ibm connections administration – keep your systems running the right way
TRANSCRIPT
IBM Connections Administration
Christoph Stöttner – panagenda
Victor Toal - ToalSys
@TheToal - @stoeps
PLATINUM & CHAMPAGNE SPONSORS
GOLD SPONSORS
SILVER SPONSORS
BRONZE SPONSORS
Christoph StöttnerSenior Consultant – panagenda
IBM Notes / Domino since 1999
IBM Connections since version 2.5 / 2009
Many years of experience in:
• Migrations
• Administration und installs
• Performance analysis
Joined panagenda in 2015 focusing in:
• IBM Connections deployment und optimization
• IBM Connections monitoring
Husband of one & father of two, real Bavarian, IBM Champion
3
a @stoepsj christoph-stoettner
Victor ToalChief Solutions Architect – ToalSystems Consulting
aka “Dr. Vic” or “The Docta”20+ Years of talking tech
IBM Connections, Sametime, WebSphere, DB2, Notes and Domino
Golfer, father, mediocre husband, wine & cigar enthusiast. Pseudo-Austrian who likes some people from Bavaria
4
a @thetoalj victortoal
@TheToal - @stoeps
What we will cover
• Administration Interfaces• ISC
• wsadmin.bat|sh
• DB2 Data Studio
• Browser
• Daily Jobs• Log Review
• Profiles• Internal / External
• Log-in issues
• Name changes
• Community
• Reparenting
• Adding owners
• Search
• Weekly / Maintenance• Database Optimization
• Rights• Community / Wiki Creator
• Anonymous access disabled
• Backup & Restore• DB2
• Shared Directory
5
@TheToal - @stoeps
ADMINISTRATION INTERFACES
6
@TheToal - @stoeps
Integrated Solutions Console – ISC
• Administrative Interface for WebSphere Application Server
• https://dmgr-host:9043/ibm/console
• Trouble loomes when using the Chrome browser . . . .
7
@TheToal - @stoeps
Integrated Solutions Console – ISC
• File paths can be looooong / many subfolders of subfolders
• Changes are first cached as temp files
• Changes can be reviewed and rejected before final save
8
@TheToal - @stoeps
Integrated Solution Console – ISC
• All changes are saved in the master configuration of the Deployment manager
• These changes must then be synchronized to the other Websphere Nodes
• Synchronization is one-way only: Dmgr -> Node• System Administration - Nodes: check the node(s) und click "Full
Synchronize"
9
@TheToal - @stoeps
Integrated Solution Console – ISC
• Alternatively: enable automatic synchronization of
• System Administration - Console Preferences: select"Synchronize changes with Nodes"
10
@TheToal - @stoeps
Wsadmin
• Is a command line tool used for WebSphere application server administration
• Supports two distinctive program languages:
• JACL• Older, less frequently used
• However, some commands exist ONLY in JACL (e.g.: SPNEGO configuration commands)
• Jython• Python designed to run on a JAVA platform
• Can be called from JAVA and can also execute JAVA commands
11
@TheToal - @stoeps
cd [websphere-root]\profiles\[dmgr-profile]\binwsadmin.sh|bat -conntype NONE -lang jython|jacl -username wasadmin -password password
Wsadmin• Two Options:
• Remote• Can make changes to multiple clients simultaneously
• host_name - DMGR-Hostname
• port_name - Default: 8879
• Advantage• Works even if WebSphere is not started on remote WAS node
• Not impacted by SSL certs
• Often last option when you can no longer log-in
12
wsadmin.sh|bat -conntype SOAP -host host_name -port port_number \-user wasadmin -password password -lang jython|JACL
@TheToal - @stoeps
Wsadmin – Connections Admin Command• Each admin module has its own script with
an integrated library• Modules are loaded with the “execfile”
command
• Beispiel
13
execfile('connectionsConfig.py')execfile('modulAdmin.py')
execfile("searchAdmin.py")SearchService.addBackupIndexTask("WeeklIndexBackup", "0 0 2 ? * SAT", "0 10 2 ? * SAT")SearchService.refreshTasks()
activitiesAdmin.pyblogsAdmin.pycommunitiesAdmin.pyconnectionsConfig.pydogearAdmin.pyfilesAdmin.pyforumsAdmin.pygadgetAdmin.pyhomepageAdmin.pymetricsAdmin.pymobileAdmin.pymustGather.pynewsAdmin.pyoauthAdmin.pyprofilesAdmin.pysearchAdmin.pywikisAdmin.py
@TheToal - @stoeps
DB2 Data Studio
• Post DB2 V9.7 the DB2 Command Center is no longer part of the install
• DB2 work is done via the command line . . .
