Install FileNet P8 without CPIT

I’ve been focusing a lot lately on how to install P8 with CPIT. Mostly because this is easier, faster, and usually more convenient, but it has inconveniences as well. Installing all components separatly has a few benefits and I thought it was time to write how to do that:

  • Install different versions of the components
  • Install Fix Packs during install
  • Use different technologies
  • Split components on different servers
  • Use pre-installed components (LDAP, DB, …)
  • Optimize install size by deleting binaries after each install
  • And for curious people, understand better what’s going on 🙂

This will be a long post, but I’ll try to split this step by step and explain precisely what is going on. At the end of this post, I will give the full script you can run to install a full platform. Unlike the CPIT installer, I’ve tried to keep everything in one script to ease distribution, installation and customization. That’s why you will see a lot of HERE-doc commands to create files on-the-go. At this moment I’m using only one dependency, which is a file from the CPIT installer: cpt-actions.jar. This is the java tool allowing us to create the default domain and object store. This is quite basic to implement using the Java API so I hope to write soon how to rewrite this tool so we can get rid of all dependency on CPIT.

Pre-requisites

As for the CPIT, a few dependencies need to be installed before starting. Also, some configurations need to be done.

#!/bin/bash
# Change this to the password you want to use
password=IBMFileNetP8
# Where to find all binaries, renamed as for the CPIT
binaries=/cpit_binaries
# If you want to delete the decompressed binaries after install, set this to true
cleanBinaries=true
# If your hostname is correctly set you can keep this, if not set it here and the script will set it properly everywhere
NAME=`hostname`

# Setup, do not touch
baseDir=`pwd`
logDir=`pwd`/log
mkdir -p $logDir

# Checking all binaries are present
[[ -f $binaries/db2.tar.gz ]] || { echo "db2.tar.gz does not exit"; exit 1; }
[[ -f $binaries/db2lic.zip ]] || { echo "db2lic.zip does not exit"; exit 1; }
[[ -f $binaries/tds.tar ]] || { echo "tds.tar does not exit"; exit 1; }
[[ -f $binaries/tdsfp.tar ]] || { fpMissing "tdsfp.tar"; }
[[ -f $binaries/tdsgskit.tar ]] || { echo "tdsgskit.tar does not exit"; exit 1; }
[[ -f $binaries/im.zip ]] || { echo "im.zip does not exit"; exit 1; }
[[ -f $binaries/WAS_V8.5.5_1_OF_3.zip ]] || { echo "WAS_V8.5.5_1_OF_3.zip does not exit"; exit 1; }
[[ -f $binaries/WAS_V8.5.5_2_OF_3.zip ]] || { echo "WAS_V8.5.5_2_OF_3.zip does not exit"; exit 1; }
[[ -f $binaries/WAS_V8.5.5_3_OF_3.zip ]] || { echo "WAS_V8.5.5_3_OF_3.zip does not exit"; exit 1; }
[[ -f $binaries/ce.tar.gz ]] || { echo "ce.tar.gz does not exit"; exit 1; }
[[ -f $binaries/cefp.tar.gz ]] || { fpMissing "cefp.tar.gz";}
[[ -f $binaries/cec.tar.gz ]] || { echo "cec.tar.gz does not exit"; exit 1; }
[[ -f $binaries/cecfp.tar.gz ]] || { fpMissing "cecfp.tar.gz"; }
[[ -f $binaries/icn.tar ]] || { echo "icn.tar does not exit"; exit 1; }
[[ -f $binaries/icnfp.tar ]] || { fpMissing "icnfp.tar"; }

# I'm using xmlstarlet to edit easily XML files when configuring the CE and ICN
command -v xmlstarlet >/dev/null 2>&1 || { rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm;yum -y install xmlstarlet; }

function fpMissing {
  while true; do
    read -p "
****************************** WARNING ******************************
Fix pack $1 is missing.
Are you sure you want to install without it?
****************************** WARNING ******************************
Are you sure? (yes/no):
" yn
    case $yn in
      [Yy]* ) break;;
      [Nn]* ) exit;;
      * ) echo "Please answer yes or no.";;
    esac
  done
}

# Install some required pre-requisites to make sure installs work
yum -y install ld-linux.so.2 libgcc_s.so.1 libX11.so.6 libXp.i686 libXp.x86_64 libXpm.i686 libXpm.x86_64 gtk2.x86_64 gtk2.i686 libXft.i686 libXft.x86_64 libXmu.i686 libXmu.x86_64 libXtst.i686 libXtst.x86_64 ksh ksh.x86_64 unzip bc sed compat-db47.i686 compat-db47.x86_64 pam.i686 pam.x86_64 elfutils.x86_64 elfutils-libs.i686 elfutils-libs.x86_64 rpm-build.x86_64 libgcc_s.so.1 libaio.x86_64 libstdc++.so.5 libstdc++.so.6 glibc.i686 libgcc.i686 libgcc.x86_64 libstdc++.so.5 compat-libstdc++-33.i686 compat-libstdc++-33.x86_64
# Disable SELinux for the install just to be sure
/usr/sbin/setenforce 0

# Setting name properly
sed -i "s/HOSTNAME=.*$/HOSTNAME=$NAME/g" /etc/sysconfig/network
hostname $NAME
sed -i "s/localhost4\slocalhost4.localdomain4\s*$/localhost4 localhost4.localdomain4 $NAME/g" /etc/hosts
sed -i "s/localhost6\slocalhost6.localdomain6\s*$/localhost6 localhost6.localdomain6 $NAME/g" /etc/hosts
echo $NAME > /etc/HOSTNAME

# Create the base folder and symlink it to avoid errors
mkdir /opt/IBM
ln -s /opt/IBM /opt/ibm
chmod 775 /opt/IBM
# Symlink ksh to be sure it's found
ln -s /bin/ksh /usr/bin/ksh

mkdir $baseDir/tdsgskit
tar -xf $binaries/tdsgskit.tar -C $baseDir/tdsgskit
echo Installing gskit
rpm -Uhv $baseDir/tdsgskit/8.0.14.27-ISS-GSKIT-LinuxX64-FP0027/64/gsk*rpm

Create system users

This step create all groups and users needed for the install.

# Add FileNet groups
groupadd fnadmin
groupadd fnop
groupadd fnusr

# System user for the P8 GCD DB
adduser gcddbusr
echo $password | passwd --stdin gcddbusr

# System user for the P8 OS DBs
adduser osdbuser
echo $password | passwd --stdin osdbuser

# System user for the ICN DB
adduser nxsdbusr
echo $password | passwd --stdin nxsdbusr

# Add P8Admin user and add it to the correct groups
adduser -G fnadmin,fnop,fnusr,adm,bin,sys P8Admin
echo $password | passwd --stdin P8Admin
useradd -G fnadmin,fnop,fnusr,adm,root,bin,daemon,sys,disk,wheel P8Admin
echo $password | passwd --stdin P8Admin

Install DB2

This step installs DB2 and creates an instance we will use to create our databases later. We need a Database Management System for TDS (users/groups), for FileNet (GCD and Object Stores), and for ICN.

# Inflate binaries
mkdir $baseDir/db2
mkdir $baseDir/db2lic
tar xfz $binaries/db2.tar.gz -C $baseDir/db2
unzip -q $binaries/db2lic.zip -d $baseDir/db2lic

# Create the DB2 response file, we want an instance for TDS ready
cat >$baseDir/db2.rsp<<EOF
PROD                      = ENTERPRISE_SERVER_EDITION
FILE                      = /opt/ibm/db2/V9.7
LIC_AGREEMENT             = ACCEPT         ** ACCEPT or DECLINE
INTERACTIVE              = NONE            ** NONE, YES, MACHINE
INSTALL_TYPE              = TYPICAL         ** TYPICAL, COMPACT, CUSTOM
INSTANCE                  = DB2_INST        ** char(8)  no spaces
DB2_INST.NAME             = dsrdbm01        ** char(8)  no spaces, no upper case letters
DB2_INST.GROUP_NAME       = grrdbm01        ** char(30) no spaces
DB2_INST.HOME_DIRECTORY   = /home/dsrdbm01 ** char(64) no spaces. Valid for root installation only
DB2_INST.PASSWORD         = $password ** Valid for root installation only
DB2_INST.TYPE            = ESE             ** DSF ESE WSE STANDALONE CLIENT
DB2_INST.AUTOSTART        = YES             ** YES or NO
DB2_INST.START_DURING_INSTALL = YES         ** YES or NO. Default is YES.
DB2_INST.SVCENAME        = dsrdbm01svcids   ** BLANK or char(14). Reserved for root installation only
DB2_INST.PORT_NUMBER     = 3737           ** 1024 - 65535, Reserved for root installation only
DB2_INST.FENCED_GROUP_NAME = db2fsdm1       ** char(30)  no spaces
EOF

# We need to free the port 3737 in the services file, this service is not used and conflict with DB2
sed -i "s/3737\/tcp/37370\/tcp/g" /etc/services

# Run the installer using our response file
$baseDir/db2/server/db2setup -r $baseDir/db2.rsp -l $logDir/db2install.txt

# Set the DB2 license
/opt/ibm/db2/V9.7/adm/db2licm -a $baseDir/db2lic/ese_o/db2/license/db2ese_o.lic
/opt/ibm/db2/V9.7/adm/db2licm -l

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/db2lic $baseDir/db2; fi

Install Tivoli Directory Server

This steps installs an LDAP server we will use as LDAP server for the platform. In our case we will use TDS.

mkdir $baseDir/tds
tar xf $binaries/tds.tar -C $baseDir/tds
cat >$baseDir/tds.rsp<<EOF
-silent
-G createDirectoryResponse="yes"
-G replaceExistingResponse="yesToAll"
# install destination - this can be modified to install location 
-P product.installLocation="/opt/IBM/ldap/V6.3"
-P DB2Feature.active=true
-P BaseServerFeature.active=true
-P ServerFeature.active=true
-P ProxyServerFeature.active=false
-P JavaClientFeature.active=true
-P ClientFeature.active=true
-P WebadminFeature.active=true
-P GSKITFeature.active=false
-P AppSrvFeature.active=false
# Replace the following with a valid Userid for the Db2 administrator. Used only if DB2 is being installed.
-W LdapInit.silentDB2Admin="P8Admin"
# Replace the following with a valid password for the Db2 administrator. Used only if DB2 is being installed.
-W LdapInit.silentDB2AdminPW="$password"
# This must be last line. Be sure no blank lines or carriage controls follow!
EOF

cd $baseDir/tds/tdsV6.3/tds
./install_tds.bin -is:silent -options $baseDir/tds.rsp -is:log $logDir/installtds63.txt

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/tds; fi

cd $baseDir
mkdir $baseDir/tdsfp
tar xf $binaries/tdsfp.tar -C $baseDir/tdsfp
cd $baseDir/tdsfp/6.3.0.24-ISS-ITDS-LinuxX64-FP0024

# Install the license first so we don't get prompt when installing FP24
./license/idsLicense -q
./idsinstall -u -f >$logDir/installtds63fp.txt

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/tdsfp; fi

# Configure TDS 
# This one must be called as ./, not absolute path from somewhere else or it doesn't work
cd /opt/IBM/ldap/V6.3/idstools
./idsdefinst -p $password -w $password -e encryptionseed
if [ ! -d /home/dsrdbm01/dsrdbm01/NODE0000 ]; then echo ERROR:  TDS Default instance was not created.; exit 1; fi
	
echo "# The following three lines have been added by IBM DB2 instance utilities." >> /home/dsrdbm01/.profile
echo "if [ -f /home/dsrdbm01/sqllib/db2profile ]; then" >> /home/dsrdbm01/.profile
echo "		. /home/dsrdbm01/sqllib/db2profile" >> /home/dsrdbm01/.profile
echo "fi" >> /home/dsrdbm01/.profile

Install Installation Manager

Installation Manager is required to install WebSphere.

cd $baseDir
mkdir $baseDir/im
unzip -q $binaries/im.zip -d $baseDir/im
chmod 777 $baseDir/im/installc
$baseDir/im/installc -acceptLicense

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/im; fi

Install WebSphere Application Server

This step installs WebSphere, which we will use to deploy FileNet, ICN and TDS Admin server.

cd $baseDir
mkdir $baseDir/was
unzip -q $binaries/WAS_V8.5.5_1_OF_3.zip -d $baseDir/was
unzip -q $binaries/WAS_V8.5.5_2_OF_3.zip -d $baseDir/was
unzip -q $binaries/WAS_V8.5.5_3_OF_3.zip -d $baseDir/was
cat >$baseDir/was-install.xml<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!--The "acceptLicense" attribute has been deprecated. Use "-acceptLicense" command line option to accept license agreements.-->
<agent-input acceptLicense='true'>
  <server>
    <repository location='$baseDir/was'/>
  </server>
  <profile id='IBM WebSphere Application Server V8.5' installLocation='/opt/ibm/WebSphere/AppServer'>
    <data key='eclipseLocation' value='/opt/ibm/WebSphere/AppServer'/>
    <data key='user.import.profile' value='false'/>
    <data key='cic.selector.os' value='linux'/>
    <data key='cic.selector.ws' value='gtk'/>
    <data key='cic.selector.arch' value='x86'/>
    <data key='cic.selector.nl' value='en'/>
  </profile>
  <install modify='false'>
    <offering id='com.ibm.websphere.BASE.v85' version='8.5.5000.20130514_1044' profile='IBM WebSphere Application Server V8.5' features='thinclient,ejbdeploy,core.feature,embeddablecontainer,com.ibm.sdk.6_64bit' installFixes='none'/>
  </install>
  <preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/IBM/IMShared'/>
  <preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
  <preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
  <preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
  <preference name='offering.service.repositories.areUsed' value='true'/>
  <preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
  <preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
  <preference name='http.ntlm.auth.kind' value='NTLM'/>
  <preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
  <preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
  <preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
  <preference name='PassportAdvantageIsEnabled' value='false'/>
  <preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
  <preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
  <preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
  <preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
  <preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>
EOF
/opt/IBM/InstallationManager/eclipse/tools/imcl -input $baseDir/was-install.xml -log $logDir/was85_install.log -acceptLicense
# Create profiles
/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName AppSrv01 -cellName P8Node01Cell -nodeName P8Node01 -serverName server1 -enableAdminSecurity true -adminUserName P8Admin -adminPassword $password
/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName AppSrv02 -cellName P8Node02Cell -nodeName P8Node02 -serverName server1 -enableAdminSecurity true -adminUserName P8Admin -adminPassword $password

