WSADMIN is a scripting interface (or command-line interface) into WebSphere Application Server that permits the automation of many different tasks that we can do using a (web interface) or graphical user admin console. JACL scripting is the scripting language that is supported by the WebSphere Application Server to administer or write any custom-based task.

a. What are the different wsadmin objects.

•  AdminConfig
•  AdminControl
•  AdminApp
•  AdminTask
•  Help

b. How do you invoke wsadmin command

                   Go to the appropriate <profile_home> and type wsdmin.

c. How do you execute a jacl script

                   >wsadmin -f myScript.jacl

d. How Install a war/ear file
$AdminApp install earfile {-server myAppSvr}

$AdminApp installInteractive earfile

$AdminConfig save

e. How to uninstall a war/ear file.
$AdminApp uninstall myApp

f. How to generate heapdump and coredump in WebSphere

set jvm [$AdminControl completeObjectName type=JVM,process=server1,*]

$AdminControl invoke $jvm generateHeapDump

$AdminControl invoke $jvm dumpThreads

AdminTask.renameNode('[-nodeName Node01 -newNodeName Node]')

1. connect to dmgr process;

./wsadmin.sh -lang jython -conntype NONE

2. change cell name and save.

AdminTask.renameCell('[-newCellName Cell02 -regenCerts true -changeSetupCmdBat true]')

AdminConfig.save()

3. change node name and save.

AdminTask.renameNode('[-nodeName Node01 -newNodeName Node]')

AdminConfig.save()

Also, you can rename it interactive mode,

AdminTask.renameCell ('[-interactive]')
AdminTask.renameNode ('[-interactive]')

Example :

Plugin config file contains routing information along with information on virtual hosts , clusters (cluster members), and URIs. We manually edit the plug-in config file when enabling SSL (specifying the key file name), LoadBalanceWeight, and minimum number of connections.

PluginKey.kdb Holds the Plugin Certificate and the Server Key to Enable the Web Server to trust the WebSphere JVM.
PluginKey.sth Holds the Access password for the PluginKey.kdb

We must define plugin-config.xml path in httpd.conf , else webserver will not be able to serve the incoming requests.

Its not required to restart webserver, after making changes in plugin-config.xml because plugin refreshes itself after every 60 seconds.  Restart webserver only if changes are made to its config file.

We just need to let webserver (httpd.conf ) know where our plugin-config.xml file is located and we need to add a module in httpd.conf file. Restart the webserver and your webserver is ready.

I am assuming that you have completed following activities :

a. Installed WAS and have a Node federated under Dmgr profile. NodeAgent and server1 is running.

b. IHS  and Plugin is installed.

c. we are able to see  below status of snoop when its requested through Application server and when its requested through webserver.

Snoop requested through WebServer and Appserver on Https & Http before configuring plugin between WebServer and Application Server.

Case A : Snoop request on Http through Application server.

Case B: Snoop request on http through webserver.

This page should start working once plugin is configured. Please follow the steps mentioned to configure the plugin.

Case C: Snoop request on https through Application Server

This will not work, untill SSL is not enabled between WebServer and Application Server. I will explain latter, how to configure SSL.

Case D: Snoop request through https on WebServer.

This will not work, untill SSL is not enabled between WebServer and Application Server. I will explain latter, how to configure SSL.

Steps to configure plugin.

Step1 : Generate plugin by issuing GenPluginCfg.bat

Example : C:\WebSphere\AppServer\profiles\Dmgr01\bin>GenPluginCfg.bat

Step 2: Create a WebServer defination in Websphere Network Deployment.

Example : Follow the screenshots:

Now open httpd.conf file and add below mentioned two lined at the end of the file and restart the weserver.

