IBM Connections 5.6 install on Linux RedHat version 7.2 IBM Connections 5.6 install on Linux RedHat version 7.2 ................................................ 1 1. Software Needed ......................................................................................................... 2 1.1. Post Install Fixes .................................................................................................. 3 2. Prepare Linux for Connections Install ........................................................................ 5 2.1. Install Linux Libraries .......................................................................................... 5 2.2. Install Korn shell for CCM install ........................................................................ 6 2.3. Configure the Linux system ................................................................................. 7 2.4. Extract Install files on the system ........................................................................ 9 3. Install WebSphere 8.5.5.7 ......................................................................................... 10 3.1. Install IBM Install Manager ............................................................................... 10 3.2. Install WebSphere 8.0.0.6 and ifixes.................................................................. 15 3.3. Create the WebSphere Application Server cell .................................................. 25 4. Enable security with LDAP ...................................................................................... 34 4.1. Start the DMGR and nodeagent ......................................................................... 34 4.2. Enable security with an LDAP Directory .......................................................... 34 5. Install DB2 10.5 ........................................................................................................ 43 5.1. Install DB2 10.1 Enterprise Server .................................................................... 43 5.2. Start DB2 ............................................................................................................ 51 5.3. Install DB2 10.5 fp7 ........................................................................................... 51 6. Create the Connections Databases ............................................................................ 52 6.1. Create the dedicated db2 user............................................................................. 52 6.2. Configure unicode for db2 ................................................................................. 52 6.3. Create Connections databases with wizard ........................................................ 53 7. Install and Tivoli Directory Integrator 7.1.1 fp3....................................................... 57 7.1. Install Tivoli Directory Integrator 7.1.1 ............................................................. 57 7.2. Install fixpack 3 .................................................................................................. 64 7.3. Configure TDI .................................................................................................... 65 8. Populate the profiles database using wizard ............................................................. 66 8.1. Copy tdisol directory to keep profiles and ldap in sync ..................................... 71 9. Install and Configure IBM HTTP Server and Plug-in 8.5.5.7 .................................. 71 9.1. Install IBM HTTP Server 8.5.5.7 ....................................................................... 72 9.2. Configure Plug-In with WebSphere Customization toolbox ............................. 83 10. Configure SSL on IHS ........................................................................................... 93 10.1. Create the SSL key file for IHS ...................................................................... 94 10.2. Configure httpd.conf to listen over ssl............................................................ 96 10.3. Add the HTTP Server certificate to WebSphere trust store ........................... 97 11. Install IBM Connections 5.5 ................................................................................ 101 11.1. Configure HTTP Server plugin with Connections ....................................... 122 11.2. Start IBM Connections ................................................................................. 124 12. Additional HTTP Server config settings.............................................................. 125 12.1. Configure HTTP Server to compress some files .......................................... 125 12.2. Configure Files and Wikis to download files ............................................... 126 12.3. Configure Connections to use IHS to upload files ....................................... 126 13. Configure IBM Connections Content Manager Libraries ................................... 126 13.1. Create Filenet Global Configuration Domain (GCD) .................................. 126 13.2. Create FileNet ObjectStore ........................................................................... 128 14. Apply Connections 5.5 Recommended Day1 fixes ............................................. 129 14.1. Install the Day1 ifixes ................................................................................... 129 Appendix - helpful linux stuff......................................................................................... 135 15. Redirecting Display from unix to local windows machine .................................. 135 16. Disable password settings on the OS ................................................................... 137 17. Configure DB2 to start automatically after system restart................................... 137 18. Configure IBM HTTP Server to start automatically............................................ 