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/was; fi

Configure DB2 for FileNet

In this step, we create the databases foneeded for FileNet:

  • The Global Configuration Database (GCD)
  • One database for the first object store
  • One database for the second object store
usermod -a -G root dsrdbm01
usermod -a -G root gcddbusr
usermod -a -G root osdbuser
usermod -a -G root P8Admin

usermod -a -G grrdbm01 dsrdbm01
usermod -a -G grrdbm01 gcddbusr
usermod -a -G grrdbm01 osdbuser
usermod -a -G grrdbm01 P8Admin

# Create he DB locations on the disk
mkdir -p /opt/IBM/DB2Databases
chmod 777 /opt/IBM/DB2Databases

cat >$baseDir/createFNdbs.sh<<EOF
db2 CONNECT RESET

echo "Creating Content Engine GCD database, tablespace, and granting proper rights to gcddbusr ..."
db2 CREATE DATABASE GCD_DB AUTOMATIC STORAGE YES  ON /opt/IBM/DB2Databases  USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM PAGESIZE 32768
db2 CONNECT TO GCD_DB
db2 CREATE  REGULAR  TABLESPACE GCD_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 GRANT  CREATETAB,CONNECT ON DATABASE  TO USER gcddbusr
db2 GRANT USE OF TABLESPACE GCD_TS TO USER gcddbusr
db2 CONNECT RESET

echo "Creating Content Engine TARGET Object Store database, tablespaces, and granting proper rights to osdbuser ..."
db2 CREATE DATABASE TARGETDB AUTOMATIC STORAGE YES  ON /opt/IBM/DB2Databases  USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM PAGESIZE 32768
db2 CONNECT TO TARGETDB
db2 CREATE  REGULAR  TABLESPACE CEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 CREATE  USER TEMPORARY  TABLESPACE USRTEMP_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP
db2 GRANT  CREATETAB,CONNECT ON DATABASE  TO USER osdbuser
db2 GRANT USE OF TABLESPACE CEDATA_TS TO USER osdbuser
db2 GRANT USE OF TABLESPACE USRTEMP_TS TO USER osdbuser
db2 CREATE  REGULAR  TABLESPACE PEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 GRANT  SECADM ON DATABASE  TO USER P8Admin
db2 GRANT CREATETAB,CONNECT ON DATABASE TO user P8Admin
db2 grant use of tablespace pedata_ts to user P8Admin
db2 UPDATE DATABASE CONFIGURATION USING APPLHEAPSZ 2560 IMMEDIATE
db2 CONNECT RESET
echo "--------------------"

echo "Creating Content Engine DESIGN Object Store database, tablespaces, and granting proper rights to osdbuser ..."
db2 CREATE DATABASE DESIGNDB AUTOMATIC STORAGE YES  ON /opt/IBM/DB2Databases  USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM PAGESIZE 32768
db2 CONNECT TO DESIGNDB
db2 CREATE  REGULAR  TABLESPACE CEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 CREATE  USER TEMPORARY  TABLESPACE USRTEMP_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP
db2 GRANT  CREATETAB,CONNECT ON DATABASE  TO USER osdbuser
db2 GRANT USE OF TABLESPACE CEDATA_TS TO USER osdbuser
db2 GRANT USE OF TABLESPACE USRTEMP_TS TO USER osdbuser
db2 CREATE  REGULAR  TABLESPACE PEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 GRANT  SECADM ON DATABASE  TO USER P8Admin
db2 GRANT CREATETAB,CONNECT ON DATABASE TO user P8Admin
db2 grant use of tablespace pedata_ts to user P8Admin
db2 UPDATE DATABASE CONFIGURATION USING APPLHEAPSZ 2560 IMMEDIATE
db2 CONNECT RESET
echo "--------------------"

db2 CONNECT RESET
echo "--------------------"
EOF

# Change DB2 port
cat >$baseDir/setDB2port.sh<<EOF
db2 update dbm cfg using SVCENAME 3737
db2stop FORCE
db2start
db2 get dbm cfg | grep SVCENAME
EOF

# Start the instance
/opt/ibm/db2/V9.7/instance/db2istrt dsrdbm01
chmod a+x $baseDir/createFNdbs.sh
chmod a+x $baseDir/setDB2port.sh
su - dsrdbm01 -c $baseDir/createFNdbs.sh
su - dsrdbm01 -c $baseDir/setDB2port.sh
rm -f $baseDir/createFNdbs.sh
rm -f $baseDir/setDB2port.sh

if [ ! -d /opt/IBM/DB2Databases/dsrdbm01/NODE0000 ]; then echo "ERROR:  P8 Database was not created."; exit 1; fi

Create default users in TDS

We need to create a few users in our LDAP to use to configure FileNet/ICN.

cat >$baseDire/users.ldif<<EOF
dn: o=sample
objectclass: top
objectclass: domain
dc: o=sample
o: sample

dn: cn=P8Admin,o=sample
cn: P8Admin
sn: P8Admin
userpassword: $password
objectclass: top
objectclass: organizationalPerson
objectclass: person

dn: cn=tester,o=sample
cn: tester
sn: tester
userpassword: $password
objectclass: top
objectclass: organizationalPerson
objectclass: person

dn: cn=P8Admins,o=sample
objectclass: groupOfNames
objectclass: top
cn: P8Admins
member: cn=P8Admin,o=sample

dn: cn=GeneralUsers,o=sample
objectclass: groupOfNames
objectclass: top
cn: GeneralUsers
member: cn=P8Admin,o=sample
member: cn=tester,o=sample
EOF

/opt/IBM/ldap/V6.3/sbin/idsldif2db -i $baseDire/users.ldif -I dsrdbm01

# Start TDS
/opt/IBM/ldap/V6.3/sbin/ibmslapd -I dsrdbm01

Deploy the TDS Admin server in WAS

TDS can be administrate in an easier way with a web application instead of always using command line tools, so let’s do that.

# Start WAS, let's start both profile for later
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startServer.sh server1
/opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/startServer.sh server1

cat >$baseDir/deploy.py<<EOF
server = AdminConfig.getid('/Server:server1/')
AdminApp.install('/opt/ibm/ldap/V6.3/idstools/IDSWebApp.war',['-MapRolesToUsers', "[['All Authenticated' No Yes '' '']]", '-MapModulesToServers', "[[ '.*'  '.*.war,.*' server]]", '-MapWebModToVH', "[[ '.*'  '.*.war,.*' 'default_host']]", '-appname', 'IDSWebApp', '-contextroot', 'IDSWebApp'])
AdminConfig.save()

dep = AdminConfig.getid("/Deployment:IDSWebApp/")
depObject = AdminConfig.showAttribute(dep, "deployedObject")
classldr = AdminConfig.showAttribute(depObject, 'classloader')
AdminConfig.modify(classldr, [['mode', 'PARENT_LAST']])

modules = AdminConfig.showAttribute(depObject, 'modules')
modules = modules[1:len(modules)-1].split(" ")
for module in modules:
  if (module.find('WebModuleDeployment')!= -1):
    uri = AdminConfig.showAttribute(module, 'uri')
    if (uri == "web_client.war"):
      cl = AdminConfig.list('Classloader', module)
      if (cl):
        AdminConfig.modify(cl, [['mode', 'PARENT_LAST']])
      else:
        AdminConfig.create('Classloader', module, [['mode', 'PARENT_LAST']])

AdminConfig.save()

appManager = AdminControl.queryNames('cell=P8Node01Cell,node=P8Node01,type=ApplicationManager,process=server1,*')
AdminControl.invoke(appManager, 'startApplication', 'IDSWebApp')
EOF
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/deploy.py
rm -f $baseDir/deploy.py

Install CE and its FP if any

cd $baseDir
mkdir $baseDir/ce
tar xzf $binaries/ce.tar.gz -C $baseDir/ce
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/ce/ce_silent_install.txt
$baseDir/ce/5.2.1-ICFCPE-LINUX.BIN -i silent -f $baseDir/ce/ce_silent_install.txt
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/ce; fi

if [[ -f $binaries/cefp.tar.gz ]]; then
  cd $baseDir
  mkdir $baseDir/cefp
  tar xzf $binaries/cefp.tar.gz -C $baseDir/cefp
  sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/cefp/ce_silent_install.txt
  $baseDir/cefp/5.2.1.5-P8CPE-LINUX-FP005.BIN -i silent -f $baseDir/cefp/ce_silent_install.txt
  if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/cefp; fi
fi

Install ICN and its FP if any

cd $baseDir
mkdir $baseDir/icn
tar xf $binaries/icn.tar -C $baseDir/icn
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/icn/ecmclient_silent_install.txt
$baseDir/icn/IBM_CONTENT_NAVIGATOR-2.0.3-LINUX.bin -f $baseDir/icn/ecmclient_silent_install.txt -i silent
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/icn; fi

if [[ -f $binaries/icnfp.tar ]]; then
  cd $baseDir
  mkdir $baseDir/icnfp
  tar xf $binaries/icnfp.tar -C $baseDir/icnfp
  sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/icnfp/ecmclient_silent_install.txt
  $baseDir/icnfp/IBM_CONTENT_NAVIGATOR-2.0.3.8-FP008-LINUX.bin -f $baseDir/icnfp/ecmclient_silent_install.txt -i silent
  if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/icnfp; fi
fi

Install CEC and its FP if any

cd $baseDir
mkdir $baseDir/cec
tar xzf $binaries/cec.tar.gz -C $baseDir/cec
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/cec/ceclient_silent_install.txt
# Enable only ICN
sed -i "s/UPDATE_\([A-Z0-9]\+\)=1/UPDATE_\1=0/g" $baseDir/cec/ceclient_silent_install.txt
sed -i "s/UPDATE_CN=0/UPDATE_CN=1/" $baseDir/cec/ceclient_silent_install.txt
sed -i "s/CEServer/localhost/g" $baseDir/cec/ceclient_silent_install.txt
sed -i "s/CEserver/localhost/g" $baseDir/cec/ceclient_silent_install.txt
$baseDir/cec/5.2.1-ICFCPE-CLIENT-LINUX.BIN -i silent -f $baseDir/cec/ceclient_silent_install.txt
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/cec; fi

if [[ -f $binaries/cecfp.tar.gz ]]; then
  cd $baseDir
  mkdir $baseDir/cecfp
  tar xzf $binaries/cecfp.tar.gz -C $baseDir/cecfp
  sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/cecfp/ceclient_silent_install.txt
  # Enable only ICN
  sed -i "s/UPDATE_\([A-Z0-9]\+\)=1/UPDATE_\1=0/g" $baseDir/cecfp/ceclient_silent_install.txt
  sed -i "s/UPDATE_CN=0/UPDATE_CN=1/" $baseDir/cecfp/ceclient_silent_install.txt
  sed -i "s/CEServer/localhost/g" $baseDir/cecfp/ceclient_silent_install.txt
  sed -i "s/CEserver/localhost/g" $baseDir/cecfp/ceclient_silent_install.txt
  $baseDir/cecfp/5.2.1.5-P8CPE-CLIENT-LINUX-FP005.BIN -i silent -f $baseDir/cecfp/ceclient_silent_install.txt
  if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/cecfp; fi
fi

Configure the Content Engine

In this step we configure the Content Engine, which is the equivalent of using the Configuration tool UI for editing/running all tasks. We will also create two object stores instead of only one like the CPIT does. We will also creare the FileNet Domain and Object Stores. I’m still using the tool used by the CPIT but I hope to replace it with some small Java application using the FileNet API soon, to get rid of all dependencies on the CPIT installer.

profilePath=/opt/IBM/FileNet/ContentEngine/tools/configure/profiles/was_tiv_db2
cfmgr=/opt/IBM/FileNet/ContentEngine/tools/configure/configmgr_cl
$cfmgr generateconfig -appserver WebSphere -license UVU -repositorytype standalone -db db2 -ldap tivoli -bootstrap new -deploy standard -profile $profilePath
$cfmgr generateConfig -appserver WebSphere -db db2 -task configurejdbcos -profile $profilePath
 
# Editing the config file 
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerVersion']/value" -v "8.5" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminUsername']/value" -v "P8Admin" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminPassword']/value" -v "$password" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerSoapPort']/value" -v "8880" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerHostName']/value" -v "localhost" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerCell']/value" -v "P8Node01Cell" $profilePath/applicationserver.xml

xmlstarlet ed --inplace -u "//property[@name='BootstrapUsername']/value" -v "P8Admin" $profilePath/configurebootstrap.xml
xmlstarlet ed --inplace -u "//property[@name='BootstrapPassword']/value" -v "$password" $profilePath/configurebootstrap.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "GCD_DB" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "gcddbusr" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcgcd.xml

xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceName']/value" -v "DESIGNOSDS" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceXAName']/value" -v "DESIGNOSDSXA" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "DESIGNDB" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "osdbuser" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcos.xml

xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceName']/value" -v "TARGETOSDS" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceXAName']/value" -v "TARGETOSDSXA" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "TARGETDB" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "osdbuser" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcos.2.xml

xmlstarlet ed --inplace -u "//property[@name='LDAPServerHost']/value" -v "localhost" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPServerPort']/value" -v "389" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindDN']/value" -v "cn=P8Admin,o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindPassword']/value" -v "$password" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBaseDN']/value" -v "o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='AdminConsoleUser']/value" -v "P8Admin" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='OverwriteExistingUserReg']/value" -v "true" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='SetAsActiveUserReg']/value" -v "true" $profilePath/configureldap.xml

xmlstarlet ed --inplace -u "//property[@name='ApplicationServerNode']/value" -v "P8Node01" $profilePath/deployapplication.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerName']/value" -v "server1" $profilePath/deployapplication.xml
xmlstarlet ed --inplace -u "//configuration/@enabled" -v "true" $profilePath/deployapplication.xml