• Additional client programs:
• DB2 Data Studio 4.1.1.0
• Many other JDBC clients available (i.e.: DBVisualizer, squirrelSQL, ...)
• Connections databases are not documented!
14
db2 connect to peopleDBdb2 select * from empinst.employee
IBM does not support any changes to the data in the dBs directly!
@TheToal - @stoeps
Browser
• Some modules have admin interfaces in the browser
• Homepage
• Search
• Communities
• Blogs
• To access the admin interface you need to be added to the [ADMIN] role in the WebSphere applicaiton
• Changes will cause an immediate restart of the application!
15
@TheToal - @stoeps
Browser - Homepage
• Assign RolesApplications – Application Types – WebSphere enterprise applications – Application Name –Security role to user/group mapping
16
@TheToal - @stoeps
Browser – Search
• The admin role is necessary to check on the current status of the Search service
17
@TheToal - @stoeps
Browser – Communities
• Give you control over the Crawler process
• Ability to add additional servers to the Community listing
• Ability to add Quickr places
18
@TheToal - @stoeps
Browser – Blogs
• Access to site wide blog configuration settings
• The only module to actually update the settings in the database
19
@TheToal - @stoeps
Connections Configuration
• All heavy configuration happens in xml files
• [websphere-root]\profiles\[dmgr-profile]\config\[cell name]\LotusConnections-Config
• Best practice: DO NOT EDIT DIRECTLY!
• Check-out/check-in via wsadmin
• Example:
• Keep the wsadmin session open!!
• Edit the file [/tmp/LotusConnections-config.xml] and save it
20
wsadmin.sh -lang jythonexecfile("connectionsConfig.py")LCConfigService.checkOutConfig("/tmp", AdminControl.getCell())
LCConfigService.checkInConfig("/tmp", AdminControl.getCell())
@TheToal - @stoeps
Connections Configuration
• The check-in process verifies the xml syntax against the corresponding XSD file• Prevents typos• Many settings have strict syntax requirements regarding the order of elements• In case of errors: check if the XSD actually contains the “new” setting at all – might
be a wrong version!• Example 1: files-config.xml [preview_enabled]
• Documentation claims it is necessary for file preview and instructs to add it• Creates errors during check-in as it is not contained in the XSD file
• Example 2: mobile-config.xml [AllowRemoveAccount]• Documentation claims tis is available after upgrade to CNX5 CR3• After CR3 install the check-in validation will fail – the XSD is not being updated during the CR3
update• A new XSD file is only deposited in the Connections-Root/mobile/mobile/mobile/mobile-
config/ (HINT: COPY IT OVER …)• In case of new installs the file is updated correctly
• Connections has 36 XML files that you might have to edit• New functions are usually activated via XML files
21
@TheToal - @stoeps
DAILY JOBS
22
@TheToal - @stoeps
Log ReviewLike many other products, IBM Connections will
announce it‘s pains and woes in log files – of which there are many!
• WebSphere: SystemOut.log, SystemErr.log
• HTTP Server: error.log
• TDI: ibmdi.log
• DB2: db2diag.log
All these logs need to be reviewed regularely, idealy using some monitoring software or log file aggregator.
23
@TheToal - @stoeps
Search – The Mortar that binds it all together• Search is central to the user experience – you ned to review
and analyze performance and functionality of this task regularely!