139 1. Software Needed I downloaded the following files prior to installing: I downloaded the following files prior to installing: The following document has more details: http://www01.ibm.com/support/docview.wss?uid=swg24041291 IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM Connections V5.5 for Linux Multilingual (CN80AML) IBM Connections V5.5 Wizard for Linux, AIX Multilingual (CN80EML ) NOTE: DO NOT download the wizard directory from the eAssembly, use the one from the day 1 fixes instead http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSo lutions&product=ibm/Lotus/Lotus+Connections&release=5.5.0.0&platform= All&function=all IBM DB2 Server 10.5 for Linux® on AMD64 and Intel® EM64T systems (x64) (CIXV0ML) IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Linux - x86-64, Multilingual (CZUF3ML ) IBM WebSphere Application Server Network Deployment V8.5.5 (1 of 3) for Multiplatform Multilingual (CIK2HML ) IBM WebSphere Application Server Network Deployment V8.5.5 (2 of 3) for Multiplatform Multilingual (CIK2IML ) IBM WebSphere Application Server Network Deployment V8.5.5 (3 of 3) for Multiplatform Multilingual (CIK2JML ) IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for Multiplatform Multilingual (CIK1VML ) IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for Multiplatform Multilingual (CIK1WML ) IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for Multiplatform Multilingual (CIK1XML ) IBM Connections Content Manager V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8NML) IBM FileNet Content Engine V5.2.1 Linux Multilingual (CN214ML ) IBM FileNet Content Engine Client V5.2.1 Linux English (CN223EN ) IBM Content Navigator V2.0.3 for IBM Connections Enterprise Content Edition (CECE) V5.2 Multiplatform Multilingual eAssembly (CRVX7ML) IBM Content Navigator V2.0.3 Linux Multilingual (CN0PTML ) 1.1. Post Install Fixes NOTE: These are what I downloaded on 12 January 2016. Check the following location for the latest supported releases: http://www-01.ibm.com/support/docview.wss?uid=swg27047297 IBM Connections Day 1 fixes: http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSoluti ons&product=ibm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&fu nction=all interim fix: 5.5.0.0-IC-Multi-IFLO87330 interim fix: 5.5.0.0-IC-News-IFLO87487 interim fix: 5.5.0.0-IC-Common-IFLO87469 interim fix: 5.5.0.0-IC-D1-DBwizard-LO87408-AIX-Lin refresh pack: 5.5.0.0-IC-Multi-UPDI-20151224 5.5.0.0-TypeAhead-20151218 Optional components in Day 1 fixes not used in this part of the install interim fix: 5.5.0.0-IC-D1-CognosWizard-LO87407-Linux refresh pack: 5.5.0.0-IC-D1-MigTool WebSphere Application Server, IBM HTTP Server and plug-ins 8.5.5 fixpack 7 http://www-01.ibm.com/support/docview.wss?uid=swg24040533 TDI 7.1.1 - fixpack 3: http://www-01.ibm.com/support/docview.wss?uid=swg27010509 NOTE: The fix central link on this page did not work for me, so I used http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Tiv oli/Tivoli+Directory+Integrator&release=7.1.1&function=fixId&fixids=7. 1.1-TIV-TDIFP0003&includeRequisites=1&includeSupersedes=0&downloadMethod= ddp&source=fc DB2 10.6 - Fixpack 7: http://www-01.ibm.com/support/docview.wss?uid=swg27007053 DB2 Universal Fix Pack FileNet Components FileNet Content Engine 5.2.1 FP2 and Content Engine Client 5.2.1 FP2 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=FileNet% 2BProduct%2BFamily&product=ibm/Information+Management/FileNet+ Content+Engine&release=5.2.1.2&platform=All&function=all&useReleas eAsTarget=true&source=fc fix pack: 5.2.1.2-P8CPE-LINUX-FP002 fix pack: 5.2.1.2-P8CPE-CLIENT-LINUX-FP002 IBM Content Navigator 2.0.3 FP5 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise %2BContent%2BManagement&product=ibm/Other+software/Content+N avigator&release=2.0.3&platform=All&function=all&source=fc Make sure to get the 2.0.3-ICN fixpack for your OS: fix pack: 2.0.3-ICN-FP005-LINUX These were the steps I followed to install IBM Connections 5.5. Everything was installed on a single server. The server is Red Hat Enterprise Linux 7.2 2. Prepare Linux for Connections Install There are a number of libraries and OS settings that need to be in place for the Connections install. This topic walks you thru those details 2.1. Install Linux Libraries The documentation states the following libraries must be installed if you want to use gui mode of the installers. compat-libstdc++-33.x86_64 libcanberra-gtk2.i686 PackageKit-gtk-module gtk2.i686 compat-libstdc++-33.i686 compat-libstdc++-296 compat-libstdc++ libXtst.i686 libpam.so.0 I was not able to install all the libraries, and only installed the following: [root@cpdocs2 ic55]# yum list compat-libstdc++-33 libcanberra-gtk2 PackageKitgtk-module gtk2 compat-libstdc++-296 compat-libstdc++ libXtst libpam.so.0 Loaded plugins: fastestmirror, langpacks, product-id, rhnplugin, search-disabled-repos, subscription-manager This system is receiving updates from RHN Classic or Red Hat Satellite. Loading mirror speeds from cached hostfile Installed Packages compat-libstdc++-33.i686 3.2.3-72.el7 compat-libstdc++-33.x86_64 3.2.3-72.el7 gtk2.i686 2.24.28-8.el7 gtk2.x86_64 2.24.28-8.el7 libXtst.i686 1.2.2-2.1.el7 libXtst.x86_64 1.2.2-2.1.el7 libcanberra-gtk2.x86_64 0.30-5.el7 If you are missing any of the libraries I had compat-libstdc++-33 gtk2 libXtst libcanberra-gtk2 Run the command yum install component. For example if you are missing gtk2, either the i686 or x86_64 run yum install gtk2 to install that library. 2.2. Install Korn shell for CCM install The install scripts for CCM require the Korn shell. If you miss this step the install will fail with error: CLFRP0038E IBM Connections Content Manager failed to be configured on WebSphere Application Server. Error Step Step "action-config-fncs-ccm" In the /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/ConfigEngine/log/ConfigTrace.log you will see: /opt/IBM/Connections/ccm/ccm/ccm/config/includes/ccm_cust_cfg.xml:817: Execute failed: java.io.IOException: Cannot run program "./configwizard.sh" (in directory "/opt/IBM/Connections/addons/ccm/FNCS/configmanager"): java.io.IOException: error=2, No such file or directory If this happens, uninstall CCM using Install Manager, install the Korn shell from these steps, and install CCM again with Install Manager. 