IBM(R) Tivoli(R) Intelligent Orchestrator Version 1.1.2 and IBM Tivoli Provisioning Manager 1.1.2 Readme
Tivoli Intelligent ThinkDynamic Orchestrator Version 1.1.2
and Tivoli Provisioning Manager Version 1.1.2
Revised: June 14 2004
About fix pack V 1.1.2
Prerequisites for installing fix pack V1.1.2
Installing the fix pack
Post installation steps
Installing and configuring Oracle 9i
Installing and configuring Microsoft Active Directory
Driver Dependencies
Uninstallation order for the tc drivers
Known problems
Troubleshooting
Trademarks and Service marks
This readme file contains the latest information about installing Tivoli
Intelligent ThinkDynamic Orchestrator Version 1.1.2 and Tivoli
Provisioning Manager, Version 1.1.2. For more information
on how to install the products, Tivoli Intelligent ThinkDynamic Orchestrator
V1.1.0 and Tivoli Provisioning Manager V1.1.0,
refer to the installation guide that come with the products.
Updates to this readme file will be posted on the Tivoli
software information center page. Search for Tivoli Intelligent
ThinkDynamic Orchestrator or Tivoli Provisioning Manager from the list.
Fix pack V1.1.2 includes:
- Fixes addressed in V 1.1.1
- New fixes and customer APARs
- Support for Oracle 9i Release(R) 2
(9.2.0.1.0) on Solaris only
- Support for Microsoft(R) Active Directory
(Windows(R) 2000 Service Pack 4)
For a detailed list of fixes and customer Authorized Program Analysis
Reports (APARs) included in this fix pack refer to the file,
1.1.2-TIO-FP02-DEFECTS. To
download the defects list:
- Go to the IBM Support Web site:
http://www.ibm.com/support.
- Click Downloads and Drivers.
- Enter the fix pack number: 1.1.2-TIO-FP02
in the search string and click the Submit button.
- Note:
- Although the fix pack is labelled 1.1.2-TIO-FP02, it
can be applied to Tivoli Provisioning Manager as well.
You have three options when installing this fix pack:
The hardware and software supported by fix pack V 1.1.2
are:
Ensure the following prerequisites are met before installing the fix
pack.
- Note:
- If installing the fix pack V1.1.2 on Windows, perform all the
following installation steps in a Cygwin Window, unless otherwise
specified.
Ensure that the following steps are taken to prepare the
environment.
To configure your environment, perform the following steps. :
- Confirm that the TC_HOME variable is set. In a properly
installed environment, this variable should have been set. To verify if
the variable has been set, run the following command according to your
operating system:
- On Windows:
- In a DOS command window: echo %TC_HOME%
- In a Cygwin command window: echo $TC_HOME
- On AIX, Linux or Solaris: echo $TC_HOME
If the TC_HOME variable is not set , set the variable in the
following way according to your operating system:
- Run the following command, according to your operating system, to create a
temporary directory on the Tivoli Intelligent ThinkDynamic Orchestrator server
or Tivoli Provisioning Manager. Replace the
<temp> variable with another name for the temporary
directory.
- On Windows : mkdir <temp>.
- On AIX, Linux or Solaris: mkdir <temp>
When creating the temporary directory, ensure the following criteria are
addressed:
- Free space of 100 MB is provided, as a minimum, to contain the fix pack
after it is unzipped.
- Created outside the of the home directory, for the fix pack installation
process to work.
- Read-write access is provided to the directory.
Follow the instructions below to unzip the fix pack
V1.1.2. These instructions are applicable to all the
operating systems supported by IBM(R) for fix pack
V1.1.2.
- Note:
- Ensure that the servers, Tivoli Intelligent ThinkDynamic Orchestrator or
Tivoli Provisioning Manager are stopped before applying the fix pack.
For more information on starting and stopping the servers in different
environments, refer to the installation guide that comes with the
product. Also ensure that the WebSphere Application Server is
stopped.
- Download the fix pack package into the <temp>
directory created in the earlier section.
- Unzip the fix pack package. The unzip will create a new
directory within the current directory to store the package contents.
- If unzipping with Cygwin, ensure that the files under the
<temp>/installer directory have read and write
permissions.
Before installing the fix pack you must back up any customized workflows or
any other workflows that have been created. Installing the fix pack
overwrites all workflows and tc drivers. To back up and store the
modified commands, workflows and requests:
- Log in as tioadmin.
- Unzip the file wfbackup.zip located in
<temp>/installer/utils into the same
<temp> folder.
- Follow the instructions below to back up the customized workflows on AIX,
Linux or Solaris:
- Rename the wfbackup.sh script to
wfbackup.old.sh. For example, mv
wfbackup.sh wfbackup.old.sh
- Run the following command to correct an existing problem with the
script:
cat wfbackup.old.sh | tr -d '\r' > wfbackup.sh
- Ensure that the execute permissions on the wfbackup.sh
script is set. For example, chmod a+x wfbackup.sh
- Back up your workflows by running the
./wfbackup.sh command. The script backs up and
displays a list of workflows that have been modified, added, or
removed.
The default directories for the backup files and log files are:
- Back up files are stored in./backup directory
- Log files are stored in ./reports directory.
- There are three files in the reports directory:
workflow.log, command.log and
requesttype.log that list the new, updated or removed
workflow elements respectively.
The tc drivers must be removed in a particular order because of
dependencies.
For more information on the order in which they need to be installed, refer
to the section, Uninstallation order for the tc drivers. For more information on the dependencies, refer to
the table Driver Dependencies at the end of this readme file. A sample tc driver
uninstall script is available on the fix pack download page, called
1.1.2-TIO-FP02.TCD, that demonstrates how the
tc-driver-manager script can be called to uninstall the default tc
drivers. If any custom drivers have been created with dependencies,
they must be uninstalled first.
- Note:
- The workflows and commands that are not part of a driver should be removed
using the Web UI. Drivers will not uninstall if they are associated to
a device in the data center model.
Before the core tc drivers can be uninstalled, apply APAR
IY54330. To download APAR IY54330:
- Go to the IBM Support Web site.
- Click Downloads and Drivers.
- Enter the APAR number: IY54330 in the search string and
click the Submit button.
- Save the JAR file in the default temporary directory
and then unzip the package into the same directory.
- Follow the instructions in the readme , provided with APAR
IY54330, located in the directory: updateinstaller/docs
to install APAR IY54330.
To remove the tc drivers:
Instructions on a Windows system
Run the following commands in a DOS command Window
- To list all the drivers using the command:
%TC_HOME%\tools\tc-driver-manager.cmd listAllstr
- To remove a specific driver, run the command and replace the variable
driver_name with the actual name of the tc
driver.
%TC_HOME%\tools\tc-driver-manager.cmd uninstallDriver driver_name
- To verify if the specified drivers have been removed, list all the drivers
using the command:
%TC_HOME%\tools\tc-driver-manager.cmd listAllstr
Instructions on AIX, Linux or Solaris systems
- To list all the drivers, run the command:
$TC_HOME/tools/tc-driver-manager.sh listAllstr
- To remove a specific driver, run the command and replace the variable
driver_name with the actual name of the tc
driver.
