Documentos de Académico
Documentos de Profesional
Documentos de Cultura
AF
DR
Version 6.5
September 2016
LMEX-65-IUG-IU-01
Notices
Edition
Publication date: September 2016
Book number: LMEX-65-IUG-IU-01
Product version: Version 6.5
Copyright
Rocket Software, Inc. or its affiliates 1998-2016. All Rights Reserved.
Trademarks
Rocket is a registered trademark of Rocket Software, Inc. For a list of Rocket registered trademarks go
to: www.rocketsoftware.com/about/legal. All other products or services mentioned in this document
may be covered by the trademarks, service marks, or product names of their respective owners.
Examples
This information might contain examples of data and reports. The examples include the names of
individuals, companies, brands, and products. All of these names are fictitious and any similarity to
the names and addresses used by an actual business enterprise is entirely coincidental.
License agreement
This software and the associated documentation are proprietary and confidential to Rocket Software,
Inc. or its affiliates, are furnished under license, and may be used and copied only in accordance with
the terms of such license.
Note: This product may contain encryption technology. Many countries prohibit or restrict the
use, import, or export of encryption technologies, and current use, import, and export regulations
should be followed when exporting this product.
Corporate information
Rocket Software, Inc. develops enterprise infrastructure products in four key areas: storage, networks,
and compliance; database servers and tools; business information and analytics; and application
development, integration, and modernization.
Website: www.rocketsoftware.com
Rocket Global Headquarters
77 4th Avenue, Suite 100
Waltham, MA 02451-1468
USA
To contact Rocket Software by telephone for any reason, including obtaining pre-sales information
and technical support, use one of the following telephone numbers.
Country
United States
1-855-577-4323
Australia
1-800-823-405
Belgium
0800-266-65
Canada
1-855-577-4323
China
800-720-1170
France
08-05-08-05-62
Germany
0800-180-0882
Italy
800-878-295
Japan
0800-170-5464
Netherlands
0-800-022-2961
New Zealand
0800-003210
South Africa
0-800-980-818
United Kingdom
0800-520-0439
Contents
Notices................................................................................................................................................................................... 2
Corporate information......................................................................................................................................................... 3
Whats new in release 6.5?...................................................................................................................................................6
Chapter 1: Overview............................................................................................................................................................. 7
System requirements............................................................................................................................................... 8
Downloading the installation programs............................................................................................................... 11
Documentation....................................................................................................................................................... 12
Chapter 2: Server installation............................................................................................................................................ 14
Server installation prerequisites........................................................................................................................... 14
Configuring a connection to the LM(i) computer................................................................................................. 15
Installing LM(e)........................................................................................................................................................17
Logging into Security Server..................................................................................................................................18
Applying the license key and feature codes......................................................................................................... 19
Creating the LM(e) administrator.......................................................................................................................... 21
Changing the default passwords...........................................................................................................................22
Changing the DB2 passwords.................................................................................................................... 22
Changing Security Server passwords........................................................................................................22
Changing the Apache Tomcat administrator password.......................................................................... 23
Starting and stopping servers............................................................................................................................... 23
Post-installation administration............................................................................................................................24
Checking server status............................................................................................................................... 25
Setting Load Inventory directory permissions......................................................................................... 25
Running a database integrity report.........................................................................................................25
Checking for active LM(e) users.................................................................................................................26
Restarting an installation...........................................................................................................................27
Chapter 3: Client installation.............................................................................................................................................28
Installing the LM(e) client on Microsoft Windows................................................................................................ 28
Installing the LM(e) client on Microsoft Windows.................................................................................... 29
Creating an LM(e) server definition...........................................................................................................29
Editing the firewall exceptions list............................................................................................................ 30
Configuring the LM(e) command line interface on Microsoft Windows.................................................. 31
Enabling the LM(e) Extension for Windows Explorer............................................................................... 32
Defining the working environment to LM(e).................................................................................33
Installing the LM(e) client on Linux, UNIX, or Mac............................................................................................... 34
Installing the LM(e) client on Linux, UNIX, or Mac....................................................................................34
Adding the command line executable program to the PATH environment variable..............................36
Configuring multiple LM(e) users on a shared client computer.......................................................................... 37
Chapter 4: Deployment installation.................................................................................................................................. 38
Installing remote Deployment servers.................................................................................................................. 38
Configuring Deployment servers........................................................................................................................... 40
Providing Deployment client information............................................................................................................ 41
Installing Deployment clients................................................................................................................................ 41
Defining Deployment target computers................................................................................................... 42
Installing Deployment clients on Windows.............................................................................................. 42
Installing the LM(e) Deployment client on Microsoft Windows................................................... 43
Configuring the Deployment client on Microsoft Windows......................................................... 43
Starting and stopping the Deployment client on Microsoft Windows.........................................46
Running the Deployment client program as a Windows service................................................. 47
Increasing memory for the deployment service...........................................................................48
Contents
Chapter 1: Overview
Install server components on a Linux server. The server components include IBM DB2, Security Server,
and LM(e) server (which includes platform-appropriate Deployment Manager Server (DM) server and
client).
If your company also uses LM(i) to manage IBM i-based application software, you can then configure
the LM(e) server to communicate with the LM(i) server.
Install the development client on Microsoft Windows, Linux, UNIX, or Mac computers. The LM(e) client
for Microsoft Windows includes a graphical interface to the LM(e) server. On all operating systems, the
development client includes a command line interface to the LM(e) server.
You can ensure secure connections by configuring SSL between browsers and the Security Server;
between the LM(e) server and the Security Server; between the LM(e) server and the clients; and
between the DM server and Deployment clients.
Use of deployment features is optional. After the DM server is configured and started on the LM(e)
server, and the appropriate Deployment client is installed and started on the intended recipient
computers in your network, you can configure any LM(e) application to deploy changes. Deploy
changes on a case-by-case (ad hoc) basis, or when parts are promoted. Install the Deployment client
on Microsoft Windows, Linux, Unix, or other computers in your network where you want software
changes to be received and installed.
