Help coderanch get a
new server
by contributing to the fundraiser

Ryan Zezeski

Greenhorn
+ Follow
since Mar 13, 2005
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Ryan Zezeski

Are you by any chance doing the upload over HTTPS? What browser are you uisng? And do you recieve a "The Page Cannot Be Displayed" error message in the browser?
18 years ago
What you are talking about is called vertical clustering. That is...federating multiple nodes on the same box into the same cell. There are actually two ways you can do this. Keep in mind, if you're going to run a vertical cluster, your machine better be pretty strong because even one WAS instance is very processor and memory hungry. Also keep in mind that vertical clustering is a SPOF (single point of failure) and will only possibly aid in work load management (that is if the machine is quick enough to run all the nodes at once, a multiprocessor machine really is a must).

The first, and my personal recommendation if this is a production environment is to create a "coexistence environment." Basically, install WAS base on the machine for each additional node you want. Then federate these nodes into the cell created by NDM. Here is a good page to learn more about coexistence: http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rins_coexist.html


The second method is to create multiple configuration instances. This method is good for development scenarios or a box with cramped hard drive space. In this scenarion you install WAS base once and then run the wsinstance command to create multiple configuration instances. These instances can than be federated into the cluster. Now for some reason I thought I remember reading somewhere that you can't federate a configuration instance into a cell, but I know for a fact that is untrue because I do it all the time at work when developing. However, multiple configuration instances can be rather confusing at first, so keep that in mind. Here is a good page about multiple configuration instances: http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/tins_instances.html.


Also, another things to always keep in mind are port numbers! You will run into a lot of problems if your port numbers conflict. For example, if you have global security on and one of your listener ports is already binded by another application you will recieve an error about your keystore being no good, but in reality it has nothing to do with your keystore. It would be wise to come up with a port numbering scheme and store it in a text file somehwere.

Most of all, goodluck, because sometimes when working with WAS you just need to cross your fingers and hope to god it works.
18 years ago

Originally posted by Alana Sparx:
Thanks foe the reply, Ryan.

Global Security is currently turned off - what I'm trying to do is switch it on, but the original username/passwords have been lost.

So, I need to
a) figure out which user registry is being used - if it on the localOS, can i easily get a look at this (I'm expecting a guffaw followed by a strong !NO!' to this, but hey, I'm desperate). If its LDAP, i suppose I'm in a bit of a pickle?

b) one I have the log in details I can 'log-in' to the appropriate registry, and then have the permissions to tamper with the as yet non-existent security setting?

Any ideas where the localOS registry might be? Or are we talking lengths of string here?

Thanks again



I'm having a hard time understanding everything you saying, but it seems to me you either:

a) Have an external LDAP user registry somewhere and forgot or don't know any of the credentials in it. If so I would ask your admin or the previous person to setup WAS security.

b) WAS security has not been setup before and you have no user registry and are trying to figure out what to do.



LocalOS simply uses your Operating System user registry. I personally have only used a Sun ONE LDAP registry. So if the machine you have WAS installed on has a user called Joe with a password of "Password" you should be able to use that username/password, and WAS will check credentials against the OS registry.

As for LDAP there are a slew of LDAP servers WAS supports out of the box. I personally have only used Sun ONE and don't remember setting it up. However I made a user called "websphere" and used that as my login user.

You can also setup custom registries but I have no clue how to do that.

Once again, if you actually already have a user registry created somewhere, ans just forgot the credentials then you need to ask you admin or whoever created it. If you don't have a registry at all then you need to create one.

IBM info-ceter documentation for Local OS:
http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//topic/com.ibm.websphere.base.doc/info/aes/ae/csec_localos.html

IBM info-center documentation for LDAP:
http://publib.boulder.ibm.com/infocenter/wasinfo/v5r1//topic/com.ibm.websphere.base.doc/info/aes/ae/csec_ldap.html
18 years ago

Originally posted by Alana Sparx:
I need to enable security on WSAD 5.1.2 via the Admin Consol.

I take it I first need to 'log-in' via one of the user registries? If I am not on one of these registries, how can I be included in them? Or, do I need the userId and Password of the fellow who installed the app server to do any of this?

Currently, when I try and set Global Security I get the error message
'Validation failed for user xyz. Please try again....'

Any help would be most appreciated.

As





Sounds like the credentials you are passing are not in the User Registry. Tell you admin that you need your credentials added to the user registry. If you don't really have an admin then you need to figure out what type of user registry you are using and add your credentials; whether it be Local OS, LDAP, etc.

To figure out the security settings you could temporarily goto <WAS ROOT>/config/cells/<CELL NAME>/security.xml and search for the first occurence of enabled and set it to false. Save the file and bounce all servers. Global security will now be turned off and you can check what type of user regiestry you are using.
18 years ago
And yes you can configure just your App Server's HTTP Transport for SSL requests, and make direct HTTPS posts to that port. To use the IBM HTTP server you would then have to configure it to trust your App Server.
18 years ago
Well I haven't worked with WAS 6.0 yet, but it should be pretty much the same for WAS 5.1.

Each Application Server confiured in WAS (aka each Java process) has it's own embedded HTTP server. This allows you to POST HTTP requests to the Java process directly, bypassing the need for a Web Server. This is usefull for development and possibly troubleshooting.