# Before running the task, we need to set the JDBC driver for DB2 in WAS
cat >$baseDir/setJDBC.py<<EOF
import sys
nodeName = sys.argv[0]
node = AdminConfig.getid("/Node:$nodeName/")
vars = AdminConfig.list("VariableSubstitutionEntry",node).split(java.lang.System.getProperty("line.separator"))
for var in vars:
   name = AdminConfig.showAttribute(var, "symbolicName")
   if name == "DB2_JCC_DRIVER_PATH":
      AdminConfig.modify(var,[["value", "/opt/ibm/db2/V9.7/java"]])
      break

AdminConfig.save()
EOF
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/setJDBC.py P8Node01
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv02 -lang jython -f $baseDir/setJDBC.py P8Node02
rm -f $baseDir/setJDBC.py

# Increasing DB time out in case your host is slow
sed -i "s/{value \"600\"}/{value \"3600\"}/g" /opt/IBM/FileNet/ContentEngine/tools/configure/scripts/configureWSJDBC.tcl

$cfmgr execute -profile $profilePath -task configurepricingmodel
if [[ ! -e $profilePath/status/configurepricingmodel.ok ]]; then echo "configurepricingmodel failed"; exit 1; fi
$cfmgr execute -profile $profilePath -task configureldap
if [[ ! -e $profilePath/status/configureldap.ok ]]; then echo "configureldap failed"; exit 1; fi
$cfmgr execute -profile $profilePath -task configurejdbcgcd
if [[ ! -e $profilePath/status/configurejdbcgcd.ok ]]; then echo "configurejdbcgcd failed"; exit 1; fi
$cfmgr execute -profile $profilePath -task configureloginmodules
if [[ ! -e $profilePath/status/configureloginmodules.ok ]]; then echo "configureloginmodules failed"; exit 1; fi
$cfmgr execute -profile $profilePath -taskfile configurejdbcos.xml
if [[ ! -e $profilePath/status/configurejdbcos.ok ]]; then echo "configurejdbcos failed"; exit 1; fi
$cfmgr execute -profile $profilePath -taskfile configurejdbcos.2.xml
if [[ ! -e $profilePath/status/configurejdbcos.2.ok ]]; then echo "configurejdbcos.2 failed"; exit 1; fi
$cfmgr execute -profile $profilePath -task configurebootstrap
if [[ ! -e $profilePath/status/configurebootstrap.ok ]]; then echo "configurebootstrap failed"; exit 1; fi
$cfmgr execute -profile $profilePath -task deployapplication
if [[ ! -e $profilePath/status/deployapplication.ok ]]; then echo "deployapplication failed"; exit 1; fi

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/stopServer.sh server1 -username P8Admin -password $password
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startServer.sh server1

# Create domain and Object Stores
# TODO = maybe rewrite the cpt-actions.jar using API to get rid of any dependence on CPIT
# It just created the domain and OSs
cat >$baseDir/os.properties<<EOF
P8ADMINUSER=P8Admin
PASSWD=$password
CECONNECTIONURI=http://localhost:9080/wsi/FNCEWS40MTOM

# P8 object store configuration
# P8OSADMINGROUP is the default OS Admin security users and groups (Could be separated by a colon :)
P8OSADMINGROUP=P8Admins
NUMOS=2
DISPLAYNAME1=P8ConfigObjectStore
SYMBOLICNAME1=P8ConfigObjectStore
JNDIDATASOURCE1=DESIGNOSDS
JNDIXADATASOURCE1=DESIGNOSDSXA

DISPLAYNAME2=TARGETOS
SYMBOLICNAME2=TARGETOS
JNDIDATASOURCE2=TARGETOSDS
JNDIXADATASOURCE2=TARGETOSDSXA

# P8 Domain security administrator user or administrator group (Default = P8Admins)
P8DOMAINADMIN=P8Admins
P8DOMAINNAME=P8Domain
CEWSISTANZA=FileNetP8WSI

# PE Configuration 
PE_DNSNAME=localhost
PE_BROKERPORT=32776
PE_REGIONNUMBER=1
PE_CONNPTNAME=P8ConnPt1
PE_CONNPTDESCRIPTION=PE Connection Point 1 for Region 1

# LDAP Configuration (TDS)
DCDISPLAYNAME=P8_TDS
LDAPHOST=localhost
LDAPPORT=389
LDAPADMINNAME=cn=P8Admin,o=sample
LDAPADMINPASSWORD=F0rmation
ISSSLENABLED=false

USERBASEDN=o=sample
USERSEARCHFILTER=(&(objectClass=person)(cn={0}))
USERDISPLAYNAMEATTRIBUTE=cn
USERNAMEATTRIBUTE=cn

GROUPBASEDN=o=sample
GROUPSEARCHFILTER=(&(objectClass=groupOfNames)(cn={0}))
GROUPDISPLAYNAMEATTRIBUTE=cn
GROUPNAMEATTRIBUTE=cn
GROUPMEMBERSHIPSEARCHFILTER=(&(objectclass=groupOfNames)(member={0}))
RESTRICTMEMBERSHIPTOCONFIGUREREALMS=false
EOF

CECP=$baseDir/cpt-actions.jar:/opt/IBM/FileNet/ContentEngine/lib/Jace.jar:/opt/IBM/FileNet/ContentEngine/lib/log4j.jar:/opt/IBM/FileNet/ContentEngine/cdapi/stax-api.jar:/opt/IBM/FileNet/ContentEngine/cdapi/xlxpScanner.jar:/opt/IBM/FileNet/ContentEngine/cdapi/xlxpScannerUtils.jar
JAASCONFIG=-Djava.security.auth.login.config=/opt/IBM/FileNet/ContentEngine/tools/PE/config

/opt/IBM/FileNet/ContentEngine/_cejvm/jre/bin/java -cp $CECP $JAASCONFIG com.ibm.bluestack.utils.P8Util createP8Domain $baseDir/os.properties
if [[ $? != 0 ]]; then echo "ERROR:  Failed to create P8 domain."; exit 1; fi
/opt/IBM/FileNet/ContentEngine/_cejvm/jre/bin/java -cp $CECP $JAASCONFIG com.ibm.bluestack.utils.P8Util createOS $baseDir/os.properties
if [[ $? != 0 ]]; then echo "ERROR:  Failed to create P8 Object Stores."; exit 1; fi

rm -rf $baseDir/os.properties

Configure the Process Engine

JPE_HOME=/opt/IBM/FileNet/ContentEngine/tools/PE
echo "JDBC_JAR_PATH=/opt/ibm/tdsV6.3db2/java/db2jcc4.jar:/opt/ibm/tdsV6.3db2/java/db2jcc_license_cu.jar">$JPE_HOME/data/jdbcinit
cat >$JPE_HOME/data/peinitD.properties<<EOF
DBConnectionName=TARGETOSDS
DataSourceName=TARGETOSDS
XADataSourceName=TARGETOSDSXA
SysAdminGroup=P8Admins
SysConfigGroup=P8Admins
DateTimeMask=mm/dd/yyyy hh\:tt\:ss
DefaultLocale=en_US
pe_data=PEDATA_TS
RegionDisplayName=P8Region
IsolatedRegionNumber=1
DBSchemaName=OSDBUSER
EnableRegionForBackup=false
EOF

$JPE_HOME/peinit P8ConnPt1 -D $JPE_HOME/data/peinitD.properties -Y P8Admin+$password
if [[ $? != 0 ]]; then echo "ERROR:  Failed to configure PE."; exit 1; fi
rm -f $JPE_HOME/data/peinitD.properties

Export the LTPA key

We need to export the LTPA key from the profile 1 (FileNet) to import it in the profile 2 (ICN) so they can share authentication.

cat >$baseDir/exportLTPA.py<<EOF
import java.lang.String as jstr
import java.io as jio
import javax.management as jmgmt

ltpaKeyFile=sys.argv[0]
password=jstr(sys.argv[1]).getBytes()

security=AdminControl.queryNames('*:*,name=SecurityAdmin')
securityON=jmgmt.ObjectName(security)

params=[password]
signature=['[B']
ltpaKeys=AdminControl.invoke_jmx(securityON,'exportLTPAKeys', params, signature)
fout=jio.FileOutputStream(ltpaKeyFile)
ltpaKeys.store(fout,'')
fout.close()
EOF

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/exportLTPA.py /opt/IBM/ltpakeys.txt $password
rm -f $baseDir/exportLTPA.py

Configure ICN

mkdir -p /opt/IBM/NEXUSDB2
chmod 777 /opt/IBM/NEXUSDB2
cat >$baseDir/createICNdbs.sh<<EOF
db2 -v CONNECT RESET
db2 -v DROP DATABASE NEXUSDB
#-- Create the database - these statements must be on a single line
db2 -v -t "CREATE DATABASE NEXUSDB ON '/opt/IBM/NEXUSDB2' USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM CATALOG TABLESPACE MANAGED BY SYSTEM USING ('/opt/IBM/NEXUSDB2/NEXUSDB/sys') TEMPORARY TABLESPACE MANAGED BY SYSTEM USING ('/opt/IBM/NEXUSDB2/NEXUSDB/systmp') USER TABLESPACE MANAGED BY SYSTEM USING ('/opt/IBM/NEXUSDB2/NEXUSDB/usr')" ;
db2 CONNECT TO NEXUSDB
db2 GRANT  secadm ON DATABASE  TO USER nxsdbusr
db2 GRANT CREATETAB,CONNECT,IMPLICIT_SCHEMA,DBADM,load ON DATABASE TO user nxsdbusr
db2 UPDATE DATABASE CONFIGURATION USING APPLHEAPSZ 2560 IMMEDIATE
db2 -v CONNECT RESET
EOF
chmod a+x $baseDir/createICNdbs.sh
su - dsrdbm01 -c $baseDir/createICNdbs.sh
rm -f $baseDir/createICNdbs.sh

# Create the profile
profilePath=/opt/IBM/ECMClient/configure/profiles/icn_was_tiv_db2
cfmgr=/opt/IBM/ECMClient/configure/configmgr_cl
$cfmgr generateConfig -appserver websphere -configure_FileNetP8 \
yes -configure_CMIS_FileNetP8 yes -db db2 -deploy standard -ldap_Repository federated -ldap tivoli \
-profile $profilePath -appserverVersion 8.5 -cmisAuth httpbasic -icn_sso none -silent

xmlstarlet ed --inplace -u "//property[@name='ApplicationServerVersion']/value" -v "8.5" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerProfileFolder']/value" -v "/opt/IBM/WebSphere/AppServer/profiles/AppSrv02" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminUsername']/value" -v "P8Admin" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminPassword']/value" -v "$password" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerSoapPort']/value" -v "8881" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerHostName']/value" -v "localhost" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerCell']/value" -v "P8Node02Cell" $profilePath/applicationserver.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseSchema']/value" -v "NEXUS" $profilePath/configureicntask.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "NEXUSDB" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "nxsdbusr" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='ECMClientAdminName']/value" -v "P8Admin" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseSchema']/value" -v "NEXUS" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='TableSpaceName']/value" -v "NEXUSTS" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='jdbcDir']/value" -v "/opt/ibm/db2/V9.7/java" $profilePath/configurejdbcecm.xml

xmlstarlet ed --inplace -u "//property[@name='jdbcDir']/value" -v "/opt/ibm/db2/V9.7/java" $profilePath/configurejdbcjarsecm.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerNode']/value" -v "P8Node02" $profilePath/configurejdbcjarsecm.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerName']/value" -v "server1" $profilePath/configurejdbcjarsecm.xml

xmlstarlet ed --inplace -u "//property[@name='LDAPServerHost']/value" -v "localhost" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPServerPort']/value" -v "389" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindDN']/value" -v "cn=P8Admin,o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindPassword']/value" -v "$password" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='WasFederatedBaseEntryDNRepository']/value" -v "o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='FederatedRepositoriesRealm']/value" -v "defaultWIMFileBasedRealm" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='WasFederatedRepositoryId']/value" -v "localhost" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='WasFederatedBaseEntryDNRealm']/value" -v "o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='AdminConsoleUser']/value" -v "P8Admin" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='SetAsActiveUserReg']/value" -v "false" $profilePath/configureldap.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseSchema']/value" -v "NEXUS" $profilePath/configuretmtask.xml
xmlstarlet ed --inplace -u "//property[@name='tmAdminUser']/value" -v "P8Admin" $profilePath/configuretmtask.xml
xmlstarlet ed --inplace -u "//property[@name='tmAdminPassword']/value" -v "$password" $profilePath/configuretmtask.xml
xmlstarlet ed --inplace -u "//property[@name='tmBaseURL']/value" -v "http://`hostname`:9081/taskManagerWeb/api/v1" $profilePath/configuretmtask.xml

xmlstarlet ed --inplace -u "//property[@name='CEHost']/value" -v "localhost" $profilePath/downloadcejarstask.xml
xmlstarlet ed --inplace -u "//property[@name='CEPortNumber']/value" -v "9080" $profilePath/downloadcejarstask.xml

xmlstarlet ed --inplace -u "//property[@name='ApplicationServerNode']/value" -v "P8Node02" $profilePath/deployapplication.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerName']/value" -v "server1" $profilePath/deployapplication.xml

xmlstarlet ed --inplace -u "//property[@name='LTPAKeyPath']/value" -v "/opt/IBM/ltpakeys.txt" $profilePath/importltpakey.xml
xmlstarlet ed --inplace -u "//property[@name='LTPAKeyPassword']/value" -v "$password" $profilePath/importltpakey.xml

