AIX Tips

AIX Tips

 

You can use the prtconf command to list your AIX hardware configuration. including CPU's, memory, adapters, disk and network. The prtconf command is available the current version of AIX 4.3.3**, and on AIX 5. For those running older versions of AIX, here's a list of commands that provide the same information.

  

General

prtconf -  list system configuration

lscfg [-v] - devices (-v = verbose for microcode levels, etc)

lscfg -v  - devices verbose (microcode level, firmware, etc)

lsdev -Cc adapter - adapter cards

lsdev -Cc disk - disks

lsdev -Cc processor     - CPU's

lsattr -El sys0 - serial number, model number, memory

 

Software

List server software inventory: lslpp -L 
List server software history: lslpp –h
List all hardware attached to the server: lsdev –C | sort –d
 

AIX

oslevel - AIX OS level

instfix -i |grep ML              - AIX maintenance level

lslpp -l                              - installed SW and levels

List all system resources on the server: lssrc –a 

List all host entries on the servers: hostent -S
 

Logs

alog -L # List the defined log types
alog -o -t boot # View the boot log
alog -o -f '/var/adm/ras/bootlog'
alog -o -t console # View the console log
strings /var/adm/sulog #View su activity
Examine the AIX failed logins: who –s /etc/security/failedlogin
Examine the AIX user log: who /var/adm/wtmp
who /var/adm/wtmp
 

Disk

lsvg -o - active volume groups

lsvg -p vgname - disk drives in VG

lsvg -l  vgname - LV's in VG

lslv  lvname - LV detail

lslv -l lvname - LV disk location

lspv - disks

lspv -l hdisk# - LV's residing on a disk

Determine active logical volume groups on the servers: lsvg -o
List physical volumes in each volume group: lsvg –p “vgname”
List logical volumes for each volume group: lsvg –l “vgname”
lspv hdiskx
lspv –p hdiskx
lspv –l hdiskx
 

Network

lsdev -Cc if -List network interfaces

netstat -rn -List network gateways
Display active connection on boot: odmget -q value=up CuAt | grep name|cut -c10-12
Show network interfaces that are connected: lsdev –Cc if

 

 

 

Services

stopsrc -s sshd  # replace sshd with servicename you want to stop or start

startsrc -s sshd
stopsrc -s yppasswdd
stopsrc -s ypupdated
stopsrc -s ypserv
stopsrc -s ypbind

List inetd services: lssrc –t ‘service name’ –p ‘process id’ 

mount -a  # to mount all the entries in /etc/filesystems

 

List all user attributes:  lsuser ALL | sort –d 

List all group attributes:  lsgroup ALL

Search for .rhosts and .netrc files: find / -name .rhosts  -print ; find / -name .netrc –print

Display active connection on boot: odmget -q value=up CuAt | grep name|cut -c10-12

/etc/security/user

/etc/security/login.cfg

/etc/sudoers  #visudo

/etc/security/limits

/etc/security/user 

/etc/motd  

/etc/rc.net

/etc/inetd.conf

/etc/inittab 

/etc/rc.tcpip

 

pwdck –n ALL  #use -y instead to fix inconsistencies

grpck –n ALL

Review all SETUID programs: find / -perm -1000 –print

Review all SETGID programs: find / -perm -2000 –print

Review all sticky bit programs: find / -perm -3000 –print

Set user .profile in /etc/security/.profile

$HOME directories should be 710

Look for un-owned files on the server: find / -nouser –print

Change /etc/host file permissions to 660 and review its contents weekly

Check for both tcp/udp failed connections to the servers: netstat –p tcp; netstat –p udp

Verify contents of /etc/exports

 

 

 

 


VAS 3.2 Installation and Configuration

VAS 3.2 Installation and Configuration

 

Create vasuser with domain admin, enterprise admin, schema admin, and group policy creator owner permissions


Put license in c:\vaslicense folder

As vasuser:

install MMC with default options

install VAS in Standard Mode and point to the license in C:\vaslicense
 installs R2 schema update
 optimizes schema
 configures VAS licensing GP
        remove VAS licensing GP link from top level and linked to the VAS OU

Unix enabled accounts starting at the 10000 uid and gid range in AD using the Unix Tab of each users properties
Setup default primary group called pvusers with gid 10000

Created additional unix enabled groups for samba called pvsambaread, pvsambawrite......

