Select the options that apply to your environment to generate a customized installation guide for () applications.
For information on installing the applications on , see Special considerations for installing on .
Before you install the applications, ensure to review the information in the following planning checklist.
Planning task | More information | |
---|---|---|
Verify that your hardware and software meet the minimum system requirements.
In this release of , the required Java version is 8. |
System requirements | |
Get the product installation media. For local repository download, you need approximately five gigabytes (5 GB) of hard drive space to download and extract your product installation media. | The server installation files can be downloaded from jazz.net | |
Review your installation topology. Whether you are trying out the , or installing the solution in your production environment, click the link at the right to see and study different installation topology examples. The examples include: evaluation topology, departmental topology, and distributed enterprise topology. | Installation process and topology examples | |
Synchronize the clocks on all machines. In a distributed environment, ensure that the clocks on all machines are synchronized using the Network Time Protocol (NTP). | For more information about NTP, visit the Network Time Protocol website | |
Learn about licensing. The licensing scheme is role-based. When you purchase a role-based license, you will have read, write, and comment access to some or all of the capabilities of the applications. | Client access license management | |
Learn about query and search index management. These Deployment wiki articles discuss different applications index query information and how it is realized in your deployment. In addition, the second part discusses different administering tasks related to index management and index storage details. | Part 1: Query, search and indexing technologies in Part 2: Indices storage and management (backup, recovery and recreation) |
Planning your environment is critical during the installation process, particularly if you plan to use this installation for departmental or enterprise development. See Examples: Installation process and topology to learn about different installation process and topologies.
Example topology: Single-server evaluation
A common topology for deployment is a single-server () evaluation topology with Liberty and Derby. This topology is useful for small deployments, such as evaluation, demonstration, or training deployments because the Derby database has a 10-user limit.
Example topology: Standard single-server departmental
A common installation topology is a standard single-server deployment of a () departmental topology with and an enterprise database management system, such as IBM Db2, Db2 for z/OS, and Db2 for i.
Example topology: Distributed enterprise
A common installation topology is a distributed deployment of a () enterprise topology with and an enterprise database management system, such as IBM Db2, Db2 for z/OS, or Db2 for i.
To set up a clustered environment for your applications, you need the following servers:
Note: The is a Java application that by default, is installed on . To gain performance, consider adding another server in the cluster, dedicated to the .
To set up a system with HAProxy high availability, you need the following servers:
All servers in the environment must have their fully qualified host names configured. When you update the /etc/hosts file, use the IP fully-qualified-host-name alias [,alias] format. Note that the fully qualified host name must appear before any alias. If it does not, clustering might not be enabled for multiple nodes.
For a list of system requirements, see System requirements.
Note: Installation of HAProxy load balancer is not supported on Windows platforms.
You must install and configure HAProxy before the cluster can be activated. For more information about HAProxy, see www.haproxy.org.
Note: You can also configure and use IHS instead of HAProxy, but only one of these two methods must be used in a cluster for load balancing.
HAProxy is part of the official Red Hat Linux repository and can be installed by using the yum command. You must have root user permissions or use the sudo command to do the installation.
yum -y install haproxy
Note: If your is fronted by the HAProxy, see this Depolyment wiki document for the haproxy.cfg sample file.
haproxy.cfg sample file for clustering
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.6/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# If not using the dockerized version,
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/rsyslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/rsyslog
#
# local2.* /var/log/haproxy.log
#
# 3) uncomment the line below and comment the other log line
#log 127.0.0.1 local2
log /dev/log local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 6000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
tune.ssl.default-dh-param 2048
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
option dontlognull
option http-keep-alive
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 2h
timeout server 2h
timeout http-keep-alive 10s
timeout check 10s
maxconn 6000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend lanneluc-proxy
bind *:80
bind *:9443 ssl crt /etc/haproxy/ssl/proxy.pem no-sslv3
log global
option httplog
mode http
capture cookie SERVERID len 32
redirect scheme https if !{ ssl_fc }
maxconn 2000 # The expected number of the users of the system.
# Limits the sockets to this number of concurrent connections. Extraneous
# connections will remain in the system's backlog until a connection is
# released. If unspecified, the limit will be the same as the frontend's
# maxconn.
default_backend ccm
backend ccm
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
fullconn 1000 # if not specified, HAProxy will set this
# to 10% of 'maxconn' specified on the frontend
balance leastconn
cookie SERVERID insert indirect nocache secure attr "SameSite=None"
# minconn = 100, the server will always accept at least 100,
# but no more than 'maxconn' connections. Should be the same as Liberty
# settings in server.xml
# maxconn = 500, the max number of connections that will be sent to a server.
# The overage will be queued. The total for all nodes should be equal to maxxcon
# on 'frontend'
server ccm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm1 verify none
server ccm2 node2.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm2 verify none
server ccm3 node3.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm3 verify none
server ccm4 node5.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm4 verify none
# Uncomment the following section if your MessageBroker is fronted by HAProxy (for example if in High Availability mode)
#
# # connect MessageBroker cluster in tcp mode (N servers if HA mode, or a single server if IoT MessageBroker just must be fronted by proxy)
# listen MessageBroker
# bind *:1883
# mode tcp
# balance leastconn
# option tcplog
# server MessageBroker1 [MessageBroker server 1 URI]:1883 check
# server MessageBroker2 [MessageBroker server 2 URI]:1883 check
# # connect MessageBroker cluster in HTTP mode to allow gathering of MQTT statistics (6.0.6 and newer only) (N servers if HA mode, or a single server if IoT MessageBroker just must be fronted by proxy)
# listen MessageBroker_REST
# bind *:9089 ssl crt /etc/haproxy/ssl/msigh.pem no-sslv3 # Port (9089) must match that configured in MessageBroker, and the same port needs to be specified in MQTTStatsService advanced property
# mode http
# option tcp-check # Must tell HAProxy to use TCP port to do health checks
# balance leastconn
# # Same number of entries and same servers as in the section above:
# server MessageBroker_REST1 [MessageBroker server 1 URI]:9089 check port 1883 # Same ports (1883 and 9089) as used elsewhere in this file.
# server MessageBroker_REST2 [MessageBroker server 2 URI]:9089 check port 1883 # Same ports (1883 and 9089) as used elsewhere in this file.
listen statistics
bind *:1936
stats uri /
stats admin if TRUE
stats enable
stats hide-version
stats auth root:clu8ter8
stats refresh 5s
haproxy.cfg sample file for QM clustering
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.6/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# If not using the dockerized version,
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/rsyslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/rsyslog
#
# local2.* /var/log/haproxy.log
#
# 3) uncomment the line below and comment the other log line
#log 127.0.0.1 local2
log /dev/log local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 6000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
tune.ssl.default-dh-param 2048
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
option dontlognull
option http-keep-alive
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 2h
timeout server 2h
timeout http-keep-alive 10s
timeout check 10s
maxconn 6000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend lanneluc-proxy
bind *:80
bind *:9443 ssl crt /etc/haproxy/ssl/proxy.pem no-sslv3
log global
option httplog
mode http
capture cookie SERVERID len 32
redirect scheme https if !{ ssl_fc }
maxconn 2000 # The expected number of the users of the system.
# Limits the sockets to this number of concurrent connections. Extraneous
# connections will remain in the system's backlog until a connection is
# released. If unspecified, the limit will be the same as the frontend's
# maxconn.
default_backend qm
backend qm
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
fullconn 1000 # if not specified, HAProxy will set this
# to 10% of 'maxconn' specified on the frontend
balance leastconn
cookie SERVERID insert indirect nocache secure attr "SameSite=None"
# minconn = 100, the server will always accept at least 100,
# but no more than 'maxconn' connections. Should be the same as QM Liberty
# settings in server.xml
# maxconn = 500, the max number of connections that will be sent to a server.
# The overage will be queued. The total for all nodes should be equal to maxxcon
# on 'frontend'
server qm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm1 verify none
server qm2 node2.host.com:9443 minconn 100 maxconn 500 ssl check cookie qm2 verify none
server qm3 node3.host.com:9443 minconn 100 maxconn 500 ssl check cookie qm3 verify none
server qm4 node5.host.com:9443 minconn 100 maxconn 500 ssl check cookie qm4 verify none
# Uncomment the following section if your MessageBroker is fronted by HAProxy (for example if in High Availability mode)
#
# # connect MessageBroker cluster in tcp mode (N servers if HA mode, or a single server if IoT MessageBroker just must be fronted by proxy)
# listen MessageBroker
# bind *:1883
# mode tcp
# balance leastconn
# option tcplog
# server MessageBroker1 [MessageBroker server 1 URI]:1883 check
# server MessageBroker2 [MessageBroker server 2 URI]:1883 check
# # connect MessageBroker cluster in HTTP mode to allow gathering of MQTT statistics (6.0.6 and newer only) (N servers if HA mode, or a single server if IoT MessageBroker just must be fronted by proxy)
# listen MessageBroker_REST
# bind *:9089 ssl crt /etc/haproxy/ssl/msigh.pem no-sslv3 # Port (9089) must match that configured in MessageBroker, and the same port needs to be specified in MQTTStatsService advanced property
# mode http
# option tcp-check # Must tell HAProxy to use TCP port to do health checks
# balance leastconn
# # Same number of entries and same servers as in the section above:
# server MessageBroker_REST1 [MessageBroker server 1 URI]:9089 check port 1883 # Same ports (1883 and 9089) as used elsewhere in this file.
# server MessageBroker_REST2 [MessageBroker server 2 URI]:9089 check port 1883 # Same ports (1883 and 9089) as used elsewhere in this file.
listen statistics
bind *:1936
stats uri /
stats admin if TRUE
stats enable
stats hide-version
stats auth root:clu8ter8
stats refresh 5s
You must ensure that several important entries in the configuration file are entered correctly:
listen statistics
bind *:1936
stats uri /
stats admin if TRUE
stats enable
stats hide-version
stats auth root:clu8ter8
stats refresh 5s
These entries are explained in details in the next sections.
systemctl enable haproxy
service haproxy start
HAProxy requires a certificate to parse encrypted traffic. You can use a self-signed certificate. The following commands create a self-signed certificate for your testing environment, but you must obtain a real certificate if required.
OpenSSL prompts you to enter the details for the certificate, such as the host name and so on. Double quotation marks are optional. The host name (CN) is the host name of the server where HAProxy is installed:
cd /usr/local/haproxy/etc
openssl genrsa -des3 -out ssl/proxy.key 2048
openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
openssl x509 -req -days 365 -in "ssl/proxy.csr" -signkey "ssl/proxy.key" -out "ssl/proxy.crt"
cat ssl/proxy.crt ssl/proxy.csr > ssl/proxy.pem
HAProxy offers several load-balancing algorithms. In the configuration example, the balance leastconn option is used. The balance leastconn option instructs HAProxy to direct traffic to the back-end server with the least number of connections.
