Cape Henry Technologies Inc.

Posts Tagged ‘server’

This posting will document the best way to install and setup IBM’s Rational Application Developer (RAD) for Websphere as a non-administrative user. I’ll be editing this along as I do the install and prepare the documentation for a group of developers at a large state organization.

To get started you would obtain the CDs or the installation media from IBM. In our case, we have the full downloads for Rational Application Developer (RAD) 7.6 for System Z. I found an article online for 7.5 and some of the instructions are a little different. Also, some windows paths have been changed. Once you have the downloads (zips), extract them all in a directory (as a general user) e.g. c:\RAD76 (ours is RADz76). Check in the setup directory for another folder or directory called InstallerImage_win32. Next, check to see if a file called userinstc.exe exists there. If yes, let’s proceed.

You’ll now need to prepare a small .bat file to execute the user installer to install the IBM Installation (Product) Manager silently as a non-administrative user to the user’s profile instead of c:\Program Files. Here’s the .bat file needed. Remember that your paths may be different.

10
11
12
13
14
15
16

echo off
SET LOGDIR="c:\temp"
SET INSTALLER="c:\RAD76\RD76_Setup\InstallerImage_win32"
 
%INSTALLER%\userinstc.exe --launcher.ini %INSTALLER%\user-silent-install.ini -log \
%LOGDIR%\Installer.log
echo on

The above script can be run in a cmd terminal and will silently install the IBM Installation Manager under your user profile. Under my user profile “dlwhitehurst” I now have … \IBM\Installation Manager and \IBM\InstallationManagerInstaller. This installation script will also write an entry to your Start menu “My Installation Manager”.

The next part is a bit more difficult. Another .bat file is needed to run the installer to setup and install RAD 7.6 and create a default WebSphere profile for testing.

The actual RAD installation was a little more difficult because we had downloaded separate media into our install directory. The media consisted of …disk1 and …disk2. The second .bat file is here. It was run but was unsucessful. I’ll explain how to fix after the script listing.

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

echo off
 
SET ILOGSDIR="c:\temp"
SET INSTLMGR="C:\RADz76\RDz76_Trial_Setup\InstallerImage_win32"
SET RESPONSEFILE="c:\temp\responsefile-nonadmin.xml"
 
del %RESPONSEFILE%
 
echo ^<?xml version="1.0" encoding="UTF-8"?^> >> %RESPONSEFILE%
echo ^<agent-input acceptLicense='true'^> >> %RESPONSEFILE%
echo ^<server^> >> %RESPONSEFILE%
echo ^<repository location='C:\RADz76\RDz76_Trial_Setup'/^> >> %RESPONSEFILE%
echo ^</server^> >> %RESPONSEFILE% 
echo ^<profile installLocation='c:\dlwhitehurst' id='IBM Software Delivery Platform'^> >> %RESPONSEFILE% 
echo ^<data key='eclipseLocation' value='c:\dlwhitehurst'/^> >> %RESPONSEFILE% 
echo ^<data key='cic.selector.nl' value='en'/^> >> %RESPONSEFILE% 
echo ^<data key='user.help.option' value='remote'/^> >> %RESPONSEFILE% 
echo ^<data key='user.help.url' value=''/^> >> %RESPONSEFILE% 
echo ^<data key='user.was.v70.createProfile' value='true'/^> >> %RESPONSEFILE% 
echo ^<data key='user.was.v70.profileName' value='was70profile1'/^> >> %RESPONSEFILE% 
echo ^<data key='user.was.v70.profilePath' value='c:\dlwhitehurst\runtimes\base_v7\profiles\was70profile1'/^> >> %RESPONSEFILE% 
echo ^<data key='user.was.v70.enableSecurity' value='false'/^> >> %RESPONSEFILE% 
echo ^<data key='user.was.v70.username' value=''/^> >> %RESPONSEFILE% 
echo ^<data key='user.was.v70.password' value=''/^> >> %RESPONSEFILE% 
echo ^</profile^> >> %RESPONSEFILE% 
echo ^<install modify='false'^> >> %RESPONSEFILE% 
echo ^<offering profile='IBM Software Delivery Platform' version='7.6.0.20090930_1054' id='com.ibm.rational.developer.systemz.v76.trial'/^> >> %RESPONSEFILE%
echo ^</install^> >> %RESPONSEFILE%
echo ^<preference value='%USERPROFILE%\IBM\SDPShared' name='com.ibm.cic.common.core.preferences.eclipseCache'/^> >> %RESPONSEFILE% 
echo ^<preference value='true' name='com.ibm.cic.common.core.preferences.http.proxyEnabled'/^> >> %RESPONSEFILE% 
echo ^<preference value='false' name='com.ibm.cic.common.core.preferences.http.proxyUseSocks'/^> >> %RESPONSEFILE% 
echo ^<preference value='localhost' name='com.ibm.cic.common.core.preferences.http.proxyHost'/^> >> %RESPONSEFILE% 
echo ^<preference value='9080' name='com.ibm.cic.common.core.preferences.http.proxyPort'/^> >> %RESPONSEFILE% 
echo ^<preference value='30' name='com.ibm.cic.common.core.preferences.connectTimeout'/^> >> %RESPONSEFILE% 
echo ^<preference value='30' name='com.ibm.cic.common.core.preferences.readTimeout'/^> >> %RESPONSEFILE% 
echo ^<preference value='0' name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount'/^> >> %RESPONSEFILE% 
echo ^<preference value='true' name='offering.service.repositories.areUsed'/^> >> %RESPONSEFILE% 
echo ^<preference value='false' name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode'/^> >> %RESPONSEFILE% 
echo ^<preference value='true' name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts'/^> >> %RESPONSEFILE% 
echo ^<preference value='false' name='PassportAdvantageIsEnabled'/^> >> %RESPONSEFILE% 
echo ^</agent-input^> >> %RESPONSEFILE%
 
