Thursday, November 29, 2012
WAS ND 8: Migration
Based on the problem description, you are planning to migrate WASv7.0 ND environment to WASv8.5. You can use migration wizard in a graphical environment or migration tool (WASPreUpgrade and WASPostUpgrade commands) in a non-graphical environment. For the best practice guide, please refer to the following document links:
Migration Planning and Best Practices Guide
http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg27008724#presentation
Migrating product configurations
http://pic.dhe.ibm.com/infocenter/wasinfo/v8r5/index.jsp?topic=%2Fcom.ibm.websphere.migration.nd.doc%2Fae%2Ftmig_admin.html
Friday, November 23, 2012
MQ: Practice
crtmqm -c "ART Actimize POC QMgr" -ll -lp 2 -ls 3 -u ART.DEAD.LETTER.QUEUE ART.ACTIMIZE.QMGR
strmqm -x ART.ACTIMIZE.QMGR
nohup runmqlsr -t tcp -p 1415 -m ART.ACTIMIZE.QMGR >/dev/null 2>&1 &
runmqsc ART.ACTIMIZE.QMGR
DEFINE QLOCAL('ART.DEAD.LETTER.QUEUE')
ALTER QMGR DEADQ('ART.DEAD.LETTER.QUEUE')
DEFINE CHANNEL('ART.ACTIMIZE.CHL') CHLTYPE(SVRCONN)
START CHANNEL('ART.ACTIMIZE.CHL')
START CHANNEL('ART.ACTIMIZE.SVRCONN')
dltmqm ART.QMGR
strmqm -x ART.ACTIMIZE.QMGR
nohup runmqlsr -t tcp -p 1415 -m ART.ACTIMIZE.QMGR >/dev/null 2>&1 &
runmqsc ART.ACTIMIZE.QMGR
DEFINE QLOCAL('ART.DEAD.LETTER.QUEUE')
ALTER QMGR DEADQ('ART.DEAD.LETTER.QUEUE')
DEFINE CHANNEL('ART.ACTIMIZE.CHL') CHLTYPE(SVRCONN)
START CHANNEL('ART.ACTIMIZE.CHL')
START CHANNEL('ART.ACTIMIZE.SVRCONN')
dltmqm ART.QMGR
Friday, November 16, 2012
WAS: Analyze tools
https://www.ibm.com/developerworks/mydeveloperworks/groups/service/html/communityview?communityUuid=2245aa39-fa5c-4475-b891-14c205f7333c
/opt/IBM/WebSphere/AppServer/java/jre/bin/java -Xmx500m -jar jca437.jar
/opt/IBM/WebSphere/AppServer/java/jre/bin/java -Xmx500m -jar jca437.jar
Thursday, November 15, 2012
Java: Add Certificate to cacert
1. change folder to $JAVA_HOME/jre/lib/security using user root
# cd $JAVA_HOME/jre/lib/security
2. backup cacerts
3. aquire certificate will be imported as /var/tmp/ARTICYFG-root-cert.cert
4. import it into cacerts
# keytool -import -alias ARTICYFG-ROOT-CERT -keystore cacerts -file /var/tmp/ARTICYFG-root-cert.cert
5. verify the imported certificate
# keytool -list -v -keystore cacerts -alias ARTICYfg-root-cert
# cd $JAVA_HOME/jre/lib/security
2. backup cacerts
3. aquire certificate will be imported as /var/tmp/ARTICYFG-root-cert.cert
4. import it into cacerts
# keytool -import -alias ARTICYFG-ROOT-CERT -keystore cacerts -file /var/tmp/ARTICYFG-root-cert.cert
5. verify the imported certificate
# keytool -list -v -keystore cacerts -alias ARTICYfg-root-cert
Wednesday, November 14, 2012
Restricting or allowing access to the administrative console based on client IP or DNS hostname
Question
Is it possible to restrict access to the WebSphere Application Server administrative console to specific client IPs?Answer
If a client has a requirement to allow access to the administrative console from only certain originating IPs, then it can be configured as follows.
