the Web Console to set the monitoring policy
Open each Application Server
Server Infrastructure – Java and Process Management – Monitoring Policy
Change Node restart state to “RUNNING”.
Ensure that the configuration is saved before quitting the ISC.
When the server is restarted the monitoring policy will be set.
NOTE: Ensure that the monitoring policy is set to STOPPED when applying fix packs and ifixes.
12. Setting the monitoring policy
• Using a script to set the monitoring policy
Run the config monitoring policy script (cfgMonitoringPolicy.py)
./wsadmin.sh -lang jython -f cfgMonitoringPolicy.py
A prompt is presented asking which state you would like to set stopped, running or previous.
Once complete the script will synchronise the changes to the nodeagents.
Again note that prior to applying fix packs or ifixes the monitoring policy should be set to STOPPED.
13. Start / Stop with a script
•Windows
Create a service for the Dmgr, Nodeagent and Connections servers.
Create a windows batch file to stop and start the services.
***** Example of start servers batch file ****
@echo offecho Starting DeploymentManagerNET START "IBMWAS80Service -Dmgr" echo Starting NodeAgentNET START "IBMWAS80Service -Node" echo Starting server CubeyNET START "IBMWAS80Service –cubey" echo Servers started now exitingpauseexit
Use the NET STOP command for stopping the servers and NET START for starting the servers.
When run, the start / stop batch file starts or stops the servers in the order specified in the file.
14. Start / Stop with a script
•Linux
If you prefer to manually start the Connections servers under Linux by far the easiest way is to use the connctrl script (see download the scripts).
Copy the connctrl script to the /etc directory and edit the variables, path to App server profiles, server names and if a non root user is required
The script is then called from /etc
/etc/connctrl.shUsage: ConnCtrl {start|stop} {0|3|4} {nru} 0=just 1 IC server, 3=3 IC servers & 4=4IC serversnru = if you are using a user other than root
i.e.. /etc/connctrl.sh stop 4 wasadmin
or /etc/connctrl start 0
The script will start and stop the servers in a similar way to the windows batch files. Each server in turn is stopped (or started).
17. Auto start HTTP Server
•Windowscreate a Service for IHS and Admin Service
From <HTTP ROOT>bin
httpd -k install -n <name of service> -f <path to config file>
i.e..
httpd -k install -n IBMHTTPAdmin -f C:IBMHTTPServerconfadmin.conf
•Linux | AIX:
Create Symbolic Link:
ln -s /opt/IBM/HTTPServer/bin/apachectl /etc/init.d/
ln -s /opt/IBM/HTTPServer/bin/adminctl /etc/init.d/
Add Service
chkconfig –add apachectl
chkconfig –add adminctl
18. Performance Tuning
•PerformanceTuning IBM Connections
•Increase min-and max Connections of Data Sources
Performance Tuning Guide IBM Connections 4.0
Performance Tuning Guide Addendum
•Review these settings periodically with “Tivoli Performance Viewer”
Performance Tuning Guide IBM Connections 4.0 – http://www-10.lotus.com/ldd/lcwiki.nsf/dx/IBM_Connections_4.0_Performance_Tuning_Guide
Performance Tuning Guide Addendum - http://www- 10.lotus.com/ldd/lcwiki.nsf/dx/IBM_Connections_4.5_Performance_Tuning_Guide_Addendum
19. Configure Data Sources
• 15 + Data Sources to Change (at least 100 mouse clicks)
Resources > JDBC >Data sources > <data source name> > Additional Features
> ConnectionPools
Change the maximum and minimum
connections for each data source, save
each of the changes, sync the nodes and
restart the servers.
This process can take about 30 minutes
depending on the speed of the machines
you are working on.
20. Configure Data Sources
•Why not configure using a script:
cfgDataSource.py
About 30 seconds to change all needed parameters of all Data Sources
Set the data source properties in the ibmcnx.properties in the script directory –allowing edits and re-running of the script.
21. HTTP mod_deflate
•See my blog, the white paper or scripting101.org
•Set mod_deflate in your IBM HTTP server config
Edit the httpd config and enable the deflate module.
Add the deflate information.
Set the deflate compression level to the desired level.
Add the information to the virtual hosts.
Restart the HTTP server.