%INSTLMGR%\userinstc.exe --launcher.ini %INSTLMGR%\user-silent-install.ini -input %RESPONSEFILE% -log %ILOGSDIR%\RadInstall.log 
echo on

When the above script was run, an error message was given stating that the silent install cannot be performed because of multiple media disks. Normally with a GUI install, the installer can stop and request that the user switch CD’s. A silent install is programmatic and therefore cannot interact with the user via a graphical environment. The silent install is running in terminal. The two disks are zipped and the paths in both disks begin with RADz76/.. This allowed me to extract the disks into RADz76 and now the disks were combined under one directory RADz76. I re-ran the installation script and it worked.

There are problems with the above script that did not affect the installation. The profile information would be fine for a RAD for WebSphere installation. What I found was that WebSphere was not embedded with the RAD for System Z install. I have installed RAD for WebSphere and both version 6 and version 7 were present. The RAD for System Z only contains support for WebSphere 6.

Introduction

I’m up against a rather difficult situation to solve a security issue for local WebSphere 7.0 developers. The network users are not allowed to install anything on their PC workstations, yet several teams of developers will be required to develop Java code on secured workstations using WebSphere 7.0. Even if an administrator were to install each WebSphere application server, the user would not be able to administrate the server properly because he/she would not have administrative rights to execute scripts, programs, tools, services, monitoring, port access, etc. I’m determined to find a good solution to this problem. I will share anything I find here.

Solution No. 1 (Unsuccessful)

I found some documentation online where individual profiles can be created from within the Rational Application Developer (RAD) tool (Custom IBM Eclipse). I tried using the profile management tools that came with the installation. I tried all permutations of check boxes, user selections, permissions modifications and did not find an acceptable solution. Usually something requiring special permissions would be part of IBM’s customization of Eclipse hence Rational Application Developer. This information would not be available on the Internet. I quickly accepted this solution to be a failure.

Solution No. 2 (Successful)

I have a local administration account and a general user account. As admin, I set permissions on two folders. These are:

• c:\Websphere
• c:\Program Files\IBM

The general user was added to both directories with write access. The directory c:\Websphere is used as extract_root, i.e. the directory is used to explode the 788 mb download of Websphere 7.0 at http://www.ibm.com/developerworks/downloads/ws/wasdevelopers/index.html. Next, I logged out as admin and logged in as the general user.

As general user, now I would extract the install into c:\Websphere and then do the install. The extraction of the install file was successful. No problems there. The install was a different story. The install will use a limited JRE, Java.exe and begin to install the application server. To begin the install run the following:

5

c:\Websphere\WAS\install.exe

The first dialog seen was a system dialog warning that a file called “install.exe” is being run. Click run. The next dialog is another system UI presentation asking “who” is going to run this file. I selected to run the program as a general user. The third system dialog asks if you want to run java.exe. Click “Run” and you will see the initial WebSphere Application Server 7.0 dialog. No frills, select “Next”. You are now presented with a license dialog. There are IBM and Non-IBM terms. Just check the radio button (accepting) and “Next”. Now, a dialog is presented informing you (general user) that your operating system prerequisites failed. Ignore this and select “Next”. That dialog did note that Service Pack 2 could not be found. Service Packs are installed but the general user does not have the level of access needed to verify them. The next dialog provides some information to consider. It says that it detected a non-root or non-administrative user. This will mean that the installation program cannot create a Windows service and also cannot write to the registry. Specifically, it would create a Windows service for WebSphere and write entries to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services . It also notes that port access may be affected. Normally, locally running servers can access all ports locally as localhost. It “SHOULD” be okay to proceed. Select “Next”. You are now presented with a dialog for Optional Features Installation. You probably do want to select the checkbox for the Sample Applications. Select the check for the Sample Applications and then “Next”. Now you will see a dialog for specification of the installation directory. The default directory is normally for an administrator install c:\Program Files\IBM\Web, however in this case since we are installing something and not creating a Windows service, the installation has defaulted the directory to c:\IBM\WebSphere\AppServer . That “SHOULD” be okay. Accept that directory choice and then select “Next”. Another dialog is shown and it asks to select a particular environment. By default it’s set to Application Server. Select “Next” and proceed. You should now see a dialog called Enable Administrative Security. Select an administrative user name and password. I personally recommend that the password for the “samples” user be the same as your admin user. Now click “Next”. Now select the preview tasks and let the install begin. We will soon know if WebSphere Application Server 7.0 can be run and administrated by the general user.

