Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Sa106 – practical solutions for connections administrators


Published on


Sa106 – practical solutions for connections administrators

  1. 1. MWLUG 2014 SA106 –Practical Solutions for Connections Administrators Sharon Bellamy –Senior Engineer -Rock Team
  2. 2. Who am I? Sharon Bellamy Mum of three, Star Wars & Disney fan –Mandalorian costumer & admin for iCosplay anti-bullying campaign Administrator and Implementer Specializes in IBM Connections, WebSphere and other collaboration solutions Working with WAS based products since 2003 Lover of Linux Christoph Stoettner Bavarian, Dad of two, likes hiking Administrator and implementer Specialized in the infrastructure of IBM Connections and IBM Domino Lover of Linux
  3. 3. Agenda Installing and ConfiguringBusiness as Usual •Autostart IBM WebSphere IBM HTTP Server •Performance Tuning DataSources •Setting J2EE Security Roles •Configure JVM Log Files •Set JVM Heap Sizes •Check External ID against LDAP •Activate and Deactivate Users •Synchronize User External IDs •Work with Policies •Adding Policies to personal or community libraries •Database reorganization These scripts were written for Connections 4.5 –Most will work with V5. There are a few issues with the member scripts, we hope to have updated V5 scripts available very soon.
  4. 4. Agenda (cont..) TroubleshootingDocumenting •Application state •Database access •JVM Heap Sizes •JVM Log Settings •Used Ports within WebSphere •WebSphere Variables These scripts were written for Connections 4.5 –Most will work with V5. There are a few issues with the member scripts, we hope to have updated V5 scripts available very soon.
  5. 5. Disclaimer & Caution •With scripts •Shell / BASH / ZSH / KSH / SH, Jython / JACL •PowerShell / Batch / VB, SQL •You can... •Save a lot of time! •Change tons of stuff in seconds! •TIPS: •Create Backups •Install to a Test system (if you don’t have one –BUILD ONE) •Document your changes BACKUPbefore you make any changes The use of all scripts shown in these slides or downloaded from our repositoriesare WITHOUT WARRANTY and at your own risk!
  6. 6. Using the scripts •Using the Community Scripts •Download links at the end of this presentation •Extract zip to DMGR/bin –all files are in subfolder ibmcnx –rename to* –edit* –configure loading the db2 jdbc driver* *(more details in resources section of the presentation and at blog/documentation)
  7. 7. MWLUG 2014 Installing & Configuring
  8. 8. Auto starting WebSphere •Number of ways of starting WebSphere/Connections Manually -takes time and requires much typing or copy and pasting to the command line. Automatically -via a service can often be the easiest way to start the servers (assuming the monitoring policy is set correctly). Using a script –run one command and start all the connections servers in one swoop.
  9. 9. Registering WAS services • Registering a Linux service Registering WebSphere as a Linux service is straight forward. Use the wasservice script - which is held in the <WAS_HOME>/bin directory (default is /opt/IBM/WebSphere/AppServer/bin) Running the wasservice commands with the appropriate arguments (see example above for syntax), will create a service for the Deployment manager and Nodeagent servers. Adding the –stopArgs will allow you to add the wasadmin user and password here so it is not held in a file or is required when the service runs. Adding the –stopservers argument to the nodeagent server will stop the WebSphere servers on the node when the nodeagent is stopped. If you now list the contents of /etc/init.d the services can be seen.
  10. 10. Registering WAS services • Registering a windows service Once the wasservice command has been run successfully, the new services will be visible under Registering a WebSphere windows services are very similar to adding a Linux service. From the <WAS Profile>bin directory wasservice –add <service name> -serverName <name of server> -profilePath <path to server profile> To enable the server to restart automatically and to encode the user name and password, additional parameters are required. -encodeParams –restart true -startType automatic -stopArgs “-username wasadmin –password password ” And to the nodeagent add the additional -encodeParams –restart true -startType automatic -stopArgs '-username wasadmin –password password -stopservers'
  11. 11. Setting the monitoring policy • Using the Web Console to set the monitoring policy Open each Application Server Server Infrastructure – Java and Process Management – Monitoring Policy Change Node restart state to “RUNNING”. Ensure that the configuration is saved before quitting the ISC. When the server is restarted the monitoring policy will be set. NOTE: Ensure that the monitoring policy is set to STOPPED when applying fix packs and ifixes.