$TC_HOME/tools/tc-driver-manager.sh uninstallDriver driver_name
- To verify if the specified drivers have been removed, list all the drivers
using the command:
$TC_HOME/tools/tc-driver-manager.sh listAllstr
Follow the instructions below to install the fix pack according to your
operating system. Before installing the fix pack ensure the following
aspects:
- Disable the Global Security for WebSphere Application Server
before implementing the first two post-install steps provided in the
post-installation section below. To turn off Global Security:
- In a web browser, type the
URLhttp://host_name:9090/admin.
Replace the variable host_name with the fully qualified
host_name of the WebSphere Application Server.
- Go to Security->Global Security. Under the
Configuration panels-> General Properties, clear the
Enabled check box. The check box is the first entry in the
list. Global security is now turned off.
- The servers, Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli
Provisioning Manager are stopped before applying the fix pack. For more
information on starting and stopping the servers in different environments,
refer to the installation guide that comes with the product.
- WebSphere Application Server is stopped.
To install the fix pack V 1.1.2 on Windows:
- Log in to the database server and verify that the LDAP server is active in
the system. If it is not, start the LDAP server.
- Ensure that the JAVA_HOME environment variable is set on the
Tivoli Intelligent ThinkDynamic Orchestrator server or the Tivoli Provisioning
Manager server. Given below is the sample output displayed on running
the echo command, which confirms that the JAVA_HOME
environment variable has been set.
c:\WebSphere\AppServer\java
- Open a command window and log in as tioadmin on Tivoli
Intelligent ThinkDynamic Orchestrator server or Tivoli Provisioning
Manager.
- Change directory to the <temp>\installer
directory. Replace the <temp> variable with
the name of the temporary directory created earlier.
- Run the following command to launch the install wizard from within
<temp>\installer directory:
updatewizard
- Select the correct language and click OK.
- If the installation directory is blank, select the Specify product
information check box. Populate the field with the appropriate
home directory by using the Browse button. For
example:
C:\cygwin\home\thinkcontrol
- Click Next until you are requested to select an option.
- Select Install fix packs and click Next.
- The default directory in which the fix pack package is installed
appears. Verify if the fix pack package is in this directory and click
Next.
- Click Finish.
To install the fix pack V 1.1.2 on AIX , Linux or
Solaris:
- Log in to the database server and verify that the LDAP server is active in
the system. If it is not, start the LDAP server using the following
instructions:
- Log in with the root user account.
- Enter the command to change the directory according to your operating
system
- On AIX or Linux: cd /usr/ldap/bin
- On Solaris: cd /opt/IBMldaps/bin
- Ensure that the JAVA_HOME environment variables are set on the
Tivoli Intelligent ThinkDynamic Orchestrator server or Tivoli Provisioning
Manager server. Given below, is the sample output displayed on running
the echo command, which confirms that the JAVA_HOME
environment variable has been set:
- On Solaris and Linux: /opt/WebSphere/AppServer/java
- On AIX: /usr/WebSphere/AppServer/java
- Ensure that the DISPLAY variable is set and confirm the
hostname of the server.
- To start the LDAP server, run the following command and replace the
<password> variable with the LDAP password and
replace the <password> variable with the LDAP password and the
<administratorDN> with the value configured in the
IBM Directory Server.
./ibmdirctl -D cn=<administratorDN> -w <password> start
- Open a command window and log in as root user on the Tivoli
Intelligent ThinkDynamic Orchestrator server or the Tivoli Provisioning
Manager server. If not, enter the following command to set the user to
root:
su - root
- Change directory to the <temp>/installer
directory. Replace the <temp> variable with
the name of the temporary directory created earlier and run the following
command:
chmod -R a+x *
- Run the following command to launch the install wizard from within
\<temp>\installer directory :
./updateWizard.sh
- Select the correct language and click OK.
- If the installation directory is blank, select the Specify product
information check box. Select the appropriate home directory by
using the Browse button. For example,
- On AIX, Linux or Solaris, select home/thinkcontrol
- Click Next until you are requested to select an option.
- Select Install fix packs and click Next.
- he default directory in which the fix pack package is installed
appears. Verify if the fix pack package is in this directory and click
Next.
- Click Finish.
After installing, be sure to complete the appropriate post-installation
steps identified in this section.
Verify the current IBM Directory Server Administrator configuration by
checking the ibm-slapdAdminDN entry in the
ldap-install-dir/ etc/ibmslapd.conf file.
If the IBM Directory Server Administrator ID has been previously changed to
cn=tioldap,dc=com,dc=ibm, it should be changed back to
cn=root.
Use either the Configuration Tool (ldapxcfg) or the ldapcfg command-line
utility to update your Admin DN. Follow either one of the methods in
the section: Setting the IBM Directory Server Administrator DN and password.
The cn=tioldap,dc=ibm,dc=com user ID binds WebSphere Application
Server to IBM Directory Server. The tioldap user id should
not be the IBM Directory Server Administrator, but should have ownership
access starting at the dc=ibm,dc=com tree. Previous versions
of the fix pack incorrectly had the user set the IBM Directory Server
Administrator user ID to cn=tioldap,dc=ibm,dc=com. The IBM
Directory Server Administrator should be cn=root.
- Note:
- Using the cn=tioldap,dc=ibm,dc=com to bind WebSphere Application
Server to IBM Directory Server addresses a possible security concern raised
when the Tivoli Intelligent ThinkDynamic Orchestrator 1.1.0
installation used the cn=root user ID for this binding.
Follow the steps in either of two sections: Graphical method or Command line method to change the IBM Directory Server
Administrator user to cn=root with a password of
root.
Run the following command to change to cn=root.
ldapcfg -u"cn=root" -proot
To set the administrator DN and password using the Graphic line
method:
- In the IBM Directory ServerConfiguration Tool window, click Administrator
DN/password in the task liston the left.
- In the Administrator DN/password window on the right, type a
valid DN (or accept the default DN) in the Administrator DN field.
- Note:
- The IBM Directory Server administrator DN is the DN used by the administrator
of the directory. This is the one user who has full access to all data
in the directory. The default DN is cn=root. DNs are not case
sensitive. If you are unfamiliar with X.500 format, or if for
any other reason you do not want to define a new DN, accept the default
DN.
- Type the password for the Administrator DN in the Administrator Password
field.
- Note:
- You must define a password. Remember that the passwords are
case-sensitive. Record the password for future reference.
- Retype the password in the Confirm password field.
- Click OK.
This section provides information on configuring Tivoli Intelligent
ThinkDynamic Orchestrator user ID. Follow the steps from either one of
the methods in the section : Setting the Tivoli Intelligent ThinkDynamic Orchestrator DN and password to give the cn=tioldap,dc=ibm,dc=com user ID
ownership of the dc=ibm,dc=com tree.