It’s finished and … the dialog, Installation Results are in. The dialog noted “Partial Success”. The install of the IBM product WebSphere Application Server was successful. The IBM WebSphere Application Server Base is found at c:\IBM\WebSphere\AppServer . Some configuration steps have errors but these can be found at server_base\logs\install\log.txt . Also important information can be found server_base\profiles\AppSrv01\Logs\AboutThisProfile.txt . Click “Finish”.

I reviewed the install log and it looks like IBM is merely concerned that it cannot query the resident OS. We know the following about the partial success of this product.

• Installer cannot verify Service Pack 2 (It’s Installed)
• Installer cannot create a Windows Service
• Installed cannot write to Registry

The IBM product defines the “failure” where it cannot write to the Registry as “cannot perform a native registration with the operating system”. This should be okay. It only means that the general user has installed something that the administrators know nothing about unless they were to inspect the general user’s hard drive for this installation. The general user may not start and stop his development application using the Window’s service tools found under Control Panel/Administrative Tools. The start menu was modified during the install and start and stop options are available to the general user. I will test this thoroughly now.

When the installation completes it runs a Java application (dialog pop-ups) that provides a panel called WebSphere Application Server – First Steps – AppSrv01. AppSrv01 is the initial profile that is created during the installation. It should be sufficient for your local development. Select Installation Verification first. It should run some things and provide a log of its success.

20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

Server name is:server1
Profile name is:AppSrv01
Profile home is:C:\IBM\WebSphere\AppServer\profiles\AppSrv01
Profile type is:default
Cell name is:TestMachineNode01Cell
Node name is:TestMachineNode01
Current encoding is:Cp1252
Start running the following command:cmd.exe /c "C:\IBM\WebSphere\AppServer\profiles\AppSrv01\bin\startServer.bat" server1 -profileName AppSrv01
>ADMU0116I: Tool information is being logged in file
>           C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\startServer.log
>ADMU0128I: Starting tool with the AppSrv01 profile
>ADMU3100I: Reading configuration for server: server1
>ADMU3200I: Server launched. Waiting for initialization status.
>ADMU3000I: Server server1 open for e-business; process id is 3040
Server port number is:9080
IVTL0010I: Connecting to the TestMachine WebSphere Application Server on port: 9080
IVTL0015I: WebSphere Application Server TestMachine is running on port: 9080 for profile AppSrv01
Testing server using the following URL:http://localhost:9080/ivt/ivtserver?parm2=ivtservlet
IVTL0050I: Servlet engine verification status: Passed 
Testing server using the following URL:http://localhost:9080/ivt/ivtserver?parm2=ivtAddition.jsp
IVTL0055I: JavaServer Pages files verification status: Passed 
Testing server using the following URL:http://localhost:9080/ivt/ivtserver?parm2=ivtejb
IVTL0060I: Enterprise bean verification status: Passed
IVTL0035I: The Installation Verification Tool is scanning the C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\SystemOut.log file for errors and warnings.
[2/8/10 12:40:58:079 EST] 00000000 WSKeyStore    W   CWPKI0041W: One or more key stores are using the default password.
[2/8/10 12:41:06:782 EST] 00000000 ThreadPoolMgr W   WSVR0626W: The ThreadPool setting on the ObjectRequestBroker service is deprecated.
IVTL0040I: 2 errors/warnings are detected in the C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\server1\SystemOut.log file
IVTL0070I: The Installation Verification Tool verification succeeded.
IVTL0080I: The installation verification is complete.

This proves that the general user can run the server. Now, the server sample applications should be tested to see if ports remain unblocked locally.

Select the link on the First Steps Dialog called “Administrative console”. You should get a browser with a block because of the self-signed certificate. Ignore the warning after you are sure that you understand what is happening. You will now see the login for the Administrative Console at URL https://localhost:9044/ibm/console/logon.jsp. I’m almost convinced that WebSphere only requires Java and use of ports locally. The server is running as localhost. An interesting note is that when you log in as the application administrator, the server switches the console server to port 9043 (security trick).