Your browser doesn't support the features requiredby impress.js, so you are presented with a simplified version of this presentation.
For the best experience please use the latest Chrome or Safari browser. Firefox 10 (to be released soon) will also handle it.
Saving My Time Using Scripts
Speed up IBM Connections(, Sametime & WebSphere)
Administration and Configuration
Christoph Stoettner
FRITZ & MACZIOL
about.me/stoeps
Agenda
- Administration of IBM Connections
- Integrated Solution Console - ISC
- wsadmin
- WebSphere Application Server
- DB2
- Little bit more
Caution
- With scripts
- Shell
- Jython
- Powershell | Batch
- SQL
- You can...
- Save a lot of time
- change lots of stuff in seconds
Disclaimer
Use all scripts i show in this slides or you download from my repositories WITHOUT WARRANTY and on your own risk!
- Tipps:
- Be Careful! Think twice!
- Create Backups
- Create a Testsystem
- Make a documentation of your changes
IBM Connections Administration
Integrated Solution Console
- Browserbased GUI for IBM WebSphere Application Server
- My Mouse pointer runs miles during a Connections Installation
- 99% on Postinstall Tasks within ISC
- Some tasks are boring
- Performance Tuning of DataSources
- Setting Roles on Applications
Edit LotusConnections-config.xml
Starting wsadmin
cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
[root@cnxwas1 bin]$ ./wsadmin.sh -lang jython -username wasadmin -password password
Type or paste your commands
WASX7209I: Connected to process "dmgr" on node cnxwas1CellManager01 using SOAP
connector; The type of process is: DeploymentManager
WASX7031I: For help, enter: "print Help.help()"
wsadmin>AdminControl.getCell()
'cnxwas1Cell01'
wsadmin>execfile("connectionsConfig.py")
Connections Administration initialized
wsadmin>LCConfigService.checkOutConfig('/tmp','cnxwas1Cell01')
# Edit /tmp/LotusConnections-config.xml and save your changes
wsadmin>LCConfigService.checkInConfig('/tmp','cnxwas1Cell01')
Loading schema file for validation: /tmp/LotusConnections-config.xsd
Loading schema file for validation: /tmp/service-location.xsd
/tmp/LotusConnections-config.xml is valid
Connections configuration file successfully checked in
Synchronize ExID with LDAP
News: Not case sensitiv
wsadmin>execfile("newsAdmin.py")
Connecting to NewsMemberServiceName: News Configuration Environment initialized
wsadmin>NewsMemberService.syncMemberExtIdByEmail("cstoettner@stoeps.local")
syncMemberExtIdByEmail request processed
Type or paste your commands
Blogs: Case sensitive
wsadmin>execfile("blogsAdmin.py")
Connecting to {...} Blogs Administration initialized
wsadmin>BlogsMemberService.syncMemberExtIdByEmail("cstoettner@stoeps.local")
WASX70115E: Exception running command:
"BlogsMemberSErvice.syncMemberExtIdByEmail("cstoettner@stoeps.local")";
exception information:
There is no member associated with this email address or login name:
cstoettner@stoeps.local
wsadmin>BlogsMemberService.syncMemberExtIdByEmail("CStoettner@stoeps.local")
syncMemberExtIdByEmail request processed
Summary wsadmin
- Complicated
- long commands
- case sensitiv
- jython commands
- sometimes also parameters!