- Note:
- Note: After installing the fix pack, the Bind password can be changed
back to any value. These procedures do not change the IBM Directory
Server administrator from cn=root.
By following the steps in either the Graphical method or Command line method section you will change the Tivoli
Intelligent ThinkDynamic Orchestrator user ID to cn=tioldap with a
password of tioldap.
Follow the steps below to change the user ID using the command line
option:
- Start the ldap server using the following command:
ibmdirctl -D cn=root -w root start
- Check the ldap server is started by running the following command until
you see it is running:
ibmdirctl -D cn=root -w root status
- Depending on the DN you are using, you may need to replace the
dc=ibm,dc=com string with your DN. Create a text file named
treeOwner.ldif with the following contents:
- dn: DC=IBM,DC=COM
- dc: ibm
- objectclass: top
- objectclass: domain
- ownerpropagate:TRUE
- entryowner: access-id:CN=TIOLDAP,DC=IBM,DC=COM
- Run the following command with the file created above
ldapmodify -D cn=root -w root -f treeOwner.ldif
- Restart the LDAP server by running the following commands:
ibmdirctl -D cn=root -w root stop
ibmdirctl -D cn=root -w root status
ibmdirctl -D cn=root -w root start
- Note:
- The ibmdirctl command will not run unless the ibmdiradm
deamon for Unix or the IBM Directory Admin Daemon services for Windows is
running.
After installing the fix pack you must change the user ID to
tioldap. Follow the steps below to change the user ID using the
Graphical- line option:
- Log on to the IBM Directory Server Web Administration Tool at:
http://host_name: 9080/IDSWebApp/IDSjsp/Login.jsp and
replace the host_name variable with the fully qualified host name
of the IBM Directory Server.
- Expand Directory Management, and select Manage
Entries.
- On the main panel, select dc=ibm,dc=com and select Edit
ACL.
- Select Owners and type cn=tioldap,dc=ibm,dc=com for the DN and
access-id for Type. Ensure that the Propagate
owner check box is selected. Click on Add to add the
entry. Click OK to save the change.
- Select Edit ACL again to return to the ACL editing page.
- Select Effective owners to verify the current effective ACL
owner. You should see an entry for
cn=tioldap,dc=ibm,dc=com.
- Restart the LDAP service for the change to take effect.
- Ensure that the Bind Distinguished Name (DN) has been set to
cn=tioldap,dc=ibm,dc=com in the WebSphere Application Server:
- In a web browser, type the URL
http://host_name:9090/admin. Replace the variable
host_name with the fully qualified host name of the WebSphere
Application Server.
- Go to Security->User Registries->LDAP. Under the
Configuration panels-> Bind Distinguished Name (DN), ensure that
cn=tioldap,dc=ibm,dc=com is set.
- If changes are made, ensure that they are applied and saved.
- Ensure that the Bind password has been set to tioldap in the WebSphere
Application Server. After installing the fix pack, the Bind password
can be changed following the steps in the troubleshooting section Synchronizing the LDAP Bind Password.
- In a web browser, type the Web address:
http://host_name:9090/admin. Replace the variable
host_name with the fully qualified host name of the WebSphere
Application Server.
- Go to Security->User Registries->LDAP. Under the
Configuration panels-> BindPassword, ensure that the password is
set to tioldap.
- If changes are made, ensure that they are applied and saved.
- Ensure that the LDAP server is started.
- Depending on your operating system, run one of the following post-
installation scripts:
- On Windows: Log on as tioadmin and follow the
instructions given below:
- cd %TC_HOME%\tmp\utils
- Run the script postInstall.bat and provide the following
information when prompted:
- LDAP client directory (without bin).
- LDAP fully qualified domain name.
- LDAP administrator username and password
of IBM Directory Server.
- WebSphere Application Server administrator username
and password.
- On AIX, Linux or Solaris: Log on as root and follow the
instructions given below:
- cd /tmp/utils
- chmod -R a+x *
- Run the script: ./postInstall.sh and
provide the following information when prompted:
- LDAP client directory (without bin).
- LDAP fully qualified domain name.
- LDAP admin username and password
of IBM Directory Server.
- WebSphere Application Server admin username and
password.
- Ensure the Global Security check box is enabled on WebSphere
Application Server. To enable the Global Security check
box:
- Start the WebSphere Application Server.
- Log on to the WebSphere Application Server administration console.
- In a web browser, type the
URLhttp://host_name:9090/admin.
Replace the variable host_name with the fully qualified
host_name of the WebSphere Application Server.
- Go to Security->Global Security. Under the
Configuration panels-> General Properties, select the
Enabled check box and clear the Enforce Java 2 Security
check box. The check boxes are the first and second entries in the
list.
- Global Security is now enabled and the Enforce Java 2
Security is now disabled.
This step is applicable to users installing on Windows, AIX , Linux or
Solaris. Verify the information for the message listener
port to be 1000. If not, make the following
update:
- Log on to the WebSphere Application Server administration console.
- In the left panel, expand Servers and select Application
Servers.
- In the main panel, click server1 -> Message Listener
Service-> Listener ports.
- Click DEAdaptMDBPort. If the number of Maximum retries
is not 1000, change it to
1000. Click Apply->
Save.
- Verify the number of maximum retries for
PostDCMInteractionRequestMDBPortand
RecommandationMDBPort. If these values are not
1000, change them to 1000.
- Save the new value.
- Stop the WebSphere Application Server.
Restart the Tivoli Intelligent ThinkDynamic Orchestrator server or the
Tivoli Provisioning Manager server and then load the drivers in reverse order
of dependency, starting with "core". Depending on your operating system
load the drivers using the following commands and replace the variable
driver_name with the actual name of the tc driver that
needs to be installed:
If you had any customized workflows that you backed up during the
preinstallation steps, import them into your upgraded system.
- Go to <temp>/reports/workflow.log where
you backed up your workflows. Replace the variable,
<temp> with the name of the temporary directory
created earlier.
- Find the XML files corresponding to those modified workflows in the
<temp>/backup/workflow directory. Replace the
variable, <temp> with the name of the temporary
directory created earlier.
- Import these workflows using the Web user interface. Refer to the
Operator's Guide for more
information.
- Reassociate the workflows and drivers with the appropriate devices in the
data center model.
After completing the installation, follow one of the steps below, depending
on your choice of directory server and database server.
- Note:
- Oracle 9i is supported only if both the Oracle server and Oracle client are
installed on a Solaris environment.
To configure Oracle 9i support:
- Ensure that you meet the prerequisites described in Prerequisites for installing Oracle 9i.
- Install Oracle 9i only on a Solaris operating system, according to
instructions provided by Oracle.
- Complete the installation process by configuring the Tivoli Intelligent
ThinkDynamic Orchestrator server or the Tivoli Provisioning Manager server as
described in Configuring Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli Provisioning Manager.