Verified that the VAS licensing GP contained the following attributes:
[libdefaults]
 default_realm = PVALENTINO.LAN
 
[vasd]
 workstation-mode = true

 workstation-mode-group-do-member = true
[nss_vas]
 check-host-access = true
 lowercase-names = true
 user-hide-if-denied = true
[pam_vas]
 prompt-local-pw = Enter UNIX password:
 prompt-vas-ad-disauth-pwcache = You are logging on in disconnected mode:
 prompt-vas-ad-pw = Enter your WINDOWS password:
[vas_auth]
 perm-disconnected-users =

Created a visudo policy for admin accounts and developer accounts at the VAS OU level:
All Commands > root > Group=adwheel
All commands > user1 > Group=pvsambawrite
Path to visudo = /usr/sbin/visudo

Created NTP and MOTD policy:
NTP = files config pointing to /dist/apps/ntp/ntp.conf on yumserver containing
server 10.50.1.10
server 10.50.1.11
driftfile /var/lib/ntp/drift
broadcastdelay 0.008


Login and MOTD configs configured with following text:
*******************************************************************************
*           PVALENTINO's systems must only be used for conducting PVALENTINO's            *
*           business or for purposes authorized by PVALENTINO's management.         *
*                                                                             *
*******************************************************************************
*                                                                             *
*           Use is subject to audit at any time by PVALENTINO management.           *
*                                                                             *
*******************************************************************************

Open Firewall ports/iptables for:
tcp 88 to DC's for kerberos
tcp 389 to DC or LDAP Server
udp 389 same as above
udp 53 to DNS Servers
tcp 445 for SMB (open on samba server side)
tcp 464 to Domain Controllers for kpasswd  (kerberos password exchange)
tcp 3268 to DC's for global catalog lookups
udp 123 to Domain Controllers for Time Sync

To install VAS 3.3.2 client software use the following script on i386 RH4 Servers:

#!/bin/bash
rm -rf *.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/i386/vasclnt-3.3.2-69.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/i386/vasgp-3.3.2-69.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/i386/vasutil-3.3.2-69.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-openssh-4.7p1_q1.217-1.rhel4.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-samba-3.0.28_q291-1.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-sudo-1.6.8p12q93-1.rh73.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-vasidmap-0.10.0.148-1.i386.rpm
rpm -Uvh *.rpm

For x86_64 RH4 Servers use:
#!/bin/bash
rm -rf *.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/x86_64/vasclnt-3.3.2-69.x86_64.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/x86_64/vasgp-3.3.2-69.x86_64.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/x86_64/vasutil-3.3.2-69.x86_64.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-vasidmap-0.10.0.148-1.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.1/48/linux-x86_64/quest-openssh-4.7p1_q1.217-1.rhel4.x86_64.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.1/48/linux-x86_64/quest-samba-3.0.28_q291-1.x86_64.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.1/48/linux-x86_64/quest-sudo-1.6.8p12q93-3.x86_64.rpm
rpm -Uvh *.rpm

For Rhel 3 use:
#!/bin/bash
rm -rf *.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/i386/vasclnt-3.3.2-69.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/i386/vasgp-3.3.2-69.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/3.3.2/i386/vasutil-3.3.2-69.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-samba-3.0.28_q291-1.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-sudo-1.6.8p12q93-1.rh73.i386.rpm
wget http://yumserver.PVALENTINO.lan/install/vintella/quest-vasidmap-0.10.0.148-1.i386.rpm
wget http://yumserver/install/vintella/rhel3/quest-openssh-4.7p1_q1.217-1.rhel3.i386.rpm
rpm -Uvh *.rpm

Make sure that Quest sshd service is running instead of the default:
service sshd stop; service sshd-quest start
service winbind stop
service smb stop
chkconfig sshd-quest on
chkconfig winbind off
chkconfig smb off
chkconfig sshd off