- within Linux no history to recall commands
Agenda
- Administration of IBM Connections
- WebSphere Application Server
- Wsadmin Properties
- Jython Basics
- Useful Scripts
- DB2
- Little bit more
IBM WebSphere Application Server Scripting
wsadmin Properties - Command Line
- Always execute wsadmin on your Deployment Manager in the bin directory
cd {WAS_HOME}/profiles/Dmgr01/bin- Create Alias or Shell Variable
- Linux | AIX
./wsadmin.sh -lang {jython | jacl} -username wasadmin -password password- Windows
wsadmin.bat -lang {jython | jacl} -username wasadmin -password password
Example .bashrc
export WAS_HOME=/opt/IBM/WebSphere/AppServer
export DMGR=Dmgr01
export APPSRV=AppSrv01
alias dmgrBin='cd $WAS_HOME/profiles/$DMGR/bin'
alias wsadmin='cd $WAS_HOME/profiles/$DMGR/bin;./wsadmin.sh -lang jython'
alias nodeBin='cd $WAS_HOME/profiles/$APPSRV/bin'
alias startNode='$WAS_HOME/profiles/$APPSRV/bin/startNode.sh'
alias startDmgr='$WAS_HOME/bin/startManager.sh'
alias stopNode='$WAS_HOME/profiles/$APPSRV/bin/stopNode.sh'
alias stopDmgr='$WAS_HOME/bin/stopManager.sh'
alias nodeLog='tail -f $WAS_HOME/profiles/$APPSRV/logs/nodeagent/SystemOut.log'
alias InfraClusterLog='tail -f $WAS_HOME/profiles/$APPSRV/logs/InfraCluster_server1/SystemOut.log'
alias Cluster1Log='tail -f $WAS_HOME/profiles/$APPSRV/logs/Cluster1_server1/SystemOut.log'
alias Cluster2Log='tail -f $WAS_HOME/profiles/$APPSRV/logs/Cluster2_server1/SystemOut.log'
wsadmin - Change Default Language
edit {WAS_HOME}/profiles/Dmgr01/properties/wsadmin.properties- Default:
- com.ibm.ws.scripting.defaultLang=JACL
- Change to:
- com.ibm.ws.scripting.defaultLang=jython
wsadmin - Credentials
{WAS_HOME}/profiles/Dmgr01/properties/soap.client.props- Decreases Security (see next slide)
- com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=wasadmin
com.ibm.SOAP.loginPassword=password PropFilePasswordEncoder.sh soap.client.props com.ibm.SOAP.loginPassword
- → com.ibm.SOAP.loginPassword={xor}Lz4sLCgwLTs=
WebSphere Password Decoding
- Please do NOT store passwords in productive Environments!
- Passwords are simple XORed with "_" and base64 encoded
- Decryption:
- Several Webpages: e.g. http://www.sysman.nl/wasdecoder
cd WAS_HOME
java/jre/bin/java \
-Djava.ext.dirs=deploytool/itp/plugins/com.ibm.websphere.v8_1.0.201.v20111031_1843/wasJars \
-cp securityimpl.jar:iwsorb.jar com.ibm.ws.security.util.PasswordDecoder \
"{xor}Lz4sLCgwLTs="encoded password == "{xor}Lz4sLCgwLTs=", decoded password == "password"
Connections Administration Commands
- Each application need it own commands:
execfile("connectionsConfig.py")- Create a script with all commands for preloading (see next slide)
- Call this script in your wsadmin session:
execfile("loadAll.py")- Add your script to com.ibm.ws.scripting.profiles in:
{WAS_HOME}/profiles/Dmgr01/properties/wsadmin.properties- Call wsadmin to execute the script
./wsadmin.sh -lang jython -profile loadAll.py
loadAll.py
execfile('connectionsConfig.py')
execfile("activitiesAdmin.py")
execfile("blogsAdmin.py")
execfile("communitiesAdmin.py")
execfile("dogearAdmin.py")
execfile("filesAdmin.py")
execfile("forumsAdmin.py")
execfile("homepageAdmin.py")
execfile("newsAdmin.py")
execfile("profilesAdmin.py")
execfile("wikisAdmin.py")
- Save in:
cd {WAS_HOME}/profiles/Dmgr01/bin
Caution: In multinode cluster environments you're asked on which server you want to work
Jython
- Easy to learn but and powerful
- Python for the Java Platform
- Books
