Create an application server profile so that you can make
applications available to the Internet or to an intranet, typically
using Java™ technology. You can
create an application server profile using the Profile Management Tool.
Before you begin
Before
you use the Profile Management Tool,
install the product files.
The Profile Management Tool is the graphical
user interface for the manageprofiles command. See
the description of the manageprofiles command
for more information.
You must
provide enough system temporary space to create a profile. For information,
read about the file system requirements for profiles.
Attention: When you launch the Profile Management Tool, the tool could
lock up in the following situation for a non-root user: Log into a
machine as root, use the SetPermissions utility to change the user
from x to y. Assume that you are user x and log
back into the machine. Launch the Profile Management Tool, click Profile Management Tool, and click Create.
The next click after the click on Create could lock up the
tool.
Attention: When
you use the
Profile Management Tool with
the Motif graphical user interface on the Solaris operating system,
the default size of the
Profile Management Tool might
be too small to view all the messages and buttons of the
Profile Management Tool. To fix the problem,
add the following lines to the
app_server_root/.Xdefaults
file:
Eclipse*spacing:0
Eclipse*fontList:-misc-fixed-medium-r-normal-*-10-100-75-75-c-60-iso8859-1
After
adding the lines, run the following command before launching the
Profile Management Tool:
xrdb -load user_home/.Xdefaults
About this task
After installing the core product files
for the WebSphere® Application Server, Network Deployment product,
you must create a profile. This procedure describes creating an application
server profile using the graphical user interface provided by the Profile Management Tool. You can also use
the manageprofiles command
to create an application server profile. See the description of the manageprofiles command for
more information.
If
you additionally install the feature pack, you can use either the Profile Management Tool or the manageprofiles to create an
application server profile for the feature pack.
An
application server profile has a default server, which is server1,
the default application that includes the Snoop servlet and the Hitcount
servlet, and application Samples. You can federate the application
server or use it as a standalone application server.
You can create profiles with the Profile Management Tool using
the typical profile creation process or the advanced profile creation
process. The typical profile creation process uses default settings
and assigns unique port values. You can optionally set values as allowed.
For the advanced profile creation process you can accept the default
values, or specify your own values.
- Start the Profile Management Tool to create a new
runtime environment.
You can use one of
the following ways to start the tool.
- Click Launch Profile Management Tool,
and then click Create on the Profiles tab to create a new profile.
The Profiles tab contains a list of profiles that have been
created on your machine. No action can be done on a selected profile
unless the profile can be augmented. The Augment button is greyed
out unless a profile that you select can be augmented.
The tool
displays the Environment selection panel.
- Click
to expand the options under the appropriate product and version, select
the type of application server profile that you want to create, and
click Next.
- Select Application server if you want to create an application
server profile that is not enabled for the feature pack.
- Select Application server with Feature
Pack for Modern Batch if you want to create a custom profile that
is enabled for the Feature Pack for Modern Batch.
The Profile creation options
panel is displayed.
-
Select either Typical profile creation or Advanced
profile creation, and click Next.
The Typical
profile creation option creates a profile that uses default configuration
settings. With the Advanced profile creation option, you can
specify your own configuration values for a profile.
- If you selected Typical profile creation,
then go to the step on administrative
security.
- If you selected Advanced profile creation, then
select the applications that you want to deploy; and click Next.
The tool displays the Profile name and location panel.
- Specify a name for the profile and the directory path
for the profile directory, or accept the default values. Then, click Next.
Profile naming guidelines: Double-byte characters
are supported. The profile name can be any unique name with the following
restrictions. Do not use any of the following characters when naming
your profile:
- Spaces
- Special characters that are not supported within the name of a
directory on your operating system, such as *&?
- Slashes (/) or (\)
The default profile
The first profile that
you create on a machine is the default profile. The default profile
is the default target for commands that are issued from the bin directory
in the product installation root. When only one profile exists on
a machine, every command works on the single server process in the
configuration. You can make another profile the default profile
when you create that profile by checking Make this profile the
default on the Profile name and location panel of the Advanced
profile creation path. You can also make another profile the default
profile using the manageprofiles command after you create the profile.
Addressing
a profile in a multiprofile environment
When multiple profiles
exist on a machine, certain commands require that you specify the
profile to which the command applies if the profile is not the default
profile. These commands use the -profileName parameter to identify
which profile to address. You might find it easier to use the commands
that are in the bin directory of each profile.