- Open the Deployment Manager Console to WebSphere Application Server Network Deployment (it can be the base Application Server as well) to the following:
Servers > Application servers > server_name > Web container transport chains > WCInboundAdminSecure > TCP inbound channel - Under General Properties, work with the following 4 fields:
- Address exclude list
- Address include list (for example, 9.X.X.75, 9.55.X.X,)
- Hostname exclude list
- Hostname include list
Note: Multiple IPs or hostnames can be added in any of the preceding fields (as needed), but they need to be separated by a comma.
Tuesday, November 13, 2012
Thread dump & heap dump — Presentation Transcript
https://www.ibm.com/developerworks/community/groups/service/html/communityview?communityUuid=2245aa39-fa5c-4475-b891-14c205f7333c
From http://www.slideshare.net/josephamrithraj/thread-dump-heap-dump-4008612
Thread dump & heap dump — Presentation Transcript
- 1. Thread dump & Heap Dump in websphere
- 2. In this session, What is Thread/Heap dump? When to generate ? How to generate ? How to debug ?
- 3. Thread Dump
What is a Thread Dump? A thread represents a work item or task, such as a servlet request. Java processes are usually multi-threaded. This means there can be many tasks occurring simultaneously (multi-threading) within one JVM process. Java thread dumps provide a Java view of a failing JVM process. A Java dump provides information about the executing Java classes and allows the problem determination process to reference the Java source code. - 4. When to generate
If you get unexplained server hangs under WebSphere, you can obtain, from the WebSphere server, a thread dump to help diagnose the problem. In the case of a server hang, you can force an application to create a thread dump. If an application server spontaneously dies, look for a file. The JVM creates the file in the product directory structure, with a name like javacore[number].txt. - 5. How to generate
On unix/Linux machines find the process id (PID) of the hung JVM and issue kill -3 PID. Look for an output file in the installation root directory with a name like javacore.date.time.id.txt. Using wasadminprompt:get the handle of the server wsadmin>set jvm [$AdminControlcompleteObjectName type=JVM,process=server1,*] then execute wsadmin>$AdminControl invoke $jvmdumpThreads - 6. Analysis
Download thread analyzer from IBM website to analyze the generated thread dumps. - http://www.alphaworks.ibm.com/tech/jca - 7. Heap Dump
A heapdump is a snapshot of JVM memory. it shows the live objects on the heap along with references between objects. It is used to determine memory usage patterns and memory leak suspects. When to generate? Memory leaks in the Java heap produce java.lang.OutOfMemoryError exceptions in log files. However, not all out-of-memory errors are caused by Java heap memory leaks. Out-of-memory errors can also be caused by the following conditions: Java heap fragmentation. This fragmentation occurs when no contiguous chunk of free Java heap space is available from which to allocate Java objects. Various causes for this problem exist, including the presence of pinned or dosed objects or because of the repeated allocation of large objects. Memory leaks in native heap. This problem occurs when a native component, like DB2 connections, is leaking. - 8. How to generate
To enable automated heap dump generation support, perform the following steps in the administrative console: (heap dump will generated upon receiving the out.of.memoryexceptios) 1. Click Servers > Application servers in the administrative console navigation tree. 2. Click server_name >Runtime Performance Advisor Configuration. 3. Click the Runtime tab. 4. Select the Enable automatic heap dump collection check box. 5. Click OK. To generate manually use kill -3 PID on unix/linux machines. Using WSADMIN tool Invoke the generateHeapDump operation on a JVMMBean, for example, * Finding JVMobjectName: <wsadmin> set objectName [$AdminControlqueryNamesWebSphere:type=JVM,process=<servername>,node=<nodename>,*] * Invoking the generateHeapDump operation on JVMMBean: <wsadmin> $AdminControl invoke $objectNamegenerateHeapDump - 9. Analysis
heap dumps can be found under profile_rootprofile-name with naming heapdump.<date>..<timestamp><pid>.phdUse HeapAnalyzer or MDD4J for analyzing heap dumps
Thursday, November 8, 2012
WAS: PCT Response file questions
Scenario 1: 4 nodes
Node 1: DeploymentManager + ApplicationServer1
Node 2: ApplicationServer2
Node 3: IHS WebServer1
Node 4: IHS WebServer2
Node1 and Node2 clustered.