1. From the redhat install packages dir and run yum install ksh 2.3. Configure the Linux system 1. As the root user, run the following command to create a symbolic link (this is needed for the IBM HTTP Server) ln -s /bin/ksh /usr/bin/ksh 2. Disable SELinux by setting SELINUX=disabled in /etc/selinux/config 3. Add multilib_policy=all to /etc/yum.conf 4. Configure the ulimit to 65536 (we could use 8192 if this was only Connections, but DB2 needs 65536): cd ~ umask 022 vi .bashrc add ulimit -n 8192 and save and close the file 5. Update the current working session as well, by running: ulimit -n 65536 Then run ulimit -a to confirm the task worked Also, ensure data and file size are unlimited Note: My ulimit -u is set to 47273. I believe our systems in IBM are set that way because we have DB2 on the same system. I think the default is 1024, and working with a few customers this needed to be increased to 4096 on a medium deployment. 2.4. Extract Install files on the system I ran the following commands to uncompress all files into a install dir WebSphere and fixes 1. unzip WASND_v8.5.5_1of3.zip -d was 2. unzip WASND_v8.5.5_2of3.zip -d was 3. unzip WASND_v8.5.5_3of3.zip -d was 4. unzip WAS_V8.5.5_SUPPL_1_OF_3.zip -d wassupp 5. unzip WAS_V8.5.5_SUPPL_2_OF_3.zip -d wassupp 6. unzip WAS_V8.5.5_SUPPL_3_OF_3.zip -d wassupp 7. unzip 8.5.5-WS-WAS-FP0000007-part1.zip -d was/fp7 8. unzip 8.5.5-WS-WAS-FP0000007-part2.zip -d was/fp7 9. unzip 8.5.5-WS-WASSupplements-FP0000007-part1.zip -d wassupp/fp7 10. unzip 8.5.5-WS-WASSupplements-FP0000007-part2.zip -d wassupp/fp7 Connections and Cognos wizard 11. tar -C ic55 -xvf 5.5.0.0-IC-D1-CognosWizard-LO87407-Linux.tar 12. tar -C ic55 -xvf 5.5.0.0-IC-D1-DBWizard-LO87408_lin_aix.tar 13. tar -C ic55 -xvf IBM_Connections_5.5_lin.tar DB2 and fixes 14. tar -C db2 -zxvf DB2_Svr_10.5.0.3_Linux_x86-64.tar.gz 15. tar -C db2/fp7 -zxvf v10.5fp7_linuxx64_universal_fixpack.tar.gz TDI and fixes 16. tar -C tdi -xvf TDI_IDENTITY_E_V7.1.1_LIN-X86-64.tar 17. unzip 7.1.1-TIV-TDI-FP0003.zip -d tdi/fp3 FileNet / CCM - These all need to be extracted to the same directory 18. tar -C filenet -zxvf FN_CE_5.2.1_LINUX_ML.tar.gz 19. tar -C filenet -zxvf FN_CEC_5.2.1_LINUX_EN.tar.gz 20. tar -C filenet -xvf IBM_CTNT_NAVI_2.0.3_LNX_ML.tar 21. tar -C filenet -zxvf 5.2.1.2-P8CPE-LINUX-FP002.tar.gz 22. tar -C filenet -zxvf 5.2.1.2-P8CPE-CLIENT-LINUX-FP002.tar.gz 23. tar -C filenet -xvf 2.0.3-ICN-FP005-LINUX.tar 3. Install WebSphere 8.5.5.7 This step involves setting up a DMGR server, 1 managed node (in this case I installed everything on 1 system, so I installed a cell). 3.1. Install IBM Install Manager Follow appendix A to export the display to your workstation 1. run ./install from the /opt/install/ic55/ic55/IBM_Connections_Install/IM/linux directory 2. 3. 4. 5. 6. 7. Click Cancel 3.2. Install WebSphere 8.0.0.6 and ifixes First, make sure you have extracted WebSphere 8.5.5, 8.5.5 fp7 into a directory, I used /opt/install/was and /opt/install/was/ NOTE: for detailed steps on exporting the display to your laptop see Appendix A 1. Start IBM Install Manager by running ./IBMIM from /opt/IBM/InstallationManager/eclipse/ 2. File Preferences .... to add the WebSphere repository to IBM Install Manager 3. Select Add Repository 4. Browse to the location of where you extracted WebSphere and select the repository.config (/opt/install/ic55/was/repository.config) and click OK 5. Continue that process for fp7 /opt/install/was/fp7/repository.config And uncheck the Search service repositories during installation and updates box, then click Apply and OK 6. 7. 8. 9. 10. 11. 12. 13. 3.3. Create the WebSphere Application Server cell Now that the install is complete we will create a cell because all services are installed on a single machine. 14. Start the Profile Management Tool 15. 16. Because everything is being installed on a single machine, I will chose Cell, otherwise I would install WebSphere on 2 machine, choosing Management on 1 and Application server on the other. 17. 18. The user you select here will be created in the local file repository in WebSphere. This user should NOT be in your LDAP directory. I like to use localadmin to remind myself and everything that this user is in the local repository, typically people use wasadmin, but sometimes they have a wasadmin in their ldap directory and that will cause problems. 19. 20. 21. 22. WebSphere Application Server is now installed on the machine 4. Enable security with LDAP In this process we will start WAS and enable security 4.1. Start the DMGR and nodeagent 1. Start the DMGR by running: /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh 2. Start the nodeagent by running /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh 4.2. Enable security with an LDAP Directory 1. Open a browser to the DMGR Integrated Solutions Console (http://cpdocs2.swg.usma.ibm.com:9060/ibm/console) Because security is enabled, you will be redirected to the ssl port to login - if necessary accept the certificate and login with the user created during the WebSphere Application Server install 2. Open Security – Global Security 3. Select Federated Repositories from the Available realm definitions field, and then click Configure. 4. Click Add Base entry to Realm 5. and then, on the Repository reference page, click Add Repository - LDAP repository 6. On the New page, type a repository identifier, such as myFavoriteRepository (I used icldap AD into the Repository identifier field. 7. Specify the LDAP directory that you are using in the Directory type field. 8. Type the host name of the primary LDAP directory server in the Primary host name field. The host name is either an IP address or a domain name service (DNS) name. 9. If your directory does not allow LDAP attributes to be searched anonymously, provide values for the Bind distinguished name and Bind password fields. 