Optionally install Lifecycle Manager Web Portal to promote and deploy software changes, Rocket
Aldon Report Manager to generate software process reports, and Rocket Aldon Community Manager
to track projects and issues.
Chapter 1: Overview
System requirements
You must meet the hardware and software requirements for all LM(e)-related components.
IBM DB2, Security Server, Deployment server, and LM(e) server on Linux
An LM(e) installation can include IBM DB2 Express version 10.5.0.3, Security Server version 2.3B, LM(e)
DM Plus 2.0 Deployment server, and LM(e) version 6.5. These requirements also apply to installations
of a remote Deployment server on its own computer.
Hardware
A dual, Intel-compatible, multi-core, 64bit CPU with a speed of 2.2 GHz or faster.
A multiple file system configuration with the following disk space requirements (in
gigabytes, unless otherwise specified):
Directory
/home
200G
/opt
/var
/tmp
Note: For ongoing operations, exact space requirements depend on your data.
Software
One of the following Linux distributions. Do not customize the installation configurations or
remove packages from them:
Red Hat Enterprise Linux version 6.6 and above, and version 7.2 and above. Use either the
Basic Configuration or the Desktop configuration. The computer must subscribe to the
Red Hat Network. The installation program checks for required packages, and if it does
not find them it installs them from the Red Hat Network using the Internet.
CentOS version 6.6 and above, and version 7.2 and above. Use either the Basic
Configuration or the Desktop configuration.
OpenSSL version 0.9.8. If the required version of OpenSSL is not found on the computer
at installation time, the installation program downloads and installs the required version.
For Red Hat computers to receive the required version, they must subscribe to the Red Hat
Network.
If you will use LM(e) to manage LM(i) objects, you must install IBM i Access Client Solutions
version 1.1.0.3 or higher on the LM(e) server. IBM i Access Client Solutions includes the ODBC
System requirements
driver required to communicate with the IBM i computer that hosts LM(i). Instructions for
installing IBM i Access Client Solutions are provided in this documentation.
If you will configure SSL between the Deployment server and Deployment clients, you must
install the java-1.7.0-openjdk package from Red Hat or CentOS. The java-1.7.0-openjdk
package provides the keytool program required to create SSL certificates that are compatible
with Deployment clients.
A connection to the same local area network as the system that hosts the LM(e) server
Linux: 40 MB
AIX: 250 MB
Solaris: 140 MB
Software
For Linux:
RedHat Enterprise Linux or CentOS Linux, version 5.x, 6.x, or 7.x, 32-bit or 64-bit
OpenSSL version 0.9.8. If the required version of OpenSSL is not found on the computer at
installation time, the installation program downloads and installs the required version. To
receive the required version, Red Hat computers must subscribe to the Red Hat Network.
OpenSSL is installed without pre-conditions on CentOS computers.
For UNIX:
You must install OpenSSL version 0.9.8 on AIX, and version 0.9.7 on Solaris.
Software
Chapter 1: Overview
Deployment clients
Install the appropriate deployment client on any computer in your network that is a deployment
target that will receive software updates from the LM(e) server.
Hardware
A TCP/IP connection to the same network as the computer that hosts the LM(e) server.
Approximately 50 MB of available disk space, plus space for deployments.
Software
One of the following operating systems:
Red Hat Enterprise Linux, Version 5.x or 6.x, or CentOS Version 5.x or 6.x. Red Hat Linux must
be configured to receive Red Hat updates.
IBM AIX, Versions 5.3, 6.1, or 7.1, with Java Version 7 (1.7) installed.
Oracle Solaris 10 (SunOS 5.10), with Java Version 7 (1.7) installed and the SUNWscpu package
installed.
IBM i, Version 6.1, 7.1, or 7.2. with an appropriate IBM Developer Kit for Java licensed program
installed for the operating system version. Java 7 is recommended for optimal support of
deployment and automatic client update. Supported versions are:
For IBM i 6.1: Licensed program 5761JV1, option *BASE, plus option 11, with PTF Group
SF99562 Level 16 or higher applied. (Java 6, 32-bit)
java-1.7.0-openjdk RPM package from your Linux distribution (recommended), or Java 1.7 or
higher JDK or JRE (Red Hat or CentOS Version 5.x or 6.x)
If the computer on which you install the Deployment client has Internet access, the installation
program installs the required programs automatically. If the computer does not have Internet
access, you must install the LSB package appropriate to your operating system, and install
the recommended Java package (java-1.7.0-openjdk RPM) or a compatible JDK or JRE (1.7 or
higher). If you install a Java version other than the java-1.7.0-openjdk RPM, you must include
10
the --dcjava flag in the installation command with the path to the JDK or JRE binary. For
example:
./install --lmd --dcjava /opt/jre1.7.0_71/bin/java
Report Manager
Refer to the Rocket Aldon Report Manager Installation Guide for system requirements and installation
instructions.
Community Manager
Refer to the Rocket Aldon Community Manager Installation and Upgrade Guide for system requirements
and installation instructions.
11
Chapter 1: Overview
Item Description
File type
zip
zip
tgz
tgz
tgz
tgz
Documentation
Download only if you are installing or upgrading clients on computers with these operating
systems.
5.
Store the downloaded files in a network location that is accessible to the computers on which you
plan to install or upgrade.
Documentation
These documents provide information about Lifecycle Manager and other Rocket Aldon products.
All Rocket Aldon product documentation is available in the Rocket Documentation Library on the
public documentation web site (http://docs.rocketsoftware.com); the Installation and Upgrade Guide
is also available on the Rocket Customer Portal website (http://www.rocketsoftware.com/support).
These documents explain how to use LM(e):
Rocket Aldon Lifecycle Manager (Enterprise Edition) LMCS Configuration Editor Quick Start Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Setup and Special Topics User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Deployment Administration User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Introduction and Overview User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) How Do I...? User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Extension for Microsoft Windows Explorer
Rocket Aldon Lifecycle Manager (Enterprise Edition) Subversion Integration Administrator's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Security Server User's Guide
Rocket Aldon Lifecycle Manager (Enterprise Edition) Installation and Upgrade Guide for Linux Servers
Rocket Aldon Lifecycle Manager Web Portal Installation and Maintenance Guide
12
Documentation
These documents explain how to install and use the Lifecycle Manager Team Repository Eclipse Plugins:
Rocket Aldon Lifecycle Manager Team Repository Plug-ins online help system
These documents explain how to install, administer, and use Community Manager:
13
Confirm that the Linux server is using the correct values for your location for the date, time, and
coordinated universal time offset. LM(e) uses these values to compute time and date values for
display on client computers.