Join Computers to the domain:
Update root profile to include path for quest and KRB5_CONFIG in .bash_profile:
PATH=/opt/quest/bin:$PATH:$HOME/bin:
KRB5_CONFIG=/etc/opt/quest/vas/vas.conf
export KRB5_CONFIG

For example, to join a computer to the VAS > RH4 > i386 > intranet > QA container in AD use:

vastool -u <admin user> join -f -c ou=qa,ou=intranet,ou=i386,ou=rh4,ou=vas,dc=PVALENTINO,dc=lan PVALENTINO.lan

vastool -u bb join -f -c ou=qa,ou=apache2,ou=i386,ou=rh4,ou=vas,dc=PVALENTINO,dc=lan PVALENTINO.lan

run vastool status to verify configuration
run vgptool apply to apply group policies


Run oat to align userid's with AD
/opt/quest/libexec/oat/oat
all defaults except use specific user (A domain admin account) and  then enter / for path when requested
then type yes to commit at the end
 To rollback use the command:
        oat rollback
        and enter /var/opt/quest/oatwork20080612 when prompted for working directory

Comment out the existing usernames in /etc/passwd before attempting to logon with VAS

To update host passwords for samba always use:
/opt/quest/bin/vastool -q -u host/ passwd -r -o | /opt/quest/bin/net -f -i changesecretpw

service samba-quest restart

vastool configure pam samba
vastool configure pam ssh


Comment out local usernames in passwd and log off the server

Log back in with putty and su to root

Add some aliases to administrator accounts to simplify administration in their .bash_profile:
PATH=/opt/quest/bin:$PATH:$HOME/bin
alias sudo="/usr/bin/sudo"
alias vas="sudo /opt/quest/bin/vastool"
alias vgp="sudo /opt/quest/bin/vgptool"


Configured samba GP at the VAS, RH4, i386, Intranet, QA level where pvqaapp lives with following params:
[global]
   workgroup = PVALENTINO_DOMAIN
   server string = pvQAAPP Samba Server
   log file = /var/opt/quest/log/samba/%m.log
   log level = 1
   max log size = 1000
   security = ADS
   use spnego = true
   use kerberos keytab = true
   machine password timeout = 0
   encrypt passwords = true
   domain logons = false
   domain master = no
   preferred master = no
   local master = false
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins server = 10.50.1.10 10.50.1.11

  ;--- begin options added by vas-samba-config (20080610) ---
   realm = PVALENTINO.LAN
   winbind nested groups = no
   ldap admin dn = CN=VasIdmapAdmin
   idmap backend = ldap:ldap://localhost
   idmap uid = 1-2147483647
   idmap gid = 1-2147483647
   idmap cache time = 300   # Expire the tdb cache every 5 minutes
   obey pam restrictions = yes
  ;--- end options added by vas-samba-config (20080610) ---

   config file = /etc/opt/quest/samba/smb.conf
   password server = PVALENTINO_dc1.PVALENTINO.lan *
[data]
   admin users = user1, PVALENTINO_DOMAIN\, PVALENTINO_DOMAIN\, root
   comment = pv Data
   write list = @PVALENTINO_DOMAIN\pvsambawrite, PVALENTINO_DOMAIN\, PVALENTINO_DOMAIN\
   read list = @PVALENTINO_DOMAIN\pvsambaread
   create mask = 775
   directory mask = 775
   force create mode = 775
   force directory mode = 775
   browseable = True
   writeable = yes
   path = /data
[log]
   admin users = root, PVALENTINO_DOMAIN\user1, PVALENTINO_DOMAIN\user2
   comment = pv Logs
   read list = @PVALENTINO_DOMAIN\pvsambaread, PVALENTINO_DOMAIN\user1
   create mask = 775
   directory mask = 775
   force create mode = 775
   force directory mode = 775
   browseable = True
   writeable = no
   path = /log
   write list = PVALENTINO_DOMAIN\

 