The back-end servers are the lines that start with "server" in the configuration file. These entries instruct the HAProxy to redirect traffic to the nodes. In the configuration example, there are four nodes. Replace the nodex.host.com parts with the actual host-name of the servers (nodes) on which you install your or servers (replicas).
You can preconfigure HAProxy with as many back-end servers (nodes) as the number of or nodes that you are planning to have. For the initial setup stage, start with one instance of or on one node by commenting out all the other server lines except for the first line:
example:
server ccm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm1 verify none
#server ccm2 node2.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm2 verify none
#server ccm3 node3.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm3 verify none
#server ccm4 node5.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm4 verify none
QM example:
server qm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check cookie qm1 verify none
#server qm2 node2.host.com:9443 minconn 100 maxconn 500 ssl check cookie qm2 verify none
#server qm3 node3.host.com:9443 minconn 100 maxconn 500 ssl check cookie qm3 verify none
#server qm4 node5.host.com:9443 minconn 100 maxconn 500 ssl check cookie qm4 verify none
After HAProxy is configured, if it is running as a service, you can start, stop, and restart it by entering the following command:
sudo service haproxy start|stop|restart|reload
The minconn, maxconn, and fullconn parameters are used to fine-tune the server and to control the number of simultaneous connections the server can handle. If more connections are established, the overage will be buffered. It can be difficult to determine the optimal numbers for these parameters, because they depend on the expected number of users and the server responsiveness, which can be influenced by available resources, network bandwidth, and so on. The number of connections can be fine-tuned depending on the number of users that are expected to use the clustered applications.
These numbers are also related to how is configured. By default, the instance that runs is configured with coreThreads="100" which is the lowest number of threads that handle incoming requests. The maximum is limited by the available system resources. Therefore, the minconn parameter should be set to the value of the coreThreads setting. The maxconn value in the back-end section (that is, one per back-end server) should be set to the maximum number of users that the server is capable of handling without showing any degradation in performance or response times. In the configuration example provided earlier, the maxconn value is set to 500 on each back end. The total of all back-end maxconn values should equal the maxconn value that is set in the front-end section of the configuration file. For example, if there are four nodes that are each set to maxconn=500, the maxconn value in the front-end should be set to 2000.
The last section in the configuration file specifies how to access the HAProxy monitoring console. The console shows the number of nodes and their statuses, as well as the incoming and outgoing traffic. For a well-functioning cluster, assuming all nodes have been brought online at about the same time, the number of sessions (Total and lbTotal) should be roughly the same, and the number of bytes transferred should not vary too much between nodes. There should be no errors or warnings.
HAProxy maintains a log file in this directory: /var/log/haproxy.log. This log file contains information about which requests were redirected to which back-end servers and other HAProxy information such as session-affinity cookies and response codes.
HAProxy provides different parameters for adapting and tuning its behavior, including a property named weight that you can use to identify servers for balancing. This property is only used for the first session request, because all the other requests for this session are routed to the same server with session affinity. The weight must be a value between 1 and 256. When the weight property is not set, the default value of 1 is used.
The weight property can be added to any server declaration in a back end, as shown in the following line:
backend ccm
...
server ccm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check weight 50 cookie ccm1 verify none
backend qm
...
server qm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check weight 50 cookie qm1 verify none
The weight parameter enables you to define a specific weight for your server. However, you must edit the haproxy.cfg file each time that you want to change the weight. To avoid opening the haproxy.cfg file to change the weight, you can use a socket interface to change the weight while the HAProxy server is running. Use the following procedure to install the Socat program, which allows you to send messages to the HAProxy TCP stats socket:
Procedure
yum -y install socat
stats socket /var/lib/haproxy/stats.sock mode 600 level admin
stats timeout 2m
echo "set weight ccm/<serverName> <newWeight>" | socat unix-connect:/var/lib/haproxy/stats.sock stdio
ex: echo "set weight ccm/ccm1 50" | socat unix- connect:/var/lib/haproxy/stats.sock stdio
echo "set weight qm/<serverName> <newWeight>" | socat unix-connect:/var/lib/haproxy/stats.sock stdio
ex: echo "set weight qm/qm1 50" | socat unix- connect:/var/lib/haproxy/stats.sock stdio
Note: Installation of is not supported on Windows platforms.
provides secure, rapid, bidirectional messaging for the Internet of Things (IoT) and mobile environments. is a high performance MQTT broker.
Procedure
To install a non-Dockerized version of , follow these steps:
Note: An IBMid is required to access these files. If you do not have an IBMid, you will be prompted to create one before you can download .
For complete instructions, see the documentation.
uses organizational configuration objects called hubs to define configuration policies.
Procedure
You can view subscription monitoring statistics by using the Web UI. To access the monitoring subscriptions, go to the Subscriptions page by selecting Monitoring > Subscriptions.
In the Monitoring view, you can see all MQTT clients (nodes), the topics being subscribed to and published, the active consumers, the number of messages, and the buffer sizes. You can use various options to filter the data.
To implement high availability for (primary and standby nodes), see the following topics in the documentation:
Before you begin
Before you start the installation, complete these tasks:
* hard nofile 65536
* soft nofile 65536
* hard nproc 10000
* soft nproc 10000
ulimit -n 65536
ulimit -u 10000
Note: If you use these commands, start the Launchpad program or IBM Installation Manager from the same shell to inherit the modified limits. After these settings are applied, reindex the server to fix any corrupted server indexes by running the Jazz_Install_Dir/server/repotools-jts -reindex repotools command.
Important: If you use a system startup script such as /etc/init.d/was or /etc/rc.*/SXXWebSphere to start WebSphere® Application Server at system boot up time, init.d invokes the startup scripts with the maximum number of file descriptors set to 1024 instead of the system default value that is set in /etc/security/limits.conf (65536). To avoid this problem, add the command ulimit -n 65536 to the top of your startup script. This ensures that is started with the correct file descriptor limit.
About this task
There are two ways to download and install applications. The first installation method is a web-based installation that includes a smaller download and connects to the internet during the installation to get the repository files. If you must install the server in an environment without internet access, use the second installation method: download and extract the repository files to a local computer to install the server.
If you do not have User Interface libraries installed on your server or just prefer to use the command-line installation method, you can use an response file to install . This method is also referred to as silent installation
.
There are two sample response files provided to install and applications:
To install , you can use the silent-install-db-server.xml sample response file.
There are two sample response files provided to install :
Procedure
Note: Ensure that the application is already installed on the server, or you are installing it with the Architecture Management Extension at this time. If the same version of the application is not present on the server, the installation will fail.
Note: If you want to install the product as a non-root usernon-administrator user, from the Select user mode for Installation Manager list, select Non-Administrator. When you select Non-Administrator, the software packages will be installed in the user's directory and the package group will be named My . Also on Windows operating systems with User Access Control (UAC) enabled, the user who is installing the applications must be able to write to the installation directories.
If you do not have a supported version of Installation Manager, you can obtain it from Jazz.net or download the web installer, which includes Installation Manager.
Note: If you are planning to use the System for Cross-domain Identity Management (SCIM) standard, you must install and configure the . The link to install the is available in the Launchpad program.
Note: You can install on the same computer as or on its own dedicated server. Install on the computer that you identified as your , and install the clustered applications on the computer corresponding to the node you have enabled in your HAProxy configuration.
.\installc -acceptLicense -showVerboseProgress -input silent-install-server2.xml --launcher.ini silent-install.ini
./installc -acceptLicense -showVerboseProgress -input silent-install-server2.xml --launcher.ini silent-install.ini
.\userinstc -acceptLicense -showVerboseProgress -input silent-install-server2.xml --launcher.ini user-silent-install.ini
./userinstc -acceptLicense -showVerboseProgress -input silent-install-server2.xml --launcher.ini user-silent-install.ini
.\installc -acceptLicense -showVerboseProgress -input silent-install-jas2.xml --launcher.ini silent-install.ini
./installc -acceptLicense -showVerboseProgress -input silent-install-jas2.xml --launcher.ini silent-install.ini
.\userinstc -acceptLicense -showVerboseProgress -input silent-install-jas2.xml --launcher.ini user-silent-install.ini
./userinstc -acceptLicense -showVerboseProgress -input silent-install-jas2.xml --launcher.ini user-silent-install.ini
.\installc -acceptLicense -showVerboseProgress -input silent-install-db-server.xml --launcher.ini silent-install.ini
./installc -acceptLicense -showVerboseProgress -input silent-install-db-server.xml --launcher.ini silent-install.ini
.\userinstc -acceptLicense -showVerboseProgress -input silent-install-db-server.xml --launcher.ini silent-install.ini
./userinstc -acceptLicense -showVerboseProgress -input silent-install-db-server.xml --launcher.ini silent-install.ini
<data key='user.JazzFoundationServer.NoAppServer.WebApps.InstallLocation'
value='C:\tmp\silent-install\JazzTeamServer\server\webapps'/>
<data key='user.JazzFoundationServer.NoAppServer.WebApps.InstallLocation'
value='/tmp/silent-install/JazzTeamServer/server/webapps'/>
<!--
<offering id='com.ibm.team.install.jfs.app.rtc'/>
-->
<offering id='com.ibm.team.install.jfs.app.jrs' features='lqe,dcc'/>
Note: After you install, locate the <installdir>/server/server.startup file and edit the line that defines JAVA_OPTS to change the default 4GB to 8GB.
For example, JAVA_OPTS="$JAVA_OPTS -Xmx8G"
For step-by-step instructions for new installations of , see Installing and applications on IBM i.
For detailed instructions for installing the Build System Toolkit and the context-aware search engine, see the following resources:
Before you create databases for your clustered environment, ensure that theread and write caches are enabled for the disk configuration.
Open the /etc/security/limits.conf file and set the following ulimits parameters:
<dbuser> hard nofile 65536
<dbuser> soft nofile 65536
<dbuser> hard nproc 65536
<dbuser> soft nproc 65536
If you are using the included Derby database, no additional setup is necessary. Proceed with the next step.
Note: Although a Derby database is included in the default configuration and requires no installation, this database is limited to 10 users. To enable more users, install a supported enterprise database such as Db2, Oracle, or SQL Server.
To create database tables, see Creating Db2 for z/OS database tables remotely.
By default, IBM Db2i database is setup and configured on your IBM i system. No additional setup is necessary. Proceed with the next step.