Loading my profile with deflate on saves approx. 75% of the page load time.
24. Set J2EE Security Roles
•First found on Klaus Bild’s Blog: http://kbild.ch
•Extended version with Group support and input option.
•No need to edit the script.
•Two versions:
•Restricted
Each application ask for credentials, no data visible for anonymous users.
•Unrestricted
Default Settings, some content is visible to anonymous users.
NOTE-Applications restart automatically, when you change J2EE roles.
25. Set J2EE Roles for special applications
•As some applications are configured different from environment to environment
•Save time and use following scripts:
•cfgJ2EERoleGlobalModerator.py
•cfgJ2EERoleMetricsReader.py
•cfgJ2EERoleMetricsReportRun.py
•cfgJ2EERoleSocialMail.py
•Deactivate or activate the application for users and groups
28. J2EE Security Roles -BACKUP
•CR and Fix pack Installations pre IBM Connections 4.0 often reset J2EE roles back to the default settings. Mainly this isn’t an issue anymore, BUTbefore running an update or making significant changes to the security settings, it is wise to back up the application security roles.
Script writes text files as backup to a local folder.
Roles of all installed WebSphere applications (including IBM Docs, Forms Experience Builder, Kudos etc.), not just the connections applications are backed up.
cfgJ2EERoleBackup.py
29. J2EE Security Roles - RESTORE
Once you have a backup of the application security settings, it is
possible to restore it if necessary.
Advantages to using the script to restore.
• You can edit the backup files to add or change users.
• Backup of Dev or QA Systems can be restored in
production (Admin Users and Groups must exist there).
To run a restore use the cfgJ2EERoleRestore.py script.
The script will prompt for
the directory where the
security text files are
stored.
Once complete the roles
are restored and visible
in the ISC.
32. Configure JVM Log Files
•Default Setting for JVM Log Files (SystemOut.log & SystemErr.log):
Size: 1 MB
No historical Log Files
Too small to troubleshoot errors
•Reconfigure:
Size: 20 –40 MB
5-10 historical Log Files
•Configure via the ISC (Wasadmin console)
Many clicks, time consuming
Especially for large environments
Troubleshooting > Logs and trace > <server name> > JVM Logs
33. Configure JVM Log Files
•Use a script to set the log size and history (cfgLogFiles.py)
•The script prompts for
–RolloverType –Size (to just set the size) or Both for size and history.
–Maximum log size in mb.
–Maximum number of backup files.
The settings are saved to the WebSphere configuration and are picked up on the next server restart.
36. Set JVM Heap Sizes
• JVM (Java Virtual Machine) heap sizes should be set according
to your environment.
• By default the maximum JVM heap is set to 2506 MB for each
Connections server.
The JVM heap size can be changed in the ISC. Each server must be
changed individually.
Server Types > WebSphere Application Server > <server name> >
Server Infrastructure > Java Process Management > Process
Definition > Java Virtual Machine
Many clicks can be time consuming depending on the size of the environment.
Set the initial heap size, maximum heap size, save and sync once the servers are
restarted and the new settings are picked up.
37. Set JVM Heap Sizes
•To use the script to set the JVM heap, use the cfgJVMHeap.py script.
The script shows actual size of initialHeapSize and maximumHeapSize for all JVM.
Prompts forinitialHeapSize and maximumHeapSize for all JVM.
“Return” leaves actual setting intact with no changes.
Once the script is complete, the new settings are visible in the ISC and are picked up on the next server restart.
41. Check External IDs against LDAP
•Sometimes users can't logon to single Connections Applications
•ExtIDs are out of sync, you see several error messages.
•Script to check if LDAP UUIDs (GUID, SID) are equal to Connections UUID
•Script reads PROF_GUID from peopleDB through JDBCand Check UUID in Applications.
Mail address of profile you want to check: sharon@cube-soft.co.uk
Profiles: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
Activities: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
Blogs: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
Communities: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
Dogear: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
Files: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
Forums: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
News, Search, Homepage:9EE90251-33DE-4699-A6F1-BFDB381F7DD3
Wikis: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3
No need to run individual scripts per app to check the ID.
44. Deactivate and Activate Users
•After rename or sometimes without real reason
Users get out of sync. They can open Profiles, but no other Application.