• Search in IBM Connections is based on Apache Lucene.• Initialization and Background Indexing:
• The base pages of all features (called Seedlists) are accessed• Page content is saved on file system:• /opt/IBM/Connections/data/local/search/persistence
• File contents are extracted and saved on the file system1:• SHARED_DIRECTORY
• Locally saved Seedlists are accessed and their content indexed in Lucene documents
• The documents are captured in Lucene indexes • This is repeated for all Seedlist pages over and over again
24
@TheToal - @stoeps
Search – serverStatus
• https://connections-host.fqdn/search/serverStatus• Documentation link to search serverStatus• Great starting point to identify errors and verify functionality• Messages on the page are color coded:
• BLUE: • Informational• No action necessary
• GREEN: • Configuration is valid
• YELLOW: • Warning• Check configuation
• RED: • Problem• Immediate action necessary
25
@TheToal - @stoeps
Search – serverStatus
• Register Tabs • Server Status
• Analyses the SystemOut.log of the Search application
• Versioning file of the Crawler
• Initial Indexing Exceptions• Indicates errors at the first search index initialization
• SystemOut Log Exceptions• Recent errors/messages appearing in the SystemOut.log
• Seedlist Validation• Access validation for all seedlists
• SAND Validation• Validation of all SAND Index files
26
@TheToal - @stoeps
Search – resumeToken
• Compare the resumeToken and time stamp in Search
• ResumeToken show no exceptions• The search date stamp is off:
• A check of the Scheduler shows that no Search tasks are running • A restart of the Search featue is required
27
@TheToal - @stoeps
Search – Scheduled Tasks
• Search tasks extended for periods (> 5 min)
• Time stamps are in the past
• Causes: • DMGR not started or was stopped
• Scheduler task hung
28
Execfile(“connectionsConfig.py”)Scheduler.listAllTasks()
…
Search tasks15min-search-indexing-task RUNNING Mon Sep 14 06:46:00 CEST 2015 0 1/15 0,2-23 * * ?20min-file-retrieval-task SCHEDULED Mon Sep 14 07:01:00 CEST 2015 0 1/20 0,2-23 * * ?DailyIndexBackup SCHEDULED Tue Sep 15 02:00:00 CEST 2015 0 0 2 ? * *Test2DailyIndexBackup SCHEDULED Mon Sep 14 10:35:00 CEST 2015 0 35 10 ? * *TestDailyIndexBackup SCHEDULED Mon Sep 14 10:30:00 CEST 2015 0 30 10 ? * *nightly-optimize-task SCHEDULED Tue Sep 15 01:30:00 CEST 2015 0 30 1 * * ?nightly-sand-task SCHEDULED Tue Sep 15 01:00:00 CEST 2015 0 0 1 * * ?
…
[root@cnx-was bin]# dateMon Sep 14 20:54:31 CEST 2015
@TheToal - @stoeps
Profiles – Synchronizing Users
• Synchronizing Users with LDAP • Run as scheduled task or Cronjob at least 2x daily• Needs to be checked and verified frequently
• Quick review:• TDISOL\employee.error• TDISOL\employee.skip
• More in-depth analysis by reviewing:• Ibmdi.log in tdisol\logs\ibmdi.log
• Possibly set additional DEBUG parameters• profiles_tdi.properties (debug_*=true) • etc/log4j.properties (log4j.rootCategory)
• Frequently caused by the setting for: sync_updates_hash_field
29
@TheToal - @stoeps
Profiles – Extend Role to allow external users access
• Communities for external users
• Creator requires the role EMPLOYEE.EXTENDED
• Review users with the EMPLOYEE.EXTENDED role
30
Connect to PeopleDB;SELECT r.PROF_DISPLAY_NAME, r.PROF_MAIL, r.PROF_UID, e.ROLE_ID
from EMP_ROLE_MAP e left join EMPLOYEE r ON e.PROF_KEY = r.PROF_KEYWHERE e.ROLE_ID = 'employee.extended‘;
@TheToal - @stoeps
Profiles – Set Extended Role
• Set for individual users• Using email address as key:
• Using userId as key:
• Batch it with a list:• Text file with list of userID/mail addresses, one per line
• Example mail address
• Example userId
31
ProfilesService.setRole(‘[email protected]’,EMPLOYEE_EXTENDED)
ProfilesService.setRoleByUserId(“cstoettner", EMPLOYEE_EXTENDED)