10. Specify the login attribute or attributes that you want to use for authentication in the Login properties field. Separate multiple attributes with a semicolon. For example: uid;mail. 11. Click Apply 12. and then Save 13. Set the base entry fields, and click OK NOTE: If this was Domino LDAP, set the first entry to root, and leave the second blank. 'root' is a special setting for WebSphere that tells it not to use a base. This will allow domino customer to find the user in the primary directory and all secondary directories, as well as all flat groups. All other ldap directories, the entries to the base of your directory. My ldap directory is IBM Directory Server, so I set the base to dc=ibm,dc=com 14. and then Save 15. In the Repository Identifier column, click the link for the repository or repositories that you just added. 16. In the Additional Properties area, Select Group Federated repositories entity types to LDAP object classes mapping. 17. Make sure Group and Person Account are set to group and user. If this was Domino, they would be set to DominoGroup or DominoPerson IBM Directory server is typically groupOfUniqueNames and inetOrgPerson Active Directory is group and user 18. Back in the repositories page, select Group attribute definition 19. and then click the Member attributes link. 20. If you are using AD, member with object class group is the typical config. If you are using Domino, member with object class dominoGroup or groupOfNames is fine If you are using IDS, make sure to include uniquemember with object class groupOfUniqueNames I am using IBM Directory Server, so I clicked on New, and entered uniquemember : GroupOfUniqueNames 21. Click to go back to Group attribute definition 22. Back on the Group attribute definition page, Enter group membership values in the Name of member attribute and Object class fields. Click Ok For IBM Directory Server this would be ibm-allgroups with scope of Nested For Domino this would be dominoAccessGroups with scope of Nested For AD this would be memberof with scope of Direct 23. and then click Save to save this setting. 24. Enable Application security: a. Click Global Security in the navigation links at the top of the page. b. Select the Administrative Security and Application Security check boxes. Make sure the Java 2 security check box is unchecked c. Click Apply d. and then click Save to save this configuration. 25. Log out of the WebSphere Application Server Integrated Solutions Console and restart WebSphere Application Server a. Run /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/stopManager.sh username localadmin -password password b. Then /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh 26. Verify that users in the LDAP directory have been successfully added to the repository: a. From the WebSphere Application Server Integrated Solutions Console, select Users and Groups > Manage Users. b. In the Search by field, enter a user name that you know to be in the LDAP directory and click Search. If the search succeeds the user exists in your ldap directory. c. Click on the user, then click the Groups tab, you should see a list of groups the user belongs to 27. Once the DMGR is finding users correctly from LDAP, restart the nodeagent to pick up the changes by running a. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin /stopNode.sh -username localadmin -password password b. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin /startNode.sh 5. Install DB2 10.5 In this step we will Install DB2. Make sure you have extracted IBM DB2 Server 10.5 for Linux® on AMD64 and Intel® EM64T systems (x64) (CIXV0ML). I extracted it to /opt/install/db2/ 5.1. Install DB2 10.1 Enterprise Server 1. Follow Appendix A to export the display to your workstation 2. Run .db2setup from /opt/install/db2/server/ 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 5.2. Start DB2 1. Access the system as db2inst1 2. run db2start 5.3. Install DB2 10.5 fp7 Make sure to extract DB2 10.5 fp7, I used /opt/install/db2/fp7 1. Sign into the system as the db2 admin (db2inst1) and run db2stop 2. Sign into the system as the DB2 Admin user (dasusr1) and run db2admin stop 3. As root Run ./installFixPack from /opt/install/db2/fp7/universal 4. Enter the path where DB2 is isntalled (/opt/IBM/db2/V10.1) 5. 6. 7. Start DB2 by logging into the system as the db2 admin (db2inst1) and running db2start 6. Create the Connections Databases 6.1. Create the dedicated db2 user 1. as the root user enter the following commands a. useradd -g db2iadm1 lcuser b. echo "lcuser:password" | chpasswd 6.2. Configure unicode for db2 1. access the machine as the db2 instance owner (db2inst1) 2. Run the following commands: a. db2set DB2CODEPAGE=1208 b. db2stop force c. db2start 3. To verify the setting took, run db2set, DB2CODEPAGE should be equal 1208 6.3. Create Connections databases with wizard Make sure to extract interim fix: 5.5.0.0-IC-D1-DBwizard-LO87408-AIX-Lin to a location on the DB2 Server. I extracted to /opt/install/ic55/ic55/Wizards 1. log on to the server as root 2. Make sure all users can execute the dbWizard.sh file a. change dir to /opt/install/ic55/ic55 b. run ownership of the entire Wizards directory to the db2 instance owner by running chown -R db2inst1 Wizards 3. Grant display to all users by entering the following command xhost + 4. change to the db2 instance owner (db2inst1) by entering 5. run the following commands to export the display to your laptop (see appendix A for more details) a. export DISPLAY=9.75.245.208:0 b. xclock the clock should appear on your desktop 6. Run ./dbWizard.sh from /opt/install/ic55/ic55/Wizards 7. 8. 9. 10. 11. 12. 13. back in the ssh terminal, type exit to return to the root user 7. Install and Tivoli Directory Integrator 7.1.1 fp3 In this step, we will install TDI 7.1.1 and apply fp3. 7.1. Install Tivoli Directory Integrator 7.1.1 Software needed for this step: IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Linux - x86-64, Multilingual (CZUF3ML ) IBM Tivoli Directory Integrator Identity Edition V7.1.1 for Linux - x86-64, Multilingual (CZUF3ML ) (I used /opt/install/ic55/tdi) 1. as root Run ./install_tdiv711_linux_x86_64.bin from /opt/install/tdi/linux_x86_64 NOTE: If you have not already configured the ssh system to send the display to your laptop, use appendix A to do that. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Uncheck Start Configuration Editor 7.2. Install fixpack 3 Software needed for this step: TDI 7.1.1 - fixpack 3: http://www-01.ibm.com/support/docview.wss?uid=swg27010509 Download and extract FP3 on the server. (I extracted to /opt/install/ic55/tdi/fp3) 1. The zip file you download extracts to a folder (7.1.1-TIV-TDI-FP0003) that contains a zip file (TDI-7.1.1-FP0003.zip) and 3 other files. It's this TDI-7.1.1-FP0003.zip we will point to in the next step. 2. Run ./applyUpdates.sh -update /opt/install/ic55/tdi/fp3/7.1.1-TIV-TDI-FP0003/TDI7.1.1-FP0003.zip from the from /opt/IBM/TDI/V7.1.1/bin/ directory 3. After the fix pack is installed, verify the Tivoli Directory Integrator fix pack version installed on your system by running /opt/IBM/TDI/V7.1.1/bin/applyUpdates.sh -queryreg You should get the following results Information from .registry file in: /opt/IBM/TDI/V7.1.1 Edition: Identity Level: 7.1.1.3 License: None Fixes Applied =-=-=-=-=-=-= TDI-7.1.1-FP0003(7.1.1.0) Components Installed =-=-=-=-=-=-=-=-=-= BASE SERVER -TDI-7.1.1-FP0003 CE -TDI-7.1.1-FP0003 JAVADOCS -TDI-7.1.1-FP0003 EXAMPLES EMBEDDED WEB PLATFORM AMC Deferred: false 7.3. Configure TDI 1. Copy the db2jcc.jar and db2jcc_license_cu.jar files from the java subdirectory of the directory where you installed DB2 (/opt/IBM/db2/V10.5/java) to the jvm/jre/lib/ext subdirectory of Tivoli Directory Integrator. (/opt/IBM/TDI/V7.1.1/jvm/jre/lib/ext) 2. Increase the runtime memory for TDI a. Edit /opt/IBM/TDI/V7.1.1/ibmdisrv b. At the bottom of the file look for "$TDI_JAVA_PROGRAM" $TDI_MIXEDMODE_FLAG -cp "$TDI_HOME_DIR/IDILoader.jar" "$LOG_4J" com.ibm.di.loader.ServerLauncher "$@" & change this to "$TDI_JAVA_PROGRAM" -Xms256M -Xmx1024M $TDI_MIXEDMODE_FLAG -cp "$TDI_HOME_DIR/IDILoader.jar" "$LOG_4J" com.ibm.di.loader.ServerLauncher "$@" & c. Save and close the file 8. Populate the profiles database using wizard NOTE: If you have not exported the display to run a gui on your local machine, use appendix A to do that now. 1. Copy the Wizards directory from the IBM Connections installation media (interim fix: 5.5.0.0-IC-D1-DBwizard-LO87408-AIX-Lin) to the system where Tivoli Directory Integrator is installed. Everything is on the same machine for my enviornment, so the Wizard directory is in /opt/install/ic55/ic55/Wizards/ 2. Run ./populateWizard.sh from /opt/install/ic55/ic55/Wizards/ 3. 4. 5. 6. 7. 8. 9. 10. 11. 8.1. Copy tdisol directory to keep profiles and ldap in sync 1. create a tdisol dir in /opt/IBM/TDI/V7.1.1/ mkdir /opt/IBM/TDI/V7.1.1/tdisol 2. Copy the TDI directory from /opt/install/ic55/ic55/Wizards/TDIPopulation/linux to /opt/IBM/TDI/V7.1/tdisol/ cp -ar /opt/install/ic55/ic55/Wizards/TDIPopulation/linux/TDI/ /opt/IBM/TDI/V7.1.1/tdisol/ 3. This directory has the settings from when you populated the profiles database. Periodically as users are added, removed or updated in ldap you need to run the ./sync_all_dns.sh from this directory to keep the profiles database and ldap directory in sync 9. Install and Configure IBM HTTP Server and Plug-in 8.5.5.7 In this step we will Install IBM HTTP Server 8.5.7 Install the plugin for the HTTP Server Apply fix pack IHS as well as the plugin Configure IHS with the DMGR Configure SSL on IHS 9.1. Install IBM HTTP Server 8.5.5.7 Software needed for this step: IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM WebSphere Application Server V8.5.5 Supplements (1 of 3) for Multiplatform Multilingual (CIK1VML ) IBM WebSphere Application Server V8.5.5 Supplements (2 of 3) for Multiplatform Multilingual (CIK1WML ) IBM WebSphere Application Server V8.5.5 Supplements (3 of 3) for Multiplatform Multilingual (CIK1XML ) IBM HTTP Server and plug-ins 8.5.5 fixpack 7 - http://www01.ibm.com/support/docview.wss?uid=swg24040533 Extract the IBM IBM WebSphere Application Server V8.5.5 Supplements and Supplements Fix Pack 7 downloads in to a directory. I extracted to /opt/install/ic55/wassupp and /opt/install/ic55/wassupp/fp7 1. Start IBM Install Manager by running ./IBMIM from /opt/IBM/InstallationManager/eclipse NOTE: If you have not already exported the display, follow Appendix A to export the display 2. Go to File Preferences 3. Select the Supplements and Fix Pack7 repository 4. 5. 6. Select IBM HTTP Server, Web Server Plug-ins and the Customization Toolbox 7. 8. 9. 10. 11. 12. 13. 9.2. Configure Plug-In with WebSphere Customization toolbox 1. Create the create a runtime user for the admin server by running the following as root: groupadd ihs useradd -g ihs ihs 2. If the Web Server Plug-in Customization Toolbox is not running start it running ./wct.sh from /opt/IBM/WebSphere/Toolbox/WCT 3. 4. 5. 6. 7. 8. 9. 10. Since I created the ihs user and group prior to installing IHS, I uncheck Create a new unique system user 11. 12. 13. Select the AppServer profile (NOT Dmgr) 14. 15. 16. 17. copy configurewebserver1.sh from /opt/IBM/WebSphere/Plugins/bin/ to /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/ cp /opt/IBM/WebSphere/Plugins/bin/configurewebserver1.sh /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/configurewebserver1.sh 18. Change dir to /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/ and run ./configurewebserver1.sh -username localadmin -password password 19. At this point if you log into the IBM Integrated Solution Console, go to Servers Server Types - Web Servers, you should see the webserver1 that was just created 10. Configure SSL on IHS When using connections, all communication between components occurs over SSL, also, when you click login, we send the user to an ssl address, so you must configure SSL on the IBM HTTP Server that will run in front of Connections. Setting up SSL on the http server is a 3 step process. Create the SSL key file for IHS Configure httpd.conf to listen over ssl Add the HTTP Server certificate to WebSphere trust store 10.1. Create the SSL key file for IHS 