Today one of colleague was trying to add a jvm to Windows Service.
This is the syntax for the command -
WASService.exe -add service_name
-serverName server_name
-profilePath server_profile_directory
[-wasHome
app_server_root]
[-configRoot configuration_repository_directory]
[-startArgs additional_start_arguments]
[-stopArgs additional_stop_arguments]
[-userid user_id -password password]
[-logFile service_log_file]
[-logRoot server_log_directory]
[-restart true | false]
[-startType automatic | manual | disabled]
This guy is fighting with some set of parameters. He is executing, command runs, he goes to the services, he finds that specific jvm in the services, but when he starts it, it simply says *started*, upon right clicking on the service, he sees only start option, remaining faded out.
So, whats the problem?
Go through the command options properly -
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.base.doc/info/aes/ae/rins_wasservice.html
He was trying to add jvm to win services like this -
WASService.exe add blabla -logFile path/to/a/location/server.log -logRoot path/to/a/location/
yata yata yata
The problem is - one should pass SERVER LOG FILE as logFile and SERVER_LOG_LOCATION not to another location.
The WASService command looks for a file named server_name .pid to determine if the server is running.
So, if you want to add a jvm, by name server1 to Win services, you need to pass server1 log location.
Have Fun
Tuesday, June 8, 2010
Enable Trace in Plugin-cfg.xml
WebServer Plugin writes a log, by default its named as http-plugin.log, by default placed under PLUGIN_HOME/logs/
Plugin writes Error messages into this log. The attribute which deals with this is
< Log > in the plugin-cfg.xml
Ex.,
< Log LogLevel="Error" Name="/usr/IBM/WebSphere/Plugins/logs/http_plugin.log" / >
According to above line all Error messages will be written into http-plugin.log.
How to enable trace in the plugin-cfg.xml? if that is the question, do like this -
< Log LogLevel="Trace" Name="/usr/IBM/WebSphere/Plugins/logs/http_plugin.log" / >
From the InfoCenter -
Plug-in Problem Determination Steps
The plug-in provides very readable tracing which can be beneficial in helping to figure out the problem. By setting the LogLevel attribute in the config/plugin-cfg.xml file to Trace, you can follow the request processing to see what is going wrong.
Note: If you are using a Veritas File System with large file support enabled, file sizes up to two terabytes are allowed. In this case, if you set the LogLevel attribute in the plugin-cfg.xml file to LogLevel=Trace, then the http_plugin.log file might grow quickly and consume all available space on your file system. Therefore, you should set the value of the LogLevel attribute to ERROR or DEBUG to prevent high CPU utilization.
At a high level, complete these steps.
The plug-in gets a request.
The plug-in checks the routes defined in the plugin-cfg.xml file.
It finds the server group.
It finds the server.
It picks the transport protocol, HTTP or HTTPS.
It sends the request.
It reads the response.
It writes it back to the client.
Here is the URL for Web server plug-in troubleshooting tips
Plugin writes Error messages into this log. The attribute which deals with this is
< Log > in the plugin-cfg.xml
Ex.,
< Log LogLevel="Error" Name="/usr/IBM/WebSphere/Plugins/logs/http_plugin.log" / >
According to above line all Error messages will be written into http-plugin.log.
How to enable trace in the plugin-cfg.xml? if that is the question, do like this -
< Log LogLevel="Trace" Name="/usr/IBM/WebSphere/Plugins/logs/http_plugin.log" / >
From the InfoCenter -
Plug-in Problem Determination Steps
The plug-in provides very readable tracing which can be beneficial in helping to figure out the problem. By setting the LogLevel attribute in the config/plugin-cfg.xml file to Trace, you can follow the request processing to see what is going wrong.
Note: If you are using a Veritas File System with large file support enabled, file sizes up to two terabytes are allowed. In this case, if you set the LogLevel attribute in the plugin-cfg.xml file to LogLevel=Trace, then the http_plugin.log file might grow quickly and consume all available space on your file system. Therefore, you should set the value of the LogLevel attribute to ERROR or DEBUG to prevent high CPU utilization.