ProfilesService.setBatchRole(EMPLOYEE, "profiles-email.txt")
ProfilesService.setBatchRoleByUserId(EMPLOYEE, "profiles-userid.txt")
@TheToal - @stoeps
Communities
• THERE IS ALLOT TO LOOK AT EVERY DAY!• Orphaned communities lacking an active owner cannot be
changed in any way ....• Community libraries might reach their quota limits – to
change or not to change?• Community Theme is obsolete and must be changed/archived
• This is not a pure technical decision and needs process
• Rearrange communities and elevate/demote sub-communities • Move communities to/from subcommunities – move data around• Mixture of technology and – more importently – process/content
decisions
• Restore deleted communities
32
@TheToal - @stoeps
Community – Adding Members and Owners using the Browser Interface
• You need to have the Admin and dsx-admin role in the Communities applications
• Use the search scopes for Communities
• https://connections-host/communities/service/atom/communities/all• Normally this will only show all public communities. For a user
with dsx-admin role it will display ALL communities
• Dsx-admin users can add members to all Communities• Note: you can only add members to sub-communities that are
members of the parent community
33
@TheToal - @stoeps
Community – Add Members and Owners using wsadminNote: This is cool …
• Use wsadmin if user with the dsx-admin are not permitted for anyone but search accounts
• Get the Community UUID from its URL
34
@TheToal - @stoeps
Community – wsadmin command examples to add members and owners• Wsadmin: determine the UUID first … example
35
wssadmin>execfile("communitiesAdmin.py")
wsadmin>allComm=CommunitiesService.fetchAllComm()
wsadmin>CommunitiesListService.filterListByName(allComm,"Search Test")
[{lastModBy=[Admin Connections, 0989A11C-D85F-0B59-C125-7E7C003FFAE6], created=09/09/15 13:27:20 CEST, tags=[test], type=private, name=Search Test, uuid=351ace81-4ebf-4f47-af50-815799d3d353, memberSize=1, lastMod=10/09/15 08:58:45 CEST, description=Testing Search , createdBy=[Admin Connections, 0989A11C-D85F-0B59-C125-7E7C003FFAE6]}, {lastModBy=[Communities Administrator, -Communities-Administrator-ID-], created=11/09/15 12:08:24 CEST, tags=[], type=public, name=Search Test, uuid=e2f4589d-bfc9-4c1d-9320-98b60588e6ff, memberSize=2, lastMod=11/09/15 12:40:37 CEST, description=, createdBy=[Admin Connections, 0989A11C-D85F-0B59-C125-7E7C003FFAE6]}]
@TheToal - @stoeps
Community – add members and owners … continues
• memberRole. The alues are: 0 (Member) or 1 (Owner)
36
wsadmin>newowners=["[email protected]", "[email protected]"]
wsadmin>CommunitiesService.addMembersToCommunityByEmail("Search Test,1,newowners)
0091E: Multiple communities found with name: Search Test.
WASX7015E: Exception running command: "CommunitiesService.addMembersToCommunityByEmail("Search Test", 1, newowner)"; exception information:javax.management.RuntimeMBeanExceptionjava.lang.IllegalArgumentException: java.lang.IllegalArgumentException: CLFRM0091E: Multiple communities found with name: Search Test.
wsadmin>CommunitiesService.addMembersToCommunityByEmail("e2f4589d-bfc9-4c1d-9320-98b60588e6ff", 1, newowner)addMembersToCommunityByEmail request processed
@TheToal - @stoeps
Community Reparenting
• Introduced in IBM Connections 4.5 CR3
• Move/Reparenting – Think of the Limitations:
• Subcommunities cannot be directly reparented to another community
• Communities with subcommunities cannot be reparented to other communities
• Community-The Parent Community Owners take over
• Will be set as OWNERS of the new subcommunity
• Subcommunity – Owners and Members:
• Will be set as MEMBERS in the new parent community
37
@TheToal - @stoeps
Community Reparenting – BEFORE
38
@TheToal - @stoeps
Community Reparenting – AFTER
39
@TheToal - @stoeps
Community Reparenting – What Changes?