- WebSphere Application Server Administration Using Jython (2009)
Authors: Robert A. Gibson, Arthur Kevin McGrath and Noel J. Bergman - The Definitive Guide to Jython: Python for the Java Platform (2010)
Authors: Josh Juneau, Frank Wierzbicki, Leo Soto and Victor Ng
Web Ressources
- Learn Python (similar to Jython)
- Great online courses on http://www.codecademy.com/ (Python, API, JavaScript)
- http://learnpythonthehardway.org/book/
Jython basics: Defining variables
# Defining a String
x = 'Hello World'
x = "Hello World Two"
# Defining an integer
y = 10
# Float
z = 8.75
# Complex
i = 1 + 8.07j
# Multiple assignment
x, y, z = 1, 2, 3
Jython basics: Ranges
wsadmin>range(7)
[0, 1, 2, 3, 4, 5, 6]
# Include a step in the range
wsadmin>range(0,10,3)
[0, 3, 6, 9]
# Good base for loops
wsadmin>range(1,11)
[1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
wsadmin>range(20,27)
[20, 21, 22, 23, 24, 25, 26]
Jython basics: Lists and dictionaries
#List
wsadmin>dbs = ['activities','blogs','communities','dogear','files','forum']
wsadmin>dbs[1]
'blogs'
# Dictionary with Performance Data
wsadmin>minConnections = {'activities':1,'blogs':1,'communities':10,'dogear':1}
wsadmin>maxConnections = {'activities':50,'blogs':250,'communities':200}
wsadmin>maxConnections
{'communities': 200, 'activities': 50, 'blogs': 250}
wsadmin>maxConnections.keys()
['communities', 'activities', 'blogs']
wsadmin>maxConnections.values()
[200, 50, 250]
wsadmin>maxConnections['blogs']
250
Jython basics: if - elif - else
- Indent 4 spaces to group the code
# Basic
if condition :
# print or do something
elif other condition :
# print or do something other
else :
# print or do completely different
# Example
if value.find( 'CLFWY0217E' ) > -1 :
print "\t\tuser already converted"
elif value.find( 'CLFWY0212E' ) > -1 :
print "\t\tuser not found in database"
elif value.find( ' CLFWY0209E' ) > -1 :
print "\t\tnew identifier '" + data[1] + "' does not exist."
else :
print '\t\tException value: ' + value
Jython basics: Loops
# For Loops
dbs = ['activities','blogs','communities','dogear','files','forum','homepage']
for db in dbs: #loop through databases
print "Database %s" % db
# While
x = 0
y = 3
while x <= y :
print 'Value of x is: %d' %(x)
x += 1
else:
print 'Completed!'
Value of x is: 0
Value of x is: 1
Value of x is: 2
Value of x is: 3
Completed!
Test Database Connection
- checkDataSource.py
# List of databases you want to check:
dbs = ['activities','blogs','communities','dogear','files','forum','homepage']
for db in dbs: #loop through databases
ds = AdminConfig.getid('/DataSource:' + db + '/')
checkDS = AdminControl.testConnection(ds)
if checkDS == "WASX7217I: Connection to provided datasource was successful." :
print 'Connect to %s was successful' % db
else :
print 'Error: %s is not available' % db
Connect to activities was successful
Connect to blogs was successful
Connect to communities was successful
[...]
Change DataSource Parameters
- changeDataSource.py
- Setting Default Parameters as mentioned in
IBM Connections 4.0 Performance Tuning Guide
#Define a dictionary with database names and parameters
perf = {'activities':{'minConnections':1,'maxConnections':50},
'blogs':{'minConnections':1,'maxConnections':250},
'communities':{'minConnections':10,'maxConnections':200},
'dogear':{'minConnections':1,'maxConnections':150},
'files':{'minConnections':10,'maxConnections':100},
'forum':{'minConnections':50,'maxConnections':100},
'homepage':{'minConnections':20,'maxConnections':100},
...