Question 1: which server hostname should be for wasMachineHostName? Deployment manager server hostname? Or ApplicationServer1 hostname? Or ApplicationServer2 hostname?
ANSWER: It does not matter which hostname. I would probably use the hostname of the deployment manager myself. But it really does not matter ether way. Be sure to choose REMOTE in the PCT, and also you will want to configure the IHS Admin Server so that you can remotely manage both IHS web servers from the WAS Admin Console.
Scenario 2: 2 nodes
Node 1: DeploymentManager + ApplicationServer1 + IHS WebServer1
Node 2: ApplicationServer2 + IHS WebServer2
Question 1: how to decide configType value for WebServer1 and WebServer2
ANSWER: If the web server is on the same system as the WAS appserver, then it is LOCAL. In this case, use LOCAL for both of them.
Question 2: what should be the value of profileName for WebServer1?
ANSWER: for LOCAL scenario, always use the profile name of the WAS node (ie. AppSrv01). Never use the deployment manager profile name (ie. Dmgr01).
Question 3: What should be the value of wasMachineHostName for WebServer1?
ANSWER: wasMachineHostName is only used for REMOTE scenario. So, you do not need that variable at all in this LOCAL case.
Question 4: what should be the value of profileName for WebServer2?
ANSWER: use the name of the WAS node profile (ie. AppSrv01).
Question 5: what should be the value of wasMachineHostName for WebServer2?
ANSWER: this is a LOCAL scenario so wasMachineHostName is not needed.
Node 1: DeploymentManager + ApplicationServer1
Node 2: ApplicationServer2
Node 3: IHS WebServer1
Node 4: IHS WebServer2
Node1 and Node2 clustered.
Question 1: which server hostname should be for wasMachineHostName? Deployment manager server hostname? Or ApplicationServer1 hostname? Or ApplicationServer2 hostname?
ANSWER: It does not matter which hostname. I would probably use the hostname of the deployment manager myself. But it really does not matter ether way. Be sure to choose REMOTE in the PCT, and also you will want to configure the IHS Admin Server so that you can remotely manage both IHS web servers from the WAS Admin Console.
Scenario 2: 2 nodes
Node 1: DeploymentManager + ApplicationServer1 + IHS WebServer1
Node 2: ApplicationServer2 + IHS WebServer2
Question 1: how to decide configType value for WebServer1 and WebServer2
ANSWER: If the web server is on the same system as the WAS appserver, then it is LOCAL. In this case, use LOCAL for both of them.
Question 2: what should be the value of profileName for WebServer1?
ANSWER: for LOCAL scenario, always use the profile name of the WAS node (ie. AppSrv01). Never use the deployment manager profile name (ie. Dmgr01).
Question 3: What should be the value of wasMachineHostName for WebServer1?
ANSWER: wasMachineHostName is only used for REMOTE scenario. So, you do not need that variable at all in this LOCAL case.
Question 4: what should be the value of profileName for WebServer2?
ANSWER: use the name of the WAS node profile (ie. AppSrv01).
Question 5: what should be the value of wasMachineHostName for WebServer2?
ANSWER: this is a LOCAL scenario so wasMachineHostName is not needed.