1. If you have not exported the display to your local machine, follow the steps in Appendix A to do that now. 2. Start IBM Key Management Utility by going to /opt/IBM/HTTPServer/bin and running ./ikeyman 3. Click New 4. Set Key database type to CMS select a filename and location NOTE: make sure all folders in the path are already created. I had to create the ssl folder under /opt/IBM/HTTPServer 5. Set password and Stash the password to a file 6. While in Personal Certificates, click New Self-Signed… 7. Set the Key Label and Common name to the hostname of the IHS Server, and set validity period to the length of time you want this certificate to be valid 8. Close the Key Management utility 10.2. Configure httpd.conf to listen over ssl 1. Open /opt/IBM/HTTPServer/conf/httpd.conf 2. Add the following lines just above the was_ap22_module module LoadModule ibm_ssl_module modules/mod_ibm_ssl.so <IfModule mod_ibm_ssl.c> Listen 0.0.0.0:443 <VirtualHost *:443> ServerName cpdocs2.swg.usma.ibm.com #DocumentRoot /opt/IBM/HTTPServer/htdocs SSLEnable SSLProtocolDisable SSLv3 SSLv2 </VirtualHost> </IfModule> SSLDisable Keyfile "/opt/IBM/HTTPServer/ssl/ihskey.kdb" SSLStashFile "/opt/IBM/HTTPServer/ssl/ihskey.sth" LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so WebSpherePluginConfig…… 3. Save and Close httpd.conf 4. Restart the IBM HTTP Server service by going to /opt/IBM/HTTPServer/bin/ and running ./apachectl stop ./apachectl start 5. At this point you will be able to access https://cpdocs2.swg.usma.ibm.com, and get the default index.html page 10.3. Add the HTTP Server certificate to WebSphere trust store 1. Open the WAS Admin console (https://cpdocs2.swg.usma.ibm.com:9043/ibm/console/logon.jsp) and login 2. Open Secruity – SSL certificate and key management Under Related Items, select Key stores and certificates 3. Click on CellDefaultTrustStore 4. Click on Signer Certificates 5. Click on Retrieve from port 6. Enter a host, port and alias of the HTTP Server and click Retrieve signer information 7. Click OK 8. Click Save 9. Close the Integrated Solutions Console 11. Install IBM Connections 5.5 Software needed for this step IBM Connections V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8MML) IBM Connections V5.5 for Linux Multilingual (CN80AML) IBM Connections Content Manager V5.5 for IBM Connections Suite V5.5 Multiplatform Multilingual eAssembly (CRY8NML) IBM FileNet Content Engine V5.2.1 Linux Multilingual (CN214ML ) IBM FileNet Content Engine Client V5.2.1 Linux English (CN223EN ) IBM Content Navigator V2.0.3 for IBM Connections Enterprise Content Edition (CECE) V5.2 Multiplatform Multilingual eAssembly (CRVX7ML) IBM Content Navigator V2.0.3 Linux Multilingual (CN0PTML ) FileNet Components FileNet Content Engine 5.2.1 FP2 and Content Engine Client 5.2.1 FP2 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=FileNet%2BProd uct%2BFamily&product=ibm/Information+Management/FileNet+Content+Engin e&release=5.2.1.2&platform=All&function=all&useReleaseAsTarget=true&sour ce=fc fix pack: 5.2.1.2-P8CPE-LINUX-FP002 fix pack: 5.2.1.2-P8CPE-CLIENT-LINUX-FP002 IBM Content Navigator 2.0.3 FP5 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Enterprise%2BC ontent%2BManagement&product=ibm/Other+software/Content+Navigator&relea se=2.0.3&platform=All&function=all&source=fc Make sure to get the 2.0.3-ICN fixpack for your OS: fix pack: 2.0.3-ICN-FP005-LINUX Follow Appendix A to export the display to your desktop if you have not already done so. NOTE: Before you start the install. If you installed WebSphere Application Server in a non-English locale, you should review the following technote to ensure the FileNet components will install correctly http://www-01.ibm.com/support/docview.wss?uid=swg21968883 NOTE: Make sure to restart the DMGR and nodeagents just before starting the install. 1. Stop the nodeagent by running: a. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/stopNode.sh -username localadmin -password password 2. Restart the DMGR by running a. /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/stopManager.sh -username localadmin -password password b. /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/startManager.sh 3. Start the nodeagent by running: a. /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh 4. Start IBM Install Manager by running ./IBMIM from /opt/IBM/InstallationManager/eclipse/ 5. 6. Browse to the location you extracted IBM Connections V5.5 for Linux Multilingual (CN80AML) /opt/install/ic55/ic55/IBM_Connections_Install/IBMConnections/repository.config in my environment 7. 8. 9. 10. 11. 12. Scroll down and selected IBM Connections Content Manager 13. 14. 15. 16. The user fnanon is a system user in my LDAP directory that will only be used for anonymous access to FileNet, once you enter that, scroll down to enter the location of the FileNet files 17. Browse to the location you extracted the FileNet installers /opt/install/ic55/filenet in my environment and click Validate 18. 19. 20. I decided to install a Medium deployment, so the Connections application are installed over 4 different clusters. AppsCluster - Activities, Blogs, Bookmarks, Files, Forums, Metrics, Mobile, Wikis InfraCluster - Communities, News, Profiles, Search, Common, Widget Container UtilCluster - Homepage, Moderation, Rich Text Editor CCMCluster - Connections Content Manager (FileNet) PushCluster - Push Notifications 21. 22. 23. 24. 25. I will set up the cognos piece later, so I select Do later here 26. I plan on configuring this system with IBM Docs, which will require additional physical machines, so I will install the shared directory to an NSF share (/nsf/IBM/Connections/data/shared) 27. 28. 29. I have a domino server in my environment listening on port 25 for smtp traffic, so I went ahead and configured notifications to that server. 30. 31. 