Run vastool flush


Ran vas-samba-config on pvqaapp


service samba-quest restart again

 

chmod -R 777 <samba share>

/opt/quest/bin/vastool -q -u host/ passwd -r -o | /opt/quest/bin/net -f -i changesecretpw

Ran testparm to verify smb.conf on pvqaapp after pushing out group policy

ran net ads testjoin and net rpc testjoin to validate samba/kerberos communication

/opt/quest/bin/vastool -q -u host/ passwd -r -o | /opt/quest/bin/net -f -i changesecretpw

Made sure that no valid users stanzas exist in the smb.conf file


Troubleshooting:
Make sure that read list and write list entries follow the following syntax
@PVALENTINO_DOMAIN\pvsambaread

 

Error:
smbclient complains spnego_gen_negTokenTarg failed: No such file or directory; session setup failed: SUCCESS -

0:
Your credential cache is missing. Run
$ vastool kinit to login and get a new TGT, then try again.


If you get error about userid not found I have no name when logging in with windows account - verify you

installed the correct version i.e. x86_64 version.....
 

 


Site Studio Publishing Utility Instal...


Site Studio Publishing Utility Installation and Configuration

Installation

Install jdk1.6.0_01-64bit with:

mkdir -p /apps/java
chown -R user1:user1 /apps/java
su - user1
cd /apps/java
wget http://santa.sysxperts.com/install/java/java.tar.gz
tar zxvf java.tar.gz
ln -s jdk1.6.0_01-64bit default

Edit bash_profile as follows:

PATH=/apps/java/default/bin:$PATH:$HOME/bin
JAVA_HOME=/apps/java/default
export PATH JAVA_HOME

Edit iptables and firewall rules to allow the required ports from the following:

8885 push server for SSL Subscription Client
8886 push server Subscription Client
8887 administration server Subscription Client
8880 master server Publishing Utility - pvsspp001
8889 administration server Publishing Utility - pvsspp001
8890 ICE server Publishing Utility - pvsspp001
8891 file server Publishing Utility - pvsspp001
8893 ICE server for SSL Publishing Utility
8894 file server for SSL Publishing Utility
Important: If the Publishing Utility and the Subscription Client 
are separated by a firewall, ports 8890 and 8891 must be opened 
through the firewall to allow the Subscription Client to communicate 
with the Publishing Utility.


  1. Unzip the SiteStudioPublishingUtility_10gR3_20070406.zip file
  2. cd /root/SiteStudioPublishingUtility/unix
  3. ./install.sh
  4. Accept the license agreement
  5. Select Install a new Site Studio Publishing Utility
  6. Enter /apps/ssp as the default directory
  7. Enter /apps/java/default as path to JVM
  8. Finish

 Connect to Oracle

Edit cns.oracle.config as follows:

<database type="oracle">
 <driver jdbcURL="jdbc:oracle:thin:@ora:1521:ucmsrv" \
 driver="oracle.jdbc.driver.OracleDriver"/>
 <user username="USERNAME" password="*******"/>
 </database>
 <contact-info/>
<options>
 <timeFormat/>
</options></syndicator>

 Start the Server

  1. ./cns.oracle.bat &> /dev/null &
  2. connect to http://pvsspp001:8889/

Note: The default administrator user name and password is administrator / administrator.


 Configure a Website for Publication

On the SSPU Server

  1. Logon to http://pvsspd001:8889/index.jsp with default user name and password
  2. Click Add Website Link on upper left of page
  3. Enter a username and password for the site i.e. sysmanager or other UCM user with access
  4. Enter http://oracleucmprod.sysxperts.com/idc/idcplg in Server CGI Url and click Connect button
  5. Click the Generate Manifest URL button
  6. Enter a Site Name - must match the name of the folder you want created on the web server
  7. Select Atomic for delivery Options and leave default extension html
  8. Enter the desired schedule or chose Manual Update radio button
  9. Save the configuration
  10. Click the Destinations link on left side of page
  11. Enter destination name i.e. t001-sitename or t002-sitename
  12. Select the Subscription Client Radio Button
  13. Enter the destination push url i.e. http://pvwwwt001.sysxperts.com:8886 or http://pvwwwt003.sysxperts.com:8886
  14. enter a password for the connection - any password will do, only required for pub/sub
  15. Save the config
  16. View the destination and make a copy of the UUID that was generated as well as the password you created above