The products support IBM Db2 Enterprise Server Edition. For platforms that do not support Enterprise Server Edition, you can use IBM Db2 Workgroup Server Edition. You can obtain a trial download of one these Db2 editions or the free Db2 Express Server edition for deployments of 50 developers or fewer from ibm.com.
Before you begin
This procedure requires that the following prerequisites are met:
Procedure
db2 create database JTS using codeset UTF-8 territory en PAGESIZE 16384
db2 create database PUB using codeset UTF-8 territory en PAGESIZE 16384
Also note that these values are examples and you should change them according to your usage and environment. For example, if the TOKENSTRING value of 2048 is too small, you can increase that by using a datatype of TOKENSTRING NVARCHAR(MAX) NOT NULL,.
CREATE DATABASE oauth2db USING CODESET UTF8 TERRITORY US;
CONNECT TO oauth2db;
CREATE BUFFERPOOL BUFF16K IMMEDIATE SIZE 2500 AUTOMATIC PAGESIZE 16K;
create tablespace TAB16K pagesize 16K bufferpool BUFF16K dropped table recovery on;
CREATE SYSTEM TEMPORARY TABLESPACE TEMPSYS16K PAGESIZE 16K BUFFERPOOL BUFF16K;
---- CREATE TABLES ----
CREATE TABLE OAuthDBSchema.OAUTH20CACHE
(
LOOKUPKEY VARCHAR(256) NOT NULL,
UNIQUEID VARCHAR(128) NOT NULL,
COMPONENTID VARCHAR(256) NOT NULL,
TYPE VARCHAR(64) NOT NULL,
SUBTYPE VARCHAR(64),
CREATEDAT BIGINT,
LIFETIME INT,
EXPIRES BIGINT,
TOKENSTRING VARCHAR(2048) NOT NULL,
CLIENTID VARCHAR(64) NOT NULL,
USERNAME VARCHAR(64) NOT NULL,
SCOPE VARCHAR(512) NOT NULL,
REDIRECTURI VARCHAR(2048),
STATEID VARCHAR(64) NOT NULL,
EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}'
);
CREATE TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG
(
COMPONENTID VARCHAR(256) NOT NULL,
CLIENTID VARCHAR(256) NOT NULL,
CLIENTSECRET VARCHAR(256),
DISPLAYNAME VARCHAR(256) NOT NULL,
REDIRECTURI VARCHAR(2048),
ENABLED INT,
CLIENTMETADATA CLOB NOT NULL DEFAULT '{}'
);
CREATE TABLE OAuthDBSchema.OAUTH20CONSENTCACHE (
CLIENTID VARCHAR(256) NOT NULL,
USERID VARCHAR(256),
PROVIDERID VARCHAR(256) NOT NULL,
SCOPE VARCHAR(1024) NOT NULL,
EXPIRES BIGINT,
EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}'
);
---- ADD CONSTRAINTS ----
ALTER TABLE OAuthDBSchema.OAUTH20CACHE
ADD CONSTRAINT PK_LOOKUPKEY PRIMARY KEY (LOOKUPKEY);
ALTER TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG
ADD CONSTRAINT PK_COMPIDCLIENTID PRIMARY KEY (COMPONENTID,CLIENTID);
---- CREATE INDEXES ----
CREATE INDEX OAUTH20CACHE_EXPIRES ON OAUTHDBSCHEMA.OAUTH20CACHE (EXPIRES ASC);
---- GRANT PRIVILEGES ----
---- UNCOMMENT THE FOLLOWING IF YOU USE AN ACCOUNT OTHER THAN ADMINISTRATOR FOR DB ACCESS ----
-- Change dbuser to the account you want to use to access your database
-- GRANT ALL ON OAuthDBSchema.OAUTH20CACHE TO USER dbuser;
-- GRANT ALL ON OAuthDBSchema.OAUTH20CLIENTCONFIG TO USER dbuser;
---- END OF GRANT PRIVILIGES ----
DISCONNECT CURRENT;
db2 -stvf createOauthTablesDB2.sql
<dataSource id="OAuthFvtDataSource" jndiName="jdbc/OAuth2DB">
<jdbcDriver libraryRef="DerbyLib" />
<properties.derby.embedded
databaseName="asDB"
createDatabase="create" />
</dataSource>
<library id="DerbyLib">
<fileset dir="${shared.config.dir}/lib/global" includes="derby.jar" />
</library>
<jdbcDriver id="db2Universal" libraryRef="DB2JCC4LIB"/>
<library id="DB2JCC4LIB" filesetRef="db2jcc4" apiTypeVisibility="spec,ibm-api,third-party"/>
<fileset dir="${shared.config.dir}/lib/global" id="db2jcc4" includes="db2jcc4.jar db2jcc_license_cu.jar"/>
<dataSource id="OAUTH2DBDS" jndiName="jdbc/oauthProvider" jdbcDriverRef="db2Universal">
<properties.db2.jcc password="*****" databaseName="OAUTH2DB" user="db2inst1" portNumber="50000" serverName="yourDB2.com" driverType="4"/>
</dataSource>
Ensure that you have the correct values for the following attributes:
<oauthProvider id="JazzOP"
httpsRequired="true"
autoAuthorize="true"
customLoginURL="/jazzop/form/login"
accessTokenLifetime="7201"
authorizationGrantLifetime="604801">
<autoAuthorizeClient>client01</autoAuthorizeClient>
<databaseStore dataSourceRef="OAUTH2DBDS" />
</oauthProvider>
db2 create database using codeset UTF-8 territory en PAGESIZE 16384
db2 create database QM using codeset UTF-8 territory en PAGESIZE 16384
db2 create database RM using codeset UTF-8 territory en PAGESIZE 16384
db2 create database DCC using codeset UTF-8 territory en PAGESIZE 16384
Note: The database requires 32K pages.
db2 create database LQE using codeset UTF-8 territory en PAGESIZE 32768
The LQE database must have the MAXAPPLS increased to allow for concurrent connections in to process data if it is not set to AUTOMATIC. Increase the value to 300:
db2 update db cfg for LQE using maxappls 300
This means that the lock list must also be increased if it is not set to AUTOMATIC:
db2 update db cfg FOR LQE using locklist 20000
The transaction logs will also grow as data is processed in parallel. Increase the LOGFILSIZ to 20000:
db2 update db cfg for LQE using LOGFILSIZ 20000
Increase the number of primary and secondary transactions log files:
db2 update db cfg for LQE using logprimary 25
db2 update db cfg for LQE using logsecond 100
Note: The database requires 32K pages.
db2 create database LDX using codeset UTF-8 territory en PAGESIZE 32768
db2 create database GC using codeset UTF-8 territory en PAGESIZE 16384
db2 create database using codeset UTF-8 territory en PAGESIZE 16384
db2 create database DW using codeset UTF-8 territory en PAGESIZE 32768
The data warehouse database must have the MAXAPPLS increased to allow for concurrent connections in to process data if it is not set to AUTOMATIC. Increase the value to 300:
db2 update db cfg for DW using maxappls 300
This means that the lock list must also be increased if it is not set to AUTOMATIC:
db2 update db cfg FOR DW using locklist 20000
The transaction logs will also grow as data is processed in parallel. Increase the LOGFILSIZ to 20000:
db2 update db cfg for DW using LOGFILSIZ 20000
Increase the number of primary and secondary transactions log files:
db2 update db cfg for DW using logprimary 25
db2 update db cfg for DW using logsecond 200
If you are creating the database with a user other than the user specified in the teamserver.properties file, you must grant DBADM authority to that user:
db2 connect to database_name
db2 grant dbadm on database to user user_name
db2 disconnect database_name
If you create all databases on the same database server, verify that the Max number of concurrently active databases is set to a number greater than the number of databases you created. If this value is lower than the number of active databases, you will get the SQL Code 1041 error.
To verify the value and increase the number if necessary, complete these steps:
db2 get dbm cfg
db2 update dbm cfg using numdb 32
db2stop
db2start
To create and set up an Oracle database, it is assumed that the user who is preparing the database has database administration authority over the database and that the database, tablespace storage, and appropriate storage configuration is created by a user with system administration authority.
Before you begin
Planning checklistsection of this document.
Restriction: Because of a defect in Oracle JDBC driver 12.1.0.2.0, this version of the driver cannot be used. For details, see repotools -createTables command fails with ORA-01000 on Oracle 12 on the IBM Support portal page.
The examples in this step are for one Oracle database with separate tablespaces and database users who are dedicated to each application.
alter system set open_cursors = 10000 scope=both;
alter system set open_cursors = 10000;
Procedure
As a system administrator, create a database with UTF-8 encoding for and all applications.
Note: Oracle password complexity policy requires that passwords should have minimum of 12 characters in length. In addition, the password must contain at least one upper-case character, one lower-case character, and one digit. If your password contains special characters, multibyte characters, or starts with numbers or special characters, you must enclose it in double quotation marks. For details, see the Oracle documentation.
Note: Setting character set to Unicode (AL32UTF8) enables you to store multiple language groups.
CREATE BIGFILE TABLESPACE JTS
DATAFILE 'ORACLE_BASE/oradata/DB/JTS.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE JTS_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/JTS_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE PUB
DATAFILE 'ORACLE_BASE/oradata/DB/PUB.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE PUB_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/PUB_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
Note that the values in the script file are examples and you should change them according to your usage and environment. For example, if the TOKENSTRING value of 2048 is too small, you can increase that by using a datatype of TOKENSTRING NVARCHAR(MAX) NOT NULL,.
createOauthOracle.sql creates two tablespaces: OAUTH and OAUTH_TMP, and creates the tables in the OAUTH tablespace. If you have an existing tablespace that you want to use, you can change the CREATE TABLE statement to use your existing tablespace. If you want to create new tablespaces, then you should edit the DATAFILE and TEMPFILE clauses to point at the directory that you want to use for the tablespace.
expects to find a user named OAUTHDBSCHEMA, and it expects to find tables in a schema named OAUTHDBSCHEMA. You must create the OAUTHDBSCHEMA user in Oracle. Customize the CREATE USER statement to specify a password for the OAUTHDBSCHEMA user. When you create the OAUTHDBSCHEMA user, you must also associate that user with the tablespace you plan to use for the OAUTH tables.