$cfmgr execute -task downloadcejarstask -profile $profilePath
if [[ ! -e $profilePath/status/downloadcejarstask.ok ]]; then echo "downloadcejarstask failed"; exit 1; fi
$cfmgr execute -task configureldap -profile $profilePath
if [[ ! -e $profilePath/status/configureldap.ok ]]; then echo "configureldap failed"; exit 1; fi
$cfmgr execute -task importltpakey -profile $profilePath
if [[ ! -e $profilePath/status/importltpakey.ok ]]; then echo "importltpakey failed"; exit 1; fi
$cfmgr execute -task configurejdbcjarsecm -profile $profilePath
if [[ ! -e $profilePath/status/configurejdbcjarsecm.ok ]]; then echo "configurejdbcjarsecm failed"; exit 1; fi
$cfmgr execute -task configurejdbcecm -profile $profilePath
if [[ ! -e $profilePath/status/configurejdbcecm.ok ]]; then echo "configurejdbcecm failed"; exit 1; fi

chmod 777 /opt/IBM/ECMClient/configure/dbscripts/db2/modified/DB2_ONE_SCRIPT.sql
cat > $baseDir/initICNdb.sh<<EOF
db2 "CONNECT TO NEXUSDB"
db2 -tvmf /opt/IBM/ECMClient/configure/dbscripts/db2/modified/DB2_ONE_SCRIPT.sql
db2 "COMMIT"
EOF
chmod 777 $baseDir/initICNdb.sh
su - dsrdbm01 -c "$baseDir/initICNdb.sh"

$cfmgr execute -task configureloginmodules -profile $profilePath
if [[ ! -e $profilePath/status/configureloginmodules.ok ]]; then echo "configureloginmodules failed"; exit 1; fi
$cfmgr execute -task configuretmtask -profile $profilePath
if [[ ! -e $profilePath/status/configuretmtask.ok ]]; then echo "configuretmtask failed"; exit 1; fi
$cfmgr execute -task configureicntask -profile $profilePath
if [[ ! -e $profilePath/status/configureicntask.ok ]]; then echo "configureicntask failed"; exit 1; fi
$cfmgr execute -task rebuildear -profile $profilePath
if [[ ! -e $profilePath/status/rebuildear.ok ]]; then echo "rebuildear failed"; exit 1; fi
$cfmgr execute -task deployapplication -profile $profilePath
if [[ ! -e $profilePath/status/deployapplication.ok ]]; then echo "deployapplication failed"; exit 1; fi

Configure the FileNet/ICN applications in WAS

The applications deployed in WAS need some more configuration to work properly.

cat >$baseDir/configWASFN.py<<EOF
import java
lineSeparator = java.lang.System.getProperty('line.separator')
def enableCookie(server, value):
  wc = AdminConfig.list('WebContainer',server)
  services = AdminConfig.list('Service',wc).splitlines()
  for service in services:
    AdminConfig.modify(service,[['enableCookies',value]])

def serverSessionmanagementCookiesHttpOnly(server, value):
  wc = AdminConfig.list('WebContainer',server)
  services = AdminConfig.list('Service',wc).splitlines()
  for service in services:
    dcs = AdminConfig.showAttribute(service, 'defaultCookieSettings');
    AdminConfig.modify(dcs,[['httpOnly',value]])


def setSecurityProperty(propertyName, propertyValue):
  security = AdminConfig.getid('/Security:/')
  prop = AdminConfig.getid('/Security:/Property:'+propertyName+'/')
  if prop:
    AdminConfig.modify(prop, [['value', propertyValue]])
  else:
    AdminConfig.create('Property', security, [['name',propertyName], ['value',propertyValue]])

def addServerSessionManagementProperty(server, propertyName, propertyValue):
  wc = AdminConfig.list('WebContainer',server)
  services = AdminConfig.list('Service',wc).splitlines()
  attr = [['name',propertyName],['value',propertyValue]]
  for service in services:
    AdminConfig.create('Property', service,  attr)


server = AdminConfig.getid('/Server:server1/')

# Add the InvalidateOnUnauthorizedSessionRequestException = true custom property to the server session management. 
addServerSessionManagementProperty(server, 'InvalidateOnUnauthorizedSessionRequestException', 'true')

# Uncheck "Set security cookies to HTTP Only to help prevent cross-site scripting attacks" in SSO settings
setSecurityProperty('com.ibm.ws.security.addHttpOnlyAttributeToCookies', 'false')

# Enable server session management cookies and Uncheck "Set session cookies to HTTP Only to help prevent cross-site scripting attacks".
enableCookie(server, 'true')
serverSessionmanagementCookiesHttpOnly(server, 'false')

server = AdminConfig.getid('/Server:server1/')
jvms = AdminConfig.list('JavaVirtualMachine',server)
arrayJVMs = jvms.split(lineSeparator)
jvm = arrayJVMs[0]

attr_name  = ['name', "com.ibm.websphere.orb.uniqueServerName"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', ""]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(jvm, [property])

AdminTask.configureTrustedRealms('[-communicationType outbound -trustAllRealms true]')
AdminTask.configureTrustedRealms('[-communicationType inbound -trustAllRealms true]')

AdminConfig.save()
EOF
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/configWASFN.py
rm -f $baseDir/configWASFN.py

cat >$baseDir/configWASFN.py<<EOF
import java
lineSeparator = java.lang.System.getProperty('line.separator')
 
server = AdminConfig.getid('/Server:server1/')
jvms = AdminConfig.list('JavaVirtualMachine',server)
arrayJVMs = jvms.split(lineSeparator)
jvm = arrayJVMs[0]
 
attr_name  = ['name', "com.ibm.websphere.orb.uniqueServerName"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', ""]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(jvm, [property])
 
AdminTask.configureTrustedRealms('[-communicationType outbound -trustAllRealms true]')
AdminTask.configureTrustedRealms('[-communicationType inbound -trustAllRealms true]')
 
AdminTask.renameIdMgrRealm('[-name defaultWIMFileBasedRealm -newName localhost:389]')
AdminTask.configureAdminWIMUserRegistry('[-realmName localhost:389 -verifyRegistry false ]')
 
AdminConfig.save()
EOF
/opt/ibm/WebSphere/AppServer/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv02 -lang jython -f $baseDir/configWASFN.py
rm -f $baseDir/configWASFN.py

Final tasks

To finalize this install, we will restart WAS, uninstall the default application in WAS and create a start and stop script for the whole platform.

/opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/stopServer.sh server1 -username P8Admin -password $password
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/stopServer.sh server1 -username P8Admin -password $password
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startServer.sh server1
/opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/startServer.sh server1
echo Restarted WAS
# Uninstall the useless default app in WAS

echo Uninstalling DefaultApplication...
cat > $baseDir/uninstallDefault.py<<EOF 
AdminApp.uninstall('DefaultApplication')
AdminConfig.save()
EOF
 
/opt/ibm/WebSphere/AppServer/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/uninstallDefault.py
/opt/ibm/WebSphere/AppServer/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv02 -lang jython -f $baseDir/uninstallDefault.py
rm -f uninstallDefault.py
echo Uninstalled DefaultApplication

mkdir /FileNet
cat <<EOF > /FileNet/start.sh
#!/bin/bash
/etc/init.d/iptables stop
su - dsrdbm01 -c db2start
cd /opt/ibm/ldap/V6.3/sbin
./idsdiradm -I dsrdbm01
./ibmslapd -n -I dsrdbm01
 
cd /opt/ibm/WebSphere/AppServer/bin/
./startServer.sh server1 -profileName AppSrv01
./startServer.sh server1 -profileName AppSrv02
EOF

cat <<EOF > /FileNet/stop.sh
#!/bin/bash
cd /opt/ibm/WebSphere/AppServer/bin/
./stopServer.sh server1 -profileName AppSrv02 -username P8Admin -password $password
./stopServer.sh server1 -profileName AppSrv01 -username P8Admin -password $password
 
cd /opt/ibm/ldap/V6.3/sbin
./ibmslapd -I dsrdbm01 -k
./idsdiradm -I dsrdbm01 -k
 
su - dsrdbm01 -c db2stop
EOF
chmod u+x /FileNet/start.sh
chmod u+x /FileNet/stop.sh

All in one script

Here is a script you can use and customize to install a fully working platform. Feel free to change versions, location of components, users and so on. You might have to edit the cript a bit everywhere if you decide to change any of those, I haven’t made them easy to configure yet so snapshot and try :).

#!/bin/bash
#################### INFORMATION #########################
### This script install a full P8 platform, like a     ###
### Composite Platform Installation Tool would do,     ###
### However it fixes errors from the CPIT and do       ###
### everything from one script (except the create      ###
### domain/object stores tool), instead of having a    ###
### lot of files dependencies. That explains there is  ###
### so many HERE-doc statements, but it makes it easy  ###
### to ship and easy to change options in the install. ###
### You can change easily versions, FPs, users, even   ###
### run part of it on difference server and not having ###
### a standalone server only.                          ###
### To use to you own risk, snapshot/backup before use.###
##########################################################

# Configuration shortcuts (others will have to be
# changed within the script)
password=IBMFileNetP8
binaries=/cpit_binaries
cleanBinaries=true

# Setup, do not touch
baseDir=`pwd`
logDir=`pwd`/log
mkdir -p $logDir

[[ -f $binaries/db2.tar.gz ]] || { echo "db2.tar.gz does not exit"; exit 1; }
[[ -f $binaries/db2lic.zip ]] || { echo "db2lic.zip does not exit"; exit 1; }
[[ -f $binaries/tds.tar ]] || { echo "tds.tar does not exit"; exit 1; }
[[ -f $binaries/tdsfp.tar ]] || { fpMissing "tdsfp.tar"; }
[[ -f $binaries/tdsgskit.tar ]] || { echo "tdsgskit.tar does not exit"; exit 1; }
[[ -f $binaries/im.zip ]] || { echo "im.zip does not exit"; exit 1; }
[[ -f $binaries/WAS_V8.5.5_1_OF_3.zip ]] || { echo "WAS_V8.5.5_1_OF_3.zip does not exit"; exit 1; }
[[ -f $binaries/WAS_V8.5.5_2_OF_3.zip ]] || { echo "WAS_V8.5.5_2_OF_3.zip does not exit"; exit 1; }
[[ -f $binaries/WAS_V8.5.5_3_OF_3.zip ]] || { echo "WAS_V8.5.5_3_OF_3.zip does not exit"; exit 1; }
[[ -f $binaries/ce.tar.gz ]] || { echo "ce.tar.gz does not exit"; exit 1; }
[[ -f $binaries/cefp.tar.gz ]] || { fpMissing "cefp.tar.gz";}
[[ -f $binaries/cec.tar.gz ]] || { echo "cec.tar.gz does not exit"; exit 1; }
[[ -f $binaries/cecfp.tar.gz ]] || { fpMissing "cecfp.tar.gz"; }
[[ -f $binaries/icn.tar ]] || { echo "icn.tar does not exit"; exit 1; }
[[ -f $binaries/icnfp.tar ]] || { fpMissing "icnfp.tar"; }

command -v xmlstarlet >/dev/null 2>&1 || { yum -y install xmlstarlet; }
command -v xmlstarlet >/dev/null 2>&1 || { echo "xmlstarlet not installed"; exit 1; }

function fpMissing {
  while true; do
    read -p "
****************************** WARNING ******************************
Fix pack $1 is missing.
Are you sure you want to install without it?
****************************** WARNING ******************************
Are you sure? (yes/no):
" yn
    case $yn in
      [Yy]* ) break;;
      [Nn]* ) exit;;
      * ) echo "Please answer yes or no.";;
    esac
  done
}


###################### STEP 1 ############################
###                Pre-requisites                      ###
##########################################################
echo 1/19: Installing pre-requisites...
# Install some required pre-requisites to make sure installs work
yum -y install ld-linux.so.2 libgcc_s.so.1 libX11.so.6 libXp.i686 libXp.x86_64 libXpm.i686 libXpm.x86_64 gtk2.x86_64 gtk2.i686 libXft.i686 libXft.x86_64 libXmu.i686 libXmu.x86_64 libXtst.i686 libXtst.x86_64 ksh ksh.x86_64 unzip bc sed compat-db47.i686 compat-db47.x86_64 pam.i686 pam.x86_64 elfutils.x86_64 elfutils-libs.i686 elfutils-libs.x86_64 rpm-build.x86_64 libgcc_s.so.1 libaio.x86_64 libstdc++.so.5 libstdc++.so.6 glibc.i686 libgcc.i686 libgcc.x86_64 libstdc++.so.5 compat-libstdc++-33.i686 compat-libstdc++-33.x86_64
# Disable SELinux for the install just to be sure
/usr/sbin/setenforce 0

# Setting name properly
NAME=`hostname`
sed -i "s/HOSTNAME=.*$/HOSTNAME=$NAME/g" /etc/sysconfig/network
hostname $NAME
sed -i "s/localhost4\slocalhost4.localdomain4\s*$/localhost4 localhost4.localdomain4 $NAME/g" /etc/hosts
sed -i "s/localhost6\slocalhost6.localdomain6\s*$/localhost6 localhost6.localdomain6 $NAME/g" /etc/hosts
echo $NAME > /etc/HOSTNAME