Confirm that you have the Validations sheet that shows your company name, license key
information, and feature codes. If you do not have this information, contact your system
administrator or your Rocket Aldon sales representative.
Verify that IBM DB2 is not already installed on the computer where you plan to install LM(e). If IBM
DB2 is on this computer, remove it before you install LM(e).
LM(e) is not supported on systems running Security-Enhanced Linux (SELinux). Before beginning
the installation process, run the following command to determine whether SELinux is turned on:
sestatus
If the command returns a value of disabled on the results line labeled SELinux status,
then SELinux is not running.
If the command returns a value of enabled on the results line labeled SELinux status,
then you must disable SELinux before proceeding. To disable SELinux, open the /etc/
sysconfig/selinux file in an editor and change the value of the SELINUX setting to
disabled. Then save the file and reboot the computer.
To show the settings for both tables, enter the following command:
chkconfig --list | grep table
2.
0:off
0:off
1:off
1:off
2:on
2:on
3:on
3:on
4:on
4:on
5:on
5:on
6:off
6:off
Then:
[user@computer]# chkconfig ip6tables off
3.
4.
14
To check that the values are off, enter the command from Step 1. All values should be set to
off.
Reboot the computer.
Confirm that you can log onto the Linux system as the root user.
IBM DB2, LM(e), and the Security Server use port numbers 7890, 8000, 8080, and 50006. These
port numbers must be available when you install the products. If you must change these port
numbers after installation, you can find information on the Rocket Customer Portal website
(http://www.rocketsoftware.com/support), or contact technical support.
Prerequisites
These steps assume the following:
The Linux computer is Red Hat or CentOS 6.6 or higher (not 7.x or higher). IBM i Access Client
Solutions does not support Red Hat or CentOS 5.11.
You can download files from the IBM Entitled Software Support (ESS) web site. IBM customers
entitled to V7R1, V7R2 IBM i OS can download the i Access Client Solutions product. You must
download and install i Access Client Solutions version 1.1.0.3 or higher.
You know the user name and password of a user with a profile on the LM(i) computer.
Procedure
1.
2.
If the ODBC driver is not installed enter the following command to install it:
yum install unixODBC
3.
Follow instructions at the following URL to download IBM i Access Client Solutions for Linux:
4.
5.
Copy the IBM i Access Client Solutions file to the /tmp directory on the Linux computer.
Enter the following command to navigate to the /tmp directory:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010355
cd /tmp
6.
7.
8.
9.
unzip IBM_i_Access_Client_Solutions_-_Linux_AP_LCD8_2012_03.zip
-d iaccess
cd /tmp/iaccess/x86_64
Open the /etc/odbc.ini file in an editor and add all of the following content to specify LM(i)
parameters. This includes all of the parameters and the values shown. On the first line, the name
15
of the IBM i computer must be enclosed in brackets. However, brackets are not used with any of
the parameter values. Including extra line spaces between each line item is optional:
[ibmi_servername]
Description
Driver
System
UserID
Password
Naming
DefaultLibraries
Database
ConnectionType
CommitMode
ExtendedDynamic
DefaultPkgLibrary
DefaultPackage
AllowDataCompression
LibraryView
AllowUnsupportedChar
ForceTranslation
Trace
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
=
[ibmi_servername]
IBM i Access ODBC Driver 64-bit
[ibmi_fqhn]
0
QGPL
0
2
0
QGPL
A/DEFAULT(IBM),2,0,1,0,512
1
0
0
0
0
Where [ibmi_servername] is the name of the IBM i computer that hosts LM(i), and [ibmi_fqhn] is
the fully qualified host name of the IBM i computer that hosts LM(i). For example:
[SERVERNAME]
Description = SERVERNAME
Driver = IBM i Access ODBC Driver 64-bit
System = SERVERNAME.domain.com
UserID =
Password =
Naming = 0
DefaultLibraries = QGPL
Database =
ConnectionType = 0
CommitMode = 2
ExtendedDynamic = 0
DefaultPkgLibrary = QGPL
DefaultPackage = A/DEFAULT(IBM),2,0,1,0,512
AllowDataCompression = 1
LibraryView = 0
AllowUnsupportedChar = 0
ForceTranslation = 0
Trace = 0
10. Enter the following command to test the LM(e) Linux to IBM i connection:
isql [ibmi_servername] [username] [username_pw]
Where [ibmi_servername] is the name of the IBM i computer that hosts LM(i). [username] is the
name of a user with a profile on the LM(i) computer. [username_pw] is that users password. You
should see a connection like this:
[user@ibmiserver ~]$ isql ibmiserver [username] [username_pw]
+---------------------------------------+
| Connected!
|
|
|
| sql-statement
|
| help [tablename]
|
| quit
|
|
|
+---------------------------------------+
SQL>
16
Installing LM(e)
Installing LM(e)
Run the LM(e) installation program to install LM(e), DB2 Express, and Security Server.
Prerequisites
If you will use LM(e) to manage LM(i) objects, you must have already installed IBM i Access Client
Solutions on the Linux computer before starting the LM(e) installation program. For information, see
the topic Configuring a connection to the LM(i) computer.
Make sure you have met all system requirements and server installation prerequisites.
After you install LM(e), you must enter product validation and feature codes in Security Server before
you can use LM(e).
Procedure
1.
2.
3.
4.
5.
6.
cd /tmp
unzip [filename].zip
7.
cd /tmp/aldonadm
8.
9.
If any required packages are not present, a message is displayed and you are given the
opportunity to install them. Type y to install them.
On the Utility Menu, type 1 and press Enter to start the installation program.
When the message Is DB2 already installed? (Y/N) is displayed, take one of the following steps.