32. NOTE: My install took about 2 hours to complete. Once the install finishes, look in the nodeagent systemout.log log located at C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\nodeagent for the following line: ADMA7021I: Distribution of application <connections_app> completed successfully. You will see the following applications get synced: ADMA7021I: Distribution of application commsvc completed successfully. ADMA7021I: Distribution of application ibmasyncrsp completed successfully. ADMA7021I: Distribution of application Activities completed successfully. ADMA7021I: Distribution of application Mobile completed successfully. ADMA7021I: Distribution of application FileNetEngine completed successfully. ADMA7021I: Distribution of application navigator completed successfully. ADMA7021I: Distribution of application Files completed successfully. ADMA7021I: Distribution of application Forums completed successfully. ADMA7021I: Distribution of application News completed successfully. ADMA7021I: Distribution of application PushNotification completed successfully. ADMA7021I: Distribution of application RichTextEditors completed successfully. ADMA7021I: Distribution of application Search completed successfully. ADMA7021I: Distribution of application Profiles completed successfully. ADMA7021I: Distribution of application WidgetContainer completed successfully. ADMA7021I: Distribution of application Moderation completed successfully. ADMA7021I: Distribution of application Dogear completed successfully. ADMA7021I: Distribution of application Wikis completed successfully. ADMA7021I: Distribution of application Common completed successfully. ADMA7021I: Distribution of application WebSphereOauth20SP completed successfully. ADMA7021I: Distribution of application Blogs completed successfully. ADMA7021I: Distribution of application Metrics completed successfully. ADMA7021I: Distribution of application Homepage completed successfully. ADMA7021I: Distribution of application URLPreview completed successfully. ADMA7021I: Distribution of application Help completed successfully. ADMA7021I: Distribution of application ConnectionsProxy completed successfully. ADMA7021I: Distribution of application Mobile Administration completed successfully. ADMA7021I: Distribution of application Communities completed successfully. ADMA7021I: Distribution of application Extensions completed successfully. 11.1. Configure HTTP Server plugin with Connections Because I chose to configure the Web Server during the install, the settings and configuration for Connections will use the IBM HTTP Server url for communication. So before I start the server for the first time, I need to make sure the HTTP Server plugin is configured to access the different Connections components. 1. If it's not already open, open a browser to the Integrated Solutions Console and login (http://cpdocs2.swg.usma.ibm.com:9060/ibm/console) 2. Click on Servers – Server Types – Web servers 3. Select the webserver and click Generate Plug-in 4. Select the webserver and click Propagate Plug-in 5. Open C:\IBM\HTTPServer\conf\httpd.conf in notepad 6. at the bottom of the file find the following line: LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so WebSpherePluginConfig /opt/IBM/WebSphere/Plugins/config/webserver1/plugincfg.xml Make sure the value for WebSpherePluginConfig matches where the plugin-cfg.xml was propagated to If they don't match, either manually copy the plugin-cfg.xml to the location specified in httpd.conf, or update httpd.conf to look in the correct location. 7. Close the httpd.conf 8. Restart the IBM HTTP Server 8.5 service by running ./apachectl stop from /opt/IBM/HTTPServer/bin ./apachectl start from /opt/IBM/HTTPServer/bin 11.2. Start IBM Connections 1. Start IBM Connections a. Wait for the node to completely sync b. In the Integrated Solution Console go to Servers > Server Types > WebSphere application servers c. Select the clusters, and click Start d. Once you get the successfully started message, you are ready to test Connections: Once you get the successfully started message, you are ready to access Connections over the http server address 12. Additional HTTP Server config settings 12.1. Configure HTTP Server to compress some files 1. Open httpd.conf (c:\IBM\HTTPServer\conf) 2. Find the following entries in the configuration file: LoadModule headers_module modules/mod_headers.so LoadModule deflate_module modules/mod_deflate.so and uncomment them 3. Add the following after all the LoadModule's #Only the specified MIME types will be compressed. AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/atomcat+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/octet-stream AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/xsl 4. Add the following statement to specifically indicate that image files and binaries must not be compressed to prevent web browser hangs: # Ensures that images and executable binaries are not compressed SetEnvIfNoCase Request_URI \\.(?:gif|jpe?g|png|exe)$ no-gzip dont-vary 5. Add the following statement to ensure that proxy servers do not modify the User Agent header needed by the previous statements: # Ensure that proxies do not deliver the wrong content Header append Vary User-Agent env=!dont-vary 6. Add the following statement to ensure you can access the acce tool (admin client for FileNet) SetEnvIf Request_URI ^/acce(.*) no-gzip dont-vary 12.2. Configure Files and Wikis to download files This is an optional step, but recommended in the infocenter. See the following section for details. http://www01.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/install/t_install_post_files_ downloads.dita 12.3. Configure Connections to use IHS to upload files This is again an option step, but recommended in the infocenter. See the following section for details. http://www01.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/install/t_install_post_files_ uploads.dita 13. Configure IBM Connections Content Manager Libraries During the install of Connections Filenet was deployed on the system. Post install we need to configure the FileNet global configuration domain and objectstore. There are 2 scripts we will use to automatically create these. 