At a high level, complete these steps.
The plug-in gets a request.
The plug-in checks the routes defined in the plugin-cfg.xml file.
It finds the server group.
It finds the server.
It picks the transport protocol, HTTP or HTTPS.
It sends the request.
It reads the response.
It writes it back to the client.
Here is the URL for Web server plug-in troubleshooting tips
AIX Command Tips
Displaying top CPU_consuming processes:
#ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying top 10 memory-consuming processes:
#ps aux | head -1; ps aux | sort -rn +3 | head
Displaying process in order of being penalized:
#ps -eakl | head -1; ps -eakl | sort -rn +5
Displaying process in order of priority:
#ps -eakl | sort -n +6 | head
Displaying process in order of nice value
#ps -eakl | sort -n +7
Displaying the process in order of time
#ps vx | head -1;ps vx | grep -v PID | sort -rn +3 | head -10
Displaying the process in order of real memory use
#ps vx | head -1; ps vx | grep -v PID | sort -rn +6 | head -10
Displaying the process in order of I/O
#ps vx | head -1; ps vx | grep -v PID | sort -rn +4 | head -10
Displaying WLM classes
#ps -a -o pid, user, class, pcpu, pmem, args
Determinimg process ID of wait processes:
#ps vg | head -1; ps vg | grep -w wait
Wait process bound to CPU
#ps -mo THREAD -p
Cpu usage with priority levels
#topas -P
#svmon -Put 10 will give the memory mapping for the
top ten memory consuming processes.
#top
Remember, some commands needs you to be root. So, you switch to su to root.
Two important things here -
1. from ur profile, if u say
$su root
takes you to root with current shell. Means that, though u r root, u still carry ur .profile and ur env variables.
2. if u want to have root's env variables -
su - root or
su root
after getting into root
. ./.profile
#ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying top 10 memory-consuming processes:
#ps aux | head -1; ps aux | sort -rn +3 | head
Displaying process in order of being penalized:
#ps -eakl | head -1; ps -eakl | sort -rn +5
Displaying process in order of priority:
#ps -eakl | sort -n +6 | head
Displaying process in order of nice value
#ps -eakl | sort -n +7
Displaying the process in order of time
#ps vx | head -1;ps vx | grep -v PID | sort -rn +3 | head -10
Displaying the process in order of real memory use
#ps vx | head -1; ps vx | grep -v PID | sort -rn +6 | head -10
Displaying the process in order of I/O
#ps vx | head -1; ps vx | grep -v PID | sort -rn +4 | head -10
Displaying WLM classes
#ps -a -o pid, user, class, pcpu, pmem, args
Determinimg process ID of wait processes:
#ps vg | head -1; ps vg | grep -w wait
Wait process bound to CPU
#ps -mo THREAD -p
Cpu usage with priority levels
#topas -P
#svmon -Put 10 will give the memory mapping for the
top ten memory consuming processes.
#top
Remember, some commands needs you to be root. So, you switch to su to root.
Two important things here -
1. from ur profile, if u say
$su root
takes you to root with current shell. Means that, though u r root, u still carry ur .profile and ur env variables.
2. if u want to have root's env variables -
su - root or
su root
after getting into root
. ./.profile
How can we configure Remote Plugin?
This is the procedure
Machine A: WAS
Machine B: IHS
Thumb Rule: Install Plugins on IHS Machine and propagrate them to WAS.
Procedure
Machine A : Install WAS.
Machine B: Install IHS
Machine B : Install Plugins: In the installation process, you have to select remote WAS, and name for ur webserverconfig, say webserver1. After installation, in the IHS_INST/conf/httpd.conf check for IBM Module entry and Plugin installation paths
Goto the plugin installation path/bin
Check for configurewebserver1.sh/bat
Now,
Copy that file, configurewebserver1.sh/bat to WAS box, that is Machine A. The file contains this info.
