Connections install in 45 mins
Connections Install in 45 mins*
As quick as “The Flash”©
Sharon Bellamy – Cube Soft Consulting Ltd / Senior Engineer - Rock Team
*Note the install may take a lot longer than 45 mins
The Flash is © of DC Comics
Who am I?
Sharon Bellamy
Mum, workaholic, Star Wars & Disney enthusiast –
Mandalorian costumer, cosplayer, Sci-Fi fan & trustee
for iCosplay anti-bullying campaign
Administrator and Implementer
Specializes in IBM Connections, WebSphere and
other collaboration solutions
Working with WAS based products since 2003
Lover of Linux
Nathan James – Partner, Installer, system admin and
makes a great cup of tea
Agenda
•
•
•
•
•
•
•
•
•
Why?
Plan, plan and plan some more
Software Required
Useful Tools
Pre-Reqs
Installation
Configuration
Troubleshooting
Importing Data
• POC > Live
• Resources / Help
Want to use the
Domino/Notes Files
and Profiles
entitlements – Where
do we start?
Connections proof of
concept – lets try
before we buy – if we
like it we’ll make this
our live server!!
We need a test / dev
system, upgrade
testing, UI
development,
integration test system
I need to do some
Connections
development and need
a dev system
Our system was
installed by a BP / IBM
– now I need to look
after it, where do I
start?
Need to upgrade to
Connections 5 – test a
fix pack, install a new
component and I don’t
want to break live
I am THE IT guy –
Never touched
WebSphere – HELP !!!
4
What OS – Windows / Linux
• For TEST or Dev systems try to keep same as LIVE or system developing for
LDAP – plug into the *real* one where possible
If you need a dev LDAP make sure the schema is the same as the live system
Database – as the live / system developing for (i.e same DB type, same release)
Note that if you are planning on populating the new system with existing data it
must be same OS / versions for simplicity (its possible but a world of pain
otherwise)
• Size your system for current and expected growth – this will affect the topology
required
•
•
•
•
– Windows / Linux
• How many VM / Machines required?
• Small deployments of a few hundred users can happily sit on one reasonably sized
machine
• If medium deployment how many JVMS / WebSphere servers / Nodes?
• Make decisions before you start
• Straight forward to add additional nodes
• Easier to add than take things away
• It is much harder to change pieces of the environment once installation starts
• Understand what you are trying to achieve before you install ANYTHING
Topology Examples
Small Topology Example
Topology Examples
Medium Topology
Example
Software Required
WebSphere 8.5.5 + Fix pack 2
WebSphere 8.5.5, Supplemental software + Fix pack 3
Connections Install (for your OS)
Connections Wizards (for your OS)
TDI 7.1.1 + Fix pack 3
DB – for your OS – DB2 10.1 (FP4), Oracle 11.0.2g, MSSQL (win 2008/12)
See resources for a list of part numbers
Useful Tools:
LDAP Browser, decent txt editor, Baretail (windows), Connections admin
scripts (see scripting101.org)
LDAP - PreReqs
WebSphere / Connections / TDI requires read access to an LDAP Server
LDAP can be: Active Directory, Domino, Novell eDirectory, Sun/Oracle & TDS
WebSphere must be able to see the users you wish to add to / use Connections – this
can be the root, a group, an OU or selected via an LDAP filter
Things to Note:
Novell eDirectory – the DB population wizard won’t run, edit TDI scripts and run
manually
Domino – If the root LDAP is used and you wish to add a second LDAP base entry,
errors will occur. Use the work around on my blog.
Ensure the LDAP is *right* before you start
Before we begin
• LDAP Bind Account
• Ensure you have access to an account that can read the LDAP , also required base
DN / org and what container the users live in
Base DN
DC=virtual,DC=home,DC=local
Container
OU=cubesoft,DC=virtual,
DC=home,DC=local
Test with an LDAP browser:
i.e. Softerra LDAP Browser (WIN)
Apache Directory Studio (Linux)
Before we begin
Firewall off / AV off
Windows
• UAC off
Linux
•
•
•
•
SE Linux off
Ensure X11 forwarding is configured (test with xclock)
Install any required libraries (esp 32 bit ones – see resources)
Set security limits (or you will see too many files open issues)
Grab a coffee (or beverage of your choice) lets start
Prerequisites
WebSphere:
• Install and Patch WebSphere 8.5.5.3
• Install and Patch HTTP Server, Plugin & WCT 8.5.5.3
• Create WebSphere Cell (Deployment manager and Node)
• Secure WAS against the LDAP server
Database / TDI:
• Install DB and patch to required level (DB2 10.1, Oracle 11.0.2g, MSSQL)
• Install and Patch TDI to V7.1.1 fp3
• Use DBWizards / scripts to create DBs and set permissions*
• Populate DB using TDI Population Wizard / Scripts – check the populate
with the sql command:
select * from empinst.employee; - to view the imports
select count (*) from empinst.employee; - this shows number of records
*you may need to create the DB accounts prior to running depending on set up
Installing Pre-Reqs
Many guides to assist in installing the pre-req software,
zero – hero, IBM guides, documentation and many blogs.
Important things to remember:
Do not set WebSphere services to automatic – we can do this later if necessary
Create / federate WAS nodes prior to Connections install – you can add extra nodes
afterwards as long as you have a Cell with at least one node for install
When TDI is installing make sure you do not start the config editor
Once WAS is secured against the LDAP ensure you can see the users by checking
in the Admin console / ISC – Users and Groups > Manage Users
If using Domino as an LDAP source and you are using the *root*, be aware that if
you wish to add a second LDAP for external users *root* overwrites everything –
see the work around that will be on my blog.
Once pre-reqs are installed – if you are using a VM, snap shot at this
point allowing you to roll back if there are any installation problems.
Install Connections
• Fire up the installer
• Accept the license
• Select the install package - take out spaces and the
evil that is the program files if on windows
• Select all the Connections apps - except CCM – that’s a whole other ball game
• Point to the WebSphere install - add FQDN of WAS host even if local
• Select deployment size – Small for single JVM / WebSphere server, Medium if
you want more than one JVM / WebSphere server
• Add DB info and passwords
• Select Cognos later
• Shared / Local Content on local machine – shared can be on a network / san –
must use UNC name not mapped drive letter, it can also be moved later
• Notifications – fill in relevant info if yes, even if not required now you can leave it /
set it to example.com to make it easier to reconfigure in the future
INSTALL – it’s go grab a coffee again time
15
#engageug
17
Install Connections - continued
• Connections is now installed
• If you get any errors on install check
the suggested log and correct the
errors.
• Restart the deployment manager server.
• Start the nodeagent server and watch the log / wait for the applications to
sync – this can take a while.
• Start the node server(s) and wait until it is
completely started and synchronised.
ADMA7021I: Distribution of application oEmbed completed successfully.
ADMA7021I: Distribution of application ConnectionsProxy completed
successfully.
ADMA7021I: Distribution of application Help completed successfully.
ADMA7021I: Distribution of application Dogear completed successfully
Yes it really is that easy
Until something goes wrong – see troubleshooting .. We’ll get to that later ..
Test initial install
Start the Connections Server(s)
Cmd line:
cd E:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin
cd /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin
startServer.bat/sh <name_server>
NOTE: If you split the apps up into clusters, start the server with profiles on first. Then the infra apps (homepage, search,news etc).
This makes for a cleaner more efficient start up.
Test initial install
Use the URL of the local Connections machine + the port number/homepage
#engageug
22
Configuration
File quota, Logs,
Search
Application Security
Performance Tuning /
Config changes
23
Connections Configuration
• Configure WebServer – Plugin and deflate module & change Connections config file
• Configure search, dictionaries, languages and file content searching
• JVM tuning – by default the Connections servers are set at 2.5GB
• Log sizes and amount – they are 1mb and you get one file by default
• Tune data source connections – for live / poc >live environments
• Set Application (J2EE) security roles – force users to log in to all apps
• Configure file policies (file upload size) / user file limit – default 512mb
• Configure community file policies – default 512mb
• Configure Blog attachment sizes – by default attachment 1mb / blog 10mb
• Configure Wiki attachment / policy sizes
• Enable customization debug – if you are making UI changes
Configure the WebServer
HTTP Server config
Configure HTTP server up to use SSL and test first before
configuring for Connections. If you don’t have an existing SSL
cert, create a self-signed one for testing.
Use the WebSphere Customization Tool box to
configure.
It has a wizard to select HTTP Server type, the HTTP
server config file, you can optionally set up the HTTP
Admin server, give the definition a unique name, Point
to the WebSphere Server install (remote even if local),
the plugin will configure and generate a batch/sh
script (in /IBM/WebSphere/Plugins/bin/).
This covers the Configuring the IBM HTTP Server topic
in the knowledge base.
Copy the script to <WAS_Home>/bin then run it.
The HTTP server will now be configured and added
to the deployment manager. The applications are
mapped & plugin generated. The WebServer is now available in the ICS / WebSphere console
#engageug
25
Configure the WebServer
Checkout the Connections config file and change the URL to that of your webserver (see
knowledgebase for details on how to check the file out)
<sloc:href>
<sloc:hrefPathPrefix>/activities</sloc:hrefPathPrefix>
<sloc:static href="http://demo2.cube-soft.co.uk" ssl_href="https://demo2.cube-soft.co.uk"/>
<sloc:interService href="https://demo2.cube-soft.co.uk"/>
</sloc:href>
</sloc:serviceReference>
Check the file back in – restart and you are all systems go – on the correct URL
You can also add a URL re-write include to route HTTP traffic to the connections URL.
Create arewrite.conf in IBM/HTTPServer/conf
Add the following:
#Rewrite
RewriteEngine on
RewriteRule ^/$ /homepage [L,R]
#engageug
26
Search Configuration
Copying search configuration tools to local nodes – listed as an optional task – BUT mandatory –
full file and tag indexing doesn’t work correctly unless this step is completed
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/install/t_setting_path-variables_Search.dita
Copy <connections_data>/shared/search
stellent – directory with the search conversion tools
dictionary – dictionary tools to the <connections_data>/local/search
Edit the WebSphere variable for the file content conversion and search dictionary directory –
ensure you use the full path of the exporter (exporter.exe or exporter for linux/unix)
FILE_CONTENT_CONVERSION
C:\IBM\Connections\data\local\search\stellent\dcs\oi
export\exporter.exe
SEARCH_DICTIONARY_DIR
C:\IBM\Connections\data\local\search\dictionary
Save the changes and restart the connections servers to pick up the change. You may want to
rebuild the search index to search inside files, wikis and blogs.
#engageug
27
JVM Tuning
JVM (Java Virtual Machine) heap sizes should be set according to your environment.
By default the maximum JVM heap is set to 2506 MB for each Connections server.
The JVM heap size can be changed in the ISC. Each server must be changed individually.
Server Types > WebSphere Application Server > <server name> > Server Infrastructure > Java
Process Management > Process Definition > Java Virtual Machine
To use the script to set the JVM heap, use the cfgJVMHeap.py script.
The script shows actual size of initialHeapSize and maximumHeapSize
for all JVM. Prompts for initialHeapSize and maximumHeapSize for all JVM.
“Return” leaves actual setting intact
with no changes.
Once complete, restart the Websphere servers and
the new JVM settings will be used.
#engageug
28
Changing the log sizes
Default Setting for JVM Log Files (SystemOut.log & SystemErr.log):
Size: 1 MB
No historical Log Files
Too small to troubleshoot errors
Reconfigure:
Size: 20 – 40 MB
5-10 historical Log Files
Configure via the ISC (Wasadmin console)
Many clicks, time consuming
Especially for large environments
Troubleshooting > Logs and trace > <server name> > JVM Logs
Or use the community scripts:
use a script to set the log size and history (cfgLogFiles.py).
The script prompts for RolloverType – Size (to just set the size) or Both for size and
history. Maximum log size in mb. Maximum number of backup files.
#engageug
29
Datasource Tuning
15 + Data Sources to Change (at least 100 mouse clicks)
Resources > JDBC >Data sources > <data source name>
> Additional Features
> ConnectionPools
Change the maximum and minimum connections for
each data source, save each of the changes, sync
the nodes and restart the servers.
Or use the script - cfgDataSource.py
About 30 seconds to change all needed parameters
of all Data Sources
Set the data source properties in the
ibmcnx.properties in the script directory – allowing edits and re-running of the script.
#engageug
30
Configure Application Security
By default many of the Connections apps are open to read access, to enable users to log in
before accessing the User/Group security roles must be set.
This can be changed in the ISC for each application
Browse Applications > Application Types > WebSphere enterprise applications
Click the Security role to user/group mapping – select the
Group (or special subjects – All authenticated)
Or use the community scripts – J2EERolesRestricted.py
Reads the users and groups from the properties files.
There are also scripts to back up and restore the roles and to set specific roles such as social
mail, moderator, metrics etc.
NOTE - Applications restart automatically, when you change J2EE roles.
#engageug
31
Configure Application Security
#engageug
33
Configure library sizes
By default the max file upload size / library size is 512mb
Use the wasadmin commands to change this:
<WebSphere_Home>/profiles/Dmgr01/bin
wsadmin.bat/sh -lang jython
execfile("filesAdmin.py")
FilesConfigService.checkOutConfig(“<checkout>", “<cell>")
FilesConfigService.updateConfig("file.media.maximumSizeInKb", “1572864")
This command updates the maximum size for each file to upload – in this example its 1.5GB
FilesPolicyService.editPersonalDefault(2147483648L)
This command updates the default library size for each user to 2GB
FilesPolicyService.editCommunityDefault(2147483648L)
This command updates the default library size for each community to 2GB
FilesConfigService.checkInConfig(“<checkout>", “<cell>")
Numbers 2GB or greater are long literals, and you must add an "L" to the end of the number, for example a policy of 2GB must be 2147483648L
#engageug
34
Configure library sizes
Also possible by using the community scripts
Work with Files Policies (ibmcnx/cnx/FilesPolicies.py)
Work with Libraries (ibmcnx/cnx/LibraryPolicies.py)
Show Library Sizes (ibmcnx/cnx/LibrarySizes.py)
The work with file policy script prompts to Add, Edit or Delete a policy – you may edit existing or
Connections default policies or add your own. This allows you to add specific policies which you
can then assign to certain users using the Library Policy script – for example:
5
3.0 GB
dc63c31b-1a5a-4a05-a967-32b737c22eed
SharonLarge
The Library script prompts to work with Personal or Community policies – you may search using
name or wildcard
Please type the number of the library? 3
Policy will be assigned to: Nathan James
Actual assigned policy is: !Default for Personal Files
Which policy do you want to assign? 5
The policy with the id dc63c31b-1a5a-4a05-a967-32b737c22eed is now assigned to the library with the id 299e5d7e-2c69-4f67-b88ebdccc71d5b23 .
#engageug
35
Other Customization
Specify site wide settings for
blogs in the Blogs admin UI
By default the max upload size is 1mb and
directory size is 4mb
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_settings_UI.dita
Setting wiki media, pages and attachment sizes
Default sizes are: Media: 512 MB, Pages: 1 MB, Attachments: 75 MB
execfile("wikisAdmin.py")
WikisConfigService.checkOutConfig("<checkout dir>", "<cellname>")
WikisConfigService.updateConfig("file.media.maximumSizeInKb", "<number_of_kilobytes>")
WikisConfigService.updateConfig("file.page.maximumSizeInKb", "<number_of_kilobytes>")
WikisConfigService.updateConfig("file.attachment.maximumSizeInKb", "<number_of_kilobytes>")
WikisConfigService.checkInConfig("<checkout dir>", "<cellname>")
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_wikis_setting_maxsize.dita
#engageug
36
Other Customization
Customizing the user interface:
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/customize/t_admin_common_customize_main.dita
Add the WebSphere variable
CONNECTIONS_CUSTOMIZATION_DEBUG
true
Very well documented now. Covers most aspects of interface customization, from images,
header, footer, login page, error page, getting started, strings and properties (for the
connections wording), notifications …. The list goes on
Other configuration changes:
• Ajax proxy for RSS feeds etc.
• Flag as inappropriate
• Enable additional language support
• Hide metrics links
• Force Connections traffic to HTTPS
• Wikis table of contents (enable macros)
• And so much more …..
#engageug
37
Troubleshooting
Troubleshooting – Where to start?
Log files are your friend
Set of logs per WebSphere server (JVM)
Location: <WAS_HOME>/profiles/<profilename>/logs/<server name>
SystemOut.log – holds almost everything you need to diagnose most issues.
Generally any timeouts, LDAP issues, DB connection problems and other
issues are all written to this log.
WebServer Logs
Access and error logs are the ones to check here. Location:
<HTTP_HOME>/logs. If there are issues hitting the HTTP Server, check both
of these logs. One thing to note is these don’t roll – so they get very large.
Archive regularly to keep manageable.
WebSphere Plugin Log
Location: Websphere/Plugins/logs
Any issues with the plugin, SSL certs problems between the webserver and
WebSphere will be displayed in this log.
Troubleshooting – Where to start?
As well as checking the logs checking the applications, WebSphere server status and database
connectivity is a great place to start.
Check the WebSphere server status from the command line:
<WAS_HOME>/profiles/<profileName>/bin/serverStatus.bat/sh –all
i.e.
[root@con2 bin]# ./serverStatus.sh -all
ADMU0505I: Servers found in configuration:
ADMU0506I: Server name: nodeagent
ADMU0506I: Server name: server1
ADMU0506I: Server name: tc_server1
ADMU0508I: The Node Agent "nodeagent" is STARTED
ADMU0509I: The Application Server "server1" cannot be reached. It appears to be stopped.
ADMU0508I: The Application Server "tc_server1" is STARTED
Use the scripts to check the appStatus or Database connectivity:
Check if all Apps are running (ibmcnx/check/AppStatus.py)
Check Database connections (ibmcnx/check/DataSource.py)
Troubleshooting – Where to start?
Possible issues:
DB problems – Connections will start or be started, will complain of connectivity or data issues.
Check the DB, datasource connections – Connections servers SystemOut.log is a good place to
start.
LDAP – can’t log in, or people currently logged in are fine but new connections are refused.
Check LDAP connectivity. Use an LDAP browser to test. Connections servers SystemOut.log will
have LDAP errors logged.
JVM heap / memory errors – reported Connections servers SystemOut.log and System.Err log.
Can be specific to a given JVM. System will appear to hang, then may recover. Tune and test.
Importing Data
Offline backup new environment
DB and file system data (<connections_data>/shared)
If you back up the *clean* new system it allows you to roll back to clean if there are any
migration issues.
Offline backup existing/live environment
DB and file system data (<connections_data>/shared)
Ensure the system is off. Migrating data with an online back up can cause issues and isn’t
particularly straight forward.
Copy DBs to migrate to new db machine
Restore DBs (you may need to drop the new environments DBs to do this)
In the case of DB2 – drop V5 DBs, restore V4 / 4.5 DBs and they will be updated to latest
DB2 version on restore.
Run the Connections update scripts / wizards
This updates the migrated DBs to the new version
Apply the DB updates for any CR you have applied to the new environment (i.e CR1)
Sync Tdi to update any LDAP / Employee information
Importing Data
File System Data:
Copy the following content to the following directories – If any of the new V5 shared directories
do not exist create them
Content Store Location
shared_content_store/audit
shared_content_store/activities/content
shared_content_store/activities/statistics
shared_content_store/blogs/upload
shared_content_store/communities/statistics
shared_content_store/customization
shared_content_store/dogear/favorite
shared_content_store/files/upload
shared_content_store/forums/content
shared_content_store/profiles/statistics
shared_content_store/wikis/upload
Data is now migrated – on to the post migration steps ..
Post migration / update
• Clear the scheduled tasks
•
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_common_clear_scheduler_after_ltpa_change.dita
• wsadmin script
• execfile("connectionsConfig.py")
• Scheduler.listAllTasks()
• Scheduler.clearAllTasks()
• If there are issues use the clearScheduler.sql in the wizards\db directory
• Rebuild the search index
•
•
•
•
•
•
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/admin/t_admin_common_clear_scheduler_after_ltpa_change.dita
• Delete the search index and rebuild
Resync community files
• FilesDataIntegrityService.syncAllCommunityShares()
Re-apply any customisations and file quotas that may have been overwritten
If moving from V4 add / change the filestore for Activities – see technote
• https://www-304.ibm.com/support/docview.wss?uid=swg21676288
If the new system is live – Configure notifications (if required)
Test
The boss has
decided …
Proof of concept
or test
Is now *LIVE*
What do you
do?
POC to LIVE
Many customers take this path:
Advantages – data is in the system
when you roll out live. You have
seen how the system performs with
the POC group and can tune
accordingly. Any changes can be
made prior to the live roll out.
Disadvantages – Any test data will
need to be manually removed from
the system by the users that have
created it.
#engageug
47
POC to LIVE
• When rolling out a POC, assume that it may end up as your live
system.
• Ensure the users of the system are aware that this system may well
become your live and to use it as such.
• Careful planning means a few tweaks
• Tune the JVMs, turn the customization debug off, tune data sources if
required, add additional nodes, change webserver URL if necessary
• Avoid changing LDAP source but if you do ensure that the mail or uid fields
are the same between source and target and use the sync_hash field in the
profiles_tdi.properties file (use uid or mail to hash against)
• Where possible use the community scripts
• Simple config with a few commands, no chance of typos or missing a step.
48
Resources and Help
Resources and Help
• Connections 5 Part Numbers:
http://www-01.ibm.com/support/docview.wss?uid=swg24037654
• Note
• If you are using windows 2012 you must use DB2 10.1 fp 4 or the installer will fail
• If you are using windows 2012 you need to run the TDI installer in compatibility mode or it
will fail when you run the installer – see technote: http://www01.ibm.com/support/docview.wss?uid=swg21634336
• If you are using FEB for forms and surveys, use 8.5.1 if you wish to use anything other than cn
for the display name. There are known issues with 8.5.0.1.
• Community Scripts: http://scripting101.org
• Linux / AIX:
• 32bit libs - https://www-304.ibm.com/support/docview.wss?uid=swg21459143
• Libs req: http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/install/r_linux_libraries.dita
• More info see:
http://www-01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/install/r_before_installing.dita
• This session will be available via the web – http://cube-soft.co.uk/cnxsupport
Skype Chats
• There are a number of community skype chats
If you wish to be added to any of these chats either ping myself or Christoph.
Sharon – dilftechnical
Christoph - christophstoettner
#engageug
52
This presentation mentions the following Copyrights and Trademarks.
•IBM® Notes®
•IBM® Domino®
•IBM® Connections
•IBM® WebSphere®
•IBM® DB2
•IBM® AIX®
•Tivoli®
•Linux®
•Java®
•Microsoft® Windows®
•Red Hat® Linux®
•Twitter®
•Skype®
© Copyright 2024