LoadModule was_ap22_module "C:\Program Files (x86)\IBM\WebSphere\Plugins\bin\32bits\mod_was_ap22_http.dll"

WebSpherePluginConfig "C:\Program Files (x86)\IBM\WebSphere\Plugins\config\Webserver1\plugin-cfg.xml"

Test Case B URL

There are two most popular type of keystores:

JKS :

• Java key Store.  Its java way of storing the relevant information.
• It is a repository of certificates (signed public keys) and [private] keys.
• Work on Java based servers.
• We need to use  keytool to import certificates in .jks
• We can convert .jks keystore in PKCS keystore, if required.

keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12 -srcalias 1 -deststorepass password -destkeypass password

PkCS:

If you are looking for platform independent way to use Asymmetric key, P12 is your best choice.  You can import them into any tool/platform without any issue and use native API to extract the public key (.CER).

I will prefer to share steps to configure SSL rather than giving theoretical knowledge. Theory, we can get from internet easily.

We will do following setup on WebSphere :

a. Creating a self signed digital certificate and configure IHS WebServer.

b. Configure WebServer truststoreto to allow inbound request served to IHS by WebSphere.

Step 1 : Create a directory/folder by name "ssl" under C:\HTTPServer\

Step 2: Open ikeyman ( ikeyman.bat ) utility of IBM HTTP Server from /bin directory.  Follow the self explanatory screenshots.

Step 3: Open httpd.conf and uncomment below mentioned lines. You will have to make two changes.

a.  The string mentioned against SSLServerCert is the key label used while generating the digital certificate.

b.  Make sure that KeyFile path is correct.

Click on <web_server_name>  and then click on Plug-in properties .

Click on Copy to Web server key store directory button.

Step 4: Restart webserver and try to access the below mentioned url ( snoop on https) . It should work.

Step 5 : The self signed certificate is not trusted by default by the browsers.

Step 6 : Export the public cert and import it in your browser's trust store.

Invocation Target Exception: -->

Q: Installation was successful and when I am trying to start server it is giving “Invocation Target Exception” why you will get this issue and how you are trouble shooting this issue.

A: May be the problem with hostnames, hostnames are mismatched. Add the host name in etc/hosts file which you had given at the time of installation.

Admin Console Password not working: -->

A:

<WAS_INSTALL_DIR>/bin/> wsadmin -conntype NONE
wsadmin> securityoff
wsadmin> exit
Restart the servers.
Enable the security from administrative console.

Once the needed corrections are made, you can re-enable security in the admin console and then restart WebSphere.

JSSL0130E java.net.SocketTimeoutException:

When I start the Application server. I see the following error in Application server systemout.log and Nodeagent systemout.log:

Solution :

Step 1 : Log into admin console, do the following for all nodes:

Navigate to System Administration -> Deployment Manager -> ORB Service -> Custom Properties

Add the following properties:

Step 2 : Just uncomment the highlighted configuration on all nodes and restart the servers.

JVM logs: SystemOut.log, SystemErr.log

Process or Native logs : native_stdout.log, native_stderr.log

IBM service log : activity.log

Diagnostic log : trace.log

We have 12 different types of log levels. those are

1.off
2.fatal
3.severe
4.warning
5.Audit
6.Info
7.config
8.Detail
9.fine
10.finer
11.finest
12. All

Shared libraries are files used by multiple applications. Each shared library consists of a symbolic name, a Java class path, and a native path for loading Java Native Interface (JNI) libraries. You can use shared libraries to reduce the number of duplicate library files on your system.

Ensure that the following servers are stopped:

• WebSphere Application Server
• Node agents
• IBM® HTTP Server

Backup Profile : 

manageprofiles.bat -backupProfile -profileName AppSrv01 -backupFile c:\backup\AppSrv01yymmdd.zip

Restore the profile.

Type manageprofiles -restoreProfile -backupFile <backup_file_location>. For example
manageprofiles -restoreProfile -backupFile c:\backup\AppSrv01yymmdd.zip

The manageprofiles command-line tool always restores to the same path from which the profile was backed up.