#Create the base folder and symlink it to avoid errors
mkdir /opt/IBM
ln -s /opt/IBM /opt/ibm
chmod 775 /opt/IBM
# Symlink ksh to be sure it's found
ln -s /bin/ksh /usr/bin/ksh

mkdir $baseDir/tdsgskit
tar -xf $binaries/tdsgskit.tar -C $baseDir/tdsgskit
echo Installing gskit
rpm -Uhv $baseDir/tdsgskit/8.0.14.27-ISS-GSKIT-LinuxX64-FP0027/64/gsk*rpm

echo Installed pre-requisites
###################### STEP 2 ############################
###                 Create users                       ###
##########################################################
echo 2/19: Creating users...
# Creating users and groups for the installation
groupadd fnadmin
groupadd fnop
groupadd fnusr

adduser gcddbusr
echo $password | passwd --stdin gcddbusr

adduser osdbuser
echo $password | passwd --stdin osdbuser

adduser nxsdbusr
echo $password | passwd --stdin nxsdbusr

adduser -G fnadmin,fnop,fnusr,adm,bin,sys P8Admin
echo $password | passwd --stdin P8Admin

useradd -G fnadmin,fnop,fnusr,adm,root,bin,daemon,sys,disk,wheel P8Admin
echo $password | passwd --stdin P8Admin

echo Created users
###################### STEP 3 ############################
###                  Install DB2                       ###
##########################################################
echo 3/19: Installing DB2...
mkdir $baseDir/db2
mkdir $baseDir/db2lic
tar xfz $binaries/db2.tar.gz -C $baseDir/db2
unzip -q $binaries/db2lic.zip -d $baseDir/db2lic

# Create the DB2 repsonse file, we want an instance for TDS reade
cat >$baseDir/db2.rsp<<EOF
PROD                      = ENTERPRISE_SERVER_EDITION
FILE                      = /opt/ibm/db2/V9.7
LIC_AGREEMENT             = ACCEPT         ** ACCEPT or DECLINE
INTERACTIVE              = NONE            ** NONE, YES, MACHINE
INSTALL_TYPE              = TYPICAL         ** TYPICAL, COMPACT, CUSTOM
INSTANCE                  = DB2_INST        ** char(8)  no spaces
DB2_INST.NAME             = dsrdbm01        ** char(8)  no spaces, no upper case letters
DB2_INST.GROUP_NAME       = grrdbm01        ** char(30) no spaces
DB2_INST.HOME_DIRECTORY   = /home/dsrdbm01 ** char(64) no spaces. Valid for root installation only
DB2_INST.PASSWORD         = $password ** Valid for root installation only
DB2_INST.TYPE            = ESE             ** DSF ESE WSE STANDALONE CLIENT
DB2_INST.AUTOSTART        = YES             ** YES or NO
DB2_INST.START_DURING_INSTALL = YES         ** YES or NO. Default is YES.
DB2_INST.SVCENAME        = dsrdbm01svcids   ** BLANK or char(14). Reserved for root installation only
DB2_INST.PORT_NUMBER     = 3737           ** 1024 - 65535, Reserved for root installation only
DB2_INST.FENCED_GROUP_NAME = db2fsdm1       ** char(30)  no spaces
EOF
# We need to free the port 3737 in the services file, this service is not used and conflict with DB2
sed -i "s/3737\/tcp/37370\/tcp/g" /etc/services
$baseDir/db2/server/db2setup -r $baseDir/db2.rsp -l $logDir/db2install.txt

# Set the DB2 license
/opt/ibm/db2/V9.7/adm/db2licm -a $baseDir/db2lic/ese_o/db2/license/db2ese_o.lic
/opt/ibm/db2/V9.7/adm/db2licm -l

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/db2lic $baseDir/db2; fi
echo Installed DB2
###################### STEP 4 ############################
###     Install/Configure TDS and TDS Fix Pack         ###
##########################################################
echo 4/19: Installing TDS...
mkdir $baseDir/tds
tar xf $binaries/tds.tar -C $baseDir/tds
cat >$baseDir/tds.rsp<<EOF
-silent
-G createDirectoryResponse="yes"
-G replaceExistingResponse="yesToAll"
# install destination - this can be modified to install location 
-P product.installLocation="/opt/IBM/ldap/V6.3"
-P DB2Feature.active=true
-P BaseServerFeature.active=true
-P ServerFeature.active=true
-P ProxyServerFeature.active=false
-P JavaClientFeature.active=true
-P ClientFeature.active=true
-P WebadminFeature.active=true
-P GSKITFeature.active=false
-P AppSrvFeature.active=false
# Replace the following with a valid Userid for the Db2 administrator. Used only if DB2 is being installed.
-W LdapInit.silentDB2Admin="P8Admin"
# Replace the following with a valid password for the Db2 administrator. Used only if DB2 is being installed.
-W LdapInit.silentDB2AdminPW="$password"
# This must be last line. Be sure no blank lines or carriage controls follow!
EOF

cd $baseDir/tds/tdsV6.3/tds
./install_tds.bin -is:silent -options $baseDir/tds.rsp -is:log $logDir/installtds63.txt

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/tds; fi

cd $baseDir
mkdir $baseDir/tdsfp
tar xf $binaries/tdsfp.tar -C $baseDir/tdsfp
cd $baseDir/tdsfp/6.3.0.24-ISS-ITDS-LinuxX64-FP0024

# Install the license first so we don't get prompt when installing FP24
./license/idsLicense -q
./idsinstall -u -f >$logDir/installtds63fp.txt

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/tdsfp; fi

# Configure TDS 
# This one must be called as ./, not absolute path from somewhere else or it doesn't work
cd /opt/IBM/ldap/V6.3/idstools
./idsdefinst -p $password -w $password -e encryptionseed
if [ ! -d /home/dsrdbm01/dsrdbm01/NODE0000 ]; then echo ERROR:  TDS Default instance was not created.; exit 1; fi
	
echo "# The following three lines have been added by IBM DB2 instance utilities." >> /home/dsrdbm01/.profile
echo "if [ -f /home/dsrdbm01/sqllib/db2profile ]; then" >> /home/dsrdbm01/.profile
echo "		. /home/dsrdbm01/sqllib/db2profile" >> /home/dsrdbm01/.profile
echo "fi" >> /home/dsrdbm01/.profile

echo Installed TDS
###################### STEP 5 ############################
###          Install Installation Manager              ###
##########################################################
echo 5/19: Installing IM...
cd $baseDir
mkdir $baseDir/im
unzip -q $binaries/im.zip -d $baseDir/im
chmod 777 $baseDir/im/installc
$baseDir/im/installc -acceptLicense

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/im; fi
echo Installed IM
###################### STEP 6 ############################
###             Install WebSphere 8.5.5                ###
##########################################################
echo 6/19: Installing WAS...
cd $baseDir
mkdir $baseDir/was
unzip -q $binaries/WAS_V8.5.5_1_OF_3.zip -d $baseDir/was
unzip -q $binaries/WAS_V8.5.5_2_OF_3.zip -d $baseDir/was
unzip -q $binaries/WAS_V8.5.5_3_OF_3.zip -d $baseDir/was
cat >$baseDir/was-install.xml<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!--The "acceptLicense" attribute has been deprecated. Use "-acceptLicense" command line option to accept license agreements.-->
<agent-input acceptLicense='true'>
  <server>
    <repository location='$baseDir/was'/>
  </server>
  <profile id='IBM WebSphere Application Server V8.5' installLocation='/opt/ibm/WebSphere/AppServer'>
    <data key='eclipseLocation' value='/opt/ibm/WebSphere/AppServer'/>
    <data key='user.import.profile' value='false'/>
    <data key='cic.selector.os' value='linux'/>
    <data key='cic.selector.ws' value='gtk'/>
    <data key='cic.selector.arch' value='x86'/>
    <data key='cic.selector.nl' value='en'/>
  </profile>
  <install modify='false'>
    <offering id='com.ibm.websphere.BASE.v85' version='8.5.5000.20130514_1044' profile='IBM WebSphere Application Server V8.5' features='thinclient,ejbdeploy,core.feature,embeddablecontainer,com.ibm.sdk.6_64bit' installFixes='none'/>
  </install>
  <preference name='com.ibm.cic.common.core.preferences.eclipseCache' value='/opt/IBM/IMShared'/>
  <preference name='com.ibm.cic.common.core.preferences.connectTimeout' value='30'/>
  <preference name='com.ibm.cic.common.core.preferences.readTimeout' value='45'/>
  <preference name='com.ibm.cic.common.core.preferences.downloadAutoRetryCount' value='0'/>
  <preference name='offering.service.repositories.areUsed' value='true'/>
  <preference name='com.ibm.cic.common.core.preferences.ssl.nonsecureMode' value='false'/>
  <preference name='com.ibm.cic.common.core.preferences.http.disablePreemptiveAuthentication' value='false'/>
  <preference name='http.ntlm.auth.kind' value='NTLM'/>
  <preference name='http.ntlm.auth.enableIntegrated.win32' value='true'/>
  <preference name='com.ibm.cic.common.core.preferences.preserveDownloadedArtifacts' value='true'/>
  <preference name='com.ibm.cic.common.core.preferences.keepFetchedFiles' value='false'/>
  <preference name='PassportAdvantageIsEnabled' value='false'/>
  <preference name='com.ibm.cic.common.core.preferences.searchForUpdates' value='false'/>
  <preference name='com.ibm.cic.agent.ui.displayInternalVersion' value='false'/>
  <preference name='com.ibm.cic.common.sharedUI.showErrorLog' value='true'/>
  <preference name='com.ibm.cic.common.sharedUI.showWarningLog' value='true'/>
  <preference name='com.ibm.cic.common.sharedUI.showNoteLog' value='true'/>
</agent-input>
EOF
/opt/IBM/InstallationManager/eclipse/tools/imcl -input $baseDir/was-install.xml -log $logDir/was85_install.log -acceptLicense
# Create profiles
/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName AppSrv01 -cellName P8Node01Cell -nodeName P8Node01 -serverName server1 -enableAdminSecurity true -adminUserName P8Admin -adminPassword $password
/opt/IBM/WebSphere/AppServer/bin/manageprofiles.sh -create -profileName AppSrv02 -cellName P8Node02Cell -nodeName P8Node02 -serverName server1 -enableAdminSecurity true -adminUserName P8Admin -adminPassword $password

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/was; fi
echo Installied WAS
###################### STEP 7 ############################
###            Configure DB2 for FileNet               ###
##########################################################
echo 7/19: Configuring DB2 for FileNet...
# add users to the correct groups: root and grrdbm01
usermod -a -G root dsrdbm01
usermod -a -G root gcddbusr
usermod -a -G root osdbuser
usermod -a -G root P8Admin

usermod -a -G grrdbm01 dsrdbm01
usermod -a -G grrdbm01 gcddbusr
usermod -a -G grrdbm01 osdbuser
usermod -a -G grrdbm01 P8Admin

# Create he DB locations on the disk
mkdir -p /opt/IBM/DB2Databases
chmod 777 /opt/IBM/DB2Databases

cat >$baseDir/createFNdbs.sh<<EOF
db2 CONNECT RESET

echo "Creating Content Engine GCD database, tablespace, and granting proper rights to gcddbusr ..."
db2 CREATE DATABASE GCD_DB AUTOMATIC STORAGE YES  ON /opt/IBM/DB2Databases  USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM PAGESIZE 32768
db2 CONNECT TO GCD_DB
db2 CREATE  REGULAR  TABLESPACE GCD_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 GRANT  CREATETAB,CONNECT ON DATABASE  TO USER gcddbusr
db2 GRANT USE OF TABLESPACE GCD_TS TO USER gcddbusr
db2 CONNECT RESET

echo "Creating Content Engine TARGET Object Store database, tablespaces, and granting proper rights to osdbuser ..."
db2 CREATE DATABASE TARGETDB AUTOMATIC STORAGE YES  ON /opt/IBM/DB2Databases  USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM PAGESIZE 32768
db2 CONNECT TO TARGETDB
db2 CREATE  REGULAR  TABLESPACE CEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 CREATE  USER TEMPORARY  TABLESPACE USRTEMP_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP
db2 GRANT  CREATETAB,CONNECT ON DATABASE  TO USER osdbuser
db2 GRANT USE OF TABLESPACE CEDATA_TS TO USER osdbuser
db2 GRANT USE OF TABLESPACE USRTEMP_TS TO USER osdbuser
db2 CREATE  REGULAR  TABLESPACE PEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 GRANT  SECADM ON DATABASE  TO USER P8Admin
db2 GRANT CREATETAB,CONNECT ON DATABASE TO user P8Admin
db2 grant use of tablespace pedata_ts to user P8Admin
db2 UPDATE DATABASE CONFIGURATION USING APPLHEAPSZ 2560 IMMEDIATE
db2 CONNECT RESET
echo "--------------------"

echo "Creating Content Engine DESIGN Object Store database, tablespaces, and granting proper rights to osdbuser ..."
db2 CREATE DATABASE DESIGNDB AUTOMATIC STORAGE YES  ON /opt/IBM/DB2Databases  USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM PAGESIZE 32768
db2 CONNECT TO DESIGNDB
db2 CREATE  REGULAR  TABLESPACE CEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 CREATE  USER TEMPORARY  TABLESPACE USRTEMP_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP
db2 GRANT  CREATETAB,CONNECT ON DATABASE  TO USER osdbuser
db2 GRANT USE OF TABLESPACE CEDATA_TS TO USER osdbuser
db2 GRANT USE OF TABLESPACE USRTEMP_TS TO USER osdbuser
db2 CREATE  REGULAR  TABLESPACE PEDATA_TS PAGESIZE 32 K  MANAGED BY AUTOMATIC STORAGE EXTENTSIZE 16 OVERHEAD 10.5 PREFETCHSIZE 16 TRANSFERRATE 0.14 BUFFERPOOL  IBMDEFAULTBP  DROPPED TABLE RECOVERY ON
db2 GRANT  SECADM ON DATABASE  TO USER P8Admin
db2 GRANT CREATETAB,CONNECT ON DATABASE TO user P8Admin
db2 grant use of tablespace pedata_ts to user P8Admin
db2 UPDATE DATABASE CONFIGURATION USING APPLHEAPSZ 2560 IMMEDIATE
db2 CONNECT RESET
echo "--------------------"

db2 CONNECT RESET
echo "--------------------"
EOF

# Change DB2 port
cat >$baseDir/setDB2port.sh<<EOF
db2 update dbm cfg using SVCENAME 3737
db2stop FORCE
db2start
db2 get dbm cfg | grep SVCENAME
EOF