Or they have problems with a single App.
•When you want to reactivate a user you must provide UID and EMAIL (was deleted through Deactivate)
execfile("profilesAdmin.py")
ProfilesService.activateUserByUserId("9EE90251-33DE-4699-A6F1-BFDB381F7DD3", email="sharon@cube- soft.co.uk", loginId="sharon")
Deactivating and Reactivating through the ProfilesServicecan be a resolution for this issue. This forces the applications to resynchronise with the profiles application.
45. Use the Deact&Act script
•Use the script -cnxMemberDeactAndActByEmail.py
•Stores UID and Mail in memory and deactivates and activates in one command.
•It basically turns it off and on again –forcing a resync with the Connections applications and resolving the users *out of sync* issues.
•Result = Happy Users
46. Sync External IDs of all Users in all Applications
•Sometimes LDAP IDs and UUID come out of sync
•Switch LDAP System requires a synchronization.
•Running the MemberServicescripts can resolve this.
MemberService.syncAllMembersByExtId
for each application. Can be time consuming, much copying and pasting of commands and each one has to complete before the next one can be run.
47. Sync External IDs of all Users in all Applications
•Use the script -MemberSyncAllByEXID.py
•The script resyncs ALL applications for ALL users.
Running the script syncs all users against all applications, rather than having to run each application sync all members script separately. Resulting in happy users.
50. Working with files policies
•Creating or editing policies is sometimes a pain
•Library size must be provided as Long (e.g. 2 GB = 2147483648L)
•Edit example:
•FilesPolicyService.edit("2d93497d-065a-4022ae25- a4b52598d11a", "My Policy", 2147483648L).
•Find UUID of Policy to edit, copy the size from calculator.
•Use a script -CnxFilesPolicies.py
53. Add Policies to Libraries
•You need UUID from Policy and Community
•Community Listing provides too much information, hard to find UUID.
•Example assign Policy
•FilesLibraryService.assignPolicy("f0d01111-9b21-4dd8-b8be-8825631cb84b", "2d93497d-065a-4022ae25-a4b52598d11a")
•If you need to find the library information it’s a pain:
FilesLibraryService.browseCommunity("title", "true", 1, 20)
54. Add Policies to Libraries
•Or you can use a script (LibraryPolicies.py)
Allows for searching across Personal or Community libraries.
Select a community the policies will be listed and you may assign a new policy.
57. Reparenting Communities
•Big thanks to Klaus Bild
Script allows the moving of a main community to a sub (assuming it has no subs).
Or a sub to a main community.
Wild card searches are also available.
58. Data base maintenance
•Lots of DB maintenance that can be run:
–Optimization –Check the Connections performance guide for DB tuning and optimization.
–ReOrg –Should be run regularly –scripts are available in the Connections wizards folder (connections.sql folder), can be set as a scheduled job.
–Run Stats –Can be set through automatic maintenance.
–Backup the DBs on a regular basis –either as part of your regular back up routine or an offline backup regularly.
•Lots of information on the scripting101.orgsite and on the DB2 info centres.
60. Are all applications running
•To check If all IBM Connections Applications are running
•Go to ISC –Applications – Application Types – WebSphere Enterprise Applications.
•Or use a script (checkAppStatus.py)
One button press and the script
checks all apps and lists them as
stopped or started.
61. Can WAS connect to Data Sources
•Go to ISC –Resources –JDBC –Data sources
•Check all Data Sources and click Test connection.
•Use a script (/check/DataSource.py)
The script checks connectionto the DB and tests the data
Sources. Then lists successful,
failures and databases
not installed.
65. Connections Documentation
•Everyone knows you should document your install right?
•Never fear –there is a script to do most of the hard work for you.
66. Documentation scripts
•Use the scripts
1.Show JVM Heap Sizes (ibmcnx/doc/JVMHeap.py)
2.Show JVM Settings (ibmcnx/doc/JVMSettings.py)
3.Show SystemOut/Err Log Sizes (ibmcnx/doc/LogFiles.py)
4.Show all used ports (ibmcnx/doc/Ports.py)
5.Show all used variables (ibmcnx/doc/Variables.py)
6.Show all j2ee roles of inst. applications (ibmcnx/doc/j2eeroles.py)
7.Create a file with all documentation (ibmcnx/doc/Documentation.py) –this isn’t implemented in the menu as yet –call with wsadmin.sh|bat-langjython-f ibmcnx/doc/Documentation.py
71. Download the scripts
•If you wish to use any of the scripts described in this presentation, they are available for download.