Each of these steps is described in greater detail in the sections
below.
Ensure these prerequisites are met before installing Oracle 9i over an
existing DB2 database system:
- The previous encrypted password used for DB2 is reused for Oracle
9i.
- The data center model configuration file, dcm.xml used
for DB2, is reused for the Oracle 9i database. The file is located in
/home/thinkcontrol/config .
- Fix pack V1.1.2 is installed according to the installation
instructions provided.
- WebSphere Application Server is configured. Refer to the WebSphere
Application Server documentation for more information.
- Resource and Connect privileges are granted to the
Oracle user.
Install Oracle 9i according to the installation instructions provided by
your Oracle 9i vendor.
- Install the Oracle server (Oracle 9i) as the database server, on Solaris
.
- Install the Oracle client on the Tivoli Intelligent ThinkDynamic
Orchestrator server or Tivoli Provisioning Manager server using Solaris as the
operating system.
- Configure the Oracle client to connect to the Oracle 9i server.
- Note:
- Errors will result if this basic Oracle 9i database operation does not
succeed.
- Add a user for the Oracle database with resource and
connect privileges. Ensure the same password used in DB2 is
used when creating this user.
After you have completed the installation of Oracle 9i, continue with the
following configuration steps.
Perform these steps prior to configuring Tivoli Intelligent ThinkDynamic
Orchestrator or Tivoli Provisioning Manager.
- Ensure that Oracle 9i is running on the database server.
- Ensure that WebSphere Application Server is running on the Tivoli
Intelligent ThinkDynamic Orchestrator server or Tivoli Provisioning
Manager.
- Ensure that the environment variables listed in the table below are
setup. Use the information in the table below to determine how to set
up each environment variable.
Table 1. Environment variable for Oracle 9i
| Environment Variable
| Configuration Details
|
| DISPLAY
| Set to the name of the server on which you are installing the Oracle
software. For example:
tivoli.ibm.com:0
|
| LD_LIBRARY_PATH
| Set to include $ORACLE_HOME/lib and the directory containing
your Motif libraries.
Ensure that the $ORACLE_HOME/lib32 directory appears as the
first value in the $LD_LIBRARY_PATH environment variable.
The default location for Motif libraries on Solaris is /usr/openwin/lib
or /usr/dt/lib.
The output should look like the sample file below:
$LD_LIBRARY_PATH=/u01/app/oracle
/product/9.2.0.1.0/lib32::/export
/home/db2inst1/sqllib/lib
|
| ORACLE_HOME
| Set to the directory in which the Oracle 9i software is installed
|
| PATH
| Set PATH to include:
- $ORACLE_HOME/bin
- /bin
- /usr/bin
- /usr/ccs/bin
The output should look like the sample file below:
PATH=/u01/app/oracle/product/9.2.0.1.0/bin:/home/
thinkcontrol/bin:/usr/ local/bin:/usr/openwin/bin:/usr/
bin:/usr/ucb:/etc:.:/export/home/db2inst1/ sqllib/bin:/
export/home/db2inst1/sqllib/adm:/export/home/db2inst1/
sqllib/misc
|
- Log on to Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli
Provisioning Manager as user tioadmin.
- Edit the configuration file ora_config.txt and replace
the variables found in the table below with the proper values.
Table 2. Definition of the variables in ora_config
| Variable
| Explanation
|
| TC__DBNAME
| SID of the Oracle database used for Tivoli Intelligent ThinkDynamic
Orchestrator or Tivoli Provisioning Manager
|
| TC__DBUSER
| User owning the Tivoli Intelligent ThinkDynamic Orchestrator schema or
the Tivoli Provisioning Manager schema
|
| TC__ORAHOME
| $ORACLE_HOME value
|
- Run the ora_setup.sh script at the command
prompt.
./ora_setup.sh ora_config.txt ora_files.txt ora_setup.log
- Note:
- The default values are used in the script. You can change the default
values if need be.
Table 3. Description of variables in the ora_setup.sh script
| Variable
| Explanation
| Default value
|
| config_file
| Configuration file
| ora_config.txt
|
| file_list
| List of new replacement files (it is always
ora_file.txt
| ora_files.txt
|
| log_file
| Name of a log file of your choice to record setup activities
| ora_setup.log
|
This script will backup the original versions of the files in the
folder:$TC_HOME/pre_fp2_ora<timestamp> where
the timestamp variable will change according to the date and time the script
was run. For more information on the tasks performed by the script
refer to Tasks performed by the ora_setup.sh script.
- For these changes to take effect, log out and log back in as user
tioadmin on the Tivoli Intelligent ThinkDynamic Orchestrator server
or Tivoli Provisioning Manager server.
- Shut down the WebSphere Application Server.
- Run the following command to initialize the Oracle 9i schema:
$TC_HOME/tools/reinit.sh
- Check the reinit.log file, located in the logs
directory, for any errors.
- Start the Tivoli Intelligent ThinkDynamic Orchestrator server or the
Tivoli Provisioning Manager server.
- Check for errors in the component log files located in the logs
directory.
- Saves the filename of the data center model configuration XML file.
- Saves original files to be replaced in the folder:
$TC_HOME/pre_fp2_ora<timestamp>.
- Logs setup output in the log_file you have
specified.
- Extracts the existing encrypted password of the DB2 account and uses it as
the Oracle user password later (therefore, the installer needs to create an
Oracle user that uses the same password as that of the DB2 account).
- Validates the Oracle schema (such as table creation, data insertion,
verification, table deletion, schema import or export, Jserver installed) and
also ensures that proper roles are granted.
- Performs value substitutions in the newly replaced files based on the
configuration file.
- Defines required environment variables relating to Oracle 9i.
- Copies the Oracle driver library to the Phoenix library directory.
- Configures the WebSphere Application Server automatically to communicate
with the Oracle 9i schema.
To configure Microsoft Active Directory support:
- Ensure that you meet the prerequisites described in Prerequisites for installing Microsoft Active Directory.
- Install Microsoft Active Directory. Refer to the Microsoft
documentation for more information on installing Microsoft Active
Directory.
- Complete the installation process by configuring Tivoli Intelligent
ThinkDynamic Orchestrator.
- Note:
- Prior to installing Microsoft Active Directory on any Windows 2000 systems,
ensure that Service Pack 4 is installed and also ensure that you have
administrator privileges. Refer to the Microsoft documentation for more
information.
Transforming a Windows 2000 server into a domain controller is achieved by
installing the Microsoft Active Directory code onto it. Microsoft
Active Directory can be configured using Microsoft's Administration Tools
Pack which is packaged as adminpak.msi on the Windows server
CD. Refer to the Microsoft documentation for more information on
installing Microsoft Active Directory. Be sure to reboot the server
when the installation is completed.
Microsoft Active Directory needs to be configured as the backend user
registry for Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli
Provisioning Manager. For more information for each of the steps below,
refer to the Microsoft documentation.