# Start the instance
/opt/ibm/db2/V9.7/instance/db2istrt dsrdbm01
chmod a+x $baseDir/createFNdbs.sh
chmod a+x $baseDir/setDB2port.sh
su - dsrdbm01 -c $baseDir/createFNdbs.sh
su - dsrdbm01 -c $baseDir/setDB2port.sh
rm -f $baseDir/createFNdbs.sh
rm -f $baseDir/setDB2port.sh

if [ ! -d /opt/IBM/DB2Databases/dsrdbm01/NODE0000 ]; then echo "ERROR:  P8 Database was not created."; exit 1; fi
echo Configured DB2 for FileNet
###################### STEP 8 ############################
###           Import default users in TDS              ###
##########################################################
echo 8/19: Importing users in TDS...
cat >$baseDire/users.ldif<<EOF
dn: o=sample
objectclass: top
objectclass: domain
dc: o=sample
o: sample

dn: cn=P8Admin,o=sample
cn: P8Admin
sn: P8Admin
userpassword: $password
objectclass: top
objectclass: organizationalPerson
objectclass: person

dn: cn=tester,o=sample
cn: tester
sn: tester
userpassword: $password
objectclass: top
objectclass: organizationalPerson
objectclass: person

dn: cn=P8Admins,o=sample
objectclass: groupOfNames
objectclass: top
cn: P8Admins
member: cn=P8Admin,o=sample

dn: cn=GeneralUsers,o=sample
objectclass: groupOfNames
objectclass: top
cn: GeneralUsers
member: cn=P8Admin,o=sample
member: cn=tester,o=sample
EOF

/opt/IBM/ldap/V6.3/sbin/idsldif2db -i $baseDire/users.ldif -I dsrdbm01

# Start TDS
/opt/IBM/ldap/V6.3/sbin/ibmslapd -I dsrdbm01
echo Imported users in TDS
###################### STEP 9 ############################
###             Deploy TDS admin app in WAS            ###
##########################################################
echo 9/19: Deploying TDS admin app in WAS...
# Start WAS
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startServer.sh server1
/opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/startServer.sh server1

cat >$baseDir/deploy.py<<EOF
server = AdminConfig.getid('/Server:server1/')
AdminApp.install('/opt/ibm/ldap/V6.3/idstools/IDSWebApp.war',['-MapRolesToUsers', "[['All Authenticated' No Yes '' '']]", '-MapModulesToServers', "[[ '.*'  '.*.war,.*' server]]", '-MapWebModToVH', "[[ '.*'  '.*.war,.*' 'default_host']]", '-appname', 'IDSWebApp', '-contextroot', 'IDSWebApp'])
AdminConfig.save()

dep = AdminConfig.getid("/Deployment:IDSWebApp/")
depObject = AdminConfig.showAttribute(dep, "deployedObject")
classldr = AdminConfig.showAttribute(depObject, 'classloader')
AdminConfig.modify(classldr, [['mode', 'PARENT_LAST']])

modules = AdminConfig.showAttribute(depObject, 'modules')
modules = modules[1:len(modules)-1].split(" ")
for module in modules:
  if (module.find('WebModuleDeployment')!= -1):
    uri = AdminConfig.showAttribute(module, 'uri')
    if (uri == "web_client.war"):
      cl = AdminConfig.list('Classloader', module)
      if (cl):
        AdminConfig.modify(cl, [['mode', 'PARENT_LAST']])
      else:
        AdminConfig.create('Classloader', module, [['mode', 'PARENT_LAST']])

AdminConfig.save()

appManager = AdminControl.queryNames('cell=P8Node01Cell,node=P8Node01,type=ApplicationManager,process=server1,*')
AdminControl.invoke(appManager, 'startApplication', 'IDSWebApp')
EOF
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/deploy.py
rm -f $baseDir/deploy.py

echo Deployed TDS admin app in WAS
###################### STEP 10 ###########################
###        Install Content Engine and Fix Packs        ###
##########################################################
echo 10/19: Installing CE...
cd $baseDir
mkdir $baseDir/ce
tar xzf $binaries/ce.tar.gz -C $baseDir/ce
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/ce/ce_silent_install.txt
$baseDir/ce/5.2.1-ICFCPE-LINUX.BIN -i silent -f $baseDir/ce/ce_silent_install.txt
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/ce; fi
echo Installed CE

echo Installing CE FP...
cd $baseDir
mkdir $baseDir/cefp
tar xzf $binaries/cefp.tar.gz -C $baseDir/cefp
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/cefp/ce_silent_install.txt
$baseDir/cefp/5.2.1.5-P8CPE-LINUX-FP005.BIN -i silent -f $baseDir/cefp/ce_silent_install.txt
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/cefp; fi
echo Installed CE FP
###################### STEP 11 ###########################
###     Install IBM Content Navigator and Fix Packs    ###
##########################################################
echo 11/19: Installing ICN...
cd $baseDir
mkdir $baseDir/icn
tar xf $binaries/icn.tar -C $baseDir/icn
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/icn/ecmclient_silent_install.txt
$baseDir/icn/IBM_CONTENT_NAVIGATOR-2.0.3-LINUX.bin -f $baseDir/icn/ecmclient_silent_install.txt -i silent
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/icn; fi
echo Installed ICN

echo Installing ICN FP...
cd $baseDir
mkdir $baseDir/icnfp
tar xf $binaries/icnfp.tar -C $baseDir/icnfp
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/icnfp/ecmclient_silent_install.txt
$baseDir/icnfp/IBM_CONTENT_NAVIGATOR-2.0.3.8-FP008-LINUX.bin -f $baseDir/icnfp/ecmclient_silent_install.txt -i silent

if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/icnfp; fi
echo Installed ICN FP
###################### STEP 12 ###########################
###     Install Content Engine Client and Fix Packs    ###
##########################################################
echo 12/19: Installing CEC...
cd $baseDir
mkdir $baseDir/cec
tar xzf $binaries/cec.tar.gz -C $baseDir/cec
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/cec/ceclient_silent_install.txt
# Enable only ICN
sed -i "s/UPDATE_\([A-Z0-9]\+\)=1/UPDATE_\1=0/g" $baseDir/cec/ceclient_silent_install.txt
sed -i "s/UPDATE_CN=0/UPDATE_CN=1/" $baseDir/cec/ceclient_silent_install.txt
sed -i "s/CEServer/localhost/g" $baseDir/cec/ceclient_silent_install.txt
sed -i "s/CEserver/localhost/g" $baseDir/cec/ceclient_silent_install.txt
$baseDir/cec/5.2.1-ICFCPE-CLIENT-LINUX.BIN -i silent -f $baseDir/cec/ceclient_silent_install.txt
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/cec; fi
echo Installed CEC

echo Installing CEC FP...
cd $baseDir
mkdir $baseDir/cecfp
tar xzf $binaries/cecfp.tar.gz -C $baseDir/cecfp
sed -i "s/LICENSE_ACCEPTED=false/LICENSE_ACCEPTED=true/g" $baseDir/cecfp/ceclient_silent_install.txt
# Enable only ICN
sed -i "s/UPDATE_\([A-Z0-9]\+\)=1/UPDATE_\1=0/g" $baseDir/cecfp/ceclient_silent_install.txt
sed -i "s/UPDATE_CN=0/UPDATE_CN=1/" $baseDir/cecfp/ceclient_silent_install.txt
sed -i "s/CEServer/localhost/g" $baseDir/cecfp/ceclient_silent_install.txt
sed -i "s/CEserver/localhost/g" $baseDir/cecfp/ceclient_silent_install.txt
$baseDir/cecfp/5.2.1.5-P8CPE-CLIENT-LINUX-FP005.BIN -i silent -f $baseDir/cecfp/ceclient_silent_install.txt
if [[ $cleanBinaries == true ]]; then rm -rf $baseDir/cecfp; fi

echo Installed CEC FP
###################### STEP 13 ###########################
# Checking all services now that everything's installed  #
##########################################################
echo 13/19: Checking services...
# Checking whether TDS is started or not.....
/opt/IBM/ldap/V6.3/bin/ibmdirctl -D cn=root -w $password statusreturn
if [[ $? == 0 ]]; then
  echo TDS is already started
else
  echo Starting TDS instance
  /opt/IBM/ldap/V6.3/sbin/ibmslapd -I dsrdbm01
  echo Started TDS instance
fi

# Checking whether DB2 is started or not.......

ps -ef | grep db2sysc | grep -v grep
if [[ $? == 0 ]]; then
	echo DB2 is already started
else
	echo Starting DB2......
	su - dsrdbm01 -c db2start
	echo Started DB2.....
fi

# Checking whether WAS is started or not......

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/serverStatus.sh server1 -username P8Admin -password $password > status.txt
grep ADMU0508I status.txt
if [[ $? == 0 ]]; then
  echo WAS profile1 is already started
else
  echo Starting WAS profile1..........
  /opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startServer.sh server1
  echo WAS profile1 started
  rm -rf status.txt
fi

/opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/serverStatus.sh server1 -username P8Admin -password $password > status.txt
grep ADMU0508I status.txt
if [[ $? == 0 ]]; then
  echo WAS profile2 is already started
else
  echo Starting WAS profile2..........
  /opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/startServer.sh server1
  echo WAS profile2 started
  rm -rf status.txt
fi

echo Checked services
###################### STEP 14 ###########################
###              Configure Content Engine              ###
##########################################################
echo 14/19: Configuring CE...
profilePath=/opt/IBM/FileNet/ContentEngine/tools/configure/profiles/was_tiv_db2
cfmgr=/opt/IBM/FileNet/ContentEngine/tools/configure/configmgr_cl
$cfmgr generateconfig -appserver WebSphere -license UVU -repositorytype standalone -db db2 -ldap tivoli -bootstrap new -deploy standard -profile $profilePath
$cfmgr generateConfig -appserver WebSphere -db db2 -task configurejdbcos -profile $profilePath
 
# Editing the config file 
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerVersion']/value" -v "8.5" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminUsername']/value" -v "P8Admin" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminPassword']/value" -v "$password" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerSoapPort']/value" -v "8880" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerHostName']/value" -v "localhost" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerCell']/value" -v "P8Node01Cell" $profilePath/applicationserver.xml

xmlstarlet ed --inplace -u "//property[@name='BootstrapUsername']/value" -v "P8Admin" $profilePath/configurebootstrap.xml
xmlstarlet ed --inplace -u "//property[@name='BootstrapPassword']/value" -v "$password" $profilePath/configurebootstrap.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "GCD_DB" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "gcddbusr" $profilePath/configurejdbcgcd.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcgcd.xml

xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceName']/value" -v "DESIGNOSDS" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceXAName']/value" -v "DESIGNOSDSXA" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "DESIGNDB" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "osdbuser" $profilePath/configurejdbcos.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcos.xml

xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceName']/value" -v "TARGETOSDS" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='JDBCDataSourceXAName']/value" -v "TARGETOSDSXA" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "TARGETDB" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "osdbuser" $profilePath/configurejdbcos.2.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcos.2.xml

xmlstarlet ed --inplace -u "//property[@name='LDAPServerHost']/value" -v "localhost" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPServerPort']/value" -v "389" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindDN']/value" -v "cn=P8Admin,o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindPassword']/value" -v "$password" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBaseDN']/value" -v "o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='AdminConsoleUser']/value" -v "P8Admin" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='OverwriteExistingUserReg']/value" -v "true" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='SetAsActiveUserReg']/value" -v "true" $profilePath/configureldap.xml

xmlstarlet ed --inplace -u "//property[@name='ApplicationServerNode']/value" -v "P8Node01" $profilePath/deployapplication.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerName']/value" -v "server1" $profilePath/deployapplication.xml
xmlstarlet ed --inplace -u "//configuration/@enabled" -v "true" $profilePath/deployapplication.xml

# Before running the task, we need to set the JDBC driver for DB2 in WAS
cat >$baseDir/setJDBC.py<<EOF
import sys
nodeName = sys.argv[0]
node = AdminConfig.getid("/Node:$nodeName/")
vars = AdminConfig.list("VariableSubstitutionEntry",node).split(java.lang.System.getProperty("line.separator"))
for var in vars:
   name = AdminConfig.showAttribute(var, "symbolicName")
   if name == "DB2_JCC_DRIVER_PATH":
      AdminConfig.modify(var,[["value", "/opt/ibm/db2/V9.7/java"]])
      break

AdminConfig.save()
EOF
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/setJDBC.py P8Node01
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv02 -lang jython -f $baseDir/setJDBC.py P8Node02
rm -f $baseDir/setJDBC.py

# Increasing DB time out
sed -i "s/{value \"600\"}/{value \"3600\"}/g" /opt/IBM/FileNet/ContentEngine/tools/configure/scripts/configureWSJDBC.tcl

