Init script for Websphere Portal/DB2 on linux

Copy the following script to /etc/init.d/webpshere_portal or some name.



#!/bin/bash
# Websphere_portal # Startup script for IBM WebSphere Portal Server
#
# chkconfig: - 99 15
# description: Websphere Portal server startup
# processname: websphere_portal
# pidfile: /var/run/websphere_portal.pid
# author: Nabeel Moidu nabeelmoidu.at.gmail dot com
# Source function library.
. /etc/rc.d/init.d/functions

portal=/opt/IBM/PE/AppServer/profiles/wp_profile/bin
args=WebSphere_Portal
prog="WebSphere Portal Server"
proc=/opt/IBM/WebSphere/AppServer/java/bin/java
RETVAL=0
username=portaluser
password=password


# verify installation
if [ ! -x $portal ]; then
echo "$prog is not installed"
exit 0
fi

# source function library
. /etc/rc.d/init.d/functions


case "$1" in
start)

# Websphere should come up only if DB2 is up.
for (( ; ; ))
do

# Check status of DB2
su - wpdb2ins -c 'db2gcf -s' | grep Available;
PRC_EXT_STAT=$?;

# If DB2 is available, then startup the portal

if [ $PRC_EXT_STAT = "0" ]; then
echo -n "Starting $prog: "

# Set ulimit
ulimit -n 1000000

# setup environment variables
. /home/wpdb2ins/sqllib/db2profile

# Bring up the portal
$portal/startServer.sh $args
RETVAL=$?
if [ $RETVAL = 0 ]; then
touch /var/lock/subsys/websphere_portal
echo_success
else
echo_failure
fi
break;
# If DB2 is not up, then start DB2
else
su - wpdb2ins -c 'db2start'
fi
done

;;
stop)
echo -n "Shutting down $prog: "
$portal/stopServer.sh $args -username $username -password $password
RETVAL=$?
if [ $RETVAL = 0 ]; then
rm -f /var/lock/subsys/websphere_portal
# Shut down DB2
su - wpdb2ins -c 'db2stop';
echo_success
else
echo_failure
fi
echo
;;
restart)
$0 stop
$0 start
;;
status)
status $proc
;;
*)
echo "Usage: websphered {start|stop|restart|status}"
exit 1

esac

exit 0



Then execute the following commands



chmod +x /etc/init.d/websphere_portal
chkconfig --add /etc/init.d/websphere_portal
chkconfig --level 345 websphere_portal on



LINK ---> http://nmkuttiady.blogspot.com/2009/07/init-script-for-websphere-portaldb2-on.html

Websphere startup script for linux

Startup script for Websphere Application server on linux. Its got an added check for Oracle connectivity before the service is brought up.

#!/bin/bash
# Websphered # Startup script for IBM WebSphere Application Server
#
# chkconfig: - 99 15
# description: IBM's J2EE application server
# processname: websphered
# pidfile: /var/run/websphered.pid

# Source function library.
. /etc/rc.d/init.d/functions

websphered=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin
args=server1
prog="WebSphere Application Server"
proc=/opt/IBM/WebSphere/AppServer/java/bin/java
RETVAL=0
username=user
password=password


# verify installation
if [ ! -x $websphered ]; then
echo "$prog is not installed"
exit 0
fi

# source function library
. /etc/rc.d/init.d/functions


case "$1" in
start)

# Continous loop to check Oracle connectivity. Websphere should come up only if Oracle is up.
for (( ; ; ))
do

# Check for Oracle connectivity

su - oracle -c '/opt/Oracle/product/10.2.0/client_1/bin/tnsping database_name ' | grep OK;
PRC_EXT_STAT=$?;

# If Oracle is pingable, then startup WAS and break out of loop

if [ $PRC_EXT_STAT = "0" ]; then
echo -n "Starting Websphere Application Server: "
$websphered/startServer.sh $args
RETVAL=$?
if [ $RETVAL = 0 ]; then
touch /var/lock/subsys/websphered
echo_success
else
echo_failure
fi
#Break out of loop
break;
echo
fi
# Wait 30 seconds before checking again
echo " Waiting for Oracle connectivity: "
sleep 30

done

;;
stop)
echo -n "Shutting down websphered: "
$websphered/stopServer.sh $args -username $username -password $password
RETVAL=$?
if [ $RETVAL = 0 ]; then
rm -f /var/lock/subsys/websphered
echo_success
else
echo_failure
fi
echo
;;
restart)
$0 stop
$0 start
;;
status)
status $proc
;;
*)
echo "Usage: websphered {start|stop|restart|status}"
exit 1

esac

exit 0


LINK -->> http://nmkuttiady.blogspot.com/2009/01/websphere-startup-script-for-linux.html