On the SSPU Client - Web Servers

  1. logon to http://pvwwwt001:8887/index.jsp or http://pvwwwt003:8887/index.jsp with the default userid and password
  2. Click the Content Providers link and select Add Content Provider
  3. Enter http://pvsspd001.sysxperts.com:8890/ for the SSPU Url
  4. Enter the UUID you copied in the last step above for Subscription Client UUID
  5. Enter the Password you copied in the last step above for SSPU password
  6. Browse to or enter /apps/apache2/htdocs for the Local Directory
  7. Update the Status Checks interval with an appropriate value based upon the site activity
  8. Save the config
  9. Verify that all steps have been performed on both web servers or all 4 if approved for production

Validate by going back to the http://pvsspd001:8889/ page and clicking on the Destinations link and clicking Verify under Actions - Status column should show OK


Oracle UCM 10g R3 Clustered Installat...


Oracle UCM 10g R3 Clustered Installation and Configuration (RHEL 5 x86_64)

Install Clustering Software

Add software channels for Cluster and Cluster Storage in RHN to the servers

rhn_register on both servers

yum -y groupinstall Clustering
yum -y groupinstall "Cluster Storage"

On 1st node:

chkconfig luci on
service luci start

On both nodes:

chkconfig ricci on
service ricci start
chkconfig gfs on
chkconfig gfs2 on
chkconfig cman on
chkconfig clvmd on

Create Cluster

logon to luci via https://ecmp001:8084 with user: admin and pw

Create new cluster clu_ucm_p001

Add node ecmp001 using locally installed files option

Add node ecmp002

Adding 2nd node with Luci fails but:

copy /etc/cluster/cluster.conf to added node
edit /etc/lvm/lvm.conf and change locking_type to 3

restart 2nd node

Configure Clustered Storage

SAN: VMWare team setup Mapped Raw LUN

Created LUNS in Navispshere and exposed to ESX by dropping into ESX Storage Group
Rescan Storage adapters on each esx host in cluster twice
Add new raw mapped lun via edit settings in vi console

On first node:

partprobe
fdisk /dev/sdb
pvcreate /dev/sdb1
vgcreate ucmvg /dev/sdb1
lvcreate -L 18G ucmvg
lvrename /dev/ucmvg/lvol0 /dev/ucmvg/ucmlv
gfs_mkfs -p lock_dlm -t mn_clu_ucm_p001:ucm -j 4 /dev/ucmvg/ucmlv

Added the following to /etc/fstab

/dev/ucmvg/ucmlv /apps gfs acl,noatime 1 2

run mount -a to mount the new entry

Create storage resource in luci

Name: apps gfs share
Type: GFS
Mount point: /apps
Device: /dev/ucmvg/ucmlv
Options: acl,noatime


UCM Install on first node:

chown user1.user1 /apps
download java from santa > installs > jboss > java.tar.gz
install java in /apps/java and link /apps/java/default to /apps/java/jdk1.6.0_01-64bit

Install ContentServer_Linux_10gR3_20071031.zip following instructions in install_cserver_pv_10en.pdf and clustering_config_pv_10en.pdf (Disregard unc path instructions as we are using GFS which does not require unc naming - use /apps/ as root for shared_directory)

192.168.1.214 ecmp001 (primary)

192.168.1.215 ecmp002

Edit user1's .bash_profile on both nodes as follows:

JAVA_HOME=/apps/java/default
PATH=/apps/java/default/bin:$PATH:$HOME/bin:/usr/sbin:/usr/bin
export PATH JAVA_HOME
umask 002