- Note:
- This procedure does not perform data migration from IBM Directory Server to
Microsoft Active Directory
To configure Microsoft Active Directory:
- To provide SSL support, request a certificate from a local Certificate
Authority (CA):
- Install and configure certificate services. Select Enterprise
root CA as the CA type, when prompted. Select the default
locations for the Certificate Database, Configuration
information and the Certificate Revocation List (CRL).
- Enable SSL.
- To enable SSL for Active Directory, an Enterprise Certificate Authority
must be installed on the Windows 2000 domain controller. Follow the
steps in the Microsoft documentation to automatically install a certificate on
the server.
- Export the certificate from the Microsoft Active Directory server to set
up SSL on the Java Virtual Machine of the client. Ensure Base-64
encoded X.509 is selected as the format.
- Install the Active Directory Schema Console. This console is not
installed by default with Windows 2000. Manually register the Schema
Console that is hosted as a Microsoft Management Console (MMC) snap-in.
- Note:
- Ensure that the schema has read and write permissions.
- Create Tivoli Intelligent ThinkDynamic Orchestrator or the Tivoli
Provisioning Manager attributes.
The default schema of a Microsoft Active Directory installation must be
updated to accommodate Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli
Provisioning Manager attributes. The user logging on to run the
scripts, should have administrator privileges.
The tools required to change the schema are:
- A utility program named LDIFDE to support batch operations,
such as add, create, and modify which could be used to be performed against
Microsoft Active Directory. This utility is included with Microsoft
Active Directory.
- A command-line OID generator program, oidgen.exe, found
in netmgmt.cab file of the Windows 2000 Resource Kit.
This program generates valid Object IDs, which are in turn used to add an
attribute.
- Base DN: The Distinguished Name DN of the Microsoft Active Directory
server. The DN is located in the registry under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\Root
Domain. As an example:
- If the domain is ibm.com then the DN is
dc=ibm,dc=com.
- If the domain is tivoli.ibm.com then the DN is
dc=tivoli,dc=ibm,dc=com.
Schema Information
- Note:
- Whenever a schema update occurs, the updated information is first added to
the on-disk copy of the schema. Around five minutes after any change is
made to the on-disk copy of the schema, the schema cache is refreshed.
So the schema changes is sometimes visible only after a few minutes.
- Create the attributes
Follow the instructions below, to create the attributes using the
script. Ensure that the Object IDs are regenerated to avoid conflict
with the existing ones.
- Run oidgen.exe at the command prompt of the Microsoft
Active Directory server, to avoid conflict with existing Object IDs.
- Replace the attributeID of cn=role in
ad_shema.ldif with the Attribute Base OID that is
generated by oidgen.exe.
- Replace the governsID of cn=thinkControlUser in
ad_shema.ldif with the Class Base OID that is
generated by oidgen.exe.
- Open a command prompt and change directory to the fp2
folder. This folder is located in
%TC_HOME%\thinkcontrol\tools\fp2contains the
ad_shema.ldif file.
- Run the following command and replace the values of
DC=MYCOMPANY,DC=com with the correct domain name
values:
ldifde -i -f ad_schema.ldif -c DC=MYCOMPANY,DC=com <base DN> -t 636
For example, ldifde -i -f ad_schema.ldif -c
dc=Tivoli,dc=ibm,dc=com-t 636.
- Create Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli Provisioning
Manager objects using the following instructions:
- Open a command prompt and change the directory to the folder that contains
the ad_ldap.ldif file, located in
%TC_HOME%\thinkcontrol\tools\fp2
- Run the following command and replace the values of
DC=MYCOMPANY,DC=com with the correct domain name
values.
ldifde -i -f ad_ldap.ldif -c DC=MYCOMPANY,DC=com <Base DN>-t 636
For example: ldifde -i -f ad_ldap.ldif
-c dc=Tivoli,dc=ibm,dc=com -t 636
The Tivoli Intelligent ThinkDynamic Orchestrator server or the Tivoli
Provisioning Manager server is configured to communicate with the Microsoft
Active Directory server.
- Install fix pack V1.1.2 according to the installation
instructions provided.
- Stop Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli Provisioning
Manager.
- Ensure Microsoft Active Directory is configured as well.
The CA certificate is imported into the Tivoli Intelligent ThinkDynamic
Orchestrator server or the Tivoli Provisioning Manager server. This
enables the Tivoli Intelligent ThinkDynamic Orchestrator server or the Tivoli
Provisioning Manager to communicate using SSL with the Microsoft Active
Directory server.
- Set up SSL on the Java Virtual Machine(TM). The CA
certificate must be installed as a trusted certificate on the Tivoli
Intelligent ThinkDynamic Orchestrator server or the Tivoli Provisioning
Manager server.
- Open a command prompt.
- Ensure that the security folder exists, if not, create the folder.
Also ensure that the appropriate Java Development Kit (JDK) path is
provided. The security folder is referred as
<CA_folder>.
Paths for the security folders and JDK:
- Security folder path:
<WAS_Home>\java\jre\lib\security.
- JDK path : <WAS_Home>\java\jre\bin.
Replace the variable WAS_HOME with the WebSphere
Application Server installation directory.
- Run the following command and replace the variables explained in the table
below, with the correct values:
keytool -import -trustcacerts -keystore
<CA_folder> \cacerts -file <CA_toBeImported>
-alias <anything>
Table 4. Definition for the variables in the command
| Variables
| Explanation
|
| CA_folder
| Security folder path
|
| CA_toBeImported
| Location of the imported certificate
|
| anything
| Alias name for the certificate
|
- Use the default Java keystore password:
changeit
- Type yes to trust the certificate. The output should
look like the sample file:
C:\j2sdk1.4.1_01\bin>keytool -import -trustcacerts
-keystore C:\j2sdk1.4.1_01\jre\lib\security\cacerts -file
i:\base64.cer -alias rlx222_root Enter keystore password:
changeit Owner:
CN=RLX-2-2-2.razvan.lab.thinkdynamics.com
Issuer: CN=RLX222, OU=Dev, O=ThinkDynamics, L=Toronto, ST=Ontario, C=CA,
EMAILAD DRESS=rpeteanu@thinkdynamics.com Serial number:
565f59a000000000003 Valid from: Fri Mar 21 13:02:44 EST 2003
until: Mon Mar 21 12:36:38 EST 2005 Certificate
fingerprints: MD5:
13:23:AB:11:51:36:0D:C9:AB:E5:49:EE:0D:2A:EE:94
SHA1:
8F:29:D8:B6:2E:62:5B:D2:43:BF:F5:A9:D6:E5:22:1A:5E:0B:7E:26
Trust this certificate? [no]: yes Certificate was added to
keystore.
The WebSphere Application Server is configured so that Microsoft Active
Directory could be used for authentication and authorization. To
configure the WebSphere Application server:
- Modify the LDAP settings on the WebSphere Application Server.
The LDAP settings should be modified on the WebSphere Application Server
before changing the security role mapping.
- Ensure that the WebSphere Application Server is started.