$cfmgr execute -profile $profilePath -task configurepricingmodel
if [[ ! -e $profilePath/status/configurepricingmodel.ok ]]; then echo "configurepricingmodel failed"; exit 1; fi
sleep 20
$cfmgr execute -profile $profilePath -task configureldap
if [[ ! -e $profilePath/status/configureldap.ok ]]; then echo "configureldap failed"; exit 1; fi
sleep 20
$cfmgr execute -profile $profilePath -task configurejdbcgcd
if [[ ! -e $profilePath/status/configurejdbcgcd.ok ]]; then echo "configurejdbcgcd failed"; exit 1; fi
sleep 20
$cfmgr execute -profile $profilePath -task configureloginmodules
if [[ ! -e $profilePath/status/configureloginmodules.ok ]]; then echo "configureloginmodules failed"; exit 1; fi
sleep 20
$cfmgr execute -profile $profilePath -taskfile configurejdbcos.xml
if [[ ! -e $profilePath/status/configurejdbcos.ok ]]; then echo "configurejdbcos failed"; exit 1; fi
sleep 20
$cfmgr execute -profile $profilePath -taskfile configurejdbcos.2.xml
if [[ ! -e $profilePath/status/configurejdbcos.2.ok ]]; then echo "configurejdbcos.2 failed"; exit 1; fi
sleep 20
$cfmgr execute -profile $profilePath -task configurebootstrap
if [[ ! -e $profilePath/status/configurebootstrap.ok ]]; then echo "configurebootstrap failed"; exit 1; fi
sleep 20
$cfmgr execute -profile $profilePath -task deployapplication
if [[ ! -e $profilePath/status/deployapplication.ok ]]; then echo "deployapplication failed"; exit 1; fi

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/stopServer.sh server1 -username P8Admin -password $password
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startServer.sh server1

# Create domain and Object Stores
# TODO = maybe rewrite the cpt-actions.jar using API to get rid of any dependence on CPIT
# It just created the domain and OSs
cat >$baseDir/os.properties<<EOF
P8ADMINUSER=P8Admin
PASSWD=$password
CECONNECTIONURI=http://localhost:9080/wsi/FNCEWS40MTOM

# P8 object store configuration
# P8OSADMINGROUP is the default OS Admin security users and groups (Could be separated by a colon :)
P8OSADMINGROUP=P8Admins
NUMOS=2
DISPLAYNAME1=P8ConfigObjectStore
SYMBOLICNAME1=P8ConfigObjectStore
JNDIDATASOURCE1=DESIGNOSDS
JNDIXADATASOURCE1=DESIGNOSDSXA

DISPLAYNAME2=TARGETOS
SYMBOLICNAME2=TARGETOS
JNDIDATASOURCE2=TARGETOSDS
JNDIXADATASOURCE2=TARGETOSDSXA

# P8 Domain security administrator user or administrator group (Default = P8Admins)
P8DOMAINADMIN=P8Admins
P8DOMAINNAME=P8Domain
CEWSISTANZA=FileNetP8WSI

# PE Configuration 
PE_DNSNAME=localhost
PE_BROKERPORT=32776
PE_REGIONNUMBER=1
PE_CONNPTNAME=P8ConnPt1
PE_CONNPTDESCRIPTION=PE Connection Point 1 for Region 1

# LDAP Configuration (TDS)
DCDISPLAYNAME=P8_TDS
LDAPHOST=localhost
LDAPPORT=389
LDAPADMINNAME=cn=P8Admin,o=sample
LDAPADMINPASSWORD=F0rmation
ISSSLENABLED=false

USERBASEDN=o=sample
USERSEARCHFILTER=(&(objectClass=person)(cn={0}))
USERDISPLAYNAMEATTRIBUTE=cn
USERNAMEATTRIBUTE=cn

GROUPBASEDN=o=sample
GROUPSEARCHFILTER=(&(objectClass=groupOfNames)(cn={0}))
GROUPDISPLAYNAMEATTRIBUTE=cn
GROUPNAMEATTRIBUTE=cn
GROUPMEMBERSHIPSEARCHFILTER=(&(objectclass=groupOfNames)(member={0}))
RESTRICTMEMBERSHIPTOCONFIGUREREALMS=false
EOF

CECP=$baseDir/cpt-actions.jar:/opt/IBM/FileNet/ContentEngine/lib/Jace.jar:/opt/IBM/FileNet/ContentEngine/lib/log4j.jar:/opt/IBM/FileNet/ContentEngine/cdapi/stax-api.jar:/opt/IBM/FileNet/ContentEngine/cdapi/xlxpScanner.jar:/opt/IBM/FileNet/ContentEngine/cdapi/xlxpScannerUtils.jar
JAASCONFIG=-Djava.security.auth.login.config=/opt/IBM/FileNet/ContentEngine/tools/PE/config

/opt/IBM/FileNet/ContentEngine/_cejvm/jre/bin/java -cp $CECP $JAASCONFIG com.ibm.bluestack.utils.P8Util createP8Domain $baseDir/os.properties
if [[ $? != 0 ]]; then echo "ERROR:  Failed to create P8 domain."; exit 1; fi
/opt/IBM/FileNet/ContentEngine/_cejvm/jre/bin/java -cp $CECP $JAASCONFIG com.ibm.bluestack.utils.P8Util createOS $baseDir/os.properties
if [[ $? != 0 ]]; then echo "ERROR:  Failed to create P8 Object Stores."; exit 1; fi

rm -rf $baseDir/os.properties

echo Configured CE
###################### STEP 15 ###########################
###              Configure Process Engine              ###
##########################################################
echo 15/19: Configuring PE...
JPE_HOME=/opt/IBM/FileNet/ContentEngine/tools/PE
echo "JDBC_JAR_PATH=/opt/ibm/tdsV6.3db2/java/db2jcc4.jar:/opt/ibm/tdsV6.3db2/java/db2jcc_license_cu.jar">$JPE_HOME/data/jdbcinit
cat >$JPE_HOME/data/peinitD.properties<<EOF
DBConnectionName=TARGETOSDS
DataSourceName=TARGETOSDS
XADataSourceName=TARGETOSDSXA
SysAdminGroup=P8Admins
SysConfigGroup=P8Admins
DateTimeMask=mm/dd/yyyy hh\:tt\:ss
DefaultLocale=en_US
pe_data=PEDATA_TS
RegionDisplayName=P8Region
IsolatedRegionNumber=1
DBSchemaName=OSDBUSER
EnableRegionForBackup=false
EOF

$JPE_HOME/peinit P8ConnPt1 -D $JPE_HOME/data/peinitD.properties -Y P8Admin+$password
if [[ $? != 0 ]]; then echo "ERROR:  Failed to configure PE."; exit 1; fi
rm -f $JPE_HOME/data/peinitD.properties
echo Configured PE
###################### STEP 16 ###########################
###  Export LTPA key to import it in the ICN profile   ###
##########################################################
echo 16/19: Exporting LTPA key...
cat >$baseDir/exportLTPA.py<<EOF
import java.lang.String as jstr
import java.io as jio
import javax.management as jmgmt

ltpaKeyFile=sys.argv[0]
password=jstr(sys.argv[1]).getBytes()

security=AdminControl.queryNames('*:*,name=SecurityAdmin')
securityON=jmgmt.ObjectName(security)

params=[password]
signature=['[B']
ltpaKeys=AdminControl.invoke_jmx(securityON,'exportLTPAKeys', params, signature)
fout=jio.FileOutputStream(ltpaKeyFile)
ltpaKeys.store(fout,'')
fout.close()
EOF

/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/exportLTPA.py /opt/IBM/ltpakeys.txt $password
rm -f $baseDir/exportLTPA.py
echo Exported LTPA key
###################### STEP 17 ###########################
###           Configure IBM Content Navigator          ###
##########################################################
echo 17/19: Configuring ICN...
# First create the database
mkdir -p /opt/IBM/NEXUSDB2
chmod 777 /opt/IBM/NEXUSDB2
cat >$baseDir/createICNdbs.sh<<EOF
db2 -v CONNECT RESET
db2 -v DROP DATABASE NEXUSDB
#-- Create the database - these statements must be on a single line
db2 -v -t "CREATE DATABASE NEXUSDB ON '/opt/IBM/NEXUSDB2' USING CODESET UTF-8 TERRITORY US COLLATE USING SYSTEM CATALOG TABLESPACE MANAGED BY SYSTEM USING ('/opt/IBM/NEXUSDB2/NEXUSDB/sys') TEMPORARY TABLESPACE MANAGED BY SYSTEM USING ('/opt/IBM/NEXUSDB2/NEXUSDB/systmp') USER TABLESPACE MANAGED BY SYSTEM USING ('/opt/IBM/NEXUSDB2/NEXUSDB/usr')" ;
db2 CONNECT TO NEXUSDB
db2 GRANT  secadm ON DATABASE  TO USER nxsdbusr
db2 GRANT CREATETAB,CONNECT,IMPLICIT_SCHEMA,DBADM,load ON DATABASE TO user nxsdbusr
db2 UPDATE DATABASE CONFIGURATION USING APPLHEAPSZ 2560 IMMEDIATE
db2 -v CONNECT RESET
EOF
chmod a+x $baseDir/createICNdbs.sh
su - dsrdbm01 -c $baseDir/createICNdbs.sh
rm -f $baseDir/createICNdbs.sh

# Create the profile
profilePath=/opt/IBM/ECMClient/configure/profiles/icn_was_tiv_db2
cfmgr=/opt/IBM/ECMClient/configure/configmgr_cl
$cfmgr generateConfig -appserver websphere -configure_FileNetP8 \
yes -configure_CMIS_FileNetP8 yes -db db2 -deploy standard -ldap_Repository federated -ldap tivoli \
-profile $profilePath -appserverVersion 8.5 -cmisAuth httpbasic -icn_sso none -silent

xmlstarlet ed --inplace -u "//property[@name='ApplicationServerVersion']/value" -v "8.5" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerProfileFolder']/value" -v "/opt/IBM/WebSphere/AppServer/profiles/AppSrv02" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminUsername']/value" -v "P8Admin" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerAdminPassword']/value" -v "$password" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerSoapPort']/value" -v "8881" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerHostName']/value" -v "localhost" $profilePath/applicationserver.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerCell']/value" -v "P8Node02Cell" $profilePath/applicationserver.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseSchema']/value" -v "NEXUS" $profilePath/configureicntask.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseServerName']/value" -v "localhost" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePortNumber']/value" -v "3737" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseName']/value" -v "NEXUSDB" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseUsername']/value" -v "nxsdbusr" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabasePassword']/value" -v "$password" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='ECMClientAdminName']/value" -v "P8Admin" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='DatabaseSchema']/value" -v "NEXUS" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='TableSpaceName']/value" -v "NEXUSTS" $profilePath/configurejdbcecm.xml
xmlstarlet ed --inplace -u "//property[@name='jdbcDir']/value" -v "/opt/ibm/db2/V9.7/java" $profilePath/configurejdbcecm.xml

xmlstarlet ed --inplace -u "//property[@name='jdbcDir']/value" -v "/opt/ibm/db2/V9.7/java" $profilePath/configurejdbcjarsecm.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerNode']/value" -v "P8Node02" $profilePath/configurejdbcjarsecm.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerName']/value" -v "server1" $profilePath/configurejdbcjarsecm.xml

xmlstarlet ed --inplace -u "//property[@name='LDAPServerHost']/value" -v "localhost" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPServerPort']/value" -v "389" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindDN']/value" -v "cn=P8Admin,o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='LDAPBindPassword']/value" -v "$password" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='WasFederatedBaseEntryDNRepository']/value" -v "o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='FederatedRepositoriesRealm']/value" -v "defaultWIMFileBasedRealm" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='WasFederatedRepositoryId']/value" -v "localhost" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='WasFederatedBaseEntryDNRealm']/value" -v "o=sample" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='AdminConsoleUser']/value" -v "P8Admin" $profilePath/configureldap.xml
xmlstarlet ed --inplace -u "//property[@name='SetAsActiveUserReg']/value" -v "false" $profilePath/configureldap.xml

xmlstarlet ed --inplace -u "//property[@name='DatabaseSchema']/value" -v "NEXUS" $profilePath/configuretmtask.xml
xmlstarlet ed --inplace -u "//property[@name='tmAdminUser']/value" -v "P8Admin" $profilePath/configuretmtask.xml
xmlstarlet ed --inplace -u "//property[@name='tmAdminPassword']/value" -v "$password" $profilePath/configuretmtask.xml
xmlstarlet ed --inplace -u "//property[@name='tmBaseURL']/value" -v "http://`hostname`:9081/taskManagerWeb/api/v1" $profilePath/configuretmtask.xml

xmlstarlet ed --inplace -u "//property[@name='CEHost']/value" -v "localhost" $profilePath/downloadcejarstask.xml
xmlstarlet ed --inplace -u "//property[@name='CEPortNumber']/value" -v "9080" $profilePath/downloadcejarstask.xml

xmlstarlet ed --inplace -u "//property[@name='ApplicationServerNode']/value" -v "P8Node02" $profilePath/deployapplication.xml
xmlstarlet ed --inplace -u "//property[@name='ApplicationServerName']/value" -v "server1" $profilePath/deployapplication.xml

xmlstarlet ed --inplace -u "//property[@name='LTPAKeyPath']/value" -v "/opt/IBM/ltpakeys.txt" $profilePath/importltpakey.xml
xmlstarlet ed --inplace -u "//property[@name='LTPAKeyPassword']/value" -v "$password" $profilePath/importltpakey.xml