To install DB2, type N and press Enter. Then continue with step 10.
17
If you already used this installation program to install DB2 on this computer and are now
installing other components, type Y and press Enter. Enter the default password, which is
provided in the Installation Notes, and then continue with step 11.
If you installed DB2 on this computer with a program other than this installation program,
type N and press Enter. When the DB2 Configuration Menu is displayed, use option P to return
to the Utility Menu, and then use option E to exit the installation program.
10. To install DB2, type I and press Enter. Do not change the default values.
DB2 is installed.
11. On the Product Menu, take one of the following steps:
To install Security Server and LM(e), type 1,2 and press Enter.
To install Security Server, LM(e), and create an LM(e)-LM(i) connection, type 1,2,3 and press
Enter.
12. On the Security Server Configuration Menu, type 3 and press Enter. Then enter your company
name exactly as it appears in the Validations sheet, and press Enter.
13. Type N (Next) and press Enter.
14. On the LM(e) Configuration Menu, type N and press Enter to install LM(e).
15. On the LM(e) to LM(i) Configuration Menu, provide the following information:
Type 1 and press Enter. Then enter the host name, IP address, or fully qualified name of the
remote LM(i) server computer.
Type 2 and press Enter. Then enter the relational database directory name.
If the LM(i) program library is different from the library shown, type 3 and press Enter. Then
enter the name of the library.
16. On the Install Confirmation Menu, review the configuration information, and then perform one of
the following steps:
If you typed I, the program installs the LM(e) server, Security Server, Deployment Manager
Server, and Deployment Manager Server server. Then it automatically starts DB2 and Security
Server.
Next step
When you have installed all of the components, you must log into Security Server with your browser
and apply the license key and feature codes.
18
Prerequisites
You must successfully run the LM(e) installation program.
If either situation occurs, the next time that you perform a task that requires an interaction between
the browser and the Security Server, you must log in again.
If you close the session without first clicking Logout, the online session continues until the 12-hour
limit is reached. During that time, you appear as an active user.
For best results when you work with the Security Server, keep these tips in mind:
Do not log into the Security Server if another administrator is already logged in.
Procedure
1.
2.
Open a browser, and enter the URL for the Security Server.
The URL has the following syntax: http://server_name:port/aldonsecurityservice, where
server_name is the host name or IP address of the computer on which the Security Server is
installed; port is the number of the non-SSL HTTP Connector, as defined in the AldonLM.conf
file (the default is 8080); and aldonsecurityservice is the name of the Security Server web
application.
Enter the administrator user name and password, and then click Login Security Server.
If this is the first time that anyone is logging into the Security Server, enter the user name
administrator and the password that was included in your installation package notes. You
are immediately prompted to change the password for the administrator ID.
Next step
If you just finished installing LM(e) and are configuring it for the first time, apply the license key and
feature codes.
Prerequisites
Have the Validations sheet available; it contains the license key and feature codes.
Have the Security Server administrator user name and password available.
19
server, you do not enter the feature codes for Named users and Concurrent users, because the values
provided for the managing instance are applied to any LM(e) instance defined to this Security Server.
The following table describes the feature codes and where you enter them:
Feature code name
Apply to
Description
Number of deployment
locations
All instances
All instances
Enables Web-Portal-based
deployment for all instances
of LM(e) that are managed by
this Security Server, if they are
associated with an installed
instance of the Web Portal.
Procedure
1.
2.
3.
4.
5.
20
Log into the Security Server as an administrator, and then click Manage Products and Instances.
Click the name of the LM(e) instance, and then click License.
In the License Key field, enter the license key that came with the Validations sheet, and then click
Verify.
If the license key is not valid, the message Invalid license key is displayed. If the license key is
valid, the Product Licensing page is displayed. This page lists the version number and instance
name of the LM(e) release; and the license key type and expiration date.
Enter a feature code in the Feature Codes field, and then click Verify New Feature Code. Repeat
this step for each feature code.
If a feature code is successfully validated, it is displayed in the table of feature codes, along with
the current value and expiration date of the code.
When you finish entering all feature codes, click Commit to activate the codes.
Next step
Install and configure one LM(e) development client for the LM(e) administrator to use for configuring
LM(e). See Installing the LM(e) client on Microsoft Windows, on page 29.
If you entered Web Portal feature codes, then you must separately install the Lifecycle Manager Web
Portal software. Refer to your Rocket Aldon Lifecycle Manager Web Portal Installation and Maintenance
Guide for complete instructions.
Prerequisites
The user who you will specify as the LM(e) administrator must be a registered user on the Linux
computer that hosts LM(e), with a login user name and password.
2.
3.
21
c.
d.
e.
Next step
To access LM(e), the LM(e) administrator installs the LM(e) client for Windows.
2.
c. Type the new password, and then confirm the new password.
To change the password for dasusr, on the LM(e) host computer, log in as the dasusr and enter
the default password that is provided in the Installation Notes document. Then use the passwd
command to change the password.
22
Prerequisites
To change the Apache Tomcat administrator user password, you require the default Tomcat
Authentication Log In credentials. These credentials are provided in the Installation Notes for Security
Server & LM(e) document, which is available from the Aldon Lifecycle Manager Enterprise page of the
Rocket Customer Portal.
Procedure
1.
2.
3.
4.
5.
6.
Open a web browser and log in to Security Server. See Logging into Security Server, on page 18
if needed.
On the Where would you like to start? page, click Configuration.
In the Tomcat Admin User Name list, accept the default user name, if it applies, or select a
different name.
Type the current password in the Old Tomcat Password field.
Type the new Tomcat password in the New Tomcat Password field and in the Verify Tomcat
Password field.
Click Save Changes.
You do not need to stop and restart Security Server after making this change.
IBM DB2
Security Server
LM(e) server
Deployment server
Stop order:
1.
2.
3.
4.
LM(e) server
Security Server
Deployment server
IBM DB2
23
Note: If you are not licensed to deploy to target locations, use the stopdm command to stop just
the Deployment server and save system resources.
1.
2.
On the computer where the applications were installed, log in as the root user.