- Run the following script in the Cygwin command window:
was_change_security.sh located in the folder
$TC_HOME/thinkcontrol/tools/fp2. While running the script,
you will be prompted for the user name and password for the WebSphere
Application Server. If the defaults have not been changed, then enter
the user name: wasadmin and password
wasadmin.
- Complete the configuration by restarting the WebSphere Application Server,
with the same user name and password.
- Change the security role mapping of Tivoli Intelligent ThinkDynamic
Orchestrator Enterprise Application.
Each security role defined in the application or module should be mapped to
a user or group from the domain user registry that WebSphere Application
Server uses. The mapping is defined in the binding file of the
Enterprise Applications.
To change the security role mapping:
- Modify the ibm-application-bnd.xmi files in the
following two folders:
- <WAS_Home>\config\cells\<host_name>\applications\TCEAR.ear\deployments\TCEAR\META-INF
- <WAS_Home\installedApps\hosting09\TCEAR.ear\META-INF
Replace the variable <WAS_Home> with that of the
WebSphere Application Server installation directory.
- Backup the files and then update all group DNs (specified as
name attribute) in both the files. For example: If
cn=TCOperator,dc=ibm,dc=com, then replace all occurrences of
dc=ibm,dc=com with ou=tio <base DN>.
- Restart the server.
- To check the updated settings in WebSphere Application Server
- Log on to administration console.
- Choose Application > Enterprise Application >
TCEAR .
- Map security roles to users or groups.
Configure the Tivoli Intelligent ThinkDynamic Orchestrator server or the
Tivoli Provisioning Manager server, only if you have selected Microsoft Active
Directory to be the directory server.
- Log on to Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli
Provisioning Manager as tioadmin
- Change the directory to the fp2 folder: cd
tools/fp2.
- Edit the configuration file ad_config.txt and replace
the variables found in the table below with the proper values.
The table below provides the explanation of the variables whose values need
to be provided.
Table 5. Definitions of variables used in ad_config.txt
| Variable
| Explanation
|
| TC__LDAPHOST
| DNS name of the Microsoft Active Directory server
|
| TC__LDAPDOMAIN
| Base distinguished name
|
- Run the ad_setup.sh script:
./ad_setup.sh ad_config.txt ad_files.txt
log_file where log_file is the name of
a log file of your choice to record setup activities. For more
information on the script, refer Tasks performed by the script: ad_setup.sh.
- Log out and log in back in as user tioadmin on Tivoli
Intelligent ThinkDynamic Orchestrator server or the Tivoli Provisioning
Manager server.
- Shut down WebSphere Application Server.
- Start Tivoli Intelligent ThinkDynamic Orchestrator server or the Tivoli
Provisioning Manager server.
- Check for errors in the components log files located under the logs
directory.
- Configures the WebSphere Application Server automatically to communicate
with the DB2 schema.
- Saves original files to be replaced in: $TC_HOME/pre_fp2_ora_
time_stamp.
- Logs setup output in the log_file that you have
specified.
- Extracts the existing encrypted password of the IBM Directory Server
account and uses it later as the Microsoft Active Directory user password
later.
The drivers must be installed or uninstalled in a specific order as there
are related dependencies within the drivers.
Table 6. List of drivers and their respective dependencies
| Driver name
| Dependency
|
| AIX-Operating-System
| core
|
| Blade-Center-4p-Gb-Eth
| core
|
| CSM-Linux-Install
| core
|
| F5-BIG-IP.3.3
| core
|
| F5-BIG-IP.4.1
| core
|
| HP-UX
| core
|
| TECDriver
| core
|
| NIM
| core
|
| TMAInstall
| core
|
| alteon-load-balancer
|
core
default-device-model
|
| IBM-RDM
| core
|
| apache
|
core
rpm
debian-operating-system
|
| apc-7901-snmp
|
core
default-device-model
|
| apc-9606-snmp
|
core
default-device-model
|
| big-brother cisco-css-11000
|
core
default-device-model
|
| cisco-pix
|
core
cisco-switches
|
| cisco-switches
| core
|
| citrix-installation-manager
| core
|
| cluster-ldo-templates
| core
|
core
default-device-model
| core
|
debian-operating-system
apc-7901-snmp
|
|
| dummy-load-balancer
| core
|
| dummy-switch
| core
|
| extreme-48i
| core
|
| foundry
| core
|
| iis
| core
|
core
image-software-stack
| core
|
insite-manager-7
itcm
|
core
TMAInstall
|
| jumpstart
|
core
image-software-stack
|
| microsoft-patch
| core
|
| proliant-bl-server
| core
|
| rdp-altiris
| core
|
| redhat-linux-operating-system
| core
|
| rembo
| core
|
| rlx-blade-server
| core
|
| rpm
| core
|
| simulator
|
core
rdp-altiris
|
| virtual-server
|
core
default-device-model
|
| weblogic
| core
|
| windows-operating-system
| core
|
| zvm
|
default-device-model
image-software-stack
iis
|
Following is a default tc driver uninstall order. Uninstall the tc
drivers using the order provided below:
| zvm
|
| jumpstart
|
| alteon-load-balancer
|
| apc-7901-snmp
|
| apc-9606-snmp
|
| big-brother
|
| cisco-css-11000
|
| virtual-server
|
| cisco-pix
|
| AIX-Operating-System
|
| Blade-Center-4p-Gb-Eth
|
| cisco-switches
|
| citrix-installation-manager
|
| cluster-ldo-templates
|
| CSM-Linux-Install
|
| debian-operating-system
|
| default-device-model
|
| dummy-load-balancer
|
| dummy-switch
|
| extreme-48i
|
| F5-BIG-IP.3.3
|
| F5-BIG-IP.4.1
|
| foundry
|
| HP-UX
|
| IBM-RDM
|
| iis
|
| image-software-stack
|
| microsoft-patch
|
| NIM
|
| proliant-bl-server
|
| rdp-altiris
|
| redhat-linux-operating-system
|
| rembo
|
| rlx-blade-server
|
| rpm
|
| solaris-operating-system
|
| TECDriver
|
| TMAInstall
|
| weblogic
|
| windows-operating-system
|
| core
|
| insite-manager-7
|
The known problems are grouped in four categories:
- Operating system
- Workflow
- Other
For a detailed description of the known problems, refer to the related
section.
Known problems that are related to operating systems are described in the
following sections.
- If you are using Service Pack 3 or earlier with Microsoft Active
Directory, refer to the Microsoft Web site for additional configuration
instructions.
- To generate reports in a Windows environment, add following statements to
the CLASSPATH in the script,
reports_all.bat:
- WAS_dir\lib\j2ee.jar, where,
WAS_dir represents the WebSphere Application Server
installation directory.
- WAS_dir\lib\commons-logging-api.jar .
- If the static IP address is used or the DHCP server does not provide
NetBIOS setting, enable NetBIOS over TCP/IP on the workstation or server when
installing Tivoli Provisioning Manager V1.1.1.