How to kill multiple java processes

ps -ef | grep java | grep -v grep | awk '{print $2}' | xargs kill -9

SSL Certificates expiration monitoring for WebSphere or any java based application server using java keystore

If you are a WebSphere Administrator or any Application Server (WebLogic, Tomcat) administrator you might already know that managing the ssl certificates in a large complex environments becomes hectic and troublesome because of the different expiration dates of the certificates that websphere uses and also the ssl certificates of the external systems (like SAP , Siebel) that websphere applicaton server might connect to using a secure connection, multiple administrators in an organization renewing it and not keeping tracking of the expiration dates. The problem is , SSL certificate might expire resulting in servers will not initialize and your running servers will stop operating, becomes unresposive if not properly renewed on time. Hence this article will explain how you can monitor the expiration of the ssl certificates using a simple command and proactively monitor the expiration dates, setup your calendar and renew it on time to prevent any downtimes.

If you are using the latest version (as on Dec 2007) of WebSphere Application Server 6.1 and using default self signed there are provisions in the application server itself to effectively monitor the certificate expiration, notifying you and renewing it automatically. If you are using a perosnal self signed certificate or a personal certificate signed by a certificate authority (CA) like VeriSign or Thawte , which is most likely in all of your production environments then you might want to use the below command to find the expiration date and renew it.

If you are using a java keystore ( DummyServerKeyFile.jks , DummyServerTrustFile.jks , jssecerts , cacerts) use the below find command along with keytool or websphere's ikeyman command line option to find the expiration of the keys.

LINUX:


Using Ikeyman cmdline utility (ikeyman.sh):

find PATH -name *.jks | xargs -i bash -c '$WAS_HOME/java/bin/java -classpath $WAS_HOME/java/jre/lib/ext/ibmjceprovider.jar:$WAS_HOME/AppServer/java/jre/lib/ext/ibmjcefw.jar:$WAS_HOME/AppServer/java/jre/lib/ext/US_export_policy.jar:$WAS_HOME/AppServer/java/jre/lib/ext/local_policy.jar:$WAS_HOME/AppServer/java/jre/lib/ext/ibmpkcs.jar:$WAS_HOME/AppServer/java/jre/lib/ext com.ibm.gsk.ikeyman.ikeycmd -cert -list all -expiry -db {} -type jks -pw <password> | grep "Not After:.*yyy[y,y]" -B 3 && echo {}'

(e.g)
find /usr/IBM/WebSphere/AppServer/profiles/ -name *.jks | xargs -i bash -c '/usr/IBM/WebSphere/AppServer/java/bin/java -classpath /usr/IBM/WebSphere/AppServer/java/jre/lib/ext/ibmjceprovider.jar:/usr/IBM/WebSphere/AppServer/java/jre/lib/ext/ibmjcefw.jar:/usr/IBM/WebSphere/AppServer/java/jre/lib/ext/US_export_policy.jar:/usr/IBM/WebSphere/AppServer//java/jre/lib/ext/local_policy.jar:/usr/IBM/WebSphere/AppServer/java/jre/lib/ext/ibmpkcs.jar:/usr/IBM/WebSphere/AppServer/java/jre/lib/ext com.ibm.gsk.ikeyman.ikeycmd -cert -list all -expiry -db {} -type jks -pw WebAS | grep "Not After:.*200[7,8]" -B 3 && echo {}'

Using Java Keytool utility:

find $WAS_HOME -name '*.jks' | xargs -i bash -c "echo {}; $WAS_HOME/java/jre/bin/keytool -list -v -keystore {} -storepass password | grep 'until: .*/.*/Y[Y,Y]' -A 3 -B 7"

(e.g)
find /usr/IBM/WebSphere/AppServer -name '*.jks' | xargs -i bash -c "echo {};/usr/IBM/WebSphere/AppServer/java/jre/bin/keytool -list -v -keystore {} -storepass WebAS | grep 'until: .*/.*/0[7,8]' -A 3 -B 7"

Output:

/usr/IBM/WebSphere/AppServer/profiles/etc//WWWStageClientKey.jks
Alias name: verisign class 1 ca individual subscriber-persona not validated
Creation date: Dec 18, 2006
Entry type: trustedCertEntry

Owner: CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Serial number: d8b4feeaad218df5bf4756a9d29e17ffb
Valid from: 5/12/98 12:00 AM until: 5/12/08 11:59 PM
Certificate fingerprints:
         MD5:  CA:66:3C:FC:71:2B:BA:41:92:71:DD:72:AD:E5:65:65
         SHA1: 12:51:9A:E9:CD:77:7A:56:01:84:F1:FB:D5:42:15:22:2E:95:E7:1F
--
Creation date: Dec 18, 2006
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=wadm.stage.WWW.com, OU=IT, O=WWW, L=Fremont, ST=CA, POSTALCODE=94089, C=US
Issuer: CN=wadm.stage.WWW.com, OU=IT, O=WWW, L=Fremont, ST=CA, POSTALCODE=94089, C=US
Serial number: 458709ef
Valid from: 12/18/06 9:36 PM until: 12/18/07 9:36 PM
Certificate fingerprints:
         MD5:  C2:4F:CC:SS:19:DC:E4:88:B0:2A:78:76:69:4D:DC:EF:47
         SHA1: 53:AB:D0:13:45:45:12:59:64:F6:C9:38:41:F2:C8:E3:37:05:73:95:F3:83

/usr/IBM/WebSphere/AppServer/profiles/etc/wwwStageServerKey.jks

Alias name: www stage websphere server ca
Creation date: Dec 8, 2006
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=wadm.stage.www.com, OU=IT, O="www, Inc.", L=Fremont , ST=California, C=US
Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
Serial number: 1ea5f21b33ca65e551440d662399dffdfga382
Valid from: 12/5/06 12:00 AM until: 12/15/07 11:59 PM
Certificate fingerprints:
         MD5:  C2:22:E4:12:12:6D:3F:22:67:4E:37:48:12:3F:F3:1B:FE:26
         SHA1: CA:81:37:A7:E9:12:22:19:27:D9:3F:C5:79:E9:25:C8:1A:3C:1E:5C:17:02

As you can see in the above output the command will list the file name (/usr/IBM/WebSphere/AppServer/profiles/etc/wwwStageServerKey.jks) , certificate label (www stage websphere server ca) , Entry Type (keyEntry - personal cert or trustedCertEntry - Signer Cert), and the expiration date (12/5/06 12:00 AM until: 12/15/07 11:59 PM) of
all the java keystore (*.jks) in the given directory that expired in 2007 (07) or 2008 (08). By which you shoule be able to indentify the certs, setup your calendat atleast 10 days before the expiration and renew it to proactively to preveny any problems.

Note you can also change the above command by passing differnt filename like cacerts and jssecerts and also pass different year infomration to find expirations during those years.

Sometimes you might get no output which means either there are no expiring ceritificates for the years that you passed or if you are expecting any expiring certificate to show and if not then the password for the keystore might be wrong, so run without the grep portion in the above command which will list all the certificates irrespective of the expiration date or it will complain if the password is wrong as below.

find /usr/IBM/WebSphere/AppServer -name '*.jks' | xargs -i bash -c "echo {};/usr/IBM/WebSphere/AppServer/java/jre/bin/keytool -list -v -keystore {} -storepass WebAS

/usr/IBM/WebSphere/AppServer/profiles/etc/wwwStageServerKey.jks
java.io.IOException: Keystore was tampered with, or password was incorrect


Also you can use the same command by modifying the -type parameter to "-type cms" for the webserver such as IBM HttpServer where it's using cms database ( kdb file).


find /usr/IBM/HttpServer -name *.kdb | xargs -i bash -c '/usr/IBM/WebSphere/Plugins/java/bin/java -classpath /usr/IBM/WebSphere/Plugins/java/jre/lib/ext/ibmjceprovider.jar:/usr/IBM/WebSphere/Plugins/java/jre/lib/ext/ibmjcefw.jar:/usr/IBM/WebSphere/Plugins/java/jre/lib/ext/US_export_policy.jar:/usr/IBM/WebSphere/Plugins//java/jre/lib/ext/local_policy.jar:/usr/IBM/WebSphere/Plugins/java/jre/lib/ext/ibmpkcs.jar:/usr/IBM/WebSphere/Plugins/java/jre/lib/ext com.ibm.gsk.ikeyman.ikeycmd -cert -list all -expiry -db {} -type cms -pw WebAS | grep "Not After:.*200[7,8]" -B 3 && echo {}'

Linux route add command

Linux route add using route command:

route add -net netmask 255.255.255.0 gw

How to display user attributes in WebSphere Portal?