CREATE TABLESPACE OAUTH DATAFILE '/home/oracle/tablespaces/OAUTH.dbf' SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE OAUTH_TMP TEMPFILE '/home/oracle/tablespaces/OAUTH_TMP.dbf' SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE USER OAUTHDBSCHEMA IDENTIFIED BY <your password> DEFAULT TABLESPACE OAUTH QUOTA UNLIMITED ON OAUTH TEMPORARY TABLESPACE OAUTH_TMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO OAUTHDBSCHEMA;
---- CREATE TABLES ----
CREATE TABLE OAuthDBSchema.OAUTH20CACHE
(
LOOKUPKEY VARCHAR(256) NOT NULL,
UNIQUEID VARCHAR(128) NOT NULL,
COMPONENTID VARCHAR(256) NOT NULL,
TYPE VARCHAR(64) NOT NULL,
SUBTYPE VARCHAR(64),
CREATEDAT NUMBER(19,0),
LIFETIME INT,
EXPIRES NUMBER(19,0),
TOKENSTRING VARCHAR(2048) NOT NULL,
CLIENTID VARCHAR(64) NOT NULL,
USERNAME VARCHAR(64) NOT NULL,
SCOPE VARCHAR(512) NOT NULL,
REDIRECTURI VARCHAR(2048),
STATEID VARCHAR(64) NOT NULL,
EXTENDEDFIELDS CLOB DEFAULT '{}' NOT NULL
)
TABLESPACE OAUTH STORAGE(INITIAL 50K);
CREATE TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG
(
COMPONENTID VARCHAR(256) NOT NULL,
CLIENTID VARCHAR(256) NOT NULL,
CLIENTSECRET VARCHAR(256),
DISPLAYNAME VARCHAR(256),
REDIRECTURI VARCHAR(2048),
ENABLED INT,
CLIENTMETADATA CLOB DEFAULT '{}' NOT NULL
) TABLESPACE OAUTH STORAGE(INITIAL 50K);
CREATE TABLE OAuthDBSchema.OAUTH20CONSENTCACHE (
CLIENTID VARCHAR(256) NOT NULL,
USERID VARCHAR(256),
PROVIDERID VARCHAR(256) NOT NULL,
SCOPE VARCHAR(1024) NOT NULL,
EXPIRES NUMBER(19,0),
EXTENDEDFIELDS CLOB DEFAULT '{}' NOT NULL
) TABLESPACE OAUTH STORAGE(INITIAL 50K);
---- ADD CONSTRAINTS ----
ALTER TABLE OAuthDBSchema.OAUTH20CACHE
ADD CONSTRAINT PK_LOOKUPKEY PRIMARY KEY (LOOKUPKEY);
ALTER TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG
ADD CONSTRAINT PK_COMPIDCLIENTID PRIMARY KEY (COMPONENTID,CLIENTID);
---- CREATE INDEXES ----
CREATE INDEX OAUTH20CACHE_EXPIRES ON OAuthDBSchema.OAUTH20CACHE (EXPIRES ASC);
---- GRANT PRIVILEGES ----
---- UNCOMMENT THE FOLLOWING IF YOU USE AN ACCOUNT OTHER THAN ADMINISTRATOR FOR DB ACCESS ----
-- Change dbuser to the account you want to use to access your database
GRANT ALL ON OAuthDBSchema.OAUTH20CACHE TO OAUTHDBSCHEMA;
GRANT ALL ON OAuthDBSchema.OAUTH20CLIENTCONFIG TO OAUTHDBSCHEMA;
GRANT ALL ON OAuthDBSchema.OAUTH20CONSENTCACHE TO OAUTHDBSCHEMA;
---- END OF GRANT PRIVILIGES ----
@createOauthOracle.sql
<dataSource id="OAuthFvtDataSource" jndiName="jdbc/OAuth2DB">
<jdbcDriver libraryRef="DerbyLib" />
<properties.derby.embedded
databaseName="asDB"
createDatabase="create" />
</dataSource>
<library id="DerbyLib">
<fileset dir="${shared.config.dir}/lib/global" includes="derby.jar" />
</library>
<jdbcDriver id="oracle" libraryRef="ORAJCC4LIB"/>
<library id="ORAJCC4LIB" filesetRef="orajcc4" apiTypeVisibility="spec,ibm-api,third-party"/>
<fileset dir="${shared.config.dir}/lib/global" id="orajcc4" includes="ojdbc8.jar"/>
<dataSource id="OAUTH2ORA" jndiName="jdbc/oauthProvider" jdbcDriverRef="oracle">
<properties.oracle password="*****" databaseName="ORCL" user="OAUTHDBSCHEMA" portNumber="1521" serverName="yourOracle.com"/>
</dataSource>
Ensure that you have the correct values for the following attributes:
<oauthProvider id="JazzOP"
httpsRequired="true"
autoAuthorize="true"
customLoginURL="/jazzop/form/login"
accessTokenLifetime="7201"
authorizationGrantLifetime="604801">
<autoAuthorizeClient>client01</autoAuthorizeClient>
<databaseStore dataSourceRef="OAUTH2ORA" />
</oauthProvider>
CREATE BIGFILE TABLESPACE
DATAFILE 'ORACLE_BASE/oradata/DB/.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE _TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE
DATAFILE 'ORACLE_BASE/oradata/DB/.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE _TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE QM
DATAFILE 'ORACLE_BASE/oradata/DB/QM.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE QM_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/QM_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE RM
DATAFILE 'ORACLE_BASE/oradata/DB/RM.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE RM_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/RM_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE DCC
DATAFILE 'ORACLE_BASE/oradata/DB/DCC.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE DCC_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/DCC_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE LQE
DATAFILE 'ORACLE_BASE/oradata/DB/LQE.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE LQE_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/LQE_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE LDX
DATAFILE 'ORACLE_BASE/oradata/DB/LDX.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE LDX_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/LDX_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE GC
DATAFILE 'ORACLE_BASE/oradata/DB/GC.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE GC_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/GC_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
CREATE BIGFILE TABLESPACE DW
DATAFILE 'ORACLE_BASE/oradata/DB/DW.DBF'
SIZE 1G AUTOEXTEND ON EXTENT MANAGEMENT LOCAL AUTOALLOCATE;
CREATE TEMPORARY TABLESPACE DW_TEMP
TEMPFILE 'ORACLE_BASE/oradata/DB/DW_TEMP.DBF'
SIZE 20M AUTOEXTEND ON EXTENT MANAGEMENT LOCAL UNIFORM SIZE 1M;
In the Oracle Enterprise Manager Database Control, click Server > Tablespaces and verify that the tablespaces you created are displayed and accessible. Also ensure that the default Oracle tablespace named USERS already exist. If this tablespace does not exist in your Oracle database, create it.
After the tablespaces are created, a special Oracle user must be created for each application to use the Oracle database. For multiple Jazz servers that run on one Oracle database, an Oracle database user must be created for each application. The Oracle database user must be able to create database objects in its tablespace (either unlimited or with a space quota) with privileges to create session, table, procedure, and views.
To create a user for tablespace and to grant the required permissions, enter the following commands:
CREATE USER JTS_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE JTS QUOTA UNLIMITED ON JTS TEMPORARY TABLESPACE JTS_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO JTS_DB_USER;
To create a user for tablespace and to grant the required permissions, enter the following commands:
CREATE USER PUB_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE PUB QUOTA UNLIMITED ON PUB TEMPORARY TABLESPACE PUB_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO PUB_DB_USER;
To create a user for the application tablespace and to grant the required permissions, enter the following commands:
CREATE USER _DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE QUOTA UNLIMITED ON TEMPORARY TABLESPACE _TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO _DB_USER;
To create a user for the application tablespace and to grant the required permissions, enter the following commands:
CREATE USER _DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE QUOTA UNLIMITED ON TEMPORARY TABLESPACE _TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO _DB_USER;
To create a user for the application tablespace and to grant the required permissions, enter the following commands:
CREATE USER QM_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE QM QUOTA UNLIMITED ON QM TEMPORARY TABLESPACE QM_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO QM_DB_USER;
To create a user for application tablespace and to grant the required permissions, enter the following commands:
CREATE USER RM_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE RM QUOTA UNLIMITED ON RM TEMPORARY TABLESPACE RM_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO RM_DB_USER;
To create a user for the application tablespace and to grant the required permissions, enter the following commands:
CREATE USER DCC_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE DCC QUOTA UNLIMITED ON DCC TEMPORARY TABLESPACE DCC_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO DCC_DB_USER;
To create a user for the application tablespace and to grant the required permissions, enter the following commands:
CREATE USER LQE_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE LQE QUOTA UNLIMITED ON LQE TEMPORARY TABLESPACE LQE_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO LQE_DB_USER;
To create a user for the application tablespace and to grant the required permissions, enter the following commands:
CREATE USER LDX_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE LDX QUOTA UNLIMITED ON LDX TEMPORARY TABLESPACE LDX_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO LDX_DB_USER;
To create a user for the application tablespace and to grant the required permissions, enter the following commands:
CREATE USER GC_DB_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE GC QUOTA UNLIMITED ON GC TEMPORARY TABLESPACE GC_TEMP;
GRANT CREATE PROCEDURE, CREATE SESSION, CREATE TABLE, CREATE VIEW TO GC_DB_USER;
To create a user for common data warehouse tablespace and to grant the required permissions, enter the following commands:
CREATE USER DW_USER IDENTIFIED BY Passw0rd DEFAULT TABLESPACE DW QUOTA UNLIMITED ON DW TEMPORARY TABLESPACE DW_TEMP;
GRANT DBA TO DW_USER;
Note: The creation of the data warehouse on Oracle requires more permissions as compared to other databases. When you specify the database user in the connection spec for data warehouse, ensure that the database user has DBA permissions. You can change this permission after the data warehouse is created. For more information, see Completing the installation.
To create the data warehouse without DBA permissions, see this deployment wiki article.
Create an environment variable named ORACLE_JDBC_DRIVER_FILE and point to the ojdbc8.jar JDBC driver. The location can vary depending on the Oracle product and operating system. You can download the supported Oracle JDBC driver from the Oracle website.
export ORACLE_JDBC_DRIVER_FILE =/Path_to_JDBC_driver/ojdbc8.jar
Before you begin
This procedure requires that the following prerequisites are met:
Procedure
Set up the SQL Server database by using the sqlcmd command line tool, which is provided with the SQL Server installation. You can also use a visual tool, such as SQL Server Studio Management.
Important: If you install applications either on the same computer or distributed platforms, a separate database and a database user who is associated with that database must be created.