'wikis':{'minConnections':1,'maxConnections':100}}
statementCacheSize = 100 #change to 50 for oracle
# perf.keys() gives a list of all databases in perf
for db in perf.keys(): # Looping through databases, first values in dictionary
# db.upper() convert the database name to capitals
print 'Change DataSource parameters for: %s' % db.upper()
t1=AdminConfig.getid('/DataSource:' + db + '/')
print ' statementCacheSize: ' + str(statementCacheSize)
print ' minConnections: ' + str(perf[db]['minConnections'])
print ' maxConnections: ' + str(perf[db]['maxConnections'])
AdminConfig.modify(t1,'[[statementCacheSize "' + str(statementCacheSize) + '"]]')
AdminConfig.modify(t1,'[[connectionPool [[minConnections "' + str(perf[db]['minConnections']) + '"][maxConnections "' + str(perf[db]['maxConnections']) + '"]]]]')
AdminConfig.save()
Live Demo
memberService on all Applications
- memberSyncByEmail.py
MAILADDRESS = sys.argv[0]
print "Syncing MemberService for " + MAILADDRESS
execfile("/opt/install/scripts/loadAll.py")
ActivitiesMemberService.syncMemberExtIdByEmail(MAILADDRESS)
BlogsMemberService.syncMemberExtIdByEmail(MAILADDRESS)
CommunitiesMemberService.syncMemberExtIdByEmail(MAILADDRESS)
DogearMemberService.syncMemberExtIdByEmail(MAILADDRESS)
FilesMemberService.syncMemberExtIdByEmail(MAILADDRESS)
ForumsMemberService.syncMemberExtIdByEmail(MAILADDRESS)
NewsMemberService.syncMemberExtIdByEmail(MAILADDRESS)
WikisMemberService.syncMemberExtIdByEmail(MAILADDRESS)
./wsadmin.sh –lang jython –f "memberSyncByEmail.py" "cstoettner@stoeps.local"
SyncAllMember
EmailMatch = sys.argv[0]
# Loading Connections Administration Commands
execfile("activitiesAdmin.py")
execfile("blogsAdmin.py")
execfile("communitiesAdmin.py")
execfile("dogearAdmin.py")
execfile("filesAdmin.py")
execfile("forumsAdmin.py")
execfile("homepageAdmin.py")
execfile("newsAdmin.py")
execfile("profilesAdmin.py")
execfile("wikisAdmin.py")
apps = ['Activities','Blogs','Communities','Dogear','Files','Forums','News','Wikis']
def memService(appname,EmailMatch):
if("Activities" == appname) :
print "\tActivitiesMemberService.syncAllMembersByExtId"
ActivitiesMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
elif("Blogs" == appname) :
print "\tBlogsMemberService.syncAllMembersByExtId"
BlogsMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
elif("News" == appname) :
print "\tNewsMemberService.syncAllMembersByExtId"
NewsMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
elif("Dogear" == appname) :
print "\tDogearMemberService.syncAllMembersByExtId"
DogearMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
elif("Communities" == appname) :
print "\tCommunitesMemberService.syncAllMembersByExtId"
CommunitiesMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
elif("Files" == appname) :
print "\tFilesMemberService.syncAllMembersByExtId"
FilesMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
elif("Forums" == appname) :
print "\tForumsMemberService.syncAllMembersByExtId"
ForumsMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
elif("Wikis" == appname) :
print "\tWikisMemberService.syncAllMembersByExtId"
WikisMemberService.syncAllMembersByExtId( {"updateOnEmailLoginMatch": EmailMatch } )
else :
print "\tUnknown application name '" + appname + "'"
for app in apps:
print "Sync all Members by EXTID for " + app
memService(app, EmailMatch)
Backup Security Roles
apps = AdminApp.list()
appsList = apps.split(lineSeparator) #List of all applications
path = '/opt/install/backup' # must exist!
for app in appsList:
filename = app + ".txt"
my_file = open(path + '/' + filename,'w')
my_file.write (AdminApp.view(app,"-MapRolesToUsers"))
my_file.flush
my_file.close()
- Script creates a textfile with security role informations of each application
./wsadmin.sh –lang jython –f "{path}/securityrolebackup.py" 'backuppath'
Restore Security Roles
- Script read textfile with security role informations of each application
import os
import sys
# Restore Security Role from Textfile (created with j2eerolebackup
path = sys.argv[0]
if path == '':
path='../temp/j2eebackup' # path where Backup is stored
print "Setting path to %s!" % path
if not os.path.exists(path):
print "Path does not exists, please provide directory with your backup files!"