  12. 12. Setting the monitoring policy • Using a script to set the monitoring policy Run the config monitoring policy script ( ./ -lang jython -f A prompt is presented asking which state you would like to set stopped, running or previous. Once complete the script will synchronise the changes to the nodeagents. Again note that prior to applying fix packs or ifixes the monitoring policy should be set to STOPPED.
  13. 13. Start / Stop with a script •Windows Create a service for the Dmgr, Nodeagent and Connections servers. Create a windows batch file to stop and start the services. ***** Example of start servers batch file **** @echo offecho Starting DeploymentManagerNET START "IBMWAS80Service -Dmgr" echo Starting NodeAgentNET START "IBMWAS80Service -Node" echo Starting server CubeyNET START "IBMWAS80Service –cubey" echo Servers started now exitingpauseexit Use the NET STOP command for stopping the servers and NET START for starting the servers. When run, the start / stop batch file starts or stops the servers in the order specified in the file.
  14. 14. Start / Stop with a script •Linux If you prefer to manually start the Connections servers under Linux by far the easiest way is to use the connctrl script (see download the scripts). Copy the connctrl script to the /etc directory and edit the variables, path to App server profiles, server names and if a non root user is required The script is then called from /etc /etc/connctrl.shUsage: ConnCtrl {start|stop} {0|3|4} {nru} 0=just 1 IC server, 3=3 IC servers & 4=4IC serversnru = if you are using a user other than root i.e.. /etc/ stop 4 wasadmin or /etc/connctrl start 0 The script will start and stop the servers in a similar way to the windows batch files. Each server in turn is stopped (or started).
  15. 15. DEMO
  16. 16. Set Monitoring Policy Demo
  17. 17. Auto start HTTP Server •Windowscreate a Service for IHS and Admin Service From <HTTP ROOT>bin httpd -k install -n <name of service> -f <path to config file> i.e.. httpd -k install -n IBMHTTPAdmin -f C:IBMHTTPServerconfadmin.conf •Linux | AIX: Create Symbolic Link: ln -s /opt/IBM/HTTPServer/bin/apachectl /etc/init.d/ ln -s /opt/IBM/HTTPServer/bin/adminctl /etc/init.d/ Add Service chkconfig –add apachectl chkconfig –add adminctl
  18. 18. Performance Tuning •PerformanceTuning IBM Connections •Increase min-and max Connections of Data Sources Performance Tuning Guide IBM Connections 4.0 Performance Tuning Guide Addendum •Review these settings periodically with “Tivoli Performance Viewer” Performance Tuning Guide IBM Connections 4.0 – Performance Tuning Guide Addendum - http://www-
  19. 19. Configure Data Sources • 15 + Data Sources to Change (at least 100 mouse clicks) Resources > JDBC >Data sources > <data source name> > Additional Features > ConnectionPools Change the maximum and minimum connections for each data source, save each of the changes, sync the nodes and restart the servers. This process can take about 30 minutes depending on the speed of the machines you are working on.
  20. 20. Configure Data Sources •Why not configure using a script: About 30 seconds to change all needed parameters of all Data Sources Set the data source properties in the in the script directory –allowing edits and re-running of the script.
  21. 21. HTTP mod_deflate •See my blog, the white paper or •Set mod_deflate in your IBM HTTP server config Edit the httpd config and enable the deflate module. Add the deflate information. Set the deflate compression level to the desired level. Add the information to the virtual hosts. Restart the HTTP server. Loading my profile with deflate on saves approx. 75% of the page load time.