./wsadmin.sh -f configureWebserverDefinition.jacl webserver1 IHS '/software/IBM/IHS' '
/software/IBM/IHS/conf/httpd.conf' 7700 MAP_ALL '/software/IBM/Plugins' unmanage
d webserver1 hostname solaris
(This is an example, 7700 is port number.)
If you already have enabled global security on WAS, you need to add -username adminusername and -password hispassword at the end of the above script.
Then run the script.
Which creates a WebServer definition in the AppServer.
U need to configure WAS to remote admin WebServer.
Machine A: WAS
Machine B: IHS
Thumb Rule: Install Plugins on IHS Machine and propagrate them to WAS.
Procedure
Machine A : Install WAS.
Machine B: Install IHS
Machine B : Install Plugins: In the installation process, you have to select remote WAS, and name for ur webserverconfig, say webserver1. After installation, in the IHS_INST/conf/httpd.conf check for IBM Module entry and Plugin installation paths
Goto the plugin installation path/bin
Check for configurewebserver1.sh/bat
Now,
Copy that file, configurewebserver1.sh/bat to WAS box, that is Machine A. The file contains this info.
./wsadmin.sh -f configureWebserverDefinition.jacl webserver1 IHS '/software/IBM/IHS' '
/software/IBM/IHS/conf/httpd.conf' 7700 MAP_ALL '/software/IBM/Plugins' unmanage
d webserver1 hostname solaris
(This is an example, 7700 is port number.)
If you already have enabled global security on WAS, you need to add -username adminusername and -password hispassword at the end of the above script.
Then run the script.
Which creates a WebServer definition in the AppServer.
U need to configure WAS to remote admin WebServer.
Security.xml file is corrupted
If security.xml file is corrupted how will restore it?
First, what is file corruption?
Corrupted files are files that suddenly become inoperable or unusable. There are several reasons why a file may become corrupted. In some cases, it is possible to recover and fix the corrupted file, while at other times it may be necessary to delete the file and replace it with an earlier saved version.
What are the chances of security.xml becoming corrupted? There are chances for any config file to become corrupted.
Things to understand:-
1. How to avoid this?
2. What to do when this happens?
1. How to avoid this?
When you plan to edit Security.xml or any configuration file, better to take a hard copy back up or run backupConfig script. Hard copy backup, cp file as security_bak.xml, then make make changes to security.
2. What to do when this happens?
Say, on 5th, Tuesday, Feb you made changes to your security, it got fat fingured or corrupted, goto your system admin, revert it back to last working copy.
I would do like this. I would talk to my system admin and ask him to load security.xml from lastnights backup. We at our office, have nightly backups and weekly backups. We retain a months historical backups.
OR - If you know your security model completely, you can manually goto security.xml file, set security to false. save and recycle your server. It sets secutiy to false means no security. Now, set your security again.
Again, When will you modify security.xml? This is not an every day task. You will edit your security at the time of setting up new installation, or when you have a change in LDAP info or, when there is a need to add a new user or group etc. So, its always a good practice to take security.xml backup before you modify it.
There is even a better way to do this, specially in Production Environments. Let your versioning system take care of it. Meaning, check in your configuration into a version control system. If you make any change, it can be tracked.
First, what is file corruption?
Corrupted files are files that suddenly become inoperable or unusable. There are several reasons why a file may become corrupted. In some cases, it is possible to recover and fix the corrupted file, while at other times it may be necessary to delete the file and replace it with an earlier saved version.
What are the chances of security.xml becoming corrupted? There are chances for any config file to become corrupted.
Things to understand:-
1. How to avoid this?
2. What to do when this happens?
1. How to avoid this?
When you plan to edit Security.xml or any configuration file, better to take a hard copy back up or run backupConfig script. Hard copy backup, cp file as security_bak.xml, then make make changes to security.
2. What to do when this happens?
Say, on 5th, Tuesday, Feb you made changes to your security, it got fat fingured or corrupted, goto your system admin, revert it back to last working copy.
I would do like this. I would talk to my system admin and ask him to load security.xml from lastnights backup. We at our office, have nightly backups and weekly backups. We retain a months historical backups.