Use
these commands to query the command shell to determine the calling
profile and to address these commands to the calling profile.
Default
profile information
The default profile name
is
<profile_type><profile_number>:
- <profile_type> is a
value of AppSrv, Dmgr, Custom, AdminAgent, JobMgr,
or SecureProxySrv.
- <profile_number> is
a sequential number that is used to create a unique profile name
The
default profile directory is app_server_root/profiles,
where app_server_root is the installation root.
The default profile directory
is app_server_root\profiles, where app_server_root is
the installation root.
Performance tuning setting: Select the performance-tuning setting that most closely
matches the type of environment in which the application server will
run.
- Standard
- The standard settings are the standard out-of-the-box default
configuration settings that are optimized for general-purpose usage.
- Production
- The production settings are optimized for a production environment
where application changes are rare and optimal runtime performance
is important.
- Development
- The development settings are optimized for a development environment
where frequent application updates are performed and system resources
are at a minimum.
Important: Do not use the development
settings for production servers.
- On the Node and host names panel, specify
the characteristics for the application server, and click Next.
Use unique names for each application server that you create.
Reserved names: Avoid using reserved folder
names as field values. The use of reserved folder names can cause
unpredictable results. The following terms are reserved folder names:
- cells
- nodes
- servers
- clusters
- applications
- deployments
Some default values in the following table are split on
multiple lines for printing purposes.
Field Name |
Default Value |
Constraints |
Description |
Node name |
shortHostName
Node
NodeNumber
where:
- shortHostName is the short host name
- NodeNumber is a sequential number starting at 01
|
Avoid using the reserved terms. |
Select any name you want. To help organize your
installation, use a unique name if you plan to create more than one
application server on the machine. |
Server name |
server1 |
Use a unique name for the application server. |
The name is a logical name for the application
server. |
Host name |
The long form of the domain name server
(DNS) name.
|
Addressable through your network. |
Use the DNS name or IP address of your machine
to enable communication with your machine. See additional information
about the host name following this table. |
Node name considerations: If
you plan to migrate an installation of Version 5 or Version 6 Network
Deployment to Version 7 and migrate one of the managed nodes in the
cell, use the same node name for the Version 7 application server
that you used for the Version 5 or Version 6 managed node.
Directory path considerations: The
installation directory path must be less than or equal to 60 characters.
Host
name considerations:
The host name is the network
name for the physical machine on which the node is installed. The
host name must resolve to a physical network node on the server. When
multiple network cards exist in the server, the host name or IP address
must resolve to one of the network cards. Remote nodes use the host
name to connect to and communicate with this node. Selecting a host
name that other machines can reach within your network is important.
Do not use the generic identifier, localhost, for
this value. Also, do not attempt to install WebSphere Application
Server products on a machine with a host name that uses characters
from a double-byte character set (DBCS). DBCS characters are not supported
when used in the host name.
If you define coexisting
nodes on the same computer with unique IP addresses, then define each
IP address in a domain name server (DNS) look-up table. Configuration
files for standalone application servers do not provide domain name
resolution for multiple IP addresses on a machine with a single network
address.
The value that you specify for the host
name is used as the value of the hostName property in configuration
documents for the standalone application server. Specify the host
name value in one of the following formats:
- Fully qualified domain name server (DNS) host name string, such
as xmachine.manhattan.ibm.com
- The default short DNS host name string, such as xmachine
- Numeric IP address, such as 127.1.255.3
The fully qualified DNS host name has the
advantages of being unambiguous and flexible. You have the flexibility
of changing the actual IP address for the host system without having
to change the application server configuration. This value for the
host name is particularly useful if you plan to change the IP address
frequently when using Dynamic Host Configuration Protocol (DHCP) to
assign IP addresses. A disadvantage of this format is dependency on
DNS. If DNS is not available, then connectivity is compromised.
The short host name is also dynamically resolvable. A
short name format has the added function of being redefined in the
local hosts file so that the system can run the application server,
even when disconnected from the network. To run disconnected, define
the short name as the loopback address, 127.0.0.1,
in the hosts file to run disconnected. A disadvantage of this format
is a dependency on DNS for remote access. If DNS is not available,
then connectivity is compromised.
A numeric IP address
has the advantage of not requiring name resolution through DNS. A
remote node can connect to the node that you name with a numeric IP
address without DNS being available. A disadvantage of this format
is that the numeric IP address is fixed. You must change the setting
of the hostName property in Express configuration documents whenever
you change the machine IP address. Therefore, do not use a numeric
IP address if you use DHCP, or if you change IP addresses regularly.