Then run:

source ~/.bash_profile

Plan for the following list of configuration options

file repository = /apps/oracle/ucm/server/vault
email server = mail.pvsales.com
admin email = webmaster
HTTP Address = http://ucmprod.pvsales.com
IP = 192.168.1.214
ports = default
web server = Apache
db = oracle
IDC_Name=idc
Instance Menu Label = idc
Relative root = /idc/
security filter = 127.0.0.1|192.168.1.214|192.168.1.215


Installer menu options:

*4. English-US
*1. Install new server
Content Server Core Folder [/oracle/ucm/server]:/apps/oracle/ucm/server
Create Directory
*1. yes
Java virtual machine
*1. Sun Java 1.6.0 JDK
Content Server Native Vault Folder [/apps/oracle/ucm/server/vault/]:
Create Directory
*1. yes
Content Server Weblayout Folder [/apps/oracle/ucm/server/weblayout/]:
Create Directory
*1. yes
*1. Configure as a master server.
*1. Install an admin server to manage this server.
Web Browser Path [/usr/bin/firefox]:
*4. English-US
*1. Use the timezone setting for your operating system
Content Server Port [4444]:
Admin Server Port [4440]:
Incoming connection address filter [127.0.0.1]:127.0.0.1|192.168.1.214|192.168.1.215
Web Server Relative Root [/idc/]:
Company Mail Server [mail]:mail.pvsales.com
Administrator E-Mail Address [sysadmin@mail]:webmaster@pvsales.com
Web Server HTTP Address [ecmp001]:ucmprod.pvsales.com
Server Instance Name [idc]:
Server Instance Label [idc]:
Server Description [Content Server idc]:Production UCM Master Server
Web Server
*1. Apache
Content Server Database
*1. Oracle
Manually configure JDBC settings for this database
1. yes
*2. no
Oracle Server Hostname [localhost]:ora.pvsales.lan
Oracle Listener Port Number [1521]:
Oracle User [user]:STELLENT_USER
Oracle Password []:
Configure the JVM to find the JDBC driver in a specific jar file
1. yes
*2. no
Attempt to create database tables
1. yes
*2. no
Choice? 1
Select components to install.
1. CheckOutAndOpen: Checkout and Open component
2. ContentFolios: Collect related items in folios
3. ExtranetLook: Extranet website support
4. FileStoreProvider: Alternate FileStoreProvider Implementation
5. FormEditor: Create and edit HTML forms
6. LinkManager8: Hypertext link management support
7. ThreadedDiscussions: Threaded discussion management
Enter numbers separated by commas to toggle, 0 to unselect all, F to finish: 1, 2,4,5,6,7
*1. CheckOutAndOpen: Checkout and Open component
2. ContentFolios: Collect related items in folios
3. ExtranetLook: Extranet website support
*4. FileStoreProvider: Alternate FileStoreProvider Implementation
*5. FormEditor: Create and edit HTML forms
*6. LinkManager8: Hypertext link management support
*7. ThreadedDiscussions: Threaded discussion management
Enter numbers separated by commas to toggle, 0 to unselect all, F to finish: F

Error regarding oracle permissions fixed with:

REM
REM This Script needs to be run as privileged user. A role called
REM 'stellent_role' will be created. Please grant this role to Content
REM Server user. In general, content server user would also need
REM UNLIMITED TABLESPACE privilege. This should be granted to user with
REM following command:
REM GRANT UNLIMITED TABLESPACE TO <user>;
REM
CREATE ROLE stellent_role;
GRANT CREATE SESSION TO stellent_role;
GRANT CREATE TABLE TO stellent_role;
GRANT CREATE TYPE TO stellent_role;
GRANT CREATE PROCEDURE TO stellent_role;
GRANT CTXAPP TO stellent_role;
GRANT stellent_role to STELLENT_USER;
GRANT unlimited tablespace to STELLENT_USER;

Recheck config with option 3 and once successfull

Proceed with install
*1. Proceed

Check log file in /apps/oracle/ucm/server/install/log.txt for any errors

Startup and Shutdown

create startup script for idcserver_ctrl and idcadmin_ctrl - see CVS systems/scripts