sys.exit()
def convertFile2Dict(appname):
# function to convert backup txt files of Security Role Backup to a dictionary
filename = path + '/' + appname + ".txt"
myfile = open(filename,'r')
count = 0
dict = {}
for line in myfile.readlines():
# for loop through file to read it line by line
if (':' in line) and (count > 12):
value = line.split(':')[0]
# cred = line.split(':')[1].strip('\n')
cred = line.split(':')[1]
# cred = cred.strip(' ')
cred = cred.strip()
if value == "Role":
role = cred
dict[role] = {}
dict[role][value] = cred
count += 1
return dict
def setSecurityRoles(dictionary,appName):
strRoleChange = '['
for role in dictionary.keys():
# Loop through Roles
strRoleChange += '[\"' + role + '\" '
strRoleChange += dictionary[role]['Everyone?'] + ' '
strRoleChange += dictionary[role]['All authenticated?'] + ' '
strRoleChange += '\"' + dictionary[role]['Mapped users'] + '\" '
strRoleChange += '\"' + dictionary[role]['Mapped groups'] + '\"] '
strRoleChange += ']]'
AdminApp.edit(appName, '[-MapRolesToUsers' + strRoleChange +']')
print "Setting Roles and Users for %s" % appName
AdminConfig.save()
apps = AdminApp.list()
appsList = apps.split(lineSeparator)
# Test with some Apps:
# appsList = ['Blogs','Activities','Wikis']
# or Single App:
# appsList = ['Blogs']
for app in appsList:
# For testing: set app to example applicatio
setSecurityRoles(convertFile2Dict(app),app)
print "Restore of Security Roles finished!"
Blogs about scripting
- http://www.kbild.ch
- e.g. Set Default Security Roles and Restrict Roles to Administrators
- perfect to set initial security roles
connwasadmin='wasadmin'
connadmin='Admin1|Admin2'
connmoderators='Moderator1|Moderator2'
connmetrics='Metrics1|Metrics2'
connmobile='Mobile1|Mobile2'
appName='Activities'
AdminApp.edit(appName, '[-MapRolesToUsers [["person" No Yes "" ""] ["everyone" Yes No "" ""] ["reader" Yes No "" ""] ["metrics-reader" No Yes "" ""] ["search-admin" No No "'+connwasadmin+'|'+connadmin+'" ""] ["widget-admin" No No "'+connwasadmin+'|'+connadmin+'" ""] ["admin" No No "'+connwasadmin+'|'+connadmin+'" ""] ["bss-provisioning-admin" No No "" ""] ]]')
print "Setting Roles and Users for Activities"
AdminConfig.save()
IBM DB2 Scripting
Useful commands
- Get a list of all databases of an db2 instance
- Linux
db2 list database directory | grep alias | awk '{print $4}' | sort- Windows (Powershell)
-
db2cmd -i -c -w "db2 list database directory | where {$_ -match "alias"}\ | %{ $_.Split('=')[1]; }" - Show active databases
- Show active databases
-
db2 list active databases
Automatic maintenance
- DB2 9.7 with export of Policy Files and reimport to other databases:
- Skripting DB2 Automatic Maintenance | Stoeps
- IBM Data Studio
- Configure Automatic maintenance and Backup on one database (eg homepage)
- Save commands to sql script
Automatic maintenance (2)
- automaint.sql
- copy the update line and the 4 CALL statements
- or download my automaint.sql and change the backup path (GitHub)
- setmaintenance.sh
#!/bin/bash
databases=$(db2 list database directory | grep alias | awk '{print $4}' | sort)
for database in ${databases[@]}
do
echo $database
db2 "connect to $database"
db2 -tvf automaint.sql
db2 "connect reset"
done
Select EXID through applications
- checkExID.sh
- Search any user by Email and get their ExID in each IBM Connections Application
Check ExId Bash Script
if [ -z "$1" ]; then
echo "USAGE: `basename $0` mailaddress"
exit ;
fi
MAIL=$1
db2 -x "connect to peopledb" | grep alias | awk '{print $5}'
db2 -x "SELECT PROF_GUID, PROF_MAIL FROM EMPINST.EMPLOYEE WHERE PROF_MAIL_LOWER = '${MAIL,,}'"