OR - If you know your security model completely, you can manually goto security.xml file, set security to false. save and recycle your server. It sets secutiy to false means no security. Now, set your security again.
Again, When will you modify security.xml? This is not an every day task. You will edit your security at the time of setting up new installation, or when you have a change in LDAP info or, when there is a need to add a new user or group etc. So, its always a good practice to take security.xml backup before you modify it.
There is even a better way to do this, specially in Production Environments. Let your versioning system take care of it. Meaning, check in your configuration into a version control system. If you make any change, it can be tracked.
WAS Migration
Migration
This term has many definitions and a broad scope. In this document, the meaning of migration is limited to the actions associated with moving Java™ 2 Enterprise Edition (J2EE™) applications (EARs) and Application Server configuration data (such as resources and security settings) from a previous version of Application Server to V6.
WASPreUpgrade (tool)
Refers to the first step of the two-step migration process. The tool associated with this step will extract information from the previous version of Application Server and store it in a backup directory. This tool can be run by itself from the command line or as part of the migration wizard.
WASPostUpgrade (tool)
Refers to the second step of the two-step migration process. The tool associated with this step will take information from a directory created by the WASPreUpgrade tool and import it into a V6 profile. This tool can be run by itself from the command line or as part of the migration wizard.
Backup directory
Refers to a directory structure created by the WASPreUpgrade tool that contains all the information necessary for migration from the previous version of Application Server.
Migration wizard
Refers to the graphical user interface (GUI) that interactively performs the migration. This GUI tool performs the WASPreUpgrade and WASPostUpgrade steps.
FirstSteps (tool)
Tool provided in V6 to simplify and organize many actions that customers may wish to perform with a newly installed system. It can be found in the firststeps directory under each profile and can be used to launch the migration wizard.
Profiles
This concept expands on the idea of "instances" in V5. It refers to the collection of all the configuration data for an Application Server in V6. Application Server V6 provides for multiple profiles with only one install of the binaries. A single profile is required as the destination for the data being migrated from a previous version. (See Installing Application Server V6.)
Cell
Refers to the collection of one or more nodes controlled by a single deployment manager.
Federate or Federated
Refers to the action of adding a node to a cell; also refers to a node that is part of a cell. This term has been expanded to also refer to a node in a multi-node V4 domain.
Deployment manager profile (dmgr profile)
This profile acts as the deployment manager, and is the destination for the migration of the V5 deployment manager, and as a new deployment manager for V4 migrations. There can be only one deployment manager profile for each cell.
Standalone or Application Server profile
Refers to a profile that is analogous to a single node install of Application Server. This type of profile is the destination for the migrations of a node either in a cell or not in a cell.
Clusters
This term replaces the idea of ServerGroups from V4. Clusters are sets of servers that are used for distributing workload within a cell.
A quick guide for migrating to IBM WebSphere Application Server V6
Posted by WebSphere at 2/16/2009 07:40:00 PM 1 comments
Labels: faq, WebSphere
2/9/09
security.xml file is corrupted
If security.xml file is corrupted how will restore it?
First, what is file corruption?
Corrupted files are files that suddenly become inoperable or unusable. There are several reasons why a file may become corrupted. In some cases, it is possible to recover and fix the corrupted file, while at other times it may be necessary to delete the file and replace it with an earlier saved version.
What are the chances of security.xml becoming corrupted? There are chances for any config file to become corrupted.
Things to understand:-
1. How to avoid this?
2. What to do when this happens?
1. How to avoid this?
When you plan to edit Security.xml or any configuration file, better to take a hard copy back up or run backupConfig script. Hard copy backup, cp file as security_bak.xml, then make make changes to security.
2. What to do when this happens?
Say, on 5th, Tuesday, Feb you made changes to your security, it got fat fingured or corrupted, goto your system admin, revert it back to last working copy.
I would do like this. I would talk to my system admin and ask him to load security.xml from lastnights backup. We at our office, have nightly backups and weekly backups. We retain a months historical backups.
OR - If you know your security model completely, you can manually goto security.xml file, set security to false. save and recycle your server. It sets secutiy to false means no security. Now, set your security again.