If you want to display some attributes of current user, you can use tag in your theme pages, e.g. in banner_toolbar.jspf

Hello < portal-fmt:user attribute="sn"/>, < portal-fmt:user attribute="givenName"/>

this tag supports following attributes :

Default attributes are:

* jobTitle
* roomNumber
* telephoneNumber

Member Manager attributes valid for including in person link contact information are:

* businessCategory
* carLicense
* cn
* countryName
* departmentNumber
* description
* displayName
* employeeNumber
* employeeType
* facsimileTelephoneNumber
* givenName
* homePostalAddress
* ibm-gender
* ibm-generationQualifier
* ibm-hobby
* ibm-middleName
* ibm-otherEmail
* ibm-personalTitle
* ibm-primaryEmail
* ibm-regionalLocale
* ibm-timeZone
* Initials
* jobTitle
* localityName
* manager
* mobile
* o
* ou
* pager
* postalAddress
* postalCode
* preferredLanguage
* roomNumber
* secretary
* seeAlso
* sn
* stateOrProvinceName
* street
* telephoneNumber
* uid

How to Set JAVA_HOME / PATH variables Under Linux Bash Profile

~/.bash_profile is a startup script which generally runs once. This particular file is used for commands which run when the normal user logs in. Common uses for .bash_profile are to set environment variables such as PATH, JAVA_HOME, to create aliases for shell commands, and to set the default permissions for newly created files.

Set JAVA_HOME / PATH for single user
Login to your account and open .bash_profile file

$ vi ~/.bash_profile

Set JAVA_HOME as follows using syntax export JAVA_HOME=. If your path is set to /usr/java/jdk1.5.0_07/bin/java, set it as follows:

export JAVA_HOME=/usr/java/jdk1.5.0_07/bin/java

Set PATH as follows:

export PATH=$PATH:/usr/java/jdk1.5.0_07/bin

Save and close the file. Just logout and login back to see new changes:

$ echo $JAVA_HOME
$ echo $PATH

Tip: Use the following command to find out exact path to which java executable under UNIX / Linux:

$ which java

Please note that the file ~/.bashrc is similar, with the exception that ~/.bash_profile runs only for Bash login shells and .bashrc runs for every new Bash shell.

Set JAVA_HOME / PATH for all user
You need to setup global config in /etc/profile OR /etc/bash.bashrc file for all users:

# vi /etc/profile

Next setup PATH / JAVA_PATH variables as follows:

export PATH=$PATH:/usr/java/jdk1.5.0_07/bin
export PATH=$PATH:/usr/java/jdk1.5.0_07/bin

link-> http://www.cyberciti.biz/faq/linux-unix-set-java_home-path-variable/

How To Install JDK 6 / Java SE 6 (+ Tomcat) in Fedora Core 6 / Fedora 7 in 5 Minutes

Fedora Core developers make it rather hard to install and properly configure Sun's JVM. All said and done Sun's JVM (comes with JDK) is the best JVM implementation out there; not to mention that it is the reference implementation. Here is how you can easily install JDK 6 / Java SE 6 in 5 minutes or less. Here are the steps:

1. Login as root

2. First you need to download it from here. This works fine from GUI browsers like Firefox, Internet Explorer or Safari. However Sun makes it very hard (from java.sun.com) to download it for Linux console users (like those trying to install on their dedicated web server). You cannot access the download link from text based lynx browser. Fortunately there is a way. I found a secret location for you to easily download JDK 6 using wget or curl (console apps). This is also very useful if you are planning to use any download accelerators. The current binary (32 bit version) is here. This link will surely change with time so it is better to browse to the link above and then access this link from that page.

Download it using wget or curl. The command, for example, today will be:
wget http://www.java.net/…/jdk-6u2-ea-bin-b02-linux-i586-12_apr_2007-rpm.bin

Note: The link has been truncated for brevity, however it is hyperlinked to the actual link.