- Note:
- If the DHCP server provides the NetBIOS, use the default settings.
On AIX and Linux, ensure that you are logged in as user tioadmin
when installing Tivoli Intelligent Orchestrator or Tivoli Provisioning
Manager. Installing either product while logged in as root,
or any user other than tioadmin, may cause the installation to
fail.
Be aware of the following considerations when you are using
workflows:
- The simple command Arrowpoint Add Server has been
deprecated. Do not use this command in workflows.
- Workflows time out.
Some workflows time out within thirty seconds of running the SSH
Execute Command, when the input for the timeout figure is too
large. The maximum number you can input is
999999999 for the string to be parsed into
integer. When the input number is invalid it will default to thirty
seconds.
- Certain workflows fail even when Tivoli Intelligent Orchestrator
indicates having run them successfully.
The workflows that might be affected by this problem are:
- CISCO IOS Create ACL
- CISCO PIX Create ACL
For the workflows to work properly:
- Edit the script:
$TC_HOME/bin/ciscoIOSacl_create_entry.sh
- Locate the line towards the end of the file: cat<< EOF |
./cisco_config.exp $hostname $username $password
$enable.
- Replace or amend this line to read: cat << EOF |
$TC_HOME/cisco_config.exp $hostname $username $password $enable
- Save and exit.
- Edit the script
$TC_HOME/bin/pixacl_create_entry.sh.
- Locate the line towards the end of the file: cat << EOF |
~thinkcontrol/bin/cisco_config.exp $hostname $username $password
$enable.
- Replace or amend the file to read: cat << EOF |
$TC_HOME/bin/cisco_config.exp $hostname $username $password
$enable.
- Save and exit.
If Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli Provisioning
Manager is installed on VMWare, VMWare must be configured
appropriately. Configure the VMWare machine on which Tivoli Intelligent
Orchestrator or Tivoli Provisioning Manager is installed to have a
DNS suffix mymachine.com configured in its
network configuration.
Chapter 7, Solaris Pre-Installation Requirements of Tivoli
Intelligent ThinkDynamic Orchestrator and Tivoli Provisioning Manager
Installation Guides require an update.
In the Installing WebSphere Application Server section, step 1
should also refer users to the WebSphere Application Server documentation for
additional kernel parameters that may be required by the MQ messaging
client. If kernel parameters are not set based on individual hardware
specifications, you may experience difficulties installing the WebSphere
Application Server fixes required by Tivoli Intelligent Orchestrator.
The Tivoli Intelligent ThinkDynamic Orchestrator V1.1.1
Installation Guide provides guidance on installing DB2 with respect
to the two supported configurations while installing IBM Directory
Server. Six software options are presented during the IBM Directory
Server installation. The software options you select, depend on the
installation configuration, and whether any other software is already
installed on that machine. To choose the software options:
- Select all six options, if you are installing IBM Directory Server on a
separate server.
- Select all options except DB2, if you are installing IBM Directory Server
on your database server.
The specific options you choose will depend on your customized
environment. Refer to the IBM Directory Server 5.1
documentation for complete details on installing and configuring the
directory server for your environment.
This section provides workarounds to problems that might occur when you are
using Tivoli Intelligent ThinkDynamic Orchestrator and Tivoli Provisioning
Manager.
Installing the fix pack fails with the following error:
IOException creating RunTime():
/tmp/utils/update.sh: not found. Under some
conditions, the updateWizard.sh script incorrectly copies
the required files into the /tmp/utils directory. The fix
pack install logs are located in the $TC_HOME/logs/update
directory. The log file are :
- <timestamp>_think10edition_fp2_<operating
system="_think10edition_fp2_">
- <timestamp>_think10edition_fp2_<operating
system="_think10edition_fp2_">
Following is a sample log entry from the log file:
<timestamp>_think10edition_fp2_<operating
system="_think10edition_fp2_">
2004-05-03T16:53:47-04:00
Processing virtual script PostInstall-UpdatingSignatureUserfactoryOwnership
2004-05-03T16:53:47-04:00 Validating platform for (AIX)
2004-05-03T16:53:47-04:00 Command=/tmp/utils/update.sh
2004-05-03T16:53:47-04:00 RC=888
2004-05-03T16:53:47-04:00 Log: ExecCmd::launch
2004-05-03T16:53:47-04:00 Log: Launching:
2004-05-03T16:53:47-04:00 Log: [/tmp/utils/update.sh ]
2004-05-03T16:53:47-04:00 Log: Environment:
2004-05-03T16:53:47-04:00 Log: [ NULL Environment Overrides ]
2004-05-03T16:53:47-04:00
Error ( 2 ): IOException creating RunTime(): /tmp/utils/update.sh: not found
2004-05-03T16:53:47-04:00 Error 112 -- Return code (888) differs from the expected code (0).
2004-05-03T16:53:47-04:00 Product File Update is not active; skipping update step.
2004-05-03T16:53:47-04:00 Input Jar File:
/tmp/ptfs/think10edition_fp2_aix/components/thinkcontrol/update.jar
2004-05-03T16:53:47-04:00 Target Directory: /home/thinkcontrol
2004-05-03T16:53:47-04:00 Backup Jar File:
/home/thinkcontrol/properties/version/backup/20040503_205155_think10edition_fp2_aix_thinkcontrol_undo.jar
2004-05-03T16:53:47-04:00 Warnings Issued: 0
2004-05-03T16:53:47-04:00
Log File: /home/thinkcontrol/logs/update/20040503_205155_think10edition_fp2_aix_thinkcontrol_install.log
2004-05-03T16:53:47-04:00 2004-05-03T16:53:47-04:00 Errors were noted: 1
To correct this problem, edit the updateWizard.sh script
and change the following line in the script from cp -f utils/* /tmp/utils
to: cp -fpr utils /tmp and then run the
updateWizard.sh script again.
DB2 has the locklist size set to 100 which is too few for Tivoli
Intelligent Orchestrator and Tivoli Provisioning Manager.
Run the command: db2 update db cfg for tiodb using
locklist 1100, to update the size of your lock list to 1100.
The sample LDIF file provided with Tivoli Intelligent Orchestrator and
Tivoli Provisioning Manager contains the default LDAP base DN
values of dc=ibm, dc=com
To change the locklist values to reflect the appropriate settings for your
environment:
- Stop Tivoli Intelligent Orchestrator or Tivoli Provisioning Manager,
WebSphere Application Server and IBM Directory Server.
- From the ../samples directory on the Tivoli
Intelligent Orchestrator or Tivoli Provisioning Manager CD, copy the sample
ldap.ldif file to a temporary directory on your Tivoli
Intelligent Orchestrator or Tivoli Provisioning Manager server.
- Rename the file to new_ldap.ldif.
- Add the new suffix DN.
- Import new_ldap.ldif data to the LDAP server.
- Open the Configuration Manager console.
On Windows: Click Start > Programs > IBM
Directory Server 5.1 > Directory Configuration
.