Again, When will you modify security.xml? This is not an every day task. You will edit your security at the time of setting up new installation, or when you have a change in LDAP info or, when there is a need to add a new user or group etc. So, its always a good practice to take security.xml backup before you modify it.
There is even a better way to do this, specially in Production Environments. Let your versioning system take care of it. Meaning, check in your configuration into a version control system. If you make any change, it can be tracked.
This term has many definitions and a broad scope. In this document, the meaning of migration is limited to the actions associated with moving Java™ 2 Enterprise Edition (J2EE™) applications (EARs) and Application Server configuration data (such as resources and security settings) from a previous version of Application Server to V6.
WASPreUpgrade (tool)
Refers to the first step of the two-step migration process. The tool associated with this step will extract information from the previous version of Application Server and store it in a backup directory. This tool can be run by itself from the command line or as part of the migration wizard.
WASPostUpgrade (tool)
Refers to the second step of the two-step migration process. The tool associated with this step will take information from a directory created by the WASPreUpgrade tool and import it into a V6 profile. This tool can be run by itself from the command line or as part of the migration wizard.
Backup directory
Refers to a directory structure created by the WASPreUpgrade tool that contains all the information necessary for migration from the previous version of Application Server.
Migration wizard
Refers to the graphical user interface (GUI) that interactively performs the migration. This GUI tool performs the WASPreUpgrade and WASPostUpgrade steps.
FirstSteps (tool)
Tool provided in V6 to simplify and organize many actions that customers may wish to perform with a newly installed system. It can be found in the firststeps directory under each profile and can be used to launch the migration wizard.
Profiles
This concept expands on the idea of "instances" in V5. It refers to the collection of all the configuration data for an Application Server in V6. Application Server V6 provides for multiple profiles with only one install of the binaries. A single profile is required as the destination for the data being migrated from a previous version. (See Installing Application Server V6.)
Cell
Refers to the collection of one or more nodes controlled by a single deployment manager.
Federate or Federated
Refers to the action of adding a node to a cell; also refers to a node that is part of a cell. This term has been expanded to also refer to a node in a multi-node V4 domain.
Deployment manager profile (dmgr profile)
This profile acts as the deployment manager, and is the destination for the migration of the V5 deployment manager, and as a new deployment manager for V4 migrations. There can be only one deployment manager profile for each cell.
Standalone or Application Server profile
Refers to a profile that is analogous to a single node install of Application Server. This type of profile is the destination for the migrations of a node either in a cell or not in a cell.
Clusters
This term replaces the idea of ServerGroups from V4. Clusters are sets of servers that are used for distributing workload within a cell.
A quick guide for migrating to IBM WebSphere Application Server V6
Posted by WebSphere at 2/16/2009 07:40:00 PM 1 comments
Labels: faq, WebSphere
2/9/09
security.xml file is corrupted
If security.xml file is corrupted how will restore it?
First, what is file corruption?
Corrupted files are files that suddenly become inoperable or unusable. There are several reasons why a file may become corrupted. In some cases, it is possible to recover and fix the corrupted file, while at other times it may be necessary to delete the file and replace it with an earlier saved version.
What are the chances of security.xml becoming corrupted? There are chances for any config file to become corrupted.
Things to understand:-
1. How to avoid this?
2. What to do when this happens?
1. How to avoid this?
When you plan to edit Security.xml or any configuration file, better to take a hard copy back up or run backupConfig script. Hard copy backup, cp file as security_bak.xml, then make make changes to security.
2. What to do when this happens?
Say, on 5th, Tuesday, Feb you made changes to your security, it got fat fingured or corrupted, goto your system admin, revert it back to last working copy.
I would do like this. I would talk to my system admin and ask him to load security.xml from lastnights backup. We at our office, have nightly backups and weekly backups. We retain a months historical backups.
OR - If you know your security model completely, you can manually goto security.xml file, set security to false. save and recycle your server. It sets secutiy to false means no security. Now, set your security again.