db2 -x "connect reset" > /dev/null
while true; do
printf "Which email address should be used for Lookup?\n"
read MAIL
break
done
db2 -x "connect to OPNACT"| grep alias | awk '{print $5}'
db2 -x "select EXID from activities.oa_memberprofile where email = '$MAIL'"
db2 -x "connect reset" > /dev/null
db2 -x "connect to BLOGS"| grep alias | awk '{print $5}'
db2 -x "select EXTID from blogs.rolleruser where EMAILADDRESS = '$MAIL'"
db2 -x "connect reset" > /dev/null
db2 -x "connect to SNCOMM"| grep alias | awk '{print $5}'
db2 -x "select DIRECTORY_UUID from SNCOMM.MEMBERPROFILE where email = '${MAIL,,}'"
db2 -x "connect reset" > /dev/null
db2 -x "connect to dogear"| grep alias | awk '{print $5}'
db2 -x "select MEMBER_ID from DOGEAR.PERSON where email = '${MAIL,,}'"
db2 -x "connect reset" > /dev/null
db2 -x "connect to files"| grep alias | awk '{print $5}'
db2 -x "select DIRECTORY_ID from FILES.USER where email = '$MAIL'"
db2 -x "connect reset" > /dev/null
db2 -x "connect to forum" | grep alias | awk '{print $5}'
db2 -x "select EXID from FORUM.DF_MEMBERPROFILE where email = '$MAIL'"
db2 -x "connect reset" > /dev/null
db2 -x "connect to Homepage"| grep alias | awk '{print $5}'
db2 -x "select EXID from HOMEPAGE.PERSON where USER_MAIL = '$MAIL'"
db2 -x "connect reset" > /dev/null
db2 -x "connect to wikis"| grep alias | awk '{print $5}'
db2 -x "select DIRECTORY_ID from WIKIS.USER where email = '$MAIL'" | grep "-"
db2 -x "connect reset" > /dev/null
Some more
Get Root Certificate (e.g. selfsigned)
- When you use LDAPS in TDI (or populationWizard), or Domino EE you need to trust the root certificate
- Prerequist: openssl, java (keytool)
- ./create_cacerts.sh -h hostname -p port -f path/filename
- example: ./create_cacerts.sh -h mail.stoeps.local -p 636 -f /opt/install/keystore
- You have to provide a keystore password (twice) and trust cert
- TDIPopulation/solution.properties:
javax.net.ssl.trustStore=/opt/install/keystore
create_cacerts.sh
TMP1=`mktemp -d`
trap "rm -rf $TMP1" EXIT
while getopts h:p:f:?: option
do
case "${option}"
in
h) SERVERNAME=${OPTARG};;
p) SERVERPORT=${OPTARG};;
f) STORECACERTS=${OPTARG};;
?) echo "USAGE: `basename $0` -h hostname -p port -f Certfile\n"
echo "You have to type a password for keyfile twice and set\n"
echo "the key to trusted!"
exit
;;
esac
done
if [ -z "$SERVERNAME" ] | [ -z "$SERVERPORT" ] | [ -z "$STORECACERTS" ] ; then
echo "USAGE: `basename $0` -h hostname -p port -f Certfile"
echo "You have to type a password for keyfile twice and set\n"
echo "the key to trusted!"
exit
fi
openssl s_client -showcerts -connect $SERVERNAME:$SERVERPORT < /dev/null > $TMP1/cst-key.out
openssl x509 -outform DER < $TMP1/cst-key.out > $TMP1/cst-key.der
openssl x509 -inform der -in $TMP1/cst-key.der -out $TMP1/cst-key.pem
keytool -import -alias Selfsigned -keystore $STORECACERTS -file $TMP1/cst-key.pem
Ressources
Download the shown scripts
- You can download all scripts (and some more) WITHOUT WARRENTY and on your own risk:
https://github.com/stoeps13/ibmcnxscripting
- There is much more:
- memberSyncAllByEXID.py, inactivate Users
- Create a printable version of Connections documentation
- Database backup, Lastlogon
- Change Monitoring Policy
- and so on
- Future:
- create Powershell or Windows Batches
- scripts for basic troubleshooting
- add more error handling
- more documentation
- You're invited to work with these scripts, upload your own
- Discuss with me through
- Skype: christophstoettner
- Twitter: @stoeps
- G+, Facebook, LinkedIn ...