3. Now change the permission of the downloaded file to 755 like this:
chmod 755 jdk-6u2-ea-bin-b02-linux-i586-12_apr_2007-rpm.bin

4. Then run it:
./jdk-6u2-ea-bin-b02-linux-i586-12_apr_2007-rpm.bin

You will need to type yes to indicate your acceptance to their agreement and the installation will complete on its own. Unfortunately you are not yet done. Type java -version on the command line and you will see that it still points to the crappy old JVM from gcj.

5. Now you need to find the actual location of your JDK installation and indicate to Fedora to accept your choice.

Type the following:
updatedb;locate javac |grep bin

You will see an entry like this:
/usr/java/jdk1.6.0_02/bin/javac

Here /usr/java/jdk1.6.0_02 is the actual JAVA_HOME for your machine. Note this as you will need it to run the future commands.

Now you need to run the alternatives command to instruct Fedora to recognize Sun's JVM.
alternatives --install /usr/bin/java java /usr/java/jdk1.6.0_02/bin/java 100
alternatives --install /usr/bin/jar jar /usr/java/jdk1.6.0_02/bin/jar 100
alternatives --install /usr/bin/javac javac /usr/java/jdk1.6.0_02/bin/javac 100

You can do this for other Java executables too, should you need them, following the same pattern.

Note: If alternatives is not in your path then use locate alternatives to locate it.

Finally you should configure alternative to use Sun's JVM as the default JVM. To do this type:
/usr/sbin/alternatives --config java

This will present you with at least 2 options. Choose the one for Sun's JVM. Similarly repeat the process for other commands.

Now you are done configuring Fedora for the most part. Type java -version and you should see something like this:

java version "1.6.0_02-ea"
Java(TM) SE Runtime Environment (build 1.6.0_02-ea-b02)
Java HotSpot(TM) Client VM (build 1.6.0_02-ea-b02, mixed mode, sharing)


Note: This works for most part, except Tomcat. The default installation of Tomcat has been hardwired to use GCJ. I changed the configuration file and it didn't help. My solution for Tomcat is to ditch Fedora's version and install directly from site. It works like a charm. Set JAVA_HOME to the value we found above and you are done.


copy from -> this link http://blog.taragana.com/index.php/archive/how-to-install-jdk-6-java-se-6-tomcat-in-fedora-core-6-fedora-7-in-5-minutes/

keytool - Key and Certificate Management Tool

How do I delete a cert from the default .keystore

keytool -delete -alias xxxxx (where xxxxx is the alias name)

How do I delete a cert from the cacerts file

keytool -delete -alias xxxxx -keystore F:\j2sdk1.4.2_04\jre\lib\security\cacerts (where xxxxx is the alias name)

How do I list all .keystore certs

keytool -list -v | more

How do I list all .keystore certs in a specific keystore

keytool -list -keystore F:\j2sdk1.4.2_04\jre\lib\security\zzzzz | more (where zzzzz is the keystore name)

How do I list just one .keystore cert

keytool -list -v -alias xxxxx | more (where xxxxx is the alias name)

How do I list all cacerts certificates

keytool -list -keystore F:\j2sdk1.4.2_04\jre\lib\security\cacerts | more

How do I list just one cacerts certificate

keytool -list -keystore F:\j2sdk1.4.2_04\jre\lib\security\cacerts -alias xxxxx | more (where xxxxx is the alias name)

"This portlet is temporarily disabled." while rendering in parallel

Problem(Abstract)
After you enabled parallel portlet rendering, the error message "This portlet is temporarily disabled." is displayed for a portlet that is rendered in parallel. In this case the portal log file shows an exception with the message "PEEX0110E: The underlying pipe timed out while reading."

Cause
The portlet is rendered in a parallel thread and takes longer than the defined timeout to complete rendering. In this case WebSphere Portal displays an error message for the portlet and continues to render the rest of the page. Any output that the portlet might generate later will be discarded.

Resolving the problem
To resolve the problem, change the parameters on the consumer side of the WebSphere Portal server as follows:
Modify \shared\app\config\services\PortletContainerService.properties, and specify the following parameters:

std.useParallelRendering = true
parallelRenderingTimeOut = 10000


After modifying the parameters and restarting the WebSphere Portal server, you should no longer see the message "The portlet is temporarily disabled."

Ref -> http://www-01.ibm.com/support/docview.wss?uid=swg21197532
and http://www-01.ibm.com/support/docview.wss?uid=swg21177538