Wednesday, April 11, 2012

IBM Connections 3.0.1 on RHEL - how to install - 9. Post-Installation Tasks

Post-Installation Tasks


Finally, we have installed IBM Lotus Connections product, but there are some more important post installation steps! Lets go to finish them!

  1. Configure HTTP server
    1. Open  http://ic.ys.cz:9060/admin and log in as wasadmin
    2. [root@ic bin]# cd /opt/IBM/HTTPServer/bin/
    3. start Administration server: [root@ic bin]# ./adminctl start
    4. Create new node to manage http server with dmgr server ... navigate to System administration > Nodes > click Add Node 
      1. select  Unmanaged node click NEXT
      2. Name: webserver1node
      3. HostName: <FQDN>
      4. Platform Type: Linux > OK > SAVE
    5. Go to create a new WebServer definition ... navigate to Servers > Server Types > Web servers > and click New
      1. Select node: webserver1node
      2. Server name: webserver1
      3. Type: IBM HTTP Server
      4. Click NEXT > NEXT
      5. Port: 80
      6. Web server installation root: /opt/IBM/HTTPServer
      7. Plug-in installation root: /opt/IBM/HTTPServer/Plugins
      8. Administration Server Port: 8008
      9. Username: ihsadmin
      10. Password: <yourpass>
      11. Confirm password:  <yourpass>
      12. Click NEXT
      13. Click FINISH ans SAVE
    6. Check webserver1 checkbox and click Start button - it should start the server. If not you can reset password:
      1. Switch to the HTTPServer_installdir/bin directory on your machine.
      2. Type the following command:
      3. ./htpasswd -b ../conf/admin.passwd user password
      4. where user and password are the user ID and password that you want to have administrative authority for IBM HTTP Server. 
    7. Resynchronize all nodes.
    8. Generate plug-in configuration file ... navigate again to the webservers (same as step 5).
      1. Select webserver1 and click Generate Plug-in and them click Propagate Plug-in
      2. Note: Make sure, you will see in a Message dialog box same path to plugin-cfg.xml as is in IHS httpd.conf (last line of the file) file saved in /opt/IBM/HTTPServer/conf/httpd.conf 
      3. Restart webserver
    9. Navigate to Servers > Web servers > webserver1 > Plug-in properties and click Copy to Web server key store directory
    10. Setup HTTP over SSL with self signed certificate
      1. [root@ic ~]# cd /opt/IBM/HTTPServer/
      2. [root@ic ~]# mkdir  keyfiles
      3. [root@ic ~]# cd bin
      4. [root@ic bin]# ./ikeyman
      5. In IBM Key Management click New
        1. Key database type: CMS
        2. File Name: webserver-key.kdb
        3. Location: /opt/IBM/HTTPServer/keyfiles
        4. Click OK
        5. Enter your password and select Stash password to a file
        6. Click OK
      6. In IBM Key Management click Create a new self-signed certificate
        1. Key Label: LC Self Signed
        2. Version: X509 V3
        3. Key Size: 1024
        4. Signature Algorithm: SHA1WithRSA
        5. Other options are optional (set them as you wish) 
        6. Click OK and close ikeyman
      7. Stop HTTP server and edit httpd.conf file
        1. [root@ic bin]# cd ../conf/
        2. backup file: [root@ic conf]# cp httpd.conf httpd.conf.bak
        3. Edit file and add following lines to the bottom of the file:
          LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
          <IfModule mod_ibm_ssl.c>
            Listen 0.0.0.0:443
            <VirtualHost *:443>
              ServerName ic.ys.cz
              SSLEnable
            </VirtualHost>
          </IfModule>
          SSLDisable
          Keyfile "/opt/IBM/HTTPServer/keyfiles/webserver-key.kdb"
          SSLStashFile "/opt/IBM/HTTPServer/keyfiles/webserver-key.sth"
        4. start HTTP server and test https url on port 80
          1. [root@ic conf]# ../bin/apachectl -k start
          2. Open browser and go to https://<yourhostname>
          3. You should get info about certificate - it is not a trusted certificate (because it is self-signed certificate)
      8. Add our cert among trusted ones in WAS Trust Store
        1. Navigate in Security > SSL Certificate and Key Management > Key stores and certificates
        2. Click on link  CellDefaultTrustStore
        3. Click on link Signer certificates
        4. Click Retrieve from port
          1. Host: <IHS hostname>
          2. Port: 443
          3. Alias: webserver-ssl
          4. And click Retrieve signer information
          5. Check if it is correct
          6. OK > SAVE
    11. Update Connections URL to use SSL
      1. [root@ic conf]# cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/
      2. [root@ic bin]# ./wsadmin.sh -lang jython
      3. wsadmin> execfile("../config/bin_lc_admin/connectionsConfig.py")
      4. wsadmin> LCConfigService.checkOutConfig("/root/","icCell01")
        • Note: Make sure that you have correct cell name in command
      5. Edit exported file and delete all occurrences of port in href or ssl_href
        1. I deleted all occurrences of  :9081 and :9444 in the file.
      6. Run wsadmin> LCConfigService.checkInConfig()
      7. Run wsadmin> synchAllNodes()
    12. You no what? You are done! Congratulations!  now you can take a look in to documentation how to tuneup your Connections

Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)