CREATE DATABASE jts
GO
CREATE LOGIN jtsDBuser
WITH PASSWORD = 'jtsDBpswd';
USE jts;
exec sp_changedbowner 'jtsDBuser'
GO
ALTER DATABASE jts COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE jts SET READ_COMMITTED_SNAPSHOT ON
GO
CREATE DATABASE pub
GO
CREATE LOGIN pubDBuser
WITH PASSWORD = 'pubDBpswd';
USE pub;
exec sp_changedbowner 'pubDBuser'
GO
ALTER DATABASE pub COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE pub SET READ_COMMITTED_SNAPSHOT ON
GO
Note that the values in the script file are examples and you should change them according to your usage and environment. For example, if the TOKENSTRING value of 2048 is too small, you can increase that by using a datatype of TOKENSTRING NVARCHAR(MAX) NOT NULL,.
-- Manually create DATABASE using object explorer and provide name as OAUTH2DB2;
USE OAUTH2DB2;
GO
CREATE SCHEMA OAUTHDBSCHEMA;
GO
---- CREATE TABLES ----
CREATE TABLE OAUTHDBSCHEMA.OAUTH20CACHE
(
LOOKUPKEY VARCHAR(256) NOT NULL,
UNIQUEID VARCHAR(128) NOT NULL,
COMPONENTID VARCHAR(256) NOT NULL,
TYPE VARCHAR(64) NOT NULL,
SUBTYPE VARCHAR(64),
CREATEDAT BIGINT,
LIFETIME INT,
EXPIRES BIGINT,
TOKENSTRING VARCHAR(2048) NOT NULL,
CLIENTID VARCHAR(64) NOT NULL,
USERNAME VARCHAR(64) NOT NULL,
SCOPE VARCHAR(512) NOT NULL,
REDIRECTURI VARCHAR(2048),
STATEID VARCHAR(64) NOT NULL,
EXTENDEDFIELDS NVARCHAR(2048) NOT NULL DEFAULT '{}'
);
GO
CREATE TABLE OAUTHDBSCHEMA.OAUTH20CLIENTCONFIG
(
COMPONENTID VARCHAR(256) NOT NULL,
CLIENTID VARCHAR(256) NOT NULL,
CLIENTSECRET VARCHAR(256),
DISPLAYNAME VARCHAR(256) NOT NULL,
REDIRECTURI VARCHAR(2048),
ENABLED INT,
CLIENTMETADATA NVARCHAR(2048) NOT NULL DEFAULT '{}'
);
GO
CREATE TABLE OAUTHDBSCHEMA.OAUTH20CONSENTCACHE (
CLIENTID VARCHAR(256) NOT NULL,
USERID VARCHAR(256),
PROVIDERID VARCHAR(256) NOT NULL,
SCOPE VARCHAR(1024) NOT NULL,
EXPIRES BIGINT,
EXTENDEDFIELDS NVARCHAR(2048) NOT NULL DEFAULT '{}'
);
GO
---- ADD CONSTRAINTS ----
ALTER TABLE OAUTHDBSCHEMA.OAUTH20CACHE
ADD CONSTRAINT PK_LOOKUPKEY PRIMARY KEY (LOOKUPKEY);
GO
ALTER TABLE OAUTHDBSCHEMA.OAUTH20CLIENTCONFIG
ADD CONSTRAINT PK_COMPIDCLIENTID PRIMARY KEY (COMPONENTID,CLIENTID);
GO
---- CREATE INDEXES ----
CREATE INDEX OAUTH20CACHE_EXPIRES ON OAUTHDBSCHEMA.OAUTH20CACHE (EXPIRES ASC);
GO
---- GRANT PRIVILEGES ----
---- UNCOMMENT THE FOLLOWING IF YOU USE AN ACCOUNT
OTHER THAN ADMINISTRATOR FOR DB ACCESS ----
-- Change dbuser to the account you want to use to access your database
--GRANT ALL ON OAUTHDBSCHEMA.OAUTH20CACHE TO dbuser;
--GRANT ALL ON OAUTHDBSCHEMA.OAUTH20CLIENTCONFIG TO dbuser;
--GRANT ALL ON OAUTHDBSCHEMA.OAUTH20CONSENTCACHE TO dbuser;
---- END OF GRANT PRIVILIGES ----
createOauthMSSQL.sql
GO
The script will create a database called oauth2db, and then create tables in the OAuthDBSchema schema. The tables require a buffer pool that has a page size of at least 8K. The SQL script creates the necessary buffer pool and table spaces, but you can skip this if your buffer pools use page sizes of 8K or greater already.
<dataSource id=OAuthFvtDataSource
jndiName=jdbc/OAuth2DB
>
<jdbcDriver libraryRef=DerbyLib
/>
<properties.derby.embedded
databaseName=asDB
createDatabase=create
/>
</dataSource>
<library id=DerbyLib
>
<fileset dir=${shared.config.dir}/lib/global
includes=derby.jar
/>
</library>
<dataSource id=OAUTH2DBDS
jndiName=jdbc/OAUTH2DB
>
<jdbcDriver libraryRef=MSJDBCLib
/>
<properties.microsoft.sqlserver user=username
password=Password
databaseName=OAUTH2DB
serverName=SQLDBServer
portNumber=1433
/>
</dataSource>
<library id=MSJDBCLib
>
<fileset dir=${shared.config.dir}/lib/global
id=sqljdbc42
includes=sqljdbc42.jar
/>
</library>
Ensure that you have the correct values for the following attributes:
<oauthProvider id=JazzOP
httpsRequired=true
autoAuthorize=true
customLoginURL=/jazzop/form/login
accessTokenLifetime=7201
authorizationGrantLifetime=604801
>
<autoAuthorizeClient>client01</autoAuthorizeClient>
<databaseStore dataSourceRef=OAUTH2DBDS
/>
</oauthProvider>
CREATE DATABASE ccm
GO
CREATE LOGIN ccmDBuser
WITH PASSWORD = 'ccmDBpswd';
USE ccm;
exec sp_changedbowner 'ccmDBuser'
GO
ALTER DATABASE ccm COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE ccm SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE eni
GO
CREATE LOGIN eniDBuser
WITH PASSWORD = 'eniDBpswd';
USE eni;
exec sp_changedbowner 'eniDBuser'
GO
ALTER DATABASE eni COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE eni SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE qm
GO
CREATE LOGIN qmDBuser
WITH PASSWORD = 'qmDBpswd';
USE qm;
exec sp_changedbowner 'qmDBuser'
GO
ALTER DATABASE qm COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE qm SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE rm
GO
CREATE LOGIN rmDBuser
WITH PASSWORD = 'rmDBpswd';
USE rm;
exec sp_changedbowner 'rmDBuser'
GO
ALTER DATABASE rm COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE rm SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE dcc
GO
CREATE LOGIN dccDBuser
WITH PASSWORD = 'dccDBpswd';
USE dcc;
exec sp_changedbowner 'dccDBuser'
GO
ALTER DATABASE dcc COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE dcc SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE lqe
GO
CREATE LOGIN lqeDBuser
WITH PASSWORD = 'lqeDBpswd';
USE lqe;
exec sp_changedbowner 'lqeDBuser'
GO
ALTER DATABASE lqe COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE lqe SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE ldx
GO
CREATE LOGIN ldxDBuser
WITH PASSWORD = 'ldxDBpswd';
USE ldx;
exec sp_changedbowner 'ldxDBuser'
GO
ALTER DATABASE ldx COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE ldx SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE gc
GO
CREATE LOGIN gcDBuser
WITH PASSWORD = 'gcDBpswd';
USE gc;
exec sp_changedbowner 'gcDBuser'
GO
ALTER DATABASE gc COLLATE SQL_Latin1_General_CP437_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE gc SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
CREATE DATABASE dw
GO
CREATE LOGIN dwDBuser
WITH PASSWORD = 'dwDBpswd';
USE dw;
exec sp_changedbowner 'dwDBuser'
GO
ALTER DATABASE dw COLLATE SQL_Latin1_General_CP1_CS_AS
GO
Note: Ensure that the connection to the database is open before running this command.
ALTER DATABASE dw SET READ_COMMITTED_SNAPSHOT ON
GO
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
Create an environment variable named SQLSERVER_JDBC_DRIVER_FILE and point to the JDBC driver. The location of the driver varies depending on your installation.
SQLSERVER_JDBC_DRIVER_FILE =.:Path_to_JDBC_driver/sqljdbc42.jar
Note: This step is not required if you are installing together with the application.
If you are adding the to an existing server, you must use the -addTables repository tools command to add the required database tables to the database:
cd _Install_Dir\server
repotools-ccm.bat -addTables
cd _Install_Dir/server
./repotools-ccm.sh -addTables
You can use the partitioning repotools command to partition a non-partitioned REPOSITORY.VERSIONREPOSITORY_VERSION<SchemaPrefix>_REPOSITORY.VERSIONRPSTR_VRSN table in a configuration-enabled system. It will partition by Range based on Item Types. Starting in version 6.0.6.1, database table partitioning was introduced to handle performance, availability, and scalability of large amount of data (millions of artifacts) in your repository. You must install an Enterprise edition of Db2 (or Advanced edition if using Db2 11.5)Db2zDb2iOracleSQL Server database to take advantage of these features. Standard, Workgroup, Personal, or Express editions of the databas, or the default Apache Derby database do not support partitioning. The command fails if the underlying database does not support partitioning.
To enable database table partitioning, open a command window and enter the following commands:
cd /opt/IBM/QM_Server/server/
./repotools-qm.sh -partitioning teamserver.properties=conf/qm/teamserver.properties enable
cd C:\Program Files\IBM\QM_Server\server\
repotools-qm.bat -partitioning teamserver.properties=conf\qm\teamserver.properties enable
For details about the partitioning repotools command, see Repository tools command to partition a database table.
Before you begin
About this task
uses J2EE container managed authentication for login and system permissions. For application server to work, you must configure a realm with the application server. The file-based user registry is useful for testing or evaluation, because does not support importing users or mapping user roles. For the full application functionality, including viewing system user roles and importing users, supports an LDAP realm.
Configure the federated repositories
Setting up groups and users
To be able to run , you need to define groups and users in the repository and map them to Jazz groups. Before installing any applications, you must create the user groups.
You can now start the server.
cd Jazz_Install_Dir\server
server.startup.bat
You can configure ELM applications to run as Windows services. See Running ELM applications as Windows services for more information.
cd Jazz_Install_Dir/server
./server.startup
The clm_was_config.py script configures and sets up security options so that you can run applications in a WebSphere environment.