Again, When will you modify security.xml? This is not an every day task. You will edit your security at the time of setting up new installation, or when you have a change in LDAP info or, when there is a need to add a new user or group etc. So, its always a good practice to take security.xml backup before you modify it.
There is even a better way to do this, specially in Production Environments. Let your versioning system take care of it. Meaning, check in your configuration into a version control system. If you make any change, it can be tracked.
IKEYMAN
ikeyman is a UI tool comes with IHS/WAS with which one can create certificates, extract them, import them, export them, create self signed certificates and so on.
When to use ikeyman?
When your certificates expire, you need to have new certificates. You use ikeyman to import the new certificates
When you want create self signed certificates. You use ikeyman.
You have to eshtablish trust between different clients and your server. You use ikeyman.
Here is a technote on Creating Custom Secure Socket Layer (SSL) Key Files using a CA Certificate
Here is the ikeyman doc. Click here
Install SSL Certificate using IBM ikeyman
When to use ikeyman?
When your certificates expire, you need to have new certificates. You use ikeyman to import the new certificates
When you want create self signed certificates. You use ikeyman.
You have to eshtablish trust between different clients and your server. You use ikeyman.
Here is a technote on Creating Custom Secure Socket Layer (SSL) Key Files using a CA Certificate
Here is the ikeyman doc. Click here
Install SSL Certificate using IBM ikeyman
Performance boost through disabling file system caching
In a recent engagement to troubleshoot lousy performance, colleagues of mine were able to "fix it".
Usually it is a good thing, when an operating system (here: kernel and file system code) caches data in buffers at the file system level and flushes it out to disk when appropriate (and in the right chunks) to minimize the amount of physical I/O operations.
When placing database files on such filesystems however, the filesystem's caching algorithms can be extremely counterproductive.
In the case here, Solaris, the Veritas filesystem, and Oracle was involved. Re-mounting the filesystem with the parameter
mincache=direct
reduced the time for SQL inserts into the SIB tables from up to 11 seconds down to 0.03 seconds.
When dealing with the combination AIX, JFS2, and DB2, the DB2 command
db2 alter tablespace no file system caching
has more or less the same effect. Data caching on the filesystem level is disabled and the data is persisted as fast as possible. According to the AIX documentation the same effect can be reached on the file system level by using "mount ... -o dio". Read performance for non-DB files might suffer, because caching is reduced. DB-data will still be cached in the DB bufferpools.
Usually it is a good thing, when an operating system (here: kernel and file system code) caches data in buffers at the file system level and flushes it out to disk when appropriate (and in the right chunks) to minimize the amount of physical I/O operations.
When placing database files on such filesystems however, the filesystem's caching algorithms can be extremely counterproductive.
In the case here, Solaris, the Veritas filesystem, and Oracle was involved. Re-mounting the filesystem with the parameter
mincache=direct
reduced the time for SQL inserts into the SIB tables from up to 11 seconds down to 0.03 seconds.
When dealing with the combination AIX, JFS2, and DB2, the DB2 command
db2 alter tablespace no file system caching
has more or less the same effect. Data caching on the filesystem level is disabled and the data is persisted as fast as possible. According to the AIX documentation the same effect can be reached on the file system level by using "mount ... -o dio". Read performance for non-DB files might suffer, because caching is reduced. DB-data will still be cached in the DB bufferpools.
HTTP tuning
I often have to modify the performance of the HTTP side of the conversation and here is a link to a decent basics:
Best Practices for Speeding Up Your Web Site
I also like the fact they used IBM's Page Detailer http://alphaworks.ibm.com/tech/pagedetailer which is an awesome application my colleague performance whiz Phil Theiller showed me. It is really awesome for getting a good visual feel for the HTTP side of things.
Best Practices for Speeding Up Your Web Site
I also like the fact they used IBM's Page Detailer http://alphaworks.ibm.com/tech/pagedetailer which is an awesome application my colleague performance whiz Phil Theiller showed me. It is really awesome for getting a good visual feel for the HTTP side of things.
Subscribe to:
Posts (Atom)