Thursday, November 29, 2012

WAS ND 8: Migration


Based on the problem description, you are planning to migrate WASv7.0 ND environment to WASv8.5. You can use migration wizard in a graphical environment or migration tool (WASPreUpgrade and  WASPostUpgrade commands) in a non-graphical environment. For the best practice guide, please refer to the following document links:

Migration Planning and Best Practices Guide
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27008724#presentation

Migrating product configurations
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.migration.nd.doc%2Fae%2Ftmig_admin.html

Friday, November 23, 2012

MQ: Practice

crtmqm -c "ART Actimize POC QMgr" -ll -lp 2 -ls 3 -u ART.DEAD.LETTER.QUEUE ART.ACTIMIZE.QMGR
 strmqm -x ART.ACTIMIZE.QMGR
nohup runmqlsr -t tcp -p 1415 -m ART.ACTIMIZE.QMGR >/dev/null 2>&1 &
runmqsc ART.ACTIMIZE.QMGR
DEFINE QLOCAL('ART.DEAD.LETTER.QUEUE')
ALTER QMGR DEADQ('ART.DEAD.LETTER.QUEUE')
DEFINE CHANNEL('ART.ACTIMIZE.CHL') CHLTYPE(SVRCONN)
START CHANNEL('ART.ACTIMIZE.CHL')
START CHANNEL('ART.ACTIMIZE.SVRCONN')
dltmqm ART.QMGR

Thursday, November 15, 2012

Java: Add Certificate to cacert

1. change folder to $JAVA_HOME/jre/lib/security using user root
# cd $JAVA_HOME/jre/lib/security
2. backup cacerts
3. aquire certificate will be imported as /var/tmp/ARTICYFG-root-cert.cert
4. import it into cacerts
# keytool -import -alias ARTICYFG-ROOT-CERT -keystore cacerts -file /var/tmp/ARTICYFG-root-cert.cert
5. verify the imported certificate
#  keytool -list -v -keystore cacerts -alias ARTICYfg-root-cert

Wednesday, November 14, 2012

Restricting or allowing access to the administrative console based on client IP or DNS hostname

Question

Is it possible to restrict access to the WebSphere Application Server administrative console to specific client IPs?

Answer

If a client has a requirement to allow access to the administrative console from only certain originating IPs, then it can be configured as follows.
  1. Open the Deployment Manager Console to WebSphere Application Server Network Deployment (it can be the base Application Server as well) to the following:

    Servers > Application servers > server_name > Web container transport chains > WCInboundAdminSecure > TCP inbound channel
  2. Under General Properties, work with the following 4 fields:

    Note: Multiple IPs or hostnames can be added in any of the preceding fields (as needed), but they need to be separated by a comma.

Tuesday, November 13, 2012

Thread dump & heap dump — Presentation Transcript

https://www.ibm.com/developerworks/community/groups/service/html/communityview?communityUuid=2245aa39-fa5c-4475-b891-14c205f7333c


From http://www.slideshare.net/josephamrithraj/thread-dump-heap-dump-4008612

Resources:

Thread dump & heap dump — Presentation Transcript

  • 1. Thread dump & Heap Dump in websphere
  • 2. In this session, What is Thread/Heap dump? When to generate ? How to generate ? How to debug ?
  • 3. Thread Dump
    What is a Thread Dump? A thread represents a work item or task, such as a servlet request. Java processes are usually multi-threaded. This means there can be many tasks occurring simultaneously (multi-threading) within one JVM process. Java thread dumps provide a Java view of a failing JVM process. A Java dump provides information about the executing Java classes and allows the problem determination process to reference the Java source code.
  • 4. When to generate
    If you get unexplained server hangs under WebSphere, you can obtain, from the WebSphere server, a thread dump to help diagnose the problem. In the case of a server hang, you can force an application to create a thread dump. If an application server spontaneously dies, look for a file. The JVM creates the file in the product directory structure, with a name like javacore[number].txt.
  • 5. How to generate
    On unix/Linux machines find the process id (PID) of the hung JVM and issue kill -3 PID. Look for an output file in the installation root directory with a name like javacore.date.time.id.txt. Using wasadminprompt:get the handle of the server wsadmin>set jvm [$AdminControlcompleteObjectName type=JVM,process=server1,*] then execute wsadmin>$AdminControl invoke $jvmdumpThreads
  • 6. Analysis
    Download thread analyzer from IBM website to analyze the generated thread dumps. - http://www.alphaworks.ibm.com/tech/jca
  • 7. Heap Dump
    A heapdump is a snapshot of JVM memory. it shows the live objects on the heap along with references between objects. It is used to determine memory usage patterns and memory leak suspects. When to generate? Memory leaks in the Java heap produce java.lang.OutOfMemoryError exceptions in log files. However, not all out-of-memory errors are caused by Java heap memory leaks. Out-of-memory errors can also be caused by the following conditions: Java heap fragmentation. This fragmentation occurs when no contiguous chunk of free Java heap space is available from which to allocate Java objects. Various causes for this problem exist, including the presence of pinned or dosed objects or because of the repeated allocation of large objects. Memory leaks in native heap. This problem occurs when a native component, like DB2 connections, is leaking.
  • 8. How to generate
    To enable automated heap dump generation support, perform the following steps in the administrative console: (heap dump will generated upon receiving the out.of.memoryexceptios) 1. Click Servers > Application servers in the administrative console navigation tree. 2. Click server_name >Runtime Performance Advisor Configuration. 3. Click the Runtime tab. 4. Select the Enable automatic heap dump collection check box. 5. Click OK. To generate manually use kill -3 PID on unix/linux machines. Using WSADMIN tool Invoke the generateHeapDump operation on a JVMMBean, for example, * Finding JVMobjectName: <wsadmin> set objectName [$AdminControlqueryNamesWebSphere:type=JVM,process=<servername>,node=<nodename>,*] * Invoking the generateHeapDump operation on JVMMBean: <wsadmin> $AdminControl invoke $objectNamegenerateHeapDump
  • 9. Analysis
    heap dumps can be found under profile_rootprofile-name with naming heapdump.<date>..<timestamp><pid>.phdUse HeapAnalyzer or MDD4J for analyzing heap dumps

Thursday, November 8, 2012

WAS: PCT Response file questions

Scenario 1: 4 nodes
Node 1: DeploymentManager + ApplicationServer1

Node 2: ApplicationServer2
Node 3: IHS WebServer1
Node 4: IHS WebServer2
 
Node1 and Node2 clustered.
 
Question 1: which server hostname should be for wasMachineHostName? Deployment manager server hostname? Or ApplicationServer1 hostname? Or ApplicationServer2 hostname?
ANSWER:   It does not matter which hostname.  I would probably use the hostname of the deployment manager myself.  But it really does not matter ether way.  Be sure to choose REMOTE in the PCT, and also you will want to configure the IHS Admin Server  so that you can remotely manage both IHS web servers from the WAS Admin Console.

 
Scenario 2: 2 nodes
Node 1: DeploymentManager + ApplicationServer1 +  IHS WebServer1
Node 2: ApplicationServer2 + IHS WebServer2
 
Question 1: how to decide configType value for WebServer1 and WebServer2
ANSWER:  If the web server is on the same system as the WAS appserver, then it is LOCAL.  In this case, use LOCAL for both of them.

Question 2: what should be the value of profileName for WebServer1?
ANSWER:  for LOCAL scenario, always use the profile name of the WAS node (ie. AppSrv01).  Never use the deployment manager profile name (ie. Dmgr01).

Question 3: What should be the value of wasMachineHostName for WebServer1?
ANSWER:  wasMachineHostName is only used for REMOTE scenario.  So, you do not need that variable at all in this LOCAL case.

Question 4: what should be the value of profileName for WebServer2?
ANSWER:   use the name of the WAS node profile (ie. AppSrv01).

Question 5: what should be the value of wasMachineHostName for WebServer2?
ANSWER:  this is a LOCAL scenario so wasMachineHostName is not needed.