Before you begin
Ensure you have completed the following tasks:
Procedure
createJVMCustomProperty(jvm, "DB2Z_JDBC", "/etc/jazz/server/db2z", "")
createJVMCustomProperty(jvm, "ORACLE_JDBC_DRIVER_FILE", "C:\app\user\product\12.2.0\dbhome_1\jdbc\lib\ojdbc8.jar", "")
createJVMCustomProperty(jvm, "ORACLE_JDBC_DRIVER_FILE", "/opt/app/user/product/12.2.0/dbhome_1/jdbc/lib/ojdbc8.jar", "")
createJVMCustomProperty(jvm, "SQLSERVER_JDBC_DRIVER_FILE", "C:\MSSQL\jdbc\sqljdbc42.jar", "")
createJVMCustomProperty(jvm, "SQLSERVER_JDBC_DRIVER_FILE", "/opt/mssql/jdbc/sqljdbc42.jar", "")
Note: On Windows platforms you must use forward slash in the paths for the location of the Jython script and the conf directory.
cd WAS_Profile_Dir\bin
wsadmin.bat -lang jython -user WAS_USER -password WAS_PASSWORD -f C:/Jazz_Install_Dir/server/was/clm_was_config.py C:/Jazz_Install_Dir/server/conf
cd WAS_Profile_Dir/bin
./wsadmin.sh -lang jython -user WAS_USER -password WAS_PASSWORD -f /opt/Jazz_Install_Dir/server/was/clm_was_config.py /opt/Jazz_Install_Dir/server/conf
cd WAS_Profile_Dir\bin
stopServer.bat server1 -user WAS_USER -password WAS_PASSWORD
startServer.bat server1
cd WAS_Profile_Dir/bin
./stopServer.sh server1 -user WAS_USER -password WAS_PASSWORD
./startServer.sh server1
To set up for Document Builder, see Deploying Document Builder on WebSphere Application Server.
Before you begin
Ensure you have completed the following tasks:
Procedure
-Xmx4g -Xms4g -Xmn1g
-Xgcpolicy:gencon -Xnocompressedrefs
-Xmx4g -Xms4g -Xmn1g
-XX:MaxPermSize=768M -XX:ReservedCodeCacheSize=512M -XX:CodeCacheMinimumFreeSpace=2M
-Xmx4g -Xms4g -Xmn1g
-Xgcpolicy:gencon -Xcompressedrefs
-Xgc:preferredHeapBase=0x100000000
Tip: If you need more heap size, then you can use the following setting, replacing {N} with the amount of memory to be used and {N/4} with 1/4 of the total memory. For example, if -Xmx is set to 8g, -Xmn should be set to 2g.
-Xmx{N} -Xms{N} -Xmn{N/4}
For only: The -Xmn value should be 33% of the -Xms value. For example, if the -Xmx size is 4gb, the -Xmn should be 1365m. The following Deployment wiki document contains useful information about sizing and tuning: Sizing and tuning guide for .
For only: If application pages become unresponsive as a result of memory issues, see this technote for troubleshooting.
In a distributed environment, when you are using a separate application server for each web application, you must add these custom properties for each instance of the .
To avoid problems, do not use spaces in file paths. You can use double quotation marks to enclose the path.
Note: The path to the JDBC driver must be an absolute path. Do not use URL path (file:///). For more information about Oracle Java Database Connectivity (JDBC) connections, see Set up the database
step.
Note: The path to the JDBC driver must be an absolute path. Do not use URL path (file:///). For more information about SQL Server JDBC connections, see Set up the database
step.
The settings that the startup_log4j.properties file contains are used at the early stages in the startup process to pass messages to the SystemOut.log file. After the early stages, each Jazz application switches to using the application-specific settings from the Jazz_Install_Dir/server/conf/app_context/log4j.properties file.
To use the System for Cross-domain Identity Management (SCIM) standard, you must install Jazz Authorization server and configure LDAP user registry. For more information, see Configuring the for the SCIM feature.
You can use clm_deploy.py or clm_deploy_distributed.py in a distributed environment to deploy application WAR files.
Before you begin
Ensure that , , and applications are installed prior to running the script.
Complete the following steps to map the security roles to your LDAP groups. Note that the groups must be setup on the LDAP server prior to completing this mapping.
The following example shows the role mapping for the application. Replace the values with the values from your LDAP server. You might need to contact your LDAP Administrator to obtain this information:
Note: Ensure that the JazzAdmins, JazzUsers, JazzGuests, and JazzProjectAdmins security groups do not have any spaces in their names.
RoleMapping = {
'jts' : {
'JazzAdmins' : {
'mappedUser': None,
'mappedGroup': "cn=JazzAdmins,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzUsers' : {
'mappedUser': None,
'mappedGroup': "cn=JazzUsers,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzGuests' : {
'mappedUser': None,
'mappedGroup': "cn=JazzGuests,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzProjectAdmins' : {
'mappedUser': None,
'mappedGroup': "cn=JazzProjectAdmins,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
RoleMapping = {
'ccm' : {
'JazzAdmins' : {
'mappedUser': None,
'mappedGroup': "cn=JazzAdmins,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzUsers' : {
'mappedUser': None,
'mappedGroup': "cn=JazzUsers,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzGuests' : {
'mappedUser': None,
'mappedGroup': "cn=JazzGuests,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzProjectAdmins' : {
'mappedUser': None,
'mappedGroup': "cn=JazzProjectAdmins,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
RoleMapping = {
'qm' : {
'JazzAdmins' : {
'mappedUser': None,
'mappedGroup': "cn=JazzAdmins,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzUsers' : {
'mappedUser': None,
'mappedGroup': "cn=JazzUsers,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzGuests' : {
'mappedUser': None,
'mappedGroup': "cn=JazzGuests,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
'JazzProjectAdmins' : {
'mappedUser': None,
'mappedGroup': "cn=JazzProjectAdmins,cn=members,o=ldap.server.com",
'AllowAccessToEveryone':'No',
'AllowAccessToAllAuthenticatedUsers':'No'
},
About this task
The clm_deploy.py script installs all application WAR files that are available in the webapps directory into a single node.
The clm_deploy_distributed.py script can be used to install any application WAR files that are available in the webapps directory, if you specify them in your command argument as a comma-separated list.
Note: The web archive applications must have a .war extension.
Procedure
To deploy applications on a single , complete this step:
Note: On Windows platforms you must use forward slash in the paths for the location of the Jython script and the webapps directory.
cd WAS_Profile_Dir\bin
wsadmin.bat -lang jython -user WAS_USER -password WAS_PASSWORD -f C:/Jazz_Install_Dir/server/was/clm_deploy.py nodeName server1 C:/Jazz_Install_Dir/server/webapps -config C:/Jazz_Install_Dir/server/was
cd WAS_Profile_Dir/bin
./wsadmin.sh -lang jython -user WAS_USER -password WAS_PASSWORD -f /opt/Jazz_Install_Dir/server/was/clm_deploy.py nodeName server1 /opt/Jazz_Install_Dir/server/webapps -config /opt/Jazz_Install_Dir/server/was
To deploy applications in a distributed environment, complete this step:
Note: On Windows platforms you must use forward slash in the paths for the location of the Jython script and the webapps directory.
cd WAS_Profile_Dir\bin
wsadmin.bat -lang jython -user WAS_USER -password WAS_PASSWORD -f C:/Jazz_Install_Dir/server/was/clm_deploy_distributed.py nodeName server1 C:/Jazz_Install_Dir/server/webapps jts,ccm,clmhelp -config C:/Jazz_Install_Dir/server/was
cd WAS_Profile_Dir/bin
./wsadmin.sh -lang jython -user WAS_USER -password WAS_PASSWORD -f /opt/Jazz_Install_Dir/server/was/clm_deploy_distributed.py nodeName server1 /opt/Jazz_Install_Dir/server/webapps jts,ccm,clmhelp -config /opt/Jazz_Install_Dir/server/was
To start the deployed applications, restart the application server. Replace server1 with the name of your application server:
cd WAS_Profile_Dir\bin
stopServer.bat server1 -user WAS_USER -password WAS_PASSWORD
startServer.bat server1
cd WAS_Profile_Dir/bin
./stopServer.sh server1 -user WAS_USER -password WAS_PASSWORD
./startServer.sh server1
Before you begin
Procedure
Depending on the applications that you installed, the following web applications might be available for deployment:
If you are using version 9.x, you must update the JAX-RS settings before you can use the CE Connector for IoT application:
To configure the CE Connector for IoT, see Configuring the connector.
The following applications must have the same authentication methods for their users and use the same security group mapping.
Procedure
These repository groups are associated with every Jazz implementation and must be mapped to a particular group that contains the authorized users. If you are using LDAP, these groups must be set up on the LDAP server prior to completing this mapping. If you are mapping these repository groups to individual users, select the repository group and click Map Users.
Note: If in the future there will be changes to the LDAP configuration level, you must remap the security roles to the user or repository group for JTS and other installed applications.
A green arrow should appear that indicates the application is successfully started.
Note: The Converter application is supported only on Windows and Linux. For installation instructions on other unsupported platforms, see the Delegated Configuration
section of Converter Application Configuration and Troubleshooting Guide.
For information about configuring the server, see Configuring the server on IBM i.
Configure your to use LDAP registry to authenticate users.
Before you begin
If you use LDAP for user management and you enable the option to not use case-sensitive user management, make sure that is also configured to allow user management that is not case sensitive. To configure the login property after you start the server, on the Advanced Properties page of the Administrative web interface, modify the Use case insensitive user ID matching property.
Procedures
After installing the applications, databases, and starting the and other applications, you can log in to the (jts/setup) page and run the setup wizard to configure the servers.
The "Express setup" is a simplified version of the wizard that lets you set up the default Derby database and Liberty Basic User Registry. The wizard will detect and set up the applications that you have just installed.
Procedure
Important: A [fully qualified hostname] is the host name along with the DNS domain reference of the machine on which the is installed. An example of a good [fully qualified hostname] is hostname.example.com. Examples of bad [fully qualified hostname] are localhost or an IP address.
The Custom setup
wizard guides you through setting up your database, configuring email settings, configuring the user registry, and registering applications.
Before you begin
Set up the database.
Procedure
Note: If you selected the option during the installation and installed your , in the step 1 of the setup wizard, you must configure the Authorization Server. Provide the Authorization Server URL, administrative user ID, and administrative password, and then click Test Connection.
Ensure that your browser is not blocking pop-up windows. The uses a pop-up window for logging in.
Restriction: When Jazz Security Architecture SSO is enabled, the browser add-on is not supported.
Tip: The Tomcat configuration files are saved with this operation. To see the name and location of the generated XML files, click show details in the message window.
Tip: For information about how licenses can provide different levels of access to the application capabilities, see Client access license management overview.