Use the following syntax to run a command:
/etc/init.d/aldonsys option
Description
status
start
stop
restart
startdb2
Starts DB2.
stopdb2
Stops DB2.
startss
stopss
startlm
stoplm
startdm
stopdm
Post-installation administration
After you have installed LM(e) and completed basic configuration, you can perform these tasks to
monitor and configure the server before users start working.
24
Prerequisites
This task assumes that you have root user credentials for the computer that hosts the LM(e) server.
Procedure
To verify that all of the required servers are running, perform the following task:
Log in as the root user on the computer that hosts the LM(e) server, and then enter the following
command:
/etc/init.d/aldonsys status
The status of IBM DB2, Security Server, LM(e) server, Deployment Manager Server, and Deployment
Manager Server server is displayed.
Where path is the path to the directory containing the parts, and directory_name is the name of the
directory containing the parts.
25
For each fully-versioned table, the database integrity report lists the total number of rows and details
about the rows that have errors. The report also lists tables that are not checked because they are not
fully-versioned.
To run the report automatically when the Dispatcher job starts, set the DoDBCheck parameter in the
AldonLM.conf file, which is in the /opt/aldon/aldonlm/current/etc directory. Specify one
of the following values for the parameter:
Sign onto the LM(e) server as the root user or as a user that has root user privileges.
Change to the following directory:
3.
4.
cd /opt/aldonlm/current/bin
Command
Result
./vfyvdb
./vfyvdb -v
./vfyvdb -v >vfyvdbrpt
To find validity-checking errors in the report, search on ***. If you find errors, contact technical
support.
Prerequisites
You must have administrator access to Security Server.
Restarting an installation
Perform the following steps to see users with active sessions, and end those sessions.
Procedure
1.
2.
3.
4.
5.
To end sessions per user, click Show Active. In the users row, click Interactive and Deferred
in the End Active Sessions column to end interactive or deferred sessions for a particular user.
To end all active sessions, in the Terminate Sessions section, set the number of hours for
interactive sessions to zero (0), and then click End Active Sessions. If there are deferred
sessions, set the number of deferred session hours to zero (0), and then click End Deferred
Sessions.
Restarting an installation
If you exit the installation program after you configure some or all of the products, you can restart the
installation program and continue where you stopped.
Prerequisites
You exited the installation program before completing installation using the P and then E options,
which saves the configuration settings. You did not exit the installation program using the A option
which does not save the configuration settings. If you did not save the configuration settings, you
must start the installation program from the beginning.
You did not change anything in the /tmp/aldonadm installation directory after exiting the
installation program.
Procedure
1.
On the computer on which you ran the installation program previously, enter the following
command to change to the directory where the installation files are located:
2.
3.
4.
5.
6.
cd /tmp/aldonadm
To review the configuration for a product, type the option number for the product, and then
press Enter. If necessary, modify the configuration, and then type P to return to the Product
Menu.
To configure a product, type the option number for the product, and then press Enter. Type
the required configuration information, and then type P to return to the Product Menu.
When all products are configured, type I and then press Enter to install the products.
27
2.
3.
4.
5.
28
Prerequisites
Have access to a user profile that has local administrator rights on the computer where you are
installing the software. Ask your Windows system administrator if you are not sure whether you
have administrator rights.
Obtain the following information from the LM(e) administrator, or from the person who installed
the LM(e) server:
The IP address, short host name, or fully qualified host name of the computer that hosts LM(e)
server.
The port number for the Affiniti Dispatcher service on the LM(e) server. The port number is
contained in the /etc/services file and the parameter is Affiniti_Dispatcher. The default
port number is 7890.
Procedure
1.
2.
3.
4.
5.
Prerequisites
To define an LM(e) server connection, you must know:
29
The long host name, short host name, or IP address that identifies the LM(e) server computer on
the network. An example of a long host name is server.companydomain.com. An example of a short
host name is server. An example of an IP address is 192.168.1.1.
The port number of the Affiniti_Dispatcher service on the Linux computer that hosts the LM(e)
server. The port number is contained in the /etc/services file, the Affiniti_Dispatcher
parameter.
Procedure
1.
2.
3.
4.
5.
6.
7.
8.
9.
To open the Lifecycle Manager Client Services (LMCS) Configuration Editor, click Start
program_location Aldon LM x.x LMCS Configuration Editor, where program_location is
Programs on Windows 8 and Windows 2003, or All Programs on Windows 7 and Windows Server
2008; and where x.x is the LM(e) version number.
To define an LM(e) server connection, locate the LM(e) server instances section.
Locate the line in the section that is marked with an asterisk (*).
Click in the first field and type any arbitrary instance name that you want to assign to the server
that you are defining. An example might be LMeServer. You must specify this instance name,
exactly as you define it here, when you are signing in from the LM(e) client.
Tab to the next field, and type the host name or IP address that identifies the server computer on
the network.
Tab to the last field, and type the Dispatcher port number.
Press Enter to store the entry.
Click Save, and then click Close.
For Windows systems with IPV6 enabled, the aldcs client listens on the IPV6 localhost IP
address, ::1. When the local hosts file on Windows is modified to lookup the IPV4 address for
localhost, the user may receive the error, AFF3434: Unable to connect to port/service '55555' on
server 'localhost'. Perform the following steps to ensure that aldcs launches correctly:
a. In Windows Explorer, navigate to the C:\Windows\System32\drivers\etc folder.
b. Open the hosts file in an editor.
c. In the following section make sure both entries are commented out with a # symbol:
# localhost name resolution is handled within DNS itself.
#
127.0.0.1
localhost
#
::1
localhost
If the Microsoft Windows firewall is on, then the first time that you attempt to sign in to the LM(e)
client, the Security Alert dialog box prompts you to choose between continuing to block the client
program or unblocking it. Click Unblock to add the client program to the firewall exceptions list.
From the computer where the LM(e) client is installed, click Start Control Panel Windows
Firewall. On the Exceptions tab, click Add Program and navigate to and select the aldcs.exe
file. Click Open, and then click OK twice.