Another disadvantage of this format is that you cannot use the node
if the host is disconnected from the network.
After specifying
application server characteristics, the tool displays the Administrative
security panel.
- Optionally enable administrative security,
and click Next.
You can enable
administrative security now during profile creation, or later from
the console. If you enable administrative security now, then enter
a user name and password to log onto the administrative console.
If you installed
the Samples, and you chose to deploy them, then the Samples require
an account under which to run. Supply the Samples password for the
account. You cannot change the user name of the account.
After specifying security characteristics, the tool
displays the Security certificate panel if you previously selected Advanced
profile creation.
- If you selected Typical profile creation at the
beginning of these steps, go to the step that displays the Profile summary panel.
-
Create a default personal certificate and a root signing certificate,
or import a personal certificate and a root signing certificate from
keystore files, and click Next.
You can create
both certificates, import both certificates, or create one certificate,
and import the other certificate.
Best practice: When
you import a personal certificate as the default personal certificate,
import the root certificate that signed the personal certificate.
Otherwise, the
Profile Management Tool adds
the signer of the personal certificate to the trust.p12 file.
bprac
If
you import the default personal certificate or the root signing certificate,
specify the path and the password, and select the keystore type and
the keystore alias for each certificate that you import.
-
Verify that the certificate information is correct, and click Next.
If you create the certificates, you can use the default values
or modify them to create new certificates. The default personal certificate
is valid for one year by default and is signed by the root signing
certificate. The root signing certificate is a self-signed certificate
that is valid for 15 years by default. The default keystore password
for the root signing certificate is WebAS. You should
change the password. The password cannot contain any double-byte character
set (DBCS) characters because certain keystore types, including PKCS12,
do not support these characters. The keystore types that are supported
depend on the providers in the java.security file.
When you
create either or both certificates, or import either or both certificates,
the keystore files that are created are key.p12, trust.p12, root-key.p12,
default-signers.p12, deleted.p12, and ltpa.jceks. These files all
have the same password when you create or import the certificates,
which is either the default password, or a password that you specify.
The key.p12 file contains the default personal certificate. The trust.p12
file contains the signer certificate from the default root certificate.
The root-key.p12 file contains the root signing certificate. The default-signer.p12
file contains signer certificates that are added to any new keystore
file that you create after the server is installed and running. By
default, the default root certificate signer and a DataPower® signer
certificate is in the default-signer.p12 keystore file. The deleted.p12
keystore file is used to hold certificates deleted with the deleteKeyStore
task so that they can be recovered if needed. The ltpa.jceks file
contains server default Lightweight Third-Party Authentication (LTPA)
keys that the servers in your environment use to communicate with
each other.
An imported certificate is added to the key.p12
file or the root-key.p12 file.
If you import any certificates
and the certificates do not contain the information that you want,
click Back to import another certificate.
After displaying
the Security certificate panels, the tool displays the Ports panel
if you previously selected Advanced profile creation.
- Verify that the ports specified for the standalone application
server are unique, and click Next.
If you chose not to deploy
the administrative console, then the administrative console ports
are disabled on the Ports panel.
Port conflict resolution
Ports are recognized as being in use if one of the following
conditions exists:
- The ports are assigned to a profile created from an installation
that is performed by the current user.
- The port is currently in use.
Validation of ports occurs when you access the Port value assignment
panel. Conflicts can still occur between the Port value assignment
panel and the Profile creation complete panel because ports are not
assigned until profile creation completes.
The
tool displays the Windows® service definition panel
if you are installing on a Windows operating
system and the installation ID has the administrative group privilege.
The tool displays the Linux service definition panel
if you are installing on a supported Linux operating
system and the ID that runs the Profile Management Tool is
the root user.
- Choose whether
to run the application server as a Windows service
on a Windows operating system or as a Linux service
on a Linux operating system, then click Next.
The Windows service
definition panel is displayed for the Windows operating
system only if the ID that installs the Windows service
has the administrator group privilege. However, you can run the WASService.exe
command to create the Windows service
as long as the installer ID belongs to the administrator group. Read
about automatically restarting server processes for more information.
The product attempts to start Windows services for application server processes
that are started by a startServer command. For example, if you configure
an application server as a Windows service,
and issue the startServer command, then the wasservice command
attempts to start the defined service.
