Automating authorization group configurations using wsadmin scripting

The scripting library provides Jython script procedures to assist in automating your environment. Use the authorization groups scripts create, configure, remove and query your authorization group configuration.

Before you begin

Before you can complete this task, you must install an application server in your environment.

About this task

Scripting 程式庫提供一組自動執行最常見應用程式伺服器管理功能的程序。 Jython Script 程式庫有三種使用方式。
  • 利用 wsadmin 工具,以互動模式執行 Jython Script 程式庫中的 Script。 您可以啟動 wsadmin 工具,然後利用下列語法來執行併入 Script 程式庫的個別 Script:
    wsadmin>AdminServerManagement.createApplicationServer("myNode", "myServer", "default")
  • 利用文字編輯器,依照下列範例所示,將 Jython Script 程式庫中的若干 Script 結合起來:
    #
    # My Custom Jython Script - file.py
    #
    AdminServerManagement.createApplicationServer("myNode", "Server1", "default")
    AdminServerManagement.createApplicationServer("myNode", "Server2", "default")
    
    # 使用其中一個作為叢集的第一個成員
    AdminClusterManagement.createClusterWithFirstMember("myCluster", "APPLICATION_SERVER",
        "myNode", "Server1")
    
    # 新增第二個成員到叢集中
    AdminClusterManagement.createClusterMember("myCluster", "myNode", "Server3")
    
    # 安裝應用程式
    AdminApplication.installAppWithClusterOption("DefaultApplication",
        "..\installableApps\DefaultApplication.ear", "myCluster") 
    
    # 啟動節點上的所有伺服器和應用程式
    AdminServerManagement.startAllServers("myNode")
    請將自訂 Script 儲存起來,然後依照下列語法所示,從指令行執行它:
    bin>wsadmin -language jython -f path/to/your/jython/file.py
  • 利用 Jython Scripting 程式庫程式碼作為撰寫自訂 Script 的語法範例。 Script 程式庫中的各個 Script 範例示範撰寫 wsadmin Script 的最佳實務。 Script 程式庫程式碼位於app_server_root/scriptLibraries 目錄中。 在這個目錄內,Script 是先依照功能組織成子目錄。 例如,app_server_root/scriptLibraries/application/V70 子目錄所包含的程序會執行適用於產品 7.0 版及更新版本的應用程式管理作業。Script 程式庫路徑中的 V70 子目錄不表示 在該子目錄中的 Script 為 7.0 版 Script。
The authorization group management procedures in scripting library are located in the app_server_root/scriptLibraries/security/V70 subdirectory. Each script from the directory automatically loads when you launch the wsadmin tool. To automatically load your own Jython scripts (*.py) when the wsadmin tool starts, create a new subdirectory and save existing automation scripts under the app_server_root/scriptLibraries directory.
最佳作法 最佳作法: To create custom scripts using the scripting library procedures, save the modified scripts to a new subdirectory to avoid overwriting the library. Do not edit the script procedures in the scripting library.bprac

You can use the AdminAuthorizations.py scripts to perform multiple combinations of authorization group administration functions. Use the following steps to create an authorization group, adds resources to the group, and assigns user roles.

Procedure

  1. Optional: 啟動 wsadmin Scripting 工具。
    Use this step to launch the wsadmin tool and connect to a server. If you launch the wsadmin tool, use the interactive mode examples to run scripts. Alternatively, you can run each script individually without launching the wsadmin tool.
    • Enter the following command from the bin directory to launch the wsadmin tool and connect to a server:
      bin>wsadmin -lang jython
    When the wsadmin tool launches, the system loads each script from the scripting library.
  2. Create an authorization group.
    Use the createAuthorizationGroup script to create a new authorization group in your configuration, as the following example demonstrates:
    bin>wsadmin -lang jython -c "AdminAuthorizations.createAuthorizationGroup("myAuthGroup")"
    You can also use interactive mode to run the script procedure, as the following example demonstrates:
    wsadmin>AdminAuthorizations.createAuthorizationGroup("myAuthGroup")
  3. Add resources to the new authorization group.
    Use the addResourceToAuthorizationGroup script to add resources. You can create a file-grained administrative authorization groups by selecting administrative resources to be part of the authorization group, as the following example demonstrates:
    bin>wsadmin -lang jython -c "AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")"
    You can also use interactive mode to run the script procedure, as the following example demonstrates:
    wsadmin>AdminAuthorizations.addResourceToAuthorizationGroup("myAuthGroup", "Node=myNode:Server=myServer")
  4. Assign users to the administrative role for the authorization group.
    Use the mapUsersToAdminRole script to assign one or more users to the administrative role for the resources in the authorization group. You can assign users for the authorization group to the administrator, configurator, deployer, operator, monitor, adminsecuritymanager, and iscadmins administrative roles. The following example maps the user01, user02, and user03 users as administrators for the resources in the authorization group:
    bin>wsadmin -lang jython -c "AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")"
    You can also use interactive mode to run the script procedure, as the following example demonstrates:
    wsadmin>AdminAuthorizations.mapUsersToAdminRole("myAuthGroup", "administrator", "user01 user02 user03")

Results

The wsadmin script libraries return the same output as the associated wsadmin commands. For example, the AdminServerManagement.listServers() script returns a list of available servers. The AdminClusterManagement.checkIfClusterExists() script returns a value of true if the cluster exists, or false if the cluster does not exist. If the command does not return the expected output, the script libraries return a 1 value when the script successfully runs. If the script fails, the script libraries return a -1 value and an error message with the exception.

By default, the system disables failonerror option. To enable this option, specify true as the last argument for the script procedure, as the following example displays:
wsadmin>AdminApplication.startApplicationOnCluster("myApplication","myCluster","true")

What to do next

Create custom scripts to automate your environment by combining script procedures from the scripting library. Save custom scripts to a new subdirectory of the app_server_root/scriptLibraries directory.


指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:18
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_7libsecurity
檔名:txml_7libsecurity.html