PARENT CommunitySubcommunity BEFORE
ReparentingSubcommunity AFTER
Reparenting
Public Public No Change
Public Moderated No Change
Public Restricted No Change
Moderated Public Moderated
Moderated Moderated No Change
Moderated Restricted No Change
Restricted Public Restricted
Restricted Moderated Restricted
Restricted Restricted No Change
40
@TheToal - @stoeps
Community Recycle Bin• New in Version 5.0
• Default purge interval 90 days
• Task runs by default daily at 3 AM
• If set to [daysToDelete=0] communities will be put into the recycle bin first
• Will be permanently removed at the next 3 AM deletion run
41
<comm:scheduledTasks>...<comm:task name="fullDelete" description="Fully delete Communities in trash"
interval="0 0 3 ? * *" startby=""enabled="true" scope="cluster" type="internal"targetName="" mbeanMethodName="" serverName="unsupported" />
...<!-- Number of days after which a soft-deleted community will be fully deleted -->
<comm:daysToDelete>90</comm:daysToDelete>
@TheToal - @stoeps
Community Recycle Bin … continued
• Nifty: Gives you a list of communities deleted before JAN 20, 2015
•
• List of all deleted Communities
42
wsadmin>execfile("communitiesAdmin.py")wsadmin>CommunitiesService.getSoftDeletedCommunityUuidList("2015-01-20")
wsadmin>execfile("communitiesAdmin.py")wsadmin>CommunitiesService.getSoftDeletedCommunityUuidList()
[{lastModBy=[Christoph Stoettner, B157E78B-E5D7-52D6-C125-7E7C003FF9D0], created=15/09/15 23:38:53 CEST, tags=[], type=public, name=My cool community, uuid=9b229afb-8034-4dff-93a7-d24eefbcacb1, memberSize=2, lastMod=15/09/15 23:40:11 CEST, description=Description of cool community , createdBy=[Admin Connections, 0989A11C-D85F-0B59-C125-7E7C003FFAE6]}]
CommunitiesService.unDeleteCommunity("9b229afb-8034-4dff-93a7-d24eefbcacb1")unDeleteCommunity request processed
@TheToal - @stoeps
Quick & Dirty – Archiving Communities
• Create empty Archival Community• Make it [restricted]• Members: only admins or specific groups• Will not be visible to standard users, not
displayed in search either
• Remove all members from the communities to be archived
• Reparent the Community and make it into a subcommunity• Easily reconstituted• Note: Make a list of the members first …
(Export list, add as file to community)
• Either wait for an archiving tool from IBM or delete after x days/months/years …. Your choice
43
@TheToal - @stoeps
Files Policies und Library Size
• Library not to be mistaken with a CCM / FileNet library
• This command refers to the maximum amount of files a user can upload – for both community and personal libraries • Default: 500MB
• Show Existing Libraries:
• Create a Policy and set it to 2GB• The “normal” number for 2G is too large for an integer entry, that
is why you need to add the “L” to it …
44
execfile("filesAdmin.py")FilesPolicyService.add(“Test", 2147483648L)
FilesLibraryService.browseCommunity("title","true",1, 100)FilesLibraryService.browsePersonal("title","true",1, 100)
@TheToal - @stoeps
Libraries – Nifty ReportsCSV File of all Community Libraries:
Linux: ./wsadmin.sh -lang jython -user wasadmin -password **** -profile filesAdmin.py -c 'FilesPrintService.saveToFile(FilesLibraryService.browseCommunity("size", "false", 1, 100000), "/opt/IBM/CommunityLibraries.csv")'
Windows: wsadmin.bat -lang jython -user wasadmin -password ***** -profile filesAdmin.py -c "FilesPrintService.saveToFile(FilesLibraryService.browseCommunity('size', 'false', 1, 100000), 'D:\CommunityLibraries.csv')“
CSV File of all Community Libraries:
Linux: ./wsadmin.sh -lang jython -user wasadmin -password **** -profile filesAdmin.py -c 'FilesPrintService.saveToFile(FilesLibraryService.browsePersonal("size", "false", 1, 100000), "/opt/IBM/PersonalLibraries.csv")'
Windows: wsadmin.bat -lang jython -user wasadmin -password ***** -profile filesAdmin.py -c "FilesPrintService.saveToFile(FilesLibraryService.browsePersonal('size', 'false', 1, 100000), 'D:\PersonalLibraries.csv')“
CSV File of all Orphaned User Libraries
Linux: ./wsadmin.sh -lang jython -user wasadmin -password **** -profile filesAdmin.py -c 'FilesPrintService.saveToFile(FilesLibraryService.browsePersonalOrphan("LastUpdate","true",1,10000), "/opt/IBM/PersonalOrphanedLibraries.csv")'
Windows: wsadmin.bat -lang jython -user wasadmin -password **** -profile filesAdmin.py -c "FilesPrintService.saveToFile(FilesLibraryService.browsePersonalOrphan('size', 'false', 1, 100000), 'D:\PersonalLibraries-Orphans.csv')“
CSV File of all Library Policies
Linux: ./wsadmin.sh -lang jython -user wasadmin -password **** -profile filesAdmin.py -c 'FilesPrintService.saveToFile(FilesPolicyService.browse("title", "true", 1, 25),"/opt/IBM/LibraryPolicies.csv")'
Windows: wsadmin.bat -lang jython -user wasadmin -password **** -profile filesAdmin.py -c "FilesPrintService.saveToFile(FilesPolicyService.browse('title', 'true', 1, 25), 'D:\LibraryPolicies.csv')"
@TheToal - @stoeps
Assign a Policy to a Library
• Quick and dirty – assign a Policy to a Library – either Personal or Community Library
• Take note of the Library UUID / User GUID and the correct Policy UUID ….
46
FilesLibraryService.assignPolicy(libraryId, policyId)
FilesLibraryService.assignPolicy("9b229afb-8034-4dff-93a7-d24eefbcacb1","58d6add6-f55d-446e-abf5-c15a733bd662")
@TheToal - @stoeps
MAINTENANCE / REGULAR WORK
47
@TheToal - @stoeps
Optimize DB2 Configuration
• The IBM Connections Wizard will create all the databases for you, alternatively you can create them manually using the scripts included in the wizard subfolders
• But to have an optimally functioning DB2 server that supports online backup with automatic retention/removal of old backups, minimizes i/o and “Just works better” you need to go beyond the base setup.
@TheToal - @stoeps
DB2 additional Configuration
• LOGARCHMETH1 – archival logging, allows online backups
• LOGARCHCOMPR1 – archive log compression• auto_del_rec_obj – auto deletion of recovery objects• rec_his_retentn – recovery history retention period• num_db_backups – number of backups retained
These settings impact each other and are dependent on each other - they need to be adjusted correctly or they will
not give you the expected results
@TheToal - @stoeps
Typical Database Setting
db2 update db cfg for BLOGS using LOGARCHMETH1 disk:D:\DB2-Logging
db2 update db cfg for BLOGS using auto_del_rec_obj ON
db2 update db cfg for BLOGS using rec_his_retentn
db2 15update db cfg for BLOGS using num_db_backups 3
Db2 update db cfg for BLOGS using LOGARCHCOMPR1 on
update db cfg for BLOGS using LOGFILSIZ 8196
What did we set?• Turn on db2 archival logging and write the log files to the folder [D:\DB2-Logging]• Configure log files to be 8 MB large (default is 4 MB)• Turn on automatic file retention/deletion, • Retain the last 15 days of log files (and then auto-delete), retain the last 3 backups (and
then auto-delete), • Compress any archived log files.
Now all you have to do is to run regular (=min. daily) online db2 backups and then do a file level back up the backups and db2 log files (more details later)
@TheToal - @stoeps
Database Maintenance & Optimization
• Though Shalt … Run REORGs and RUNSTATs - REGULARELY• AT LEAST after larger data changes/updates• Best Practice: weekly (optimal) or monthly (also great) during an outage
window
• Databases cannot be locked by any access – that means Connections needs to be down – this includes the Dmgr!
• IBM provided scripts are in the [Connections-Root]/connections.sql• reorg.sql• updatestats.sql and/or runstats.sql• Copy to the DB2 server and make available to the instance owner account
• You must test: are the statements ended with a “@” or a “;”• db2 –tvf reorg.sql• db2 –td@ –vf reorg.sql
51
@TheToal - @stoeps
Database Optimization – Scipts
Example of all provided scripts
52
export CNX_ROOT=/opt/IBM/Connectionsfind ${CNX_ROOT}/connections.sql \( -name reorg.sql -o -name runstats.sql –o –name updatestats.sql \) \
| grep db2 | sort
/opt/IBM/Connections/connections.sql/activities/db2/reorg.sql/opt/IBM/Connections/connections.sql/activities/db2/runstats.sql/opt/IBM/Connections/connections.sql/blogs/db2/reorg.sql/opt/IBM/Connections/connections.sql/blogs/db2/runstats.sql/opt/IBM/Connections/connections.sql/communities/db2/reorg.sql/opt/IBM/Connections/connections.sql/communities/db2/runstats.sql/opt/IBM/Connections/connections.sql/dogear/db2/reorg.sql/opt/IBM/Connections/connections.sql/dogear/db2/runstats.sql/opt/IBM/Connections/connections.sql/files/db2/reorg.sql/opt/IBM/Connections/connections.sql/files/db2/updateStats.sql/opt/IBM/Connections/connections.sql/forum/db2/reorg.sql/opt/IBM/Connections/connections.sql/forum/db2/runstats.sql/opt/IBM/Connections/connections.sql/homepage/db2/reorg.sql/opt/IBM/Connections/connections.sql/homepage/db2/updateStats.sql/opt/IBM/Connections/connections.sql/metrics/db2/reorg.sql/opt/IBM/Connections/connections.sql/metrics/db2/updateStats.sql/opt/IBM/Connections/connections.sql/mobile/db2/reorg.sql/opt/IBM/Connections/connections.sql/mobile/db2/runstats.sql/opt/IBM/Connections/connections.sql/profiles/db2/reorg.sql/opt/IBM/Connections/connections.sql/profiles/db2/runstats.sql/opt/IBM/Connections/connections.sql/wikis/db2/reorg.sql/opt/IBM/Connections/connections.sql/wikis/db2/updateStats.sql
@TheToal - @stoeps
BACKUP & RESTORE
53
@TheToal - @stoeps
Backup – General Facts
• Installations often implemented using the following references: • IBM Connections Documentation / Wiki• Tutorials / Presentations (“Zero to Hero” ….uugh)• Tips and blog entries
• NONE of these really mention backups and Restores• Dead Drive means Dead Data ….
• Yes – even RAID, Snapshot or a SAN can develop problems
• Online DB2 backups are good – but restores are tricky and often fail if they are not tested ahead of time• Regular outages for backups are difficult in environments used around the
globe during al times of EVERY day ….
• Restores always mean some level of data loss – but in a controlled fashion – which is why testing is important• Data is interconnected – you cannot selectively restore just one feature
database ….
54
@TheToal - @stoeps
DB2 Backup
• DB2 can do automatic backups• e.g. daily or after 10 MB of log files
• Drawbacks • No specific time• Cross-referencing it with the uploaded data (files etc.) is difficult
• DB backup should be at the same time as the file level backup of the SHARED DIRECTORY
• Scheduling a backup if better than using the automatic function
• Restore Online Backups - reference • http://kbild.ch/2011/02/backup-and-restore-ibm-lotus-connections-
dbs-online/• http://www.slideshare.net/ChristophStoettner/ibm-connect-2014-
bp307
55
@TheToal - @stoeps
DB2 Backup … continued
• Best to use archival logging• With a base Full, off-line backup as your base you can use
the DB2 log files to restore all databases to a specific point in time
• You need to TEST …. And verify that your file level / [Shared Directory] backup is done consistently.
• There will be clean-up and some data loss … you need to test and tell management what to expect …..
• Snapshots of the OS will not save you – they are an excuse for not planning real backup and restores
Plan your backups around your tolerance for data loss at restore time!
@TheToal - @stoeps
Backup The Shared Directory
• Customization folder• provision/webressources (IMPORTANT - jars for the Common
App)• Uploaded files
• Activities• Blogs• Files• Wikis• CCM (Libraries)
• CCM Objectstore
COORDINATE THIS WITH YOUR DB BACKUPS AND YOUR RESTORE PLAN
57
@TheToal - @stoeps
Backup WebSphere Application Server Config• WAS utility [backupConfig.sh/.bat] creates a backup
of your WAS configuration • All security and user settings
• All WAS profiles (Nodes settings, servers, all installed applications and their settings, etc.)
• Can be used to restore/move a configuration to a new server
• Run backupConfig on Dmgr AND all nodes so you can restore selectively ….
58
./backupConfig.sh /opt/install/Websphere-config-date +%Y%m%d -nostop -username wasadmin-password password
@TheToal - @stoeps
Backup – OK, what is left …
• IBM HTTPServer• conf/httpd.conf• SSL Keystore
• htdocs/*
• Connections (/opt/IBM/Connections)• Scripts• CCM• ear-Files• Search index
• CCM• The ear file contains the database encryption key .. You loose it - you
are screwed …• CONNECTIONS-ROOT/ccm/ccm/ccm/scripts/backup.sh
59
grep ^KeyFile /opt/IBM/HTTPServer/conf/httpd.conf | awk '{print $2}'
@TheToal - @stoeps
Backup – The Rest of the Schuetzenfest• IBM Installation Manager
• Has data on the installed packages/components – you need that for updates and uninstalls
• Windows• %ApplicationData%\IBM\Installation Manager
• Linux• /var/ibm/InstallationManager
• 3rd Party Apps• Forms Experience Builder
• Configs are in C:\IBM\FORMS or /var/forms• Not contained in the WAS backupConfig!!!
• IBM Docs Viewer / IBM Docs• Configs for version prior 1.0.7 are in [Viewer_Shared] folder
60
@TheToal - @stoeps
Backup – How Often?
• AT LEAST Daily• Databases• Shared Directory
• Regularely (weekly or multiple times/week)• Configs:
• WebSphere• Connections• CCM• IBM HTTPServer (includes Plugin und SSL Keys)• TDI Solutions folder
• Restore: Test or Regret it when the S#*t hits the fan …• Frequently problems with missing binaries for WebSphere restores
etc. …
61
@TheToal - @stoeps
Data Integrity Check – Database & Wikis• After a restore you need to be sure that the database and the file store are
in synch and you are not missing data
• SystemOut.log
• also: WikisDataIntegrityService.checkFiles
62
wsadmin>execfile("filesAdmin.py")Connecting to WebSphere:name=FilesAdminService,type=LotusConnections,cell=cnxCell01,node=cnxNode01,*Files Administration initialized.
wsadmin>FilesDataIntegrityService.checkFiles("/opt/install/filesintegrity")
The file integrity check has started and will continue to run in the background until complete. Please check the server logs for completion status and messages.
[16/09/15 20:36:19:851 CEST] 000000d4 DataIntegrity I EJPVJ9123I: The task Data integrity check has begun execution at 16 September 2015 20:36:19 CEST.
[16/09/15 20:36:20:005 CEST] 00000227 CheckDataInte I EJPVJ9343I: The data integrity check succeeded and the database and file system are consistent. 0 unused file(s) were moved to /opt/install/filesintegrity.
[16/09/15 20:36:20:005 CEST] 00000227 CheckDataInte I EJPVJ9366I: The task Data integrity check has finished at 16 September 2015 20:36:20 CEST.
@TheToal - @stoeps
SOME MORE
63
@TheToal - @stoeps
Official and – sometimes - helpful links for IBM Connections
• IBM Connections Requirements
• Official Documentation Connections family
• Connections 5 Documentation
• Tuning Guide 4.0
• Tuning Guide Addendum 4.5
• Tuning Guide 5.0CR1
64
@TheToal - @stoeps
Blogs dealing IBM Connections
• http://www.stoeps.de• http://scripting101.org• http://martin.leyrer.priv.at/• http://kbild.ch• http://dilf.me.uk/socialshazza• http://www.notesgoddess.net• http://ibmconnections.com• http://notesbusters.com• http://wannes.rams.be
• http://turtleblog.info• http://portal2portal.blogspot.de• https://www.urspringer.de• http://meisenzahl.org/• http://socialconnections.info• http://blog.robertfarstad.com• http://www.curiousmitch.com• http://techblog.gis-ag.info
65
@TheToal - @stoeps
Credits
• Oliver Heinz (https://twitter.com/oliheinz)Thanks for the profile photo
• SOCICON - Free social icons font (http://www.socicon.com)
66
@TheToal - @stoeps
PLATINUM & CHAMPAGNE SPONSORS
GOLD SPONSORS
SILVER SPONSORS
BRONZE SPONSORS
@TheToal - @stoeps
Thanks
Victor Toal• [email protected]
• Blog: www.notesbusters.com
• Twitter: @TheToal
• LinkedIn: victortoal
Christoph Stoettner• [email protected]
• Blog: www.stoeps.de
• Twitter: @stoeps
• LinkedIn: christoph-Stoettner
• Download Businesscard:https://www.panagenda.com/download/vCard/Stoettner_Christoph.vcf