If you chose
to install a local system service, then you do not have to specify
your user ID or password. If you create a specified user type of service,
then you must specify the user ID and the password for the user who
runs the service. The user must have Log on as a service authority
for the service to run correctly. If the user
does not have Log on as a service authority, then
the Profile Management tool automatically adds the authority.
To perform this profile creation task, the user ID
must not contain spaces. In addition to belonging to the administrator
group, the ID must also have the advanced user right of Log
on as a service. The Installation wizard grants the user
ID the advanced user right if the user ID does not already have the
advanced user right and if the user ID belongs to the administrator
group.
You can also create other Windows services
after the installation is complete to start other server processes.
Read about automatically restarting server processes for more information.
You can remove the Windows service
that is added during profile creation during profile deletion. You
can also remove the Windows service with the wasservice
command.
IPv6 considerations
Profiles created to run as a Windows service
fail to start when using Internet Protocol Version 6 (IPv6) if the
service is configured to run as local system. Create a user-specific
environment variable to enable IPv6. Since this environment variable
is a user variable instead of a local system variable, only a Windows service that runs as that specific
user can access this environment variable. By default, when a new
profile is created and configured to run as a Windows service,
the service is set to run as local system. When the Windows service for the product tries to
run, the service is unable to access the user environment variable
that specifies IPv6, and thus, tries to start as Internet Protocol
Version 4 (IPv4). The server does not start correctly in this case.
To resolve the problem, when creating the profile, specify that the Windows service for the product runs with
the same user ID from which the environment variable that specifies
IPv6 is defined, instead of as local system.
Default values
for the Windows service
![[Windows]](../../windows.gif)
The following default
values for the Windows service definition panel
exist:
- The default is to run as a Windows service.
- The service process is selected to run as a system account.
- The user account is the current user name. User name requirements
are the requirements that the Windows operating
system imposes for a user ID.
- The startup type is automatic. The values for
the startup type are those values that the Windows operating
system imposes. If you want a startup type other than automatic,
you can either select another available option from the menu or change
the startup type after you create the profile. You can also remove
the created service after profile creation, and add it later with
the desired startup type. You can choose not to create a service at
profile creation time and optionally create the service later with
the desired startup type.
The Linux service
definition panel is displayed if the current operating system is a
supported version of Linux operating systems, and the
current user has the appropriate permissions.
The
product attempts to start Linux services for application
server processes that are started by a startServer command. For example,
if you configure an application server as a Linux service
and issue the startServer command, then the wasservice command
attempts to start the defined service.
By default,
the product is not selected to run as a Linux service.
To create the service, the user that runs the Profile Management Tool must be the root
user. If you run the Profile Management Tool with
a non-root user ID, then the Linux service
definition panel is not displayed, and no service is created.
When you create a Linux service,
you must specify a user name from which the service runs.
To delete a Linux service, the user must be
the root user or have appropriate privileges for deleting the service.
Otherwise, a removal script is created that the root user can run
to delete the service for the user.
If you previously selected Advanced profile creation,
the next panel displays the Web server definition panel.
- For advanced profile creation, if you choose
to include a Web server definition in the profile now, specify the
Web server characteristics on the panels, and click Next until
you complete the Web server definition panels.
If you
use a Web server to route requests to the product, then you need to
include a Web server definition. You can include the definition now,
or define the Web server to the product later. If you define the Web
server definition during the creation of this profile, then you can
install the Web server and its plug-in after you create the profile.
However, you must install both to the paths that you specify on the
Web server definition panels. If you define the Web server to the
product after you create this profile, then you must define the Web
server in a separate profile.
The tool displays the Profile
Creation Summary panel.
- Click Create to create the application
server, or click Back to change the characteristics of the
application server.
The Profile creation progress
panel, which shows the configuration commands that are running, is
displayed.
When the profile creation completes,
the tool displays the Profile creation complete panel.
- Optionally, select Launch the First steps
console. Click Finish to exit.
With the First
steps console, you can create additional profiles and start the application
server.
What to do next
Deploy
an application to get started.
Read about fast paths for the
product to get started deploying applications.
When
you create the application server profile, a default server1 process
is created. You can federate the server1 node into the deployment
manager cell with the addNode command or from the administrative
console of the deployment manager. The server1 process must be running
to begin the federation from the deployment manager.
If
you include all of the applications from the application server, then
the act of federation installs the applications on the deployment
manager where they can be redeployed.