•Please be aware that they are community created scripts and are available without warranty. They should be used at your own risk.
–Git Hub -https://github.com/stoeps13/ibmcnx2
–OpenNTF Project since –Administration Scripts for WebSphere - http://www.openntf.org/main.nsf/project.xsp?r=project/Administration%20Scripts%20for%20WebSphere/summary
–ConContrl –Linux Connections start / stop script from Tim Clark and Sharon Bellamyhttps://github.com/stoeps13/ibmcnxscripting/tree/master/Connections/startstop
72. Install the scripts
•http://scripting101.org/resources/installing-the-scripts/
•Create links to extracted scripts directory
–Linux
cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ln -s /opt/IBM/ibmcnx2/ibmcnx ./
–Windows
mklink /d <link> <target>
mklink /d D:IBMWebSphereAppServerprofilesDmgr01binibmcnx D:IBMibmcnx2ibmcnx
•Edit the ibmcnx.properties
At the moment there are 3 parts: Generic, Database and Tuning.
Generic:
You should change the values within Generic of all j2ee.* parameters and put your administration users and groups in it. Thispart is used to set the J2EE Security Roles and you save typing in the values each time.
Database:
The User scripts (checking ExId, Deactivate) are using the db* parameters and you can put the User, password, host and so on.
Tuning:
These parameters are used for DataSource performance tuning and are set to the values provided in the IBM Connections Performance Tuning Guide. That’s a good starting point, but you should check them in your environment.
73. Install the scripts (cont.)
•Additional tasks to load JDBC Drivers within Jython
Linux
Create a WAS_USER_SCRIPT (/opt/IBM/JDBC is my path to the database drivers):
wasuserscript.sh export WAS_EXT_DIRS=$WAS_EXT_DIRS:/opt/IBM/JDBC
Now you have to set an environment variable each time when you want to start the scripts:
export WAS_USER_SCRIPT=/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/ibmcnx/wasuserscript.sh
Windows
There is an issue loading the JDBC Driver path through WAS_USER_SCRIPTon Windows. To resolve this edit setupCmdLine.bat in dmgr/bin and add the path to WAS_EXT_DIRS i.e.
SET WAS_EXT_DIRS=%JAVA_HOME%lib;%WAS_HOME%classes;%WAS_HOME%lib ……C:IBMSQLLIBjava
•Load the script menu
Linux
./wsadmin.sh -lang jython -username wasadmin –password password-f ibmcnx/menu/cnxmenu.py
Windows
wsadmin.bat -lang jython -username wasadmin –password password-f ibmcnxmenucnxmenu.py
74. Useful links / Articles
•IBM Connections Performance Tuning –relevant for Version 4 and 4.5 (see Addendum for 4.5 additions and changes) -http://www- 10.lotus.com/ldd/lcwiki.nsf/dx/IBM_Connections_4.0_Performance_Tuning_Guide
•IBM Connections Performance Tuning Addendum –relevant for 4.5 changes - http://www- 10.lotus.com/ldd/lcwiki.nsf/dx/IBM_Connections_4.5_Performance_Tuning_Guide_Addendum
•Auto start DB2 on RHEL6 systems -https://www- 304.ibm.com/support/docview.wss?uid=swg21497220
•Tuning WebSphere Application Server V7 and V8 for performance - http://www.ibm.com/developerworks/websphere/techjournal/0909_blythe/0909_blythe.html
•DB2 Info centre -http://pic.dhe.ibm.com/infocenter/db2luw/v10r1/index.jsp
•IBM Connections wiki -http://www-10.lotus.com/ldd/lcwiki.nsf
•IBM WebSphere 8 info centre - http://pic.dhe.ibm.com/infocenter/wasinfo/v8r0/index.jsp
75. Skype Chats
• There are a number of community skype chats
If you wish to be added to any of these chats either ping myself or Christoph.
Sharon – dilftechnical
Christoph - christophstoettner