  22. 22. DEMO
  23. 23. Configure Data Sources Demo
  24. 24. Set J2EE Security Roles •First found on Klaus Bild’s Blog: •Extended version with Group support and input option. •No need to edit the script. •Two versions: •Restricted Each application ask for credentials, no data visible for anonymous users. •Unrestricted Default Settings, some content is visible to anonymous users. NOTE-Applications restart automatically, when you change J2EE roles.
  25. 25. Set J2EE Roles for special applications •As some applications are configured different from environment to environment •Save time and use following scripts: • • • • •Deactivate or activate the application for users and groups
  26. 26. DEMO
  27. 27. Security Roles Demo
  28. 28. J2EE Security Roles -BACKUP •CR and Fix pack Installations pre IBM Connections 4.0 often reset J2EE roles back to the default settings. Mainly this isn’t an issue anymore, BUTbefore running an update or making significant changes to the security settings, it is wise to back up the application security roles. Script writes text files as backup to a local folder. Roles of all installed WebSphere applications (including IBM Docs, Forms Experience Builder, Kudos etc.), not just the connections applications are backed up.
  29. 29. J2EE Security Roles - RESTORE Once you have a backup of the application security settings, it is possible to restore it if necessary. Advantages to using the script to restore. • You can edit the backup files to add or change users. • Backup of Dev or QA Systems can be restored in production (Admin Users and Groups must exist there). To run a restore use the script. The script will prompt for the directory where the security text files are stored. Once complete the roles are restored and visible in the ISC.
  30. 30. DEMO
  31. 31. Security Roles Backup Demo
  32. 32. Configure JVM Log Files •Default Setting for JVM Log Files (SystemOut.log & SystemErr.log): Size: 1 MB No historical Log Files Too small to troubleshoot errors •Reconfigure: Size: 20 –40 MB 5-10 historical Log Files •Configure via the ISC (Wasadmin console) Many clicks, time consuming Especially for large environments Troubleshooting > Logs and trace > <server name> > JVM Logs
  33. 33. Configure JVM Log Files •Use a script to set the log size and history ( •The script prompts for –RolloverType –Size (to just set the size) or Both for size and history. –Maximum log size in mb. –Maximum number of backup files. The settings are saved to the WebSphere configuration and are picked up on the next server restart.
  34. 34. DEMO
  35. 35. Configure Logs Demo
  36. 36. Set JVM Heap Sizes • JVM (Java Virtual Machine) heap sizes should be set according to your environment. • By default the maximum JVM heap is set to 2506 MB for each Connections server. The JVM heap size can be changed in the ISC. Each server must be changed individually. Server Types > WebSphere Application Server > <server name> > Server Infrastructure > Java Process Management > Process Definition > Java Virtual Machine Many clicks can be time consuming depending on the size of the environment. Set the initial heap size, maximum heap size, save and sync once the servers are restarted and the new settings are picked up.
  37. 37. Set JVM Heap Sizes •To use the script to set the JVM heap, use the script. The script shows actual size of initialHeapSize and maximumHeapSize for all JVM. Prompts forinitialHeapSize and maximumHeapSize for all JVM. “Return” leaves actual setting intact with no changes. Once the script is complete, the new settings are visible in the ISC and are picked up on the next server restart.
  38. 38. DEMO
  39. 39. Set Heap Sizes Demo
  40. 40. MWLUG 2014 Business as usual
  41. 41. Check External IDs against LDAP •Sometimes users can't logon to single Connections Applications •ExtIDs are out of sync, you see several error messages. •Script to check if LDAP UUIDs (GUID, SID) are equal to Connections UUID •Script reads PROF_GUID from peopleDB through JDBCand Check UUID in Applications. Mail address of profile you want to check: Profiles: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 Activities: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 Blogs: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 Communities: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 Dogear: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 Files: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 Forums: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 News, Search, Homepage:9EE90251-33DE-4699-A6F1-BFDB381F7DD3 Wikis: 9EE90251-33DE-4699-A6F1-BFDB381F7DD3 No need to run individual scripts per app to check the ID.