Monday, November 5, 2012

WebSphere: Compile JSP

/opt/IBM/WebSphere/AppServer/profiles/LTSLUATAppNode2/bin/JspBatchCompiler.sh -enterpriseapp.name BPS -webmodule.name BPS.war -cell.name LTSLUATCell -node.name LTSLUATAppNode2 -server.name LTSLUATAppServer2 -filename LTSCAFApi.jsp -keepgenerated true -forceCompilation true -log.level FINEST > jspbatchcompiler.out 2>&1

Saturday, November 3, 2012

Set up Samba on Linux

Set Up Steps

The following samba modules are required:
# rpm -qa | grep -i samba
samba-common-3.0.33-3.29.el5_5.1
samba-client-3.0.33-3.29.el5_5.1
samba-3.0.33-3.29.el5_5.1
perl-5.8.8-27.el5.x86_64.rpm
perl-Convert-ASN1-0.20-1.1.noarch.rpm  

mount /net/todnfs03/vol/archive/RedHat/RHEL5-U4-x86_64/rhel-server-5.4-x86_64-dvd.iso /mnt -o loop

cd Server



# rpm -ivh ./perl-5.8.8-27.el5.x86_64.rpm                                                                                          ! Check if already installed. Rpm –qa | grep –i perl
warning: ./perl-5.8.8-27.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...                ########################################### [100%]
        package perl-5.8.8-27.el5.x86_64 is already installed
# rpm -ivh perl-Convert-ASN1-0.20-1.1.noarch.rpm                                                                          ! Check if already installed
warning: perl-Convert-ASN1-0.20-1.1.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...                ########################################### [100%]
   1:perl-Convert-ASN1      ########################################### [100%]
# rpm -ivh ./samba-3.0.33-3.14.el5.x86_64.rpm                                                                                ! Due to yum updates, install this module with --nodeps
warning: ./samba-3.0.33-3.14.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing...                ########################################### [100%]
   1:samba                  ########################################### [100%]


Register the server with RHN for updates. Due to a shortage of licenses, currently the server cannot be patched to the latest updated. Check with Ziyan to manually patch Samba to samba-3.0.33-3.29.el5_5.1

rhnreg_ks --activationkey 1-91f9873ace9acf35defa1c52f6348616 --serverUrl https://inf-bcclu1rhn01.goweekend.ca/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
An error has occurred:

Error Message:
    Registration failed: RHN Software Management service entitlements exhausted
Error Class Code: 91
Error Class Info: Registration token unable to entitle system: maximum membership exceeded
Explanation:
    Your organization does not have enough Management entitlements to register this
    system to Red Hat Network. Please notify your organization administrator of this error.
    You should be able to register this system after your organization frees existing
    or purchases additional entitlements. Additional entitlements may be purchased by your
    organization administrator by logging into Red Hat Network and visiting
    the 'Subscription Management' page in the 'Your RHN' section of RHN.

    A common cause of this error code is due to having mistakenly setup an
    Activation Key which is set as the universal default.  If an activation key is set
    on the account as a universal default, you can disable this key and retry to avoid
    requiring a Management entitlement.
See /var/log/up2date for more information
#

scp inf-fcplx1svc03:/etc/samba/smb.conf /etc/samba/                             ! copy sample samba.conf file . Check for “fnettest” for shared samba entry

==========================================smb.conf =====================

[global]
        workgroup = SACMCM
        server string = CRM
        netbios name = crm-bccldvapp01
        guestok = no
      
      
        hosts allow = 10.115. , 10.193.
        # logs split per machine
        log file = /var/log/samba/smbd.log
        # max 50KB per log file, then rotate
        max log size = 50
        security = ADS
        realm = ADROOT.GOWEEKEND.CA
        password server = kdc.goweekend.ca
        encrypt passwords = yes
        smb passwd file = /etc/samba/smbpasswd
  unix password sync = Yes
  passwd program = /usr/bin/passwd %u
  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
  username map = /etc/samba/smbusers
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        # the login script name depends on the machine name
        # the login script name depends on the unix user used
        # disables profiles support by specifing an empty path
        local master = no
        wins support = yes
        dns proxy =  no
  preserve case = yes
  short preserve case = yes
  case sensitive = yes
        load printers = no
        cups options = raw
        #obtain list of printers automatically on SystemV
        map archive = no
        map hidden = no
        map system = no
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = no
[crm]
   comment = MVDR Log
   path = /apps/crm
   valid users = aniu01 mj08
   read list = aniu01
   write list = aniu01 ydong09
   force user = aniu01
   public = no
   writable = yes
   printable = no

====================================End of smb.conf ========================


# net ads join -U adm-userid
adm-userid's password:                                                                     ! Enter domain adm password
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
Failed to join domain: Access denied                                                     ! Work with AD admin to enable machine to join domain

#

Modify /etc/hosts to add the following lines

9.115.97.49  samba.goweekend.ca samba


Start Samba

/etc/smb start


Goto workstation

Start>Run>\\samba.goweekend.ca