HOwever, in production you would want to utilize an external WebServer where you can host your static content and relay HTTP requests to your Application Server. This has advantages such as keeping static content on your Web Server and not your App Server, it also allows you to place your App Server behind a secure firewall while placing you Web Server in a DMZ, and finally it is the only way (I know of) to implement load-balancing when configuring a cluster. The plugin simply tells the Web Server how the App Server is configured and mainly takes care of making sure the requests are forwaded to the correct ports, as well as handeling load balancing in a cluster.

That's the basic gist and there is more that can be said, but I hope that helps a little. You should see the WAS info center for more detail, or maybe someone here could explain further.
18 years ago


No need for guessing. The startServer.log which is located in the same directory as the .pid file will also tell you the PID.

EDIT: Edited for special characters.
[ May 29, 2006: Message edited by: Ryan Zezeski ]
18 years ago

Originally posted by Sri Addanki:
Thanks Steve and Alana!

Yes, I've created the datasource myself and jdbc/test exists. I did the check on the server files too.

Steve, here's the output when I ran dumpnamespace.



thanks, Sri

[ March 29, 2006: Message edited by: Sri Addanki ]





Are you running this script on the same host as your server? If not you need to specify the -host argument. Also you will want to specifiy the -port argument too since it defaults to 2809. Basically, that error is telling you it could not get the initial context, and it is because your provider url is incorrect, or your server is down.
18 years ago
OK, I have opened up a PMR with IBM but figured it can't hurt to try my question here too. To make a long story short i'm getting JMS related errors during listener port startup for my MDBs. I believe the errors are related to a previously failed global transaction.

Here is the rundown... I am implementing clustering support for my comanies product for WAS 5.1.1.1. We run on Solaris/Sparc, WAS 5.1.1.1 ND and WAS 5.1.1.1 BASE machines make up the cluster. Global security is enabled, Java 2 Security disabled. Using a Sun ONE external LDAP server to store credentials. This problem exists with embedded JMS, have not tested against full MQ series yet. I have a Topic for public events and a "internal" Queue for product specific events that only our app needs to listen for. We have several MDBs that listen to the Topic and Queue. I have NDM on one machine, and a federated Node on that machine, as well as a second federated node on another machine. Both have their own JMS/JDBC resources. We use jgroups to build logical clusters and for event logging fail over.

Anyways, so me and my Integratin Team manger are testing some new code inside the MDB. We launch our test from the "master" node (the one with both NDM and a federated Node). The master server starts kicking off the work, handeling the request. However, as an event is thrown to the Queue the "clone" Node's MDB is the one that picks it up. Because of an oversight in the code the MDB threw an uncaught null pointer exception, causing the MDB to stop and lots of other bad stuff.

My integration team manager goes back to the code and fixes the problem area and sends me the new ear. I redeploy and all that, reset all the servers, and then this is what I see:



Immediately it looks like a transaction problem to me. So i shutdown everyting, the Servers, the Node Agents, Deployment Manager. I then erase all tranlogs, and then bring everything back up. Guess what...still there!! It's only on the "clone" node too. The "master" starts up fine. Also note that the "clone" sserver listener ports startup, but after a minute or show these errors get thrown. Then the listener ports restart themselves, and then throw the error again. It just keeps looping itself.

I tried deleting the Cluster, all resources, basically did an uninstall and reinstall. The problem is still there. My best guess is when that null pointer was thrown in the MDB the first time something went really wrong with the XA transaction and that it is trying to finish itself. However, I have no clue how to manually finish it or cancel it besides deleting the folders found in <WAS_ROOT>/tranlog.

I did some tracing with the following strings but saw nothing obvious (of course I don't really know what i'm looking for).

com.ibm.ejs.jts.*
com.ibm.ws.LocalTransaction.*


If anyone has ANY ideas please let me know. This problem is driving me nuts!
18 years ago
I would stay away from 3rd party tutorials on the web as they are likely to leave out a lot of details. I work with both Weblogic and WAS and IMO WebSphere always seems harder to confiugre/deploy/manage. While it is frustrating and at times seems overly complicated it is quite a decent product when you start getting familair with it. I also highly reccomed a book to get you started and as a reference.

To hold you over here is a link that you should bookmark:

http://www-306.ibm.com/software/webservers/appserv/was/library/
18 years ago
Yea JAVA_HOMe won't fly. You also might want to add your JDK /bin directory to your PATH variable.
18 years ago
.....What?? Might want to be a little more descriptive.

It sounds like a CLASSPATH issue or your missing a jar in your ant/lib directory.
18 years ago
[/qb]<hr></blockquote>

is "<workspace>" the actual name of your directory? That is confusing me.

Otherwise, does ant append or insert to the CLASSPATH? If it appens maybe your CLASSPATH is malformed?

EDIT: Just remembered you cannot even create a dir with the <,> characters in windows and i'm pretty sure you can't on UNIX/Linux either. This would tell me that you are using <workspace> to reference a property or something? If so it should be ${workspace}.
[ February 04, 2006: Message edited by: Ryan Zezeski ]
18 years ago
Looks like none of your servers are up when your calling wsadmin. Just a note, you will quickly learn that jacl script errors are cryptic and often times tell you nothing. It takes a while of working with them to understand the error messages.
18 years ago