$cfmgr execute -task downloadcejarstask -profile $profilePath
if [[ ! -e $profilePath/status/downloadcejarstask.ok ]]; then echo "downloadcejarstask failed"; exit 1; fi
$cfmgr execute -task configureldap -profile $profilePath
if [[ ! -e $profilePath/status/configureldap.ok ]]; then echo "configureldap failed"; exit 1; fi
$cfmgr execute -task importltpakey -profile $profilePath
if [[ ! -e $profilePath/status/importltpakey.ok ]]; then echo "importltpakey failed"; exit 1; fi
$cfmgr execute -task configurejdbcjarsecm -profile $profilePath
if [[ ! -e $profilePath/status/configurejdbcjarsecm.ok ]]; then echo "configurejdbcjarsecm failed"; exit 1; fi
$cfmgr execute -task configurejdbcecm -profile $profilePath
if [[ ! -e $profilePath/status/configurejdbcecm.ok ]]; then echo "configurejdbcecm failed"; exit 1; fi

chmod 777 /opt/IBM/ECMClient/configure/dbscripts/db2/modified/DB2_ONE_SCRIPT.sql
cat > $baseDir/initICNdb.sh<<EOF
db2 "CONNECT TO NEXUSDB"
db2 -tvmf /opt/IBM/ECMClient/configure/dbscripts/db2/modified/DB2_ONE_SCRIPT.sql
db2 "COMMIT"
EOF
chmod 777 $baseDir/initICNdb.sh
su - dsrdbm01 -c "$baseDir/initICNdb.sh"

$cfmgr execute -task configureloginmodules -profile $profilePath
if [[ ! -e $profilePath/status/configureloginmodules.ok ]]; then echo "configureloginmodules failed"; exit 1; fi
$cfmgr execute -task configuretmtask -profile $profilePath
if [[ ! -e $profilePath/status/configuretmtask.ok ]]; then echo "configuretmtask failed"; exit 1; fi
$cfmgr execute -task configureicntask -profile $profilePath
if [[ ! -e $profilePath/status/configureicntask.ok ]]; then echo "configureicntask failed"; exit 1; fi
$cfmgr execute -task rebuildear -profile $profilePath
if [[ ! -e $profilePath/status/rebuildear.ok ]]; then echo "rebuildear failed"; exit 1; fi
$cfmgr execute -task deployapplication -profile $profilePath
if [[ ! -e $profilePath/status/deployapplication.ok ]]; then echo "deployapplication failed"; exit 1; fi

echo Configured ICN
###################### STEP 18 ###########################
###         Configure FileNet/ICN apps in WAS          ###
##########################################################
echo 18/19: Configuring Apps in WAS...
cat >$baseDir/configWASFN.py<<EOF
import java
lineSeparator = java.lang.System.getProperty('line.separator')
def enableCookie(server, value):
  wc = AdminConfig.list('WebContainer',server)
  services = AdminConfig.list('Service',wc).splitlines()
  for service in services:
    AdminConfig.modify(service,[['enableCookies',value]])

def serverSessionmanagementCookiesHttpOnly(server, value):
  wc = AdminConfig.list('WebContainer',server)
  services = AdminConfig.list('Service',wc).splitlines()
  for service in services:
    dcs = AdminConfig.showAttribute(service, 'defaultCookieSettings');
    AdminConfig.modify(dcs,[['httpOnly',value]])


def setSecurityProperty(propertyName, propertyValue):
  security = AdminConfig.getid('/Security:/')
  prop = AdminConfig.getid('/Security:/Property:'+propertyName+'/')
  if prop:
    AdminConfig.modify(prop, [['value', propertyValue]])
  else:
    AdminConfig.create('Property', security, [['name',propertyName], ['value',propertyValue]])

def addServerSessionManagementProperty(server, propertyName, propertyValue):
  wc = AdminConfig.list('WebContainer',server)
  services = AdminConfig.list('Service',wc).splitlines()
  attr = [['name',propertyName],['value',propertyValue]]
  for service in services:
    AdminConfig.create('Property', service,  attr)


server = AdminConfig.getid('/Server:server1/')

# Add the InvalidateOnUnauthorizedSessionRequestException = true custom property to the server session management. 
addServerSessionManagementProperty(server, 'InvalidateOnUnauthorizedSessionRequestException', 'true')

# Uncheck "Set security cookies to HTTP Only to help prevent cross-site scripting attacks" in SSO settings
setSecurityProperty('com.ibm.ws.security.addHttpOnlyAttributeToCookies', 'false')

# Enable server session management cookies and Uncheck "Set session cookies to HTTP Only to help prevent cross-site scripting attacks".
enableCookie(server, 'true')
serverSessionmanagementCookiesHttpOnly(server, 'false')

server = AdminConfig.getid('/Server:server1/')
jvms = AdminConfig.list('JavaVirtualMachine',server)
arrayJVMs = jvms.split(lineSeparator)
jvm = arrayJVMs[0]

attr_name  = ['name', "com.ibm.websphere.orb.uniqueServerName"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', ""]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(jvm, [property])

AdminTask.configureTrustedRealms('[-communicationType outbound -trustAllRealms true]')
AdminTask.configureTrustedRealms('[-communicationType inbound -trustAllRealms true]')

AdminConfig.save()
EOF
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/configWASFN.py
rm -f $baseDir/configWASFN.py

cat >$baseDir/configWASFN.py<<EOF
import java
lineSeparator = java.lang.System.getProperty('line.separator')
 
server = AdminConfig.getid('/Server:server1/')
jvms = AdminConfig.list('JavaVirtualMachine',server)
arrayJVMs = jvms.split(lineSeparator)
jvm = arrayJVMs[0]
 
attr_name  = ['name', "com.ibm.websphere.orb.uniqueServerName"]
attr_value = ['value', "true"]
attr_required = ['required', "false"]
attr_description = ['description', ""]
attr_list = [attr_name, attr_value, attr_required, attr_description]
property=['systemProperties',[attr_list]]
AdminConfig.modify(jvm, [property])
 
AdminTask.configureTrustedRealms('[-communicationType outbound -trustAllRealms true]')
AdminTask.configureTrustedRealms('[-communicationType inbound -trustAllRealms true]')
 
AdminTask.renameIdMgrRealm('[-name defaultWIMFileBasedRealm -newName localhost:389]')
AdminTask.configureAdminWIMUserRegistry('[-realmName localhost:389 -verifyRegistry false ]')
 
AdminConfig.save()
EOF
/opt/ibm/WebSphere/AppServer/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv02 -lang jython -f $baseDir/configWASFN.py
rm -f $baseDir/configWASFN.py
echo Configured Apps in WAS
###################### STEP 19 ###########################
###      Restart WAS/Uninstall DefaultApplication      ###
##########################################################
echo 19/19: Restarting WAS...
/opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/stopServer.sh server1 -username P8Admin -password $password
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/stopServer.sh server1 -username P8Admin -password $password
/opt/ibm/WebSphere/AppServer/profiles/AppSrv01/bin/startServer.sh server1
/opt/ibm/WebSphere/AppServer/profiles/AppSrv02/bin/startServer.sh server1
echo Restarted WAS
# Uninstall the useless default app in WAS

echo Uninstalling DefaultApplication...
cat > $baseDir/uninstallDefault.py<<EOF 
AdminApp.uninstall('DefaultApplication')
AdminConfig.save()
EOF
 
/opt/ibm/WebSphere/AppServer/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv01 -lang jython -f $baseDir/uninstallDefault.py
/opt/ibm/WebSphere/AppServer/bin/wsadmin.sh -username P8Admin -password $password -conntype SOAP -profileName AppSrv02 -lang jython -f $baseDir/uninstallDefault.py
rm -f uninstallDefault.py
echo Uninstalled DefaultApplication

mkdir /FileNet
cat <<EOF > /FileNet/start.sh
#!/bin/bash
/etc/init.d/iptables stop
su - dsrdbm01 -c db2start
cd /opt/ibm/ldap/V6.3/sbin
./idsdiradm -I dsrdbm01
./ibmslapd -n -I dsrdbm01
 
cd /opt/ibm/WebSphere/AppServer/bin/
./startServer.sh server1 -profileName AppSrv01
./startServer.sh server1 -profileName AppSrv02
EOF

cat <<EOF > /FileNet/stop.sh
#!/bin/bash
cd /opt/ibm/WebSphere/AppServer/bin/
./stopServer.sh server1 -profileName AppSrv02 -username P8Admin -password $password
./stopServer.sh server1 -profileName AppSrv01 -username P8Admin -password $password
 
cd /opt/ibm/ldap/V6.3/sbin
./ibmslapd -I dsrdbm01 -k
./idsdiradm -I dsrdbm01 -k
 
su - dsrdbm01 -c db2stop
EOF
chmod u+x /FileNet/start.sh
chmod u+x /FileNet/stop.sh

echo /FileNet/start.sh and /FileNet/stop.sh have been created to start/stop the whole platform.

14 thoughts on “Install FileNet P8 without CPIT

  1. Elias Volkov

    Hello Guillaume, thanks a lot for this post!
    Your article is extremely precise and it has guided me very well though I am new to ECM systems.

    These are the only difficulties I experienced to complete my Filenet installation successfully.
    I installed step by step, so I did not check them against the all-in-one script.

    CEC installation requires CE and PE configuration steps to be done beforehand.
    In the initial LDIF file, copied from webpage and inserted in vi or mc editor, I had single space chars in each empty line separating the entries, that inhibited LDIF entries from being able to import properly. So space chars in empty lines had to be manually sought and destroyed.
    The -cmisAuth option usage is prohibited when installing ICN without fixpacks.
    You forgot to replace sample password (“For…”) with $password at some place.

    Thank you and please enjoy a look at Murmansk, Russia, the city I love best! :))
    http://kleinburd.ru/news/wp-content/uploads/2014/03/294.jpg

    Reply
    1. Guillaume Post author

      Hi Elias,

      Thank you so much for your feedback, I can see that helped others which is great! Sorry I haven’t answered before somehow I missed your comment.

      I’ll try to update my post with your comment when I have a bit more time.

      Reply
    2. Anand

      Hello

      anyone faced similar error on downloadcejarstask.
      Starting to run the Update the FileNet P8 Client Connector Files task.

      Update the FileNet P8 Client Connector Files
      There was an error executing the Update the FileNet P8 Client Connector Files task.
      The task failed with the following messages:

      Connection error: The IBM Content Navigator Configuration and Deployment Tool cannot connect to the following Content Engine server: sinlqfnwas01.td.afg. Ensure that the server is running and that the information about your Content Engine server is correct.

      Details:
      \Server returned HTTP response code: 401 for <

      Reply
    1. Guillaume Post author

      Hi Anand,

      I apologize for the really late answer, but I changed my hosting in January and I just noticed emails weren’t working anymore so I missed all the comments.

      I haven’t written anything about clustered platform since this blog is more focusing on development, but you can find this in the official doc here.

      Hope that helps.

      Reply
  2. Mladen Kuntner

    Hello Guillaume, thanks a lot for your work on this.
    Also thanks to Elias for hints on how to make all-in-one script perfect.

    I successfully installed FileNet 5.2.1 on CentOS 6 with all-in-one script.
    Then I tried the same on CentOS 7.

    It failed in step 4/19 TDS install.
    I found out that some rpm files were not installed because of conflicts.
    It look like the rpm changed behavior between CentOS 6 and CentOS7.

    The workaround is to put some rpm commands with –replace files option
    before the # Configure TDS step.

    Like this for example but for all not installed files:
    rpm –replacefiles -iv idsldap-srvbase64bit63-6.3.0-24.x86_64.rpm

    Hope this helps someone trying to install on CentOS 7.

    Reply
    1. Alexey

      Hello, Mladen!

      I cannot successfully install on CentOS 6 with all-in-one script. It failed in step 14:

      Configure LDAP ******
      There was an error executing the Configure LDAP task.
      Running the task failed with the following message: The LDAP authentication configuration failed.

      What was i missed?

      Reply
  3. Lloyd Charlier

    Hello Guillaume,

    We have a production P8 5.2.1 system running in a Windows environment (Windows Server 2012 R2, Active Directory, MSSQL Server, WAS 8.5.5) and we are trying to implement a programmatic method of adding new object stores. While we understand how to programmatically create new SQL databases to be used by the object stores, we are unclear as to the best approach to create/configure new WAS JDBC datasources and subsequently define/instantiate the new object stores that utilize them. From the examples you show above, it would appear that we could:

    1) Create a new configurejdbcos.xml file for each new datasource.
    2) Create the JDBC datasources by executing the configuration file in #1 above using the
    configmgr_cl.exe utility.
    3) Create an os.properties file specifying the object stores to be created.
    4) Create the object store(s) by executing the “P8Util createOS” function against the
    properties file created in #3 above.

    Is this approach correct? Are there steps missing? Is there a better way to do any/all of the above using an API, preferably in C#? Assuming we can successfully implement a programmatic approach to do this, does bringing a new object store online require either a reboot or WAS restart? We would like to avoid this if at all possible.

    I look forward to your reply. Thanks.

    Reply
  4. Michael Pressler

    Hello Guillaume,
    many thanks for this great blog post. I learned a lot.
    At the moment I’m trying cpit for ICM. May it be possible to add the ICM installation steps to this blog post as well ?

    Reply
  5. Alexey

    Hello!
    There are mistakes in step 8:

    echo 8/19: Importing users in TDS…
    cat >$baseDire/users.ldif<<EOF <—! should be $baseDir

    /opt/IBM/ldap/V6.3/sbin/idsldif2db -i $baseDir/users.ldif -I dsrdbm01 <—! should be $baseDir

    Reply
  6. Erik

    Hello Guillaume,

    Is there another way existing to create domain and object stores instead of using cpt-actions.jar?
    Thank you for your answer!

    Reply

Leave a Reply