JDBC and Indexing

oracle.jdbc.OracleDriver
jdbc:oracle:thin:@ora:1521:stellent
JdbcUser=STELLENT_USER
JdbcPassword=

config.cfg - change following:

SearchIndexerEngineName=DATABASE.FULLTEXT

Cluster bin and etc directory config

cp -r /apps/oracle/ucm/server/bin /apps/oracle/ucm/server/bin-ecmp001

edit intradoc.cfg in bin-ecmp001 by adding:

DisableSharedCacheChecking=true
ClusterGroup=mn_clu_ucm_p001
ClusterNodeName=ecmp001.pvsales.lan
ClusterNodeAddress=192.168.1.214
ClusterBinDirRule=shared

cp -r /apps/oracle/ucm/server/bin /apps/oracle/ucm/server/bin-ecmp002

edit intradoc.cfg in bin-ecmp002 by adding:

DisableSharedCacheChecking=true
ClusterGroup=mn_clu_ucm_p001
ClusterNodeName=ecmp002.pvsales.lan
ClusterNodeAddress=192.168.1.215
ClusterBinDirRule=shared

cp -r /apps/oracle/ucm/server/bin-ecmp001 /apps/oracle/ucm/server/admin/ cp -r /apps/oracle/ucm/server/bin-ecmp002 /apps/oracle/ucm/server/admin/

copy all etc folders and edit configs same as bin including updating bindir and etcdir paths and verify that all intradoc.cfg files have the correct settings as shown above.


Apache Configuration

Add the following to the end of httpd.conf on both nodes and restart httpd:

LoadModule IdcApacheAuth /apps/oracle/ucm/server/shared/os/linux64/lib/IdcApache22Auth.so
IdcUserDB idc '/apps/oracle/ucm/server/data/users/userdb.txt'
Alias /idc "/apps/oracle/ucm/server/weblayout"
<Location /idc>
Order allow,deny
Options All
Allow from all
DirectoryIndex portal.htm index.html index.htm default.htm default.html
IdcSecurity idc
</Location>
<Location "/">
IdcSecurity idc
Options All
Allow from all
</Location>

In /var/www/html create a redirect page called index.html as follows:

<HTML>
<HEAD>
<META HTTP-EQUIV="Refresh" CONTENT="0;
URL=http://ucmprod.sysxperts.com/idc">
</HEAD>
</HTML>


Update to the current Patch Release:

Install Optional Packages via the Admin Server Component Manager

Browse to and install the following which were downloaded from oracle metalink

 

    DynamicConverter.zip

    Folders.zip

    SiteStudio.zip

 

Finally install p6907073_101332_Generic.zip update bundle

 

Make sure that Extranet Look is not enabled (NOT COMPATIBLE WITH THIS VERSION - HEADACHE WORTH AVOIDING)

 

Restart all services to complete the update.

 

GFS Troubleshooting:

Look in /var/log/messages for anything from gfs_controld. If there are none, check the output of 'group_tool -v; group_tool dump gfs' after the failed mount.

Or, another option is to temporarily disable startup fencing altogether by adding this to /etc/cluster/cluster.conf:

change <fence_daemon clean_start="0"/>
to <fence_daemon clean_start="1"/>

Still working on finding a good fencing method since I am using VMWare hosts for this test

Admin server troubleshooting:

Admin server would not open in browser with service unavailable error

Found invalid IP in /apps/oracle/ucm/server/data/users/SecurityInfo.hda

changed intradoc ip and ip above 4440 entry to 192.168.1.214 and restarted services.


Configure LDAP for Active Directory

Provider Name: pvsalesldap

Provider Description: PVSALES AD Ldap Provider

Provider Type: ldapuser

Provider Class: ldap.ActiveDirectoryLdapProvider

Provider Connection: intradoc.provider.LdapConnection

Source Path: pvsalesldap   #Note that Source Path and provider name match

LDAP Server: pvsales_dc7.pvsales.com

LDAP Suffix: DC=pvsales,DC=com

LDAP Port: 389

Number of connections: 5

Connection timeout: 10

Priority: 1

Credential Map: 

Use Netscape: Yes

SSL Enabled: No

Attribute Map:

Role Prefix: OU=ucm,OU=Security Groups[1]

Default Network Roles:

Filter Groups: Yes

Use Full Group Name: No

LDAP Admin DN: PVSALES\ucmadmin


Filter Administration > Default Authentication set to NTLM

 

CN=stellent,OU=ucm,OU=Security Groups,DC=pvsales,DC=com that has a corresponding role in the content server configuration called stellent (role and group name must match for Credential Map to work)

 

restart the content server, admin server, and httpd

Configure JSP Support

Go to Admin Server -> General Configuration

Check the box for "Enable JSP Pages" and specify a security group(s) that will be allowed to execute JSP pages i.e. Public,Secure,JSP

 

Check in your JSP page specifying on of the security groups from above Click on the web viewable link for your JSP page and it should execute

 

Goto Site Studio Admin > Manage Fragment Libraries and click configure jsp support


Configure Dynamic Converter

Install Dynamic Converter component via the Admin Server Component Manager Link

Restart the Content Server

Go to the Content Server Administration Drop Down Menu > Dynamic Converter Admin

  1. Select "Check in Existing Template"
  2. Title = BlankTemplate
  3. Author = sysadmin
  4. Security Group = public
  5. Primary File = \Blank.ttp
  6. Template Type = Script Template
  7. Then click Check In
  8. Go to the Configuration Settings Link under Dynamic Converter Admin and select Script Templates from the Template Types Dropdown
  9. Select BlankTemplate from the Available Templates Dropdown
  10. Click Update button

On each server go to the /apps/oracle/ucm/server/bin* directories and for every intradoc.cfg file add the following

IdcOSName=linux

SSPU init script


SSPU init script
 
#!/bin/sh
#
#agent init script
#chkconfig: 2345 98 05
#description: sspu
# Source function library.
if [ -f /etc/init.d/functions ] ; then
        . /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
        . /etc/rc.d/init.d/functions
else
        exit 0
fi
 
prog=ssp
APP_HOME=/apps/$prog
AGENT_USER=user1
 
start () {
        echo -n $"Starting $prog: "
 
        # start daemon
        su - ${AGENT_USER} -c "cd ${APP_HOME}; ./cns.oracle.sh &> /dev/null &"
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}
 
stop () {
        # stop daemon
        echo -n $"Stopping $prog: "
        ssppid=`pgrep -f cns.oracle.config`;kill -9 $ssppid
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}
 
restart() {
        stop
        start
}
 
case $1 in
        start)
                start
        ;;
        stop)
                stop
        ;;
        restart|reload)
                restart
        ;;
        condrestart)
                [ -f /var/lock/subsys/$prog ] && restart || :
        ;;
        *)
 
        echo $"Usage: $prog {start|stop|restart|condrestart|reload }"
        exit 1
esac
 
exit $RETVAL

SSPU Client init script


SSPU Client init script
 
#!/bin/sh
#
#agent init script
#chkconfig: 2345 98 05
#description: sspc
# Source function library.
if [ -f /etc/init.d/functions ] ; then
        . /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ] ; then
        . /etc/rc.d/init.d/functions
else
        exit 0
fi
 
prog=ssp
APP_HOME=/apps/$prog
AGENT_USER=user1
 
start () {
        echo -n $"Starting $prog: "
 
        # start daemon
        su - ${AGENT_USER} -c "cd ${APP_HOME}; ./sub_agent.sh &> /dev/null &"
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}
 
stop () {
        # stop daemon
        echo -n $"Stopping $prog: "
        ssppid=`pgrep -f sub_agent`;kill -9 $ssppid
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
        return $RETVAL
}
 
restart() {
        stop
        start
}
 
case $1 in
        start)
                start
        ;;
        stop)
                stop
        ;;
        restart|reload)
                restart
        ;;
        condrestart)
                [ -f /var/lock/subsys/$prog ] && restart || :
        ;;
        *)
 
        echo $"Usage: $prog {start|stop|restart|condrestart|reload }"
        exit 1
esac
 
exit $RETVAL