Monday, November 5, 2012
WebSphere: Compile JSP
/opt/IBM/WebSphere/AppServer/profiles/LTSLUATAppNode2/bin/JspBatchCompiler.sh -enterpriseapp.name BPS -webmodule.name BPS.war -cell.name LTSLUATCell -node.name LTSLUATAppNode2 -server.name LTSLUATAppServer2 -filename LTSCAFApi.jsp -keepgenerated true -forceCompilation true -log.level FINEST > jspbatchcompiler.out 2>&1
Saturday, November 3, 2012
Set up Samba on Linux
Set Up Steps
The following samba modules are required:
# rpm -qa | grep -i samba
samba-common-3.0.33-3.29.el5_5.1
samba-client-3.0.33-3.29.el5_5.1
samba-3.0.33-3.29.el5_5.1
perl-5.8.8-27.el5.x86_64.rpm
perl-Convert-ASN1-0.20-1.1.noarch.rpm
mount /net/todnfs03/vol/archive/RedHat/RHEL5-U4-x86_64/rhel-server-5.4-x86_64-dvd.iso /mnt -o loop
cd Server
# rpm -ivh ./perl-5.8.8-27.el5.x86_64.rpm ! Check if already installed. Rpm –qa | grep –i perl
warning: ./perl-5.8.8-27.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
package perl-5.8.8-27.el5.x86_64 is already installed
# rpm -ivh perl-Convert-ASN1-0.20-1.1.noarch.rpm ! Check if already installed
warning: perl-Convert-ASN1-0.20-1.1.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:perl-Convert-ASN1 ########################################### [100%]
# rpm -ivh ./samba-3.0.33-3.14.el5.x86_64.rpm ! Due to yum updates, install this module with --nodeps
warning: ./samba-3.0.33-3.14.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:samba ########################################### [100%]
Register the server with RHN for updates. Due to a shortage of licenses, currently the server cannot be patched to the latest updated. Check with Ziyan to manually patch Samba to samba-3.0.33-3.29.el5_5.1
rhnreg_ks --activationkey 1-91f9873ace9acf35defa1c52f6348616 --serverUrl https://inf-bcclu1rhn01.goweekend.ca/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
An error has occurred:
Error Message:
Registration failed: RHN Software Management service entitlements exhausted
Error Class Code: 91
Error Class Info: Registration token unable to entitle system: maximum membership exceeded
Explanation:
Your organization does not have enough Management entitlements to register this
system to Red Hat Network. Please notify your organization administrator of this error.
You should be able to register this system after your organization frees existing
or purchases additional entitlements. Additional entitlements may be purchased by your
organization administrator by logging into Red Hat Network and visiting
the 'Subscription Management' page in the 'Your RHN' section of RHN.
A common cause of this error code is due to having mistakenly setup an
Activation Key which is set as the universal default. If an activation key is set
on the account as a universal default, you can disable this key and retry to avoid
requiring a Management entitlement.
See /var/log/up2date for more information
#
scp inf-fcplx1svc03:/etc/samba/smb.conf /etc/samba/ ! copy sample samba.conf file . Check for “fnettest” for shared samba entry
workgroup = SACMCM
server string = CRM
netbios name = crm-bccldvapp01
guestok = no
hosts allow = 10.115. , 10.193.
# logs split per machine
log file = /var/log/samba/smbd.log
# max 50KB per log file, then rotate
max log size = 50
security = ADS
realm = ADROOT.GOWEEKEND.CA
password server = kdc.goweekend.ca
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
# the login script name depends on the machine name
# the login script name depends on the unix user used
# disables profiles support by specifing an empty path
local master = no
wins support = yes
dns proxy = no
preserve case = yes
short preserve case = yes
case sensitive = yes
load printers = no
cups options = raw
#obtain list of printers automatically on SystemV
map archive = no
map hidden = no
map system = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/false
winbind use default domain = no
[crm]
comment = MVDR Log
path = /apps/crm
valid users = aniu01 mj08
write list = aniu01 ydong09
force user = aniu01
public = no
writable = yes
printable = no
# net ads join -U adm-userid
adm-userid's password: ! Enter domain adm password
Failed to set password for machine account (NT_STATUS_ACCESS_DENIED)
Failed to join domain: Access denied ! Work with AD admin to enable machine to join domain
#
Modify /etc/hosts to add the following lines
9.115.97.49 samba.goweekend.ca samba
Start Samba
/etc/smb start
Goto workstation
Start>Run>\\samba.goweekend.ca
Subscribe to:
Posts (Atom)