On AIX, Linux or Solaris: Go to the /usr/bin
directory and issue the command ./ldapxcfg .
- Click Manage suffixes and set the suffix DN to your
custom values. Click Add.
- Click Import LDIF data, to import the updated ldif
data.
- Browse to the directory where you saved the
new_ldap.ldif file , and add the ldap.ldif
file
- Click the Standard import radio button and then click
Import.
- Watch for all entries to be added successfully
- Modify the WebSphere Application Server security configuration.
Replace all instances of dc=ibm,dc=com with the updated values from
all of these files:
- WAS_HOME\config\cells\host_name\security.xml.
- WAS_HOME\config\cells\host_name\applications\TCEAR.ear\deployments\TCEAR\META.
- WAS_HOME\installedApps\host_name\TCEAR.ear\META-INF\ibm-application-bnd.xmi.
- Note:
- WAS_HOME is the WebSphere Application Server
installation directory and host_name is the host name of
the WebSphere Application Server.
- Start Tivoli Intelligent Orchestrator or Tivoli Provisioning Manager,
WebSphere Application Server and IBM Directory Server.
When using commercial certificates, the standard HTTP login page does not
work.
Ensure that the correct protocol is used at the time of the login.
If commercial certificates are used, type in HTTPs at the time of
login.
Shutting down Tivoli Intelligent ThinkDynamic Orchestrator or Tivoli
Provisioning Manager with pending transactions or workflows causes
MQJMS2013 errors in WebSphere Application Server logs and the
server might fail to restart.
The cause for the problem could be attributed to the connection not being
explicitly closed, or to a network failure. All JMS unacknowledged
messages would be lost because a non-durable subscription is used.
Delete the contents of $WAS_HOME\10M directory.
If the LDAP Bind Password is not synchronized between WebSphere Application
Server, IBM Directory Server and Tivoli Intelligent ThinkDynamic Orchestrator
or Tivoli Provisioning Manager, the user will not be able to login.
To synchronize the LDAP Bind password, ensure the following aspects are
addressed:
- The Bind Distinguished Name(DN) has been set to
cn=tioldap,dc=ibm,dc=com in the WebSphere Application
Server.
- In a web browser, type the URL
http://host_name:9090/admin. Replace the
variable host_name with the fully qualified
host_name of the WebSphere Application Server.
- Go to Security->User Registries->LDAP. Under the
Configuration panels-> Bind Distinguished Name (DN), and ensure
that cn=tioldap,dc=ibm,dc=com is set.
- If changes are made, ensure that they are applied and saved.
- Ensure that the Bind Password has been set to
<tioldap_password> in the WebSphere Application
Server. Replace the <tioldap_password> with
the LDAP Administrator Bind password.
- In a web browser, type the URL,
http://host_name:9090/admin. Replace the
variable host_name with the fully qualified
host_name of the WebSphere Application Server.
- Go to Security->User Registries->LDAP. Under the
Configuration panels-> Bind Password, ensure that the password is
set to <tioldap_password>.
- If changes are made, ensure that they are applied and saved.
- Using the IBM Directory Server Configuration Tool, update the
Administrator DN password to
<tioldap_password>. Optionally, a command line
utility is available called ldapcfg. For example,
ldapcfg -u cn=tioldap,dc=ibm,dc=com -p
<tioldap_password>.
- Set the <principal> value in the
$TC_HOME/config/user-factory.xml file to
tioldap. For example, <prinicipal> tioldap
</prinicipal>.
- Enter the encrypted value of <tioldap_password>
in the <credentials> field. To encrypt this
value, use the $TC_HOME/.tools/dcm/enc.sh utility
which accepts a single parameter input of
<tioldap_password>.
- Ensure that the <server> field has the fully
qualified domain name. For example,
<server>hostname.ibm.com</server>.
After running the Tivoli Intelligent ThinkDynamic Orchestrator or the
Tivoli Provisioning Manager for an extended period of time, the log file size
increases and fills up the file system.
Edit the $TC_HOME/config/log4j.prop file and search for
log4j.appender.consolefile.append=false.
Replace the string with the values:
log4j.appender.consolefile.threshold=info
log4j.appender.consolefile.append=false
When executing a Unix script that has been saved in DOS mode it will fail
to execute with a cannot execute error. This can also be
confirmed by viewing the file in a Unix editor. You will see ^M
characters at the end of each line in the file. For example:
#!/bin/bash^M
#^M
# Licensed Materials - Property of IBM^M
# 5724-F75^M
# (C) Copyright IBM Corp. 2003^M
# All Rights Reserved^M
# US Government Users Restricted Rights -Use, duplication or ^M
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.^M
Use the Unix tr command to remove the ^M
characters.
- Backup the original file to
<filename.bak>, where
<filename.bak> is the name of the file you wan
to back up with a .bak extension. For example,
cp filename filename.bak
- Run the command to truncate the characters: cat
filename.bak | tr -d '\r' >
filename
- Note:
- If this file exists in a jar file or .tcdriver file then
you will first need to run jar -xvf on the package, correct the
file, and then jar -cvf to repackage it.
The reason the workflow fails is because it telnets to the switch which
gives a formatted telnet screen and then the workflow logs on and executes 3
cursor up characters. It is expecting to land on the VLANs option but
in fact lands on the Multicasting option. This is due to the fact that
the bios version level has been updated.
Edit the $TIO_HOME/bin/BladeCenterMovePorttoVLAN2.exp
script and update the ArrowUp values until the cursor is on the
VLANs option.
- Manually Telnet to the switch.
- Record your cursor strokes to navigate to the VLANs option.
- Update the expect script to reflect the route recorded to navigate to the
VLANs option.
To save these changes, you will want to import these changes to the
file: Blade-Center-4p-Gb-Eth.tcdriver
- Backup the original Blade-Center-4p-Gb-Eth.tcdriver
- Extract the tcdriver to a temp directory using the command:
jar -xvf Blade-Center-4p-Gb-Eth.tcdriver
- Update or replace the extracted
BladeCenterMovePorttoVLAN2.exp with your current
version.
- Repackage the jar file from the base extracted directory using the
command:
jar -cvf Blade-Center-4p-Gb-Eth.tcdriver*
.
- Save the new tcdriver file to $TIO_HOME/drivers
The following are trademarks or registered trademarks of IBM Corporation in
the United States and other countries are:
Microsoft and Windows NT are trademarks of Microsoft Corporation in the
United States, other countries, or both.
Java and all Java-based trademarks are trademarks of Sun Microsystems,
Inc. in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and
other countries.
Other company, product, or service names may be trademarks or service marks
of others.
COPYRIGHT INTERNATIONAL BUSINESS MACHINES CORPORATION 2004
ALL RIGHTS RESERVED.
Note to US Government Users : Documentation related to restricted
rights: Use, duplication, or disclosure is subject to restriction set
forth in GSA ADP Schedule Contract with IBM Corp.