  42. 42. DEMO
  43. 43. Check EXT IDs Demo
  44. 44. Deactivate and Activate Users •After rename or sometimes without real reason Users get out of sync. They can open Profiles, but no other Application. Or they have problems with a single App. •When you want to reactivate a user you must provide UID and EMAIL (was deleted through Deactivate) execfile("") ProfilesService.activateUserByUserId("9EE90251-33DE-4699-A6F1-BFDB381F7DD3", email="sharon@cube-", loginId="sharon") Deactivating and Reactivating through the ProfilesServicecan be a resolution for this issue. This forces the applications to resynchronise with the profiles application.
  45. 45. Use the Deact&Act script •Use the script •Stores UID and Mail in memory and deactivates and activates in one command. •It basically turns it off and on again –forcing a resync with the Connections applications and resolving the users *out of sync* issues. •Result = Happy Users 
  46. 46. Sync External IDs of all Users in all Applications •Sometimes LDAP IDs and UUID come out of sync •Switch LDAP System requires a synchronization. •Running the MemberServicescripts can resolve this. MemberService.syncAllMembersByExtId for each application. Can be time consuming, much copying and pasting of commands and each one has to complete before the next one can be run.
  47. 47. Sync External IDs of all Users in all Applications •Use the script •The script resyncs ALL applications for ALL users. Running the script syncs all users against all applications, rather than having to run each application sync all members script separately. Resulting in happy users.
  48. 48. DEMO
  49. 49. Sync Ext IDs all applications Demo
  50. 50. Working with files policies •Creating or editing policies is sometimes a pain •Library size must be provided as Long (e.g. 2 GB = 2147483648L) •Edit example: •FilesPolicyService.edit("2d93497d-065a-4022ae25- a4b52598d11a", "My Policy", 2147483648L). •Find UUID of Policy to edit, copy the size from calculator. •Use a script
  51. 51. DEMO
  52. 52. Create new file policy Demo
  53. 53. Add Policies to Libraries •You need UUID from Policy and Community •Community Listing provides too much information, hard to find UUID. •Example assign Policy •FilesLibraryService.assignPolicy("f0d01111-9b21-4dd8-b8be-8825631cb84b", "2d93497d-065a-4022ae25-a4b52598d11a") •If you need to find the library information it’s a pain: FilesLibraryService.browseCommunity("title", "true", 1, 20)
  54. 54. Add Policies to Libraries •Or you can use a script ( Allows for searching across Personal or Community libraries. Select a community the policies will be listed and you may assign a new policy.
  55. 55. DEMO
  56. 56. Assign new file policy Demo
  57. 57. Reparenting Communities •Big thanks to Klaus Bild Script allows the moving of a main community to a sub (assuming it has no subs). Or a sub to a main community. Wild card searches are also available.
  58. 58. Data base maintenance •Lots of DB maintenance that can be run: –Optimization –Check the Connections performance guide for DB tuning and optimization. –ReOrg –Should be run regularly –scripts are available in the Connections wizards folder (connections.sql folder), can be set as a scheduled job. –Run Stats –Can be set through automatic maintenance. –Backup the DBs on a regular basis –either as part of your regular back up routine or an offline backup regularly. •Lots of information on the scripting101.orgsite and on the DB2 info centres.
  59. 59. MWLUG 2014 Troubleshooting
  60. 60. Are all applications running •To check If all IBM Connections Applications are running •Go to ISC –Applications – Application Types – WebSphere Enterprise Applications. •Or use a script ( One button press and the script checks all apps and lists them as stopped or started.
  61. 61. Can WAS connect to Data Sources •Go to ISC –Resources –JDBC –Data sources •Check all Data Sources and click Test connection. •Use a script (/check/ The script checks connectionto the DB and tests the data Sources. Then lists successful, failures and databases not installed.
  62. 62. DEMO
  63. 63. Check Apps / Data source Demo
  64. 64. MWLUG 2014 Documentation
  65. 65. Connections Documentation •Everyone knows you should document your install right? •Never fear –there is a script to do most of the hard work for you.