13.1. Create Filenet Global Configuration Domain (GCD) 1. If not running, start IBM Connections by running: ./startManager.sh from /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ./startNode.sh from /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin Start Connections Clusters by running the following from /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin ./startServer.sh InfraCluster_server1 ./startServer.sh UtilCluster_server1 ./startServer.sh AppsCluster_server1 ./startServer.sh CCMCluster_server1 ./startServer PushCluster_server1 2. Run ./createGCD.sh from /opt/IBM/Connections/ccmDomainTool 3. First it will ask you for the DMGR admin ID (localadmin for my environment), then the password 4. Enter Y to regenerate the dminfo.properties file 5. Next I added an administrator group from my ldap directory 6. 13.2. Create FileNet ObjectStore 7. Run ./ createObjectStore.sh from /opt/IBM/Connections/ccmDomainTool 8. First enter the websphere admin username and password 9. I chose Y to regenerate the dminfo.properties file 10. Same as I did with the GCD, I set the administrator group from my ldap directory 11. Next enter the url used to access Connections (https://cpdocs2.swg.usma.ibm.com) NOTE: It must be the SSL url 12. 13. Restart Connections to pick up the changes. 14. Apply Connections 5.5 Recommended Day1 fixes I'm applying the recommended day 1 fixes as of February 12, 2016. See the following technote for latest recommended updates: http://www-01.ibm.com/support/docview.wss?uid=swg21972646 Software used in this step: IBM Connections Day 1 fixes: http://www933.ibm.com/support/fixcentral/swg/selectFixes?parent=Collaboration%2BSoluti ons&product=ibm/Lotus/Lotus+Connections&release=5.5.0.0&platform=All&fu nction=all interim fix: 5.5.0.0-IC-Multi-IFLO87330 interim fix: 5.5.0.0-IC-News-IFLO87487 interim fix: 5.5.0.0-IC-Common-IFLO87469 refresh pack: 5.5.0.0-IC-Multi-UPDI-20151224 14.1. Install the Day1 ifixes 1. Before getting started shut down the Connections nodes, I left the nodeagents running. 2. Extract the refresh pack: 5.5.0.0-IC-Multi-UPDI-20151224, unzip 5.5.0.0-IC-Multi-UPDI-20151224.zip -d updateinstaller 3. this will create an AIX-Linux and Windows directory. Under the AIX-Linux directory is UpdateInstaller.tar. Extract UpdateInstaller to /opt/IBM/Connections/updateInstaller tar -C /opt/IBM/Connections -xvf UpdateInstaller.tar 4. Copy the ifix jar files to /opt/IBM/Connections/updateInstaller\fixes cp 5.5.0.0-IC-Common-IFLO87469.jar 5.5.0.0-IC-Multi-IFLO87330.jar 5.5.0.0-ICNews-IFLO87487-151224.jar /opt/IBM/Connections/updateInstaller/fixes/ 5. Follow the Steps in Appendix A to export the display to your desktop 6. From /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/ run . ./setupCmdLine.sh NOTE: That's dot space dot forward slash 7. Change directory to /opt/IBM/Connections/updateInstaller/ and run ./updateWizard.sh 8. 9. 10. 11. 12. 13. 14. 15. 16. Delete the contents of /opt/IBM/WebSphere/AppServer/profiles/AppSrv01/temp NOTE: If this step is missed when you access connections again, you will see the theme from Connections 5.0 17. Start Connections and it should be ready to use. Appendix - helpful linux stuff 15. Redirecting Display from unix to local windows machine Redirecting Display\GUI from Unix to Windows: I. Install a Xwindows client on your local PC and start a Xsession Cygwin and Xming are popular clients II. Telnet\SSH into Unix server and login as root III. Set the DISPLAY to your PC's IP and export the setting DISPLAY=<your_PC_IP>:0 # DISPLAY=9.9.124.126:0 export DISPLAY IV. You may have to disable security using the following command xhost + V. Run following command in the Unix telnet\ssh session should result in a clock appearing on your local PC xclock NOTE: May have to run yum install xorg-x11-apps-7.6-6.el6.x86_64.rpm to install xclock Using Xming as your Xwindows client: The "trick" with Xming is to FIRST start it via the XLaunch (icon or command), NOT the Xming command/icon. That's because XLaunch allows you to check "No Access Control" which tells Xming to allow other IP's in. Starting Xming with the Xming command, causes the default "only allow in local host" mode. I was confused by this and first started Xming via "Xming" and didn't understand the role of XLaunch. 1. If Xming is already running and on the task bar, click and "exist" 2. Start -> All Programs -> Xming -> XLaunch 3. Select display window option .. click Next 4. Select "Start no client" option.. click Next 5. Select "Clickboard" and "No Access Control" option.. click Next ** If "No Access Control" is not selected, the xsession connection will fail" 6. Click Finish 16. Disable password settings on the OS http://www.cyberciti.biz/tips/setting-off-password-aging-expiration.html 17. Configure DB2 to start automatically after system restart On UNIX operating systems, to configure an instance to auto-start after each system restart, perform the following steps: 1. As root run the following command: NOTE: dot space /home/db2inst1/sqllib/db2profile . /home/db2inst1/sqllib/db2profile 2. Verify that the instance's startAtBoot global registry field value is set to 1 by checking the output of the following command: db2greg -getinstrec instancename='<instance name>' NOTE: If the startAtBoot global registry field value is not set to 1, set the value to 1 by running the following command: db2greg -updinstrec instancename='<instance name>'!startatboot=1 3. Enable the instance to auto-start after each system restart, by running the following command: db2iauto -on <instance name> 4. Run db2set -all Notice DB2AUTOSTART is set to YES 5. Change /opt/ibm/db2/V10.1/bin and run ./db2fm -i db2inst1 -U ./db2fm -i db2inst1 -u **This one gave an error for some reason??** ./db2fm -i db2inst1 -f on 6. Reboot 7. Sign in a db2inst1 and check the state db2fm -s -S Now when you restart the machine, DB2 should start automatically To prevent an instance from auto-starting after each system restart, enter the following command: db2iauto -off <instance name> 18. Configure IBM HTTP Server to start automatically http://www.ibm.com/developerworks/aix/tutorials/au-enterprisewebsvr/section5.html