Note: If you select J2EE for connection type, you must also set the resultSetHoldability property to 1 in . By default, this property is set to 2. If you do not set this property to 1, some of the data warehouse collection jobs might fail. For more information about resultSetHoldability, see your documentation.
If you do not configure the data warehouse, your applications will be functional but you will not be storing any reporting data and most reports will not work.
Configure your server to use LDAP registry to authenticate users.
Before you begin
If you use LDAP for user management and you enable the option to not use case-sensitive user management, ensure that is also configured to allow user management that is not case sensitive. To configure the login property, on the Advanced Properties page of the Administrative web interface, modify the Use case insensitive user ID matching property.
Procedures
<ldapRegistry
id="sample_ldap" realm="SampleLdapIDSRealm" ignoreCase="true"
host="localhost" port="389"
baseDN="ou=people,dc=jazz,dc=net"
ldapType="IBM Tivoli Directory Server">
<idsFilters
userFilter="(&(uid=%v)(objectclass=inetOrgPerson))"
groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=posixGroup)))"
userIdMap="*:uid"
groupIdMap="*:cn"
groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember">
</idsFilters>
</ldapRegistry>
The following example is for Microsoft Active Directory type:
ldapType="Microsoft Active Directory"
<activedFilters
userFilter="(&(sAMAccountName=%v)(objectcategory=user))"
groupFilter="(&(cn=%v)(objectcategory=group))"
userIdMap="user:sAMAccountName"
groupIdMap="*:cn"
groupMemberIdMap="memberof:member">
</activedFilters>
What to do next:
In a distributed environment, carry out these steps to configure the Liberty files on all servers.
Configure your Tomcat server to use LDAP registry to authenticate users.
About this task
During the setup wizard if you clicked the Save LDAP Config Files button, the Tomcat configuration files are saved in the Tomcat_Home directory. Use the following procedure to setup the Tomcat configuration files to use LDAP.
Before you begin
If you use LDAP for user management and you enable the option to not use case-sensitive user management, make sure that is also configured to allow user management that is not case sensitive. To configure the login property, on the Advanced Properties page of the Administrative web interface, modify the Use case insensitive user ID matching property.
Procedures
What to do next:
In a distributed environment, carry out these steps to configure the Tomcat files on all servers.
You can run the setup command from a command-line to set up databases, configure email settings, configure the user registry, and register any applications you have just installed.
The setup command is a repository tools command that allows you to set up a and associated applications without using the setup wizard. The command may be run in interactive mode to help capture the response file needed to drive future automated installations. See Repository tools command to configure the server for the explanation of each parameter that you can use with the command.
Before you begin
Prior to running the setup command, you must have installed the and any applications, created your databases, and deployed and started the applications on your application server.
Note: If you are using a Derby database, before running the setup command, ensure that the location of the database and data warehouse in the Jazz_Install_Dir/server/conf/jts/teamserver.propertiesJazz_Install_Dir\server\conf\jts\teamserver.properties file is an absolute path. For example: com.ibm.team.repository.db.jdbc.location=Jazz_Install_Dir/conf/jts/derby/repositoryDB and com.ibm.team.datawarehouse.db.jdbc.location=Jazz_Install_Dir/conf/jts/derby/warehouseDB.
Procedure
cd Jazz_Install_Dir\server
repotools-jts.bat -setup repositoryURL=https://qualified.hostname.com:9443/jts adminUserID=ADMINWAS_ADMIN_ID adminPassword=ADMINWAS_ADMIN_PASSWORD
cd Jazz_Install_Dir/server
./repotools-jts.sh -setup repositoryURL=https://qualified.hostname.com:9443/jts adminUserID=ADMINWAS_ADMIN_ID adminPassword=ADMINWAS_ADMIN_PASSWORD
I understand that once the Public URI is set, it cannot be modified except with additional administrative commands, which can result in broken links from other applications that do not support changing URLs.
Choose Confirm Public URI:
[1] I understand
[2] Cancel and exit setup - default
[1] JDBC - Default
[2] J2EE
[1] Derby - default
[2] Db2
[3] SQL Server
[4] Db2 for z/OS
[5] Db2i
[6] Derby Net
[7] Oracle
For example:
conf/jts/derby/repositoryDB
//localhost:50000/JTS:user=db2admin;password={password};
thin:jtsDBuser/{password}@localhost:1521/DB
//localhost:1433;databaseName=jts;user=jtsDBuser;password={password};
//ipAddress:ipPort/location:user=jtsDBuser;password={password};
[1] LIBERTY
[2] LDAP
[3] Non-LDAP External Registry
If you selected LDAP, the logged in user information is imported. If you selected Non-LDAP, the password is not required.
[1] Disable - default
[2] Do Not Disable
Note: A local application is an application that is installed under the same application server as and its details can be discovered. A non-local application is either installed in a distributed environment or not installed in the same application server as and its details must be provided by the user.
The following table displays the applications that can be registered with with their context root and discovery URL:
Application Name | Context root | Discovery URL |
|
/ccm /rqm /rm /relm /gc /ldx /rs /dcc /lqe |
https://server.example.org:9443/ccm/scr https://server.example.org:9443/rqm/scr https://server.example.org:9443/rm/scr https://server.example.org:9443/relm/scr https://server.example.org:9443/gc/scr https://server.example.org:9443/ldx/scr https://server.example.org:9443/rs/scr https://server.example.org:9443/dcc/scr https://server.example.org:9443/lqe/scr |
If the data warehouse has not been set up or a Derby database is being used then no password is required. Otherwise, enter a password for data warehouse. This step might take a few minutes.
The setup command is a repository tools command that allows you to set up a and associated applications without using the setup wizard. You can run the setup command from a command-line in express mode to set up all default values.
When you run the setup command in express mode, you are only prompted to enter information needed to create the administrative user and assign licenses to that user. All other tasks are automated using the default values. If you need to change a default value such as the Public URI entry, you can add the repositoryURL parameter in the command line. You can also use a response file that has all the recorded information needed to run the setup in express mode. See Repository tools command to configure the server for the explanation of each parameter that you can use with the command.
Procedure
cd Jazz_Install_Dir\server
repotools-jts.bat -setup repositoryURL=https://qualified.hostname.com:9443/jts express=yes
cd Jazz_Install_Dir/server
./repotools-jts.sh -setup repositoryURL=https://qualified.hostname.com:9443/jts express=yes
For () applications that support clustering such as or , the distributed data is managed by a standalone web application called .
The () is a small Java application that consists of a main JAR file, distributedCache.jar, the distributedCache.cfg file for configuration properties, and required dependencies in the jarlib directory. The microservice provides a centralized management and storage location for distributed data for clustered () applications. The is required for cluster operation; if the is not accessible, then all clustered applications will be in a 'wait' state until the is back online. The itself is not an application and may have different configuration requirements from the applications.
The must be installed and run on a machine that is accessible by all nodes of the clustered application. By default, the microservice is installed on the () machine under the server/clustering/cache directory and is started as part of the startup sequence or on demand when a clustered application asks for it. If the URL advanced property setting has not been set, a clustered application calls to discover the status of the microservice. Then attempts to locate a running process and starts the if it is not running. Often in production environments, is a back end server behind a proxy, such as , or for performance reasons, it is installed on a dedicated server. In these cases, the must be started manually, and the clustered application URL service property must be set.
Note: For optimal performance, the should be moved to a dedicated server independent from .
To move or to reconfigure the URL:
URL example:
https://myproxy.company.com/
https://myserver.company.com:10001/
Note: If you do the following step before the cluster is turned on, the changes will be propagated to other nodes when you replicate the application nodes.
as_trusted_url = $S{AuthServer.as_trusted_url, https://myserver.company.com:10001}
Note: Do not use a URL with a trailing slash for the value of the as_trusted_url property in the server/clustering/cache/distributedCache.cfg file.
Depending on your installation topology, the following configuration properties in the distributedCache.cfg file can be set.
JazzProjectAdmins=LDAPJazzAdmins,JazzAdmins=LDAPJazzAdmins,JazzUsers=LDAPJazzUsers,JazzDWAdmins=LDAPJazzAdmins,JazzGuests=LDAPJazzUsers
However, in it is set as:
{"LDAPJazzAdmins":"JazzProjectAdmins,JazzAdmins,JazzDWAdmins","LDAPJazzUsers":"JazzUsers,JazzDWAdmins"}
In short, in you specify Jazz roles to LDAP group mapping, but in you specify LDAP group to Jazz roles mapping. Note that if these properties are not set correctly, the following error message will be displayed in the log console:
The user registry settings may be set incorrectly. Please refer to the cfg file UserRegistry section.
By default, runs in SSL mode. This is controlled by the useSsl property in the [REST] section. Additional SSL related configurations are specified in the [REST-SslContextFactory] section. Ensure to specify the correct file name and path in keyStorePath.
For your reference, here are some sample configurations. Note that these samples point out only a few important parameters and not the entire configurations.
Sample 1, is:
#===========================================
# REST settings
#===========================================
[REST]
port = $E{CACHE_PORT, 10001}
stylesheet = styles/devops.css
saveConfigAction = RESTART_SERVER
useSsl = true
authType = OIDC
#===========================================
# AuthServer settings
#===========================================
[AuthServer]
auth_url = $S{AuthServer.auth_url, https://JAS_HOST:9643/oidc/endpoint/jazzop}
client_id = dcm
client_name =
as_admin_id = $S{AuthServer.as_admin_id, ADMIN}
as_admin_pass = $S{AuthServer.as_admin_pass, ADMIN}
as_trusted_url = $S{AuthServer.as_trusted_url, https://JTS_HOST:10001}
#============================================
# LDAP UserRegistry settings.
#============================================
[UserRegistry]
base_group_DN = dc=jazz,dc=domain
group_name_property = cn
group_roles_mapping = {"LDAPJazzAdmins":"JazzProjectAdmins,JazzAdmins,JazzDWAdmins","LDAPJazzUsers":"JazzUsers,JazzDWAdmins"}
Sample 2, is:
#============================================
# REST settings
#============================================
[REST]
port = $E{CACHE_PORT, 10001}
stylesheet = styles/devops.css
saveConfigAction = RESTART_SERVER
useSsl = true
authType = OIDC
#============================================
# AuthServer settings
#============================================
[AuthServer]
auth_url = $S{AuthServer.auth_url, https://JAS_HOST:9643/oidc/endpoint/jazzop}
client_id = dcm
client_name =
as_admin_id = $S{AuthServer.as_admin_id, ADMIN}
as_admin_pass = $S{AuthServer.as_admin_pass, ADMIN}
as_trusted_url = $S{AuthServer.as_trusted_url, https://IHS_HOST}
If the is fronted by a proxy server, it must be configured to forward requests to the appropriate host and port where the is running. By default, an cluster expects the to be running on the same host as , configured securely on port 10001.