To set the path environment variable for the current session only, complete the following steps:
a. From the Windows computer on which the LM(e) client is installed, click Start All
Programs Accessories Command Prompt.
b. Enter the following command to set the path environment variable to the default installation
folder for the LM(e) client:
set path=%path%;C:\program_location\Aldon\Aldon LM x.x
where program_location is the folder where installed programs are stored on this Microsoft
Windows computer, and x.x is the LM(e) version. The default program location is Program
Files (x86). Enclose the path location in double quote marks when the path includes a
space, for example:
2.
To set the path environment variable permanently, complete the following steps:
a.
b.
Open the Windows Control Panel and then click System. On the Advanced tab, click
Environment Variables.
Perform one of the following steps:
If no path variable is defined in the User variables area, click New and then in the
Variable name field, type path. In the Variable value field, type the path to the folder
where the LM(e) client is installed.
If a path variable is defined in the User variables area, select the path variable, and then
click Edit. In the Variable value field, press the End key to position the cursor at the end
of the existing value. Then type a semicolon, followed by the path to the folder where the
LM(e) client is installed.
c.
Prerequisites
The LM(e) client must be installed on the Windows computer. The LM(e) Extension for Windows
Explorer is installed along with the LM(e) client.
Refresh
Check Out
Check In
Add File
In addition, the extension includes Setup commands that you use to configure your working
environment.
Procedure
1.
2.
3.
4.
On the Microsoft Windows computer that has the LM(e) client installed on it, use Microsoft
Windows Explorer to navigate to the location where the LM(e) client is installed.
The default location for the LM(e) client is C:\Program Files (x86)\Aldon\Aldon LM
x.x directory, where x.x is the LM(e) client version number.
Locate and open the file named LMShellExt.ini in a text editor.
Edit the settings in the file so that they match the following entries:
UseShellDecorators=1
UseLMMenu=1
Save and close the file, and then restart the computer.
Next step
After you enable the extension, you can define a working environment and begin managing files with
LM(e) directly from the file explorer window. For complete usage instructions, refer to the Rocket Aldon
Lifecycle Manager (Enterprise Edition) Extension for Microsoft Windows Explorer.
Previous topic: Configuring the LM(e) command line interface on Microsoft Windows
Parent topic: Installing the LM(e) client on Microsoft Windows
32
Prerequisites
The LM(e) client must be installed on the Windows computer. The LM(e) Extension for Windows
Explorer must be enabled.
Procedure
1.
2.
3.
On the Windows computer where the LM(e) client is installed, open a Windows Explorer window
and navigate to the directory location where you plan to work.
Right-click in the file area, and choose LM(e) x.x Setup Initialize.
On the Initialize dialog box, complete the following fields, and then click OK twice:
Field
Description
Instance
Group
Application
Release
Version Number
Path Designator
The initialization process creates an LM(e) control directory named .aldlme in the working
directory location. LM(e) stores the information about the repository location that is associated
with this working directory in the control directory.
4.
5.
6.
Right click in the file area of the Explorer window, and choose LM(e) x.x Setup User Signon.
Type your LM(e) user name and password, and then click OK.
Right click in the file area, and choose LM(e) x.x Setup Set Developer Environment.
The command returns output that is similar to the following lines:
Path: C:\Development\MyGrp\MyApp\MyRel(1.0)
set for path designator: 1
33
LM(e) requires a development environment to do its work. This command associates a clientbased development environment with the working directory path.
Once initialized, the working environment remains set until the user re-positions to a new
directory and re-initializes to another release to work on another project.
JE: What happens then? Does the first initialization break? Can you only have one per client
machine?
2.
Prerequisites
The computer must have an Internet connection for downloading required system packages.
If the computer is a Red Hat system, it must be licensed and configured to use the Red Hat
Network.
You must have the host name and port number of the LM(e) server.
Procedure
1.
34
2.
3.
Copy the installation files from the network share location where the installation files are stored
to the /tmp directory on the client computer.
To change the current directory to /tmp, enter the following command:
cd /tmp
4.
5.
cd /tmp/aldcs
6.
7.
The installer identifies itself and its purpose, prompts you for information about your LM(e) server
computer, and asks whether you want to provide information about your LM(e) server now. Read
all information and prompts. Do one of the following:
./install --lmc
Type y to supply host information for your LM(e) server, and press Enter; then skip to Step 8.
Type n and press Enter to skip this step. You can supply this information later, or correct the
information you supply now, by opening the following file:
/opt/aldon/aldonlmc/current/etc/aldcs.conf
Then edit the following value:
#LM(e) server instances (previously named "[server-instances]")
[LMe-instances]
LMeServer=[lme_hostname]/[port_number]
Where lme_hostname is the full host name of the LM(e) instance, for example
myserver.company.com, and port_number is the port number through which the client will
communicate with the instance. The default port number is 7890. Add one definition for each
LM(e) instance that the client will communicate with.
Skip to Step 10.
8.
Type the host name of the LM(e) server instance you plan to use, and press Enter.
The installer asks you to confirm your entry and gives you an opportunity to correct it if
necessary.
9. Accept the default port, or enter the port number for your LM(e) server instance.
The installer asks you to confirm your port number entry, and gives you an opportunity to correct
it if necessary.
10. After you confirm the port number, the installer proceeds. When the LM(e) command line client
phase of the installation completes, a confirmation message is displayed.
11. Note the information in the confirmation message about the instance name (LMeServer by
default), and the sentence about adding the software installation directory to your path.
It is not mandatory to add this location to your path; however, using the command line is easier if
you do, because it keeps you from having to fully qualify the ald command every time you run it.
If you decide to add this location to your path, you can either use the instructions provided in the
topic Adding the command line executable program to the PATH environment variable, or you
can follow the instructions for setting the user path provided on your shells man pages.
12. To make sure that the command line client is installed, enter the following command:
ald -v
35
Note: If you have not added the client installation directory to your path, run the following
command instead:
/opt/aldon/aldonlmc/current/bin/ald -v
Prerequisites
You must have root user credentials, or credentials for a user that has sudo access to root.
These steps assume you are using the Bash shell. If you are running a shell other than Bash, ask you
administrator how to add the command line executable to the PATH environment variable for your
shell.