  66. 66. Documentation scripts •Use the scripts 1.Show JVM Heap Sizes (ibmcnx/doc/ 2.Show JVM Settings (ibmcnx/doc/ 3.Show SystemOut/Err Log Sizes (ibmcnx/doc/ 4.Show all used ports (ibmcnx/doc/ 5.Show all used variables (ibmcnx/doc/ 6.Show all j2ee roles of inst. applications (ibmcnx/doc/ 7.Create a file with all documentation (ibmcnx/doc/ –this isn’t implemented in the menu as yet –call with|bat-langjython-f ibmcnx/doc/
  67. 67. DEMO
  68. 68. Documentation Demo
  69. 69. Documentation Demo
  70. 70. MWLUG 2014 Resources
  71. 71. Download the scripts •If you wish to use any of the scripts described in this presentation, they are available for download. •Please be aware that they are community created scripts and are available without warranty. They should be used at your own risk. –Git Hub - –OpenNTF Project since –Administration Scripts for WebSphere - –ConContrl –Linux Connections start / stop script from Tim Clark and Sharon Bellamy
  72. 72. Install the scripts • •Create links to extracted scripts directory –Linux cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ln -s /opt/IBM/ibmcnx2/ibmcnx ./ –Windows mklink /d <link> <target> mklink /d D:IBMWebSphereAppServerprofilesDmgr01binibmcnx D:IBMibmcnx2ibmcnx •Edit the At the moment there are 3 parts: Generic, Database and Tuning. Generic: You should change the values within Generic of all j2ee.* parameters and put your administration users and groups in it. Thispart is used to set the J2EE Security Roles and you save typing in the values each time. Database: The User scripts (checking ExId, Deactivate) are using the db* parameters and you can put the User, password, host and so on. Tuning: These parameters are used for DataSource performance tuning and are set to the values provided in the IBM Connections Performance Tuning Guide. That’s a good starting point, but you should check them in your environment.
  73. 73. Install the scripts (cont.) •Additional tasks to load JDBC Drivers within Jython Linux Create a WAS_USER_SCRIPT (/opt/IBM/JDBC is my path to the database drivers): export WAS_EXT_DIRS=$WAS_EXT_DIRS:/opt/IBM/JDBC Now you have to set an environment variable each time when you want to start the scripts: export WAS_USER_SCRIPT=/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/ibmcnx/ Windows There is an issue loading the JDBC Driver path through WAS_USER_SCRIPTon Windows. To resolve this edit setupCmdLine.bat in dmgr/bin and add the path to WAS_EXT_DIRS i.e. SET WAS_EXT_DIRS=%JAVA_HOME%lib;%WAS_HOME%classes;%WAS_HOME%lib ……C:IBMSQLLIBjava •Load the script menu Linux ./ -lang jython -username wasadmin –password password-f ibmcnx/menu/ Windows wsadmin.bat -lang jython -username wasadmin –password password-f
  74. 74. Useful links / Articles •IBM Connections Performance Tuning –relevant for Version 4 and 4.5 (see Addendum for 4.5 additions and changes) -http://www- •IBM Connections Performance Tuning Addendum –relevant for 4.5 changes - http://www- •Auto start DB2 on RHEL6 systems -https://www- •Tuning WebSphere Application Server V7 and V8 for performance - •DB2 Info centre - •IBM Connections wiki - •IBM WebSphere 8 info centre -
  75. 75. Skype Chats • There are a number of community skype chats If you wish to be added to any of these chats either ping myself or Christoph. Sharon – dilftechnical Christoph - christophstoettner
  76. 76. MWLUG 2014 Giving Credit •IBM® Notes® •IBM® Domino® •IBM® Connections •IBM® WebSphere® •IBM® DB2 •IBM® AIX® •Tivoli® •Linux® •Java® •Microsoft® Windows® •Red Hat® Linux® •Twitter® •Skype® •This presentation mentions the following Copyrights and Trademarks.