To modify an IHS configuration, make changes to the following files:
a) httpd.conf - Add the following entry to listen on the default port (10001). The default port can be changed in the distributedCache.cfg. Note that the following change is only required if you plan to have the port as part of the URL. If you plan to mask the port from its URL, then no change is required in the httpd.conf file.
Listen 10001
<VirtualHost *:10001>
SSLEnable
SSLServerCert <IHS server cert alias>
</VirtualHost>
b) plugin-cfg.xml - Add the following entry to forward requests on port 10001 to the appropriate server. Note that the only requires /jsa and /dcm context roots to be forwarded.
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="microservice_Cluster" PostBufferSize="64" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60">
<Server ConnectTimeout="0" ExtendedHandshake="false" MaxConnections="-1" Name="microservice" ServerIOTimeout="9000" WaitForContinue="false">
<Transport Hostname="<JTS_HOSTNAME>" Port="10001" Protocol="https">
<Property Name="keyring" Value="<File Path of keystore file (kdb)>"/>
<Property Name="stashfile" Value="<File Path of stash file file (sth)>"/>
</Transport>
</Server>
</ServerCluster>
<UriGroup Name="microservice_Cluster_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/jsa/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/dcm/*"/>
</UriGroup>
<Route ServerCluster="microservice_Cluster" UriGroup="microservice_Cluster_URIs" VirtualHostGroup="default_host"/>
c) Update the keystore database files to add an entry for the certificate based on the keystore updates to the plugin-cfg.xml file.
All the required files and scripts to start and stop the microservice are in the server/clustering/cache directory. To run the microservice, you must have a JVM version 1.8 or later installed. You can start the microservice by using the included script, or you can start it by using the following command:
java –Xms2G –Xmx3G -jar distributedCache.jar
You can change the values of JVM Xms and Xmx arguments in the command as per your requirements.
Note:
Starting the microservice:
To start the microservice, open a command windowshell and enter the following commands:
cd Path_To__Folder
start distributedCache.start.bat JRE_Bin_Path
cd PATH_To__Folder
./distributedCache.start.sh JRE_Bin_Path > /dev/null &
Where:
Path_To__Folder is where the is installed and JRE_Bin_Path is the location of the JRE/Bin folder. The JRE_Bin_Path is optional. If it's not specified, the system considers that is running from its default location and uses the JRE that is provided by the application.
Stopping the microservice:
To stop the microservice, open a command windowshell and enter the following commands:
cd Path_To__Folder
distributedCache.stop.bat JRE_Bin_Path
cd Path_To__Folder
./distributedCache.stop.sh JRE_Bin_Path
Where:
() is used to authenticate the . To register the microservice, several parameters are configured in the distributedCache.cfg file under the AuthServer and UserRegistry sections as explained in the previous section. The will be registered to the automatically after it is started for the first time. After the is registered with the , the following properties are updated in the distributedCache.cfg file: client_secret and registration_completed = true. By default, will be registered on with client_id as dcm. If you need to update the registration for , you can delete the existing registration and registering again with :
client_secret = $S{AuthServer.client_secret}
cd JAS_Install_Dir\cli
rmclient.bat -a AUTH_SERVER_URL -u ADMIN:ADMIN dcm
cd JAS_Install_Dir/cli
./rmclient -a AUTH_SERVER_URL -u ADMIN:ADMIN dcm
Where AUTH_SERVER_URL is the auth_url specified in the configuration file. The ADMIN:ADMIN parameter is the administrative user credentials, consisting of a user ID and password separated by a colon. And dcm is the Authorization Server client ID for the microservice registartion.
After you complete the setup and configuration of a single node, you can transform it into a cluster by replicating the nodes.
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.cluster.nodeId="ccm1""
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.service.internal.db.allowConcurrentAccess=true"
JAVA_OPTS="$JAVA_OPTS -Dretry.count=0"
JAVA_OPTS="$JAVA_OPTS -Dretry.wait=10"
Replace ccm1 with the name or ID of the node. This name must be unique among all the nodes. Later on when you copy the settings to other nodes, you must change this value on all nodes, for example, ccm2, ccm3, and so on.
When you registered your application, you used the HAProxy URL, so the does not have host names for the specific nodes. After you add a new node to your cluster, you must also add it to the client registration.
Note: When you add your second node, you must also add the first node's hostname to the registration.
The following files are included in the clustering directory:
Client ID: The client ID of the clustered application registered on . To obtain the client ID open the teamserver.properties file and look for the com.ibm.team.repository.servlet.sso_clientId property.
Local node URL: Is the fully qualified host name and port number of the computer where application is installed. Note that this is not the public URL of the application that was used during application registration. This host name is also used in the HAProxy config file in the backend section.
./addNodeReg.shaddNodeReg.bat client ID https://_Hostname:Port/appContext
Note: Ensure to run the addNodeReg script on the first node that you used for the initial setup.
You can replicate the application on all nodes in two ways. You can install the application on all other nodes and only copy the teamserver.properties and server.startup files from the first node to the other nodes. Alternatively, you can copy the entire installation directory from the first node to the other nodes. Do not forget to change the node IDs in the server.startup file on all nodes so that they all have unique IDs.
Open the HAProxy configuration file and verify that it lists the host names of your actual nodes and that the number of lines matches the number of nodes. Edit the configuration file as needed, and restart the HAProxy service.
Start server on every node. Check the HAProxy console to ensure all back-end servers are online.
After you complete the setup and configuration of a single node, you can transform it into a cluster by replicating the nodes.
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.cluster.nodeId="qm1""
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.service.internal.db.allowConcurrentAccess=true"
JAVA_OPTS="$JAVA_OPTS -Dretry.count=0"
JAVA_OPTS="$JAVA_OPTS -Dretry.wait=10"
Replace qm1 with the name or ID of the node. This name must be unique among all the nodes. Later on when you copy the settings to other nodes, you must change this value on all nodes, for example, qm2, qm3, and so on.
When you registered your application, you used the HAProxy URL, so the does not have host names for the specific nodes. After you add a new node to your cluster, you must also add it to the client registration.
Note: When you add your second node, you must also add the first node's hostname to the registration.
The following files are included in the clustering directory:
Client ID: The client ID of the clustered application registered on . To obtain the client ID open the teamserver.properties file and look for the com.ibm.team.repository.servlet.sso_clientId property.
Local node URL: Is the fully qualified host name and port number of the computer where the application is installed. Note that this is not the public URL of the application that was used during application registration. This host name is also used in the HAProxy config file in the backend section.
./addNodeReg.shaddNodeReg.bat client ID https://_Hostname:Port/appContext
Note: Ensure to run the addNodeReg script on the first node that you used for the initial setup.
You can replicate the application on all nodes in two ways. You can install the application on all other nodes and only copy the teamserver.properties and server.startup files from the first node to the other nodes. Alternatively, you can copy the entire installation directory from the first node to the other nodes. Do not forget to change the node IDs in the server.startup file on all nodes so that they all have unique IDs.
Open the HAProxy configuration file and verify that it lists the host names of your actual nodes and that the number of lines matches the number of nodes. Edit the configuration file as needed, and restart the HAProxy service.
Start server on every node. Check the HAProxy console to ensure all back-end servers are online.
Complete the following steps to add more replicas after your clustered environment is set up.
Complete the following steps to add more replicas after your clustered environment is set up.
After completing the custom setup, you might see the following diagnostic failure message for one or more applications:
Application: the discovery resource at https://JTS_HOST:9443/ccm/rootservices for "/ccm" has different OAuth domains than the entry does.
OAuth domains from the discovery resource: [https://JTS_HOST:9443/ccm]
Application OAuth domains: []
This error might be caused by an incomplete synchronization of applications from the repository tools (repotools) commands. To fix the issue, complete the following steps to manually synchronize the applications:
cd Jazz_Install_Dir/\server
./repotools-jtsrepotools-jts -listFriends repositoryURL=https://JTS_HOST:9443/jts adminUserId=adminUserId adminPassword=adminPassword
./repotools-jtsrepotools-jts -synchFriend repositoryURL=https://JTS_HOST:9443/jts adminUserId=adminUserId adminPassword=adminPassword friendId=FriendID_From_PreviousStep
If you installed or another similar proxy server in front of the clustered environment, you must ensure that it is enabled to accept the content (payload) from all HTTP requests such as GET, PUT, POST, and so on. If this capability is not enabled, you might receive HTTP 400 Bad request
errors in the proxy server because some of the HTTP GET requests are sent with a payload and rejected by the proxy.
To avoid such errors, in the proxy server's plugin-cfg.xml file, set AcceptAllContent="true".
The number of requests between or cluster members and can quickly increase and fill the disk space. You can modify the rsyslog config file so that certain HAProxy messages are discarded while logging the rest. To do this, add a tilde (~) to the end of the line that you want to discard. Example:
:msg, regex, "/map/" ~
local2.* /var/log/haproxy.log
& stop
For detailed instructions about activating configuration management and enabling project areas including a link to obtain an activation key, see Getting started for application administrators.
Note: Installation of is not supported on Windows platforms.
provides secure, rapid, bidirectional messaging for the Internet of Things (IoT) and mobile environments. is a high performance MQTT broker.
Procedure
To install a non-Dockerized version of , follow these steps:
Note: An IBMid is required to access these files. If you do not have an IBMid, you will be prompted to create one before you can download .
For complete instructions, see the documentation.
uses organizational configuration objects called hubs to define configuration policies.
Procedure
After logging into the Web UI by following the procedure in the previous task, create a new hub and then create and assign a connection policy, messaging policy and endpoint.
After you installed and configured , you must add the MQTT broker URI in the Advanced Properties section of the administrative Web UI:
Procedure
To learn about other configuration settings for multiple GCM instances, see Configuring multiple GCM instances.
After you install and start the server, you can use to collect data from the registered applications and load them into the data warehouse. For detailed instructions, see Collecting data with the .
After Document Builder is installed and started, you can configure it to add users, flags, or enable your server for HTTPS. For details, see Configuring Document Builder.
To further configure Document Builder on the WebSphere Application Server Liberty Profile, see Deploying Document Builder on WebSphere Application Server Liberty Profile.
After installing and setting up the server, you can install the Eclipse client to connect to the server. To install the client for Eclipse IDE by using IBM Installation Manager, see Installing the Eclipse client by using Installation Manager.
To configure Kerberos server and client single-sign-on authentication, see Configuring Kerberos single-sign-on authentication.