Procedure
1.
2.
To permanently define the path for existing users, edit the .bashrc shell configuration file in
each users home directory and add the following statement, and then save and close the file:
PATH=$PATH:/opt/aldon/aldonlmc/current/bin
export PATH
To permanently define the path for new users, edit the /etc/skel/.bashrc shell
configuration file and add the following statement, and then save and close the file:
PATH=$PATH:/opt/aldon/aldonlmc/current/bin
export PATH
36
Next step
If multiple users will share the client, configure separate port numbers and log files for them.
Parent topic: Installing the LM(e) client on Linux, UNIX, or Mac
Prerequisites
The client installation must be completed before following these steps.
Log in to the client computer using credentials that have administrator permissions.
Open the startaldcs.conf file for editing.
On Microsoft Windows clients, this file resides in the following directory:
C:\program_files_dir\Common Files\Aldon
3.
Add a set of entries for each LM(e) user that shares this computer to the bottom of the file. Each
users entry set must use the following format:
[x.x_username]
port=nnnnn
4.
where x.x is the AldCS version number, username is the sharing users log-in name, and nnnnn
is the port number you want to assign for communications between the designated user on this
client and the LM(e) server. The AldCS version number appears in brackets at the beginning of the
file. The port number that you specify must not be in use, whether by another LM(e) user or by
another application.
Save and close the startaldcs.conf file.
37
2.
3.
4.
5.
38
Prerequisites
Make sure you have met the system requirements for remote Deployment servers. See System
requirements, on page 8.
Make sure the server on which you are installing the Deployment server does not have a DB2 server
installed. The Deployment server installation program will not run on a computer with an installed
DB2 server.
You must have already installed the DB2 server and LM(e) server that the Deployment server will
work with.
The Deployment server installation program installs a DB2 runtime client so that the Deployment
server can communicate with the DB2 server. The DB2 server must be the same version as the DB2
client that is packaged with the Deployment server installation program.
Know the host names of the DB2 server computer, the LM(e) server computer, and the computer on
which you are installing the remote Deployment server.
Procedure
2.
Copy the REMOTE_SERVER.tgz file from the /opt/aldon/SaveArea directory on the LM(e)
server computer to the /tmp directory on the Deployment server computer.
To extract the file, enter the following command :
3.
4.
5.
1.
6.
7.
8.
cd /tmp/aldonadm
./dm-install
To start the remote Deployment server, on the DB2 server computer enter the following
command:
/etc/init.d/aldonsys startdm
39
Prerequisites
Confirm the following prerequisites:
You must have root access to the Linux server that hosts the Deployment server.
You must have read and write file permissions to the Deployment server properties file,
distserver.properties, located in the /opt/aldon/aldonlm/current/etc folder.
You must obtain the Deployment server port from your network administrator.
Procedure
1.
2.
Log in as root to the Linux computer that hosts the Deployment server.
Open the distserver.properties file in a text editor.
Note: To activate properties in this file, you must remove the number sign (#) if it precedes
the property.
3.
4.
5.
40
Description
Server.Port
PackagesFile.Location
PackageManager.WaitInterval
Do not change any other properties unless you are directed to do so by Technical Support.
Save the file.
Results
The changes take effect when the Deployment server is started. If the Deployment server was active
when the parameters where changed, the server would need to be restarted.
Next step
Optionally, you can configure the server for SSL. For information, see the topic Configuring
deployment encryption.
Parent topic: Deployment installation
Procedure
1.
The port number that Deployment clients should use to communicate with the Deployment
server.
If the Deployment server is configured for SSL, list the following information as you specified it
in the topic Enabling secure connections on the Deployment server:
The name and path of the keystore file. This is the path and file name that you specified in
the SSL.keyStore parameter.
The keystore password. This is the password that you specified in the
SSL.keyStore.Password parameter.
The name and path of the trust certificate file. This is the path and file name that you
specified in the SSL.trustStore parameter.
2.
The trust store password. This is the password that you specified in the
SSL.trustStore.Password parameter.
Upon request, provide the information to anyone who configures Deployment clients in your
network.
2.
41
3.
4.
Have the credentials for an LM(e) user that is registered in Security Server.
Have a list of the names of the Deployment client computers that you plan to define.
1.
2.
3.
4.
5.
6.
7.
8.
In the LM(e) client for Microsoft Windows, log into the LM(e) server.
On the Setup menu of the Parts window, click External Setup.
In the left pane of the External Setup window, click Computers.
On the toolbar, click New Computer.
On the New Computer Definition display, type the computer name and a brief description.
Click Select and choose an operating system name and version, and then click OK.
Select Deployment Allowed, and then click OK.
Repeat steps 4-7 for each Deployment client that you plan to configure.
2.
3.
42
4.
5.
6.
To receive deployment packages, the Deployment client must be running. The program can run in
a program window, or as a Windows service.
Running the Deployment client program as a Windows service
To avoid manually restarting the Deployment client each time this computer is shut down
or rebooted, set up the Deployment client program to run as a Windows service that starts
automatically.
Increasing memory for the deployment service
If the Deployment client program runs as a Windows service, increase the available memory to
allow the program to successfully process large files.
Fixing Deployment client Java errors on Windows
If you update the version of Java on the Windows computer, you must point the Aldon
Deployment Plus client shortcut to the new javaw.exe file.
Prerequisites
Have the credentials for a user that has Administrator privileges on the computer where you are
installing the Deployment client.
Obtain deployment configuration information from the person who configured the Deployment
server.
Know the network location where the LM(e) client installation files are stored.
In addition to the Deployment client, the installation program installs the LM(e) graphical client for
Microsoft Windows. The graphical client usually remains unused on deployment targets.
Procedure
1.
2.
3.
4.
5.
Next step
If you configured the Deployment client as external, you must register it. For information, see the topic
Registering external Deployment clients, on page 66.
Next topic: Configuring the Deployment client on Microsoft Windows
Parent topic: Installing Deployment clients on Windows
43
Prerequisites
Know whether the Deployment server is configured to use SSL for secure deployment.
Obtain deployment configuration information from the person who configured the Deployment
server. You need:
The host name or IP address and port number for the Deployment server.
If the Deployment server is configured to use SSL for secure deployment, then you also need
the path, file name, and password value for the SSL keystore file on the Deployment server
computer.
Know whether local port 2001 is in use by another application on this computer. The Deployment
client expects to use this port to connect with the Deployment server. If you do not know how to
determine whether the port is free, consult the system administrator. If the port is in use, ask the
system administrator to help you identify an available port for this purpose, and make a note of the
alternate port number.
Procedure
1.
2.
3.
4.
44
Description
Client ID
Field
Description
Client Alias
Retry Interval
Client Description
45
Field
Description
End-of-line format
5.
Next topic: Starting and stopping the Deployment client on Microsoft Windows
Previous topic: Installing the LM(e) Deployment client on Microsoft Windows
Parent topic: Installing Deployment clients on Windows
Prerequisites
Have the credentials for a user profile that has Administrator privileges on this computer.
46
window remains open until you end the program, or until the computer is shut down. When the
computer restarts, you must manually start the Deployment client program.
It is helpful to start the client program it to verify a successful connection before you configure it to run
as a service.
If the Deployment client is running as a Windows service, no program window opens and no messages
are displayed. The program runs until the computer is shut down. When the computer is restarted, the
program starts automatically if you configured it to do so. When configured this way, the program can
run unattended and is always ready to receive deployments.
Because you do not have control over when deployment events occur, keep the Deployment client
running until you are sure that all deployment actions have finished. There is no way to easily
determine whether all deployments in your system have finished, but you can monitor deployments
using the Deployment Sets window in the LM(e) client for Microsoft Windows. On the LM bar, select the
Deployment category, and then click Deployment Sets.
If Deployments occur when the Deployment client is stopped, they will proceed when the program is
started, as long as they have not been canceled on the server.
Procedure
1.
2.
If you run the Deployment client in a program window, follow these steps to start or stop the
program:
To start the program, click Start program_location Aldon LM x.x Aldon Deployment
Plus.
To stop the program, click Close in the title bar of the Deployment client program window.
If you run the Deployment client as a Windows service, click Start Control Panel
Administrative Tools Services. Locate the service called Aldon LM(e) Plus Deployment
Wrapper and check its status. Then do one of the following choices:
Do not use the Windows Task Manager to stop the Deployment client. If you do, incomplete
deployment events might remain in an indeterminate state.
Next topic: Running the Deployment client program as a Windows service
Previous topic: Configuring the Deployment client on Microsoft Windows
Parent topic: Installing Deployment clients on Windows
Prerequisites
This task assumes the following:
You have started the Deployment client program to test for a successful connection.
Procedure
1.
Using Microsoft Windows Explorer, navigate to the folder where the Deployment client
program is installed. By default, the folder is C:\program_location\Aldon\Aldon LM
47
2.
3.
4.
5.
6.
x.x\Deployment, where program_location is the folder where installed programs are stored
for this version of Microsoft Windows, and x.x is the LM(e) version number.
Within that folder, open the \wrapper_win32_2.2.7\bin folder.
Right-click the file named InstallAffDMPlusWrapper-NT.bat, and then click Run as
Administrator.
If you later decide to remove deployment as a Windows service, perform the steps above, but run
the UninstallAffDMPlusWrapper-NT.bat file.
To configure the deployment service to start automatically when Windows starts, perform the
following steps:
a. Click Start Control Panel Administrative Tools.
b. Double-click Services, and then locate and double-click Aldon LM(e) Plus Deployment
Wrapper.
c. Ensure that the Startup type field is set to Automatic, and then click Start and OK.
As long as the Startup type field is set to Automatic, the deployment service starts automatically
whenever Windows starts. If you later decide to stop the service from starting automatically,
perform the above steps and set the Startup type field to Manual or Disabled.
To verify that the service is running, do any or all of the following:
a. Open the Windows Task Manager, and on the Processes tab, look for the file Wrapper.exe
to confirm that the service is running.
b. Open the C:\Program Files (x86)\Aldon\Aldon LM x.x\Deployment
\wrapper_win32_x.x.x\logs\wrapper.log file for editing, where x.x is the LM(e)
product version and x.x.x is the version number of the deployment wrapper program. Inspect
the most recent connection entries in the log. The log entries for a successful connection
look like this:
INFO
INFO
INFO
INFO
|
|
|
|
jvm
jvm
jvm
jvm
1
1
1
1
|
|
|
|
2016/06/30
2016/06/30
2016/06/30
2016/06/30
15:17:25
15:17:25
15:17:25
15:17:25
| Initializing...
| Wrapper (Version 2.2.7)
|
| start()
INFO
| jvm 1
| 2016/06/29 11:54:31 | WARNING - Unable to load
native library 'wrapper' for class WrapperManager.
INFO
| jvm 1
| 2016/06/29 11:54:31 |
System signals will not be
handled correctly.
If these messages appear in the log, then wrapper program is trying to use the path for the 64bit version of Java on the computer instead of the 32-bit version that was installed with the
Deployment client. To correct the path, edit the C:\Program Files (x86)\Aldon\Aldon
LM x.x\Deployment\wrapper_win32_x.x.x\conf\DMPlusWrapper.conf file
and change the value for the wrapper.java.command property to C:\Program Files
(x86)\Java\jre1.x.x_xx\bin\javaw.exe, where x.x is the LM(e) product version
number, x.x.x is the Deployment wrapper program version number, and x.x_xx is the 32-bit Java
version and update numbers.
Next topic: Increasing memory for the deployment service
Previous topic: Starting and stopping the Deployment client on Microsoft Windows
Parent topic: Installing Deployment clients on Windows
48
1.
2.
3.
4.
5.
Using Microsoft Windows Explorer, navigate to the LM(e) installation folder. The default folder
is C:\program_location\Aldon\Aldon LM x.x, where program_location is the folder
where programs are installed on this version of Microsoft Windows, and x.x is the LM(e) version
number.
Navigate to the deployment configuration properties file \Deployