Monday, September 28, 2015

Configuring Standalone custom registry in WAS

File-based repository Creation and configuration

Security is paramount for the Websphere Application server Environment
Global Security
a) Global security is enabled to secure your WAS server, but it requires a user registry.
b) A user registry contains the user and group names for authentication and authorization purposes.
c) When we configure it , the  application server will connect to the registry and perform lookups to acquire user credentials used in areas where authorization is required.
There are four types of registry
Standalone custom registry :
Standalone custom registry Allows a custom registry that is essentially based on Java
code implementation.
Local operating system :
Local operating system Specified the registry for the local OS.
Standalone LDAP registry :
Standalone LDAP registry Only used LDAP defined users and groups and required
Federated repositories :
Federated repositories Manages users and groups across multiple repositories
using a virtual realm. The registries can also be made up
of the combinations of the other registry types.
File-based repository Creation and configuration
Step 1 : Create the  user registry property  file
This file will have the users with the password and the details of the user like userid and group id
a) Create a folder called <was_root>/fileRegistry on our Linux box
b) Create a file called user.props with contents placed below
# Format:
# name:passwd:uid:gids:display name
# where name = userId/userName of the user
# passwd = password of the user
# uid = uniqueId of the user
# gid = groupIds of the groups that the user belongs to
# display name = a (optional) display name for the user.
wasadmin:wasadmin:101:101:WebSphere Administrator
Step 2 : Create the Group registry property file
a) In the folder <was_root>/fileRegistry create a file called groups.props and the contents of the file
will be as follows:
# Format:
# name:gid:users:display name
# where name = groupId of the group
# gid = uniqueId of the group
# users = list of all the userIds that the group contains
# display name = a (optional) display name for the group.
admins:101:wasadmin:Administrative group
NOTE: Ensure that any new files you create are assigned appropriate rights using chmod and chown to ensure WebSphere processes can read the file.
NOTE : Add additional users like wasmon , wasops etc on these user.props  and  groups.props files
Step 3: Turning on global security
To turn on global security,
a)    Log in to the Admin console
b)    Navigate to the Security
c)    Click Global security, as shown in following screenshot
filebasedsec
filebasedsec1

Step 4: Security Configuration Wizard
WebSphere has  a wizard to set up basic security using an internal repository.
Click the Security Configuration Wizard button as shown in the previous
screenshot.
Step 5: Standalone custom registry
a)    Start by selecting Standalone custom registry during our use of the Global security
wizard, as shown in the following screenshot:
filebasedsec2
Step 6: The Configure standalone custom registry page,
a) Type wasadmin in the Primary administrative user name and add two properties.
b) The usersFile property will point to the users.props file
c) The groupsFile property will point to the location of the groups.props file
filebasedsec3
Step 7 : Custom registry class name
Custom registry class name  is already filled in with a Java class that exists in the
internals of WebSphere that contains the code for WebSphere to use the user.props
and groups.props files.
Step 8: Complete the Configurations
Click Next to view the summary, and then click Finish to complete your file-based repository.
Step 9 : Restart the Websphere Server
         a)    Stop Application Server
<was_profile_root>/bin/stopServer.sh server1
b)    Start Application Server
<was_profile_root>/bin/startServer.sh server1
Step 10: Login to the Admin console
Once global security is enabled, log in to the standard login URL
http:Hostname:9060/ibm/console
filebasedsec4
You are being redirected to a secure site and a warning that you have received a Secure Sockets Layer (SSL) certificatefrom an unknown Certificate Authority (CA) will be shown in the browser.
Type wasadmin for the username and wasadmin for the password and click Log in
to gain access to the administrative console.
THIS IS HOW WE WILL CONFIGURE THE FILE BASED REPOSITORY
Posted by at 3 comments:
Labels:

Silent Installation of Websphere Application Server 8.5.5 on Linux

Steps as follows

1) Download the necessary packages and the fixpacks from the Passport Advantage
2) Ensure the necessary access is available .. in our case its root ( Though we can install using a non-root user)
3) Create the necessary filesystems ( we will be installing in /apps )
4) Check for sufficient space in the filesystem to extract the zip files and the installation
Below are the files which we have downloaded and transferred in the server
Installation Manager 1.6
agent.installer.linux.gtk.x86_1.6.0.20120831_1216.zip
WAS ND Fixpack 8.5.5.3
8.5.5-WS-WAS-FP0000003-part1.zip
8.5.5-WS-WAS-FP0000003-part2.zip
WASND 8.5.5 SDK
WS_SDK_JAVA_TEV7.0_1OF3_WAS_8.5.5.zip
WS_SDK_JAVA_TEV7.0_2OF3_WAS_8.5.5.zip
WS_SDK_JAVA_TEV7.0_3OF3_WAS_8.5.5.zip
WASND 8.5.5
WASND_v8.5.5_1of3.zip
WASND_v8.5.5_2of3.zip
WASND_v8.5.5_3of3.zip
I have created few folders within /IbmSoftware/was8.5.5/ and saved the corresponding files in these folders

silentwas8.5
PATH
/IbmSoftware/was8.5.5/IM1.6
agent.installer.linux.gtk.x86_1.6.0.20120831_1216.zip
/IbmSoftware/was8.5.5/was8.5.5
WASND_v8.5.5_1of3.zip
WASND_v8.5.5_2of3.zip
WASND_v8.5.5_3of3.zip
/IbmSoftware/was8.5.5/sdk
WS_SDK_JAVA_TEV7.0_1OF3_WAS_8.5.5.zip
WS_SDK_JAVA_TEV7.0_2OF3_WAS_8.5.5.zip
WS_SDK_JAVA_TEV7.0_3OF3_WAS_8.5.5.zip
/IbmSoftware/was8.5.5/fixpack
8.5.5-WS-WAS-FP0000003-part1.zip
8.5.5-WS-WAS-FP0000003-part2.zip
For eg as below image
silentwas8.51
silentwas8.52
5)Installation of Installation Manager
a) Unzip the Installation Manager setup  agent.installer.linux.gtk.x86_1.6.0.20120831_1216.zip
silentwas8.53
#unzip agent.installer.linux.gtk.x86_1.6.0.20120831_1216.zip
silentwas8.54
The extracted folder
silentwas8.55
Edit install.xml to define the location for IM installation
         b)    #vi install.xml
Add the below entries in the install.xml file
<profile kind=’self’ installLocation=’/apps/InstallationManager/eclipse’ id=’IBM Installation Manager’>
</profile>
Highlighted the entries in yellow where “/apps/InstallationManager/eclipse” is the location where I need to install the Installation Manager
silentwas8.56
         c)  Install IM1.6 silently
Execute #./installc –acceptLicense
This command reads the install.xml file and installed  it in the location mentioned in it
silentwas8.57
Once the installation is completed the message “Installed <package> to the <location> directory is displayed
             d) Verify the installation and the versions of Installation Manager
Navigate to /apps/InstallationManager/ folder
silentwas8.58



silentwas8.59

             Execute ./imcl -version to check the version of IM fron /apps/InstallationManager/eclipese/tools/
       THIS IS HOW WE INSTALL INSTALLATION MANAGER SILENTLY 

6)  CREATING THE Response xml files

a)  Launching Xming to display the graphical interface of the commands
Note : you can use any other X11 utility for unix but I prefer Xming
============================================================================
CONFIGURING XMING 
============================================================================
1)    Download Xming and install it on ur local machine from where you want to connect
2)    Execute the XLaunch icon
3)    Select Multiple Windows and “Next”
silentwas8.510
Select “Start no Client”
silentwas8.511
Select “No Access Control”
silentwas8.512
Click on Finish
silentwas8.513
Lauch Putty
And expand the Putty Settings > Connections >> SSH >> X11
Enable “X11 Forwarding” and mention localhost:0
Now put the ip and login
silentwas8.514
Once logged in enter “w” to determine the ip you are connecting to the WAS server with .. Here its 10.0.0.2
silentwas8.515
Export the display variable using
#export=DISPLAY=10.0.0.2:0.0
Run xclock to check if it works
silentwas8.516
This confirms that ths X11 forwarding works
7) Generating the response.xml files 
a) Generating the response.xml files using the record funciton of IM
    Execute #./IBMIM –record /apps/WAS8.8.8_Install.xml –skipInstall /tmp/was8.5.5
Where
-record  : ensures we are using the record function
/apps/WAS8.8.8_Install.xml  : is the response file which will be created ( any file name can be used)
-skipInstall  : This is to skip the installation and only create the response
/tmp/was8.5.5 : is a temp location where the Installation Manager will extract the files ( this can be any location )
silentwas8.517
This will launch the Installation Manager in Skip Install Recording mode (Highlighted in Yellow)
silentwas8.518
b) Add the repositories needed for WAS 8.5.5 install
c) We will be installing the fixpack also together along with the base install
silentwas8.519
Select the repository.config for was8.5.5
silentwas8.520
Similarly do it for the repository.config for SDK folder and the fixpack 3
silentwas8.521
Click OK
           c) Then Click Install to launch the installer function
silentwas8.522
This will display the packages for the installation ( We wil deselect the SDK for Liberty profile as its not needed for now)
silentwas8.523
           e)  Accept the License
silentwas8.524
         f)  Provide the path of the Shared Repository Directory ..
I gave it /apps/IMShared as I want all the installation binaries in /apps
silentwas8.525
           g) Provide the path where you want the WAS8.5.5.3 to be installed
silentwas8.526
              h) Select the options needed
silentwas8.527
Summary screen is displayed. Click Install
Here you can observe that the IBM WAS version is provided 8.5.5.3
IM has automatically detected the Fixpack also added in the repository
silentwas8.528
Click Finsh .
          i) A file /apps/WAS8.8.8_Install.xml which is the response file for WAS8.5.5.3 Installation
silentwas8.529
Response file
silentwas8.530
Open the file /apps/WAS8.8.8_Install.xml
Some observation :
We can see the repository location for the packages
“/ibmSoftware…….”
j) Modify the installLocation as per your needs
Change the Profile id as required .. though not necessary unless you allready have an installation of was with the same profile id
Eg “ IBM WebSphere Application Server V8.5 MY SERVER”
Verify that the files once again for any typo error and save it
silentwas8.531
       k) Execute the imcl to install the WAS

[root@mqnode was8.5.5]# /apps/InstallationManager/eclipse/tools/imcl input /apps/WAS8.5.5_Install.xml -acceptLicense -sP
silentwas8.532
After few minutes if all is well then it will give the output that WAS 8.5.5.3 is installed
silentwas8.533
       l) Verify the Installation
silentwas8.534
        m) Check the version using ./versionInfo.sh
silentwas8.535
Here we can see WAS ND 8.5.5.3 is installled at /apps/IBM location
NOTE:This response file can be used to install similar was8.5.5.3 on different machines
Also using the record function any Installation response file can be created ie for IHS , BPM8, Websphere Portal 8 etc .
Posted by at No comments:
Labels:

Silent Installation of Installation Manager

Silent Installation of Installation Manager 1.6
a) Unzip the Installation Manager setup  agent.installer.linux.gtk.x86_1.6.0.20120831_1216.zip
silentwas8.53
#unzip agent.installer.linux.gtk.x86_1.6.0.20120831_1216.zip
silentwas8.54
The extracted folder
silentwas8.55
Edit install.xml to define the location for IM installation
         b)    #vi install.xml
Add the below entries in the install.xml file
<profile kind=’self’ installLocation=’/apps/InstallationManager/eclipse’ id=’IBM Installation Manager’>
</profile>
Highlighted the entries in yellow where “/apps/InstallationManager/eclipse” is the location where I need to install the Installation Manager
silentwas8.56
         c)  Install IM1.6 silently
Execute #./installc –acceptLicense
This command reads the install.xml file and installed  it in the location mentioned in it
silentwas8.57
Once the installation is completed the message “Installed <package> to the <location> directory is displayed
             d) Verify the installation and the versions of Installation Manager
Navigate to /apps/InstallationManager/ folder
silentwas8.58

silentwas8.59

             Execute ./imcl -version to check the version of IM fron /apps/InstallationManager/eclipese/tools/
       THIS IS HOW WE INSTALL INSTALLATION MANAGER SILENTLY 
Posted by at 1 comment:
Labels:

java.lang.OutOfMemoryError: Failed to create a thread: retVal -1073741830, errno 11

I Recently got this issue when starting the App cluster Member for the first time ““java.lang.OutOfMemoryError: Failed to create a thread: retVal -1073741830, errno 11″”

Issue :

a) The Dmgr started properly but when i when tried to start the cluster from the Dmgr for the first time i got this error in the System Out “java.lang.OutOfMemoryError: Failed to create a thread: retVal -1073741830, errno 11″
Error Stack :
Caused by: java.lang.OutOfMemoryError: Failed to create a thread: retVal -1073741830, errno 11
at java.lang.Thread.startImpl(Native Method)
at java.lang.Thread.start(Thread.java:947)
at com.ibm.ws.dcs.vri.common.ThreadManager.getThread(ThreadManager.java:334)
at com.ibm.ws.dcs.vri.common.impl.DCSStackImpl.(DCSStackImpl.java:178)
at com.ibm.ws.dcs.rsmodule.impl.DCSRSStackImpl.(DCSRSStackImpl.java:215)
at com.ibm.ws.dcs.vri.common.impl.DCSCoreStackImpl.(DCSCoreStackImpl.java:79)
at com.ibm.ws.dcs.vri.common.impl.DCSCoreStackImpl.getInstance(DCSCoreStackImpl.java:75)
at com.ibm.ws.dcs.vri.common.impl.DCSStackFactory.getCoreStack(DCSStackFactory.java:92)
… 39 morestyle=”text-align: left;”>[3/12/15 19:31:53:888 IST] 00000001 WsServerImpl E WSVR0009E: Error occurred during startup
com.ibm.ws.exception.RuntimeError: Unable to start the CoordinatorComponentImpl
at com.ibm.ws.hamanager.runtime.CoordinatorComponentImpl.start
(CoordinatorComponentImpl.java:320)
at com.ibm.ws.runtime.component.ContainerHelper.startComponents(ContainerHelper.java:539)
at com.ibm.ws.runtime.component.ContainerImpl.startComponents(ContainerImpl.java:627)
at com.ibm.ws.runtime.component.ContainerImpl.start(ContainerImpl.java:618)
at com.ibm.ws.runtime.component.ServerImpl.start(ServerImpl.java:523)
at com.ibm.ws.runtime.WsServerImpl.bootServerContainer(WsServerImpl.java:311)
at com.ibm.ws.runtime.WsServerImpl.start(WsServerImpl.java:224)
at com.ibm.ws.runtime.WsServerImpl.main(WsServerImpl.java:697)
at com.ibm.ws.runtime.WsServer.main(WsServer.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)

Steps Tried :

a) Tried to Start the cluster Members using ./startServer.sh server1 but still the error in the SystemOut.log
I felt the heap memory was not sufficient for the JVM increased by 512 MB but still same error :-)
b) On Revisitng the SystemOutLogs and concluded that it seems to be Native Memory issue error from the Java Stack Error
c) Checked the System Resources like CPU , Memory but they were all fine . Finally i checked the Ulimit
All the Parameters were unlimited except the “Max no of Process” (nproc) which was 1024 .
d) The Value for ulimit nproc was very less than the recommended .
In Linux here is a new configurations (/etc/security/limits.d/90-nproc.conf ) which overrides the nproc setting in the /etc/security/limits.conf
Sample output of /etc/security/limits.d/90-nproc.conf
#* soft nproc 1024
WebSphere instance only uses a few hundred of threads and it will go on increasing depending on the Load and the other instances in the server .
We also have to take into account the other threads which are running on the Machine . So the nproc count may reach if too many threads are opened

Solution:

a) Edit the /etc/security/limits.d/90-nproc.conf to increase the nproc limit for all users .You can also set it for specific user too ..
    NOTE : A reboot is not required for this to take effect, however, the user must be completely logged out of the putty or the session and relogin to take the effect. The next time the user logs back in, the new value will be in place. This can be checked by running ‘ulimit -u’ as the user in question.
b) Update the /etc/security/limits.conf file for the nproc values to 131072 ( or any  higher value )
It is recommended to set the ulimit -u or nproc to a value of 131072 when running on Linux to safely account for all the forked threads within processes that could be created
There are many documents avaliable on the internet for the steps to change the ulimit . please go through them too .
c) After I made those changes to the ulimit & 90-nproc.conf
d) Now i restarted my cluster member and it started without any error now :-)
NOTE : There could be other reasons though for the “java.lang.OutOfMemoryError: Failed to create a thread: retVal -1073741830, errno 11″ .. this is ONE of them 
Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)