Verify that the profile is restored. Browse to the <was_home>\profiles directory.

For example:

<was_home>\profiles\AppSrv01. If the profile is restored successfully, a folder for the restored profile is displayed.

If you are performing this task as part of a server restoration procedure, do not start the profile. Determine whether you must restore the database first.

There are two methods of enabling the dumps in WAS.  You can either use the -Xdump (http://www-01.ibm.com/support/docview.wss?uid=swg21242497) or use environment variables in the console (http://publib.boulder.ibm.com/infocenter/javasdk/v1r4m2/index.jsp?topic=%2Fcom.ibm.java.doc.diagnostics.142j9%2Fhtml%2Fenabling_a_heapdump.html).

For the first method, place the following on the generic JVM line to cause a heap dump and thread dump:

-Xdump:heap:events=gpf+user+abort+throw+uncaught -Xdump:java:events=gpf+user+abort+throw+uncaught

Location of the dumps can be achieved similar to this: -Xdump:java:defaults:file=dumps/%pid/javacore-%seq.txt -Xdump:heap:defaults:file=dumps/%pid/javacore-%seq.txt

For the second method, place these in the Environment section of the console:

JAVA_DUMP_OPTS=ONANYSIGNAL(JAVADUMP[5],SYSDUMP[5])

IBM_HEAPDUMPDIR=/tmp

Garbage collection (GC) is an integral part of the Java Virtual Machine (JVM) as it collects unused Java heap memory so that the application can continue allocating new objects. The effectiveness and performance of the GC play an important role in application performance and determinism. The IBM JVM provided with IBM WebSphere Application Server V8 (on supported platforms) provides four different GC policy algorithms:

• -Xgcpolicy:optthruput
• -Xgcpolicy:optavgpause
• -Xgcpolicy:gencon
• -Xgcpolicy:balanced

Each of these algorithms provides different performance and deterministic qualities. In addition, the default policy in WebSphere Application Server V8 has changed from -Xgcpolicy:optthruput to the -Xgcpolicy:gencon policy. Let’s take a look at each of these policies and see what this change in the default policy means.

Different applications naturally have different memory usage patterns. A computationally intensive number crunching workload will not use the Java heap in the same way as a highly transactional customer-facing interface. To optimally handle these different sorts of workloads, different garbage collection strategies are required. The IBM JVM supports several garbage collection policies to enable you to choose the strategy that best fits your application

WAS 7 was release in September 2008. It was based on Java enterprise edition 5 . It was the first time when IBM had introduced

"Business level application  for managing application artifacts independent of packaging or programming models" , flexible management to manage multiple distributed nodes and
property files based configuration that simplified installation and helped in automating multiple manual configuration.

By September 2013, IBM announced end of WAS 7.0 support. because by then Was 8  June 2011 and was 8.5 since june 2012 was already in market .  These 5 years this product was very successful and probably very stable product in Websphere server history.

WebSphere 8 was not very successful in the market after its release in 2011 , so IBM launched websphere 8.5 within an year in june 2012 and websphere 8.5.5 in june 2013.

WebSphere 8.5.5 is again a very stable version with many benefits like :

Java SE7 support and a choice to select between Java SE 6 and 7. which was not available in any earlier versions.
Application deployment using monitored directory - We can drop the code in monitored directory for quick deployment.

HPEl Logging : High-Performance Extensible Logging (HPEL) is binary logging to improve the server performance. HPEL is faster than text logging.

Inbuilt health management : We can create custom health policies to monitor predefined health conditions and take preventive care.

Liberty profile : A dynamic profile to enhance the delivery experience. Faster than any other websphere profiles and restarts within 5 seconds.

Intelligent routing based on ODR, which is a java based proxy server to distribute loads, start and stop additional servers based on ongoing server loads.

Installation using Installation manager : A tool that acts as IBM software management and version controls.

Support for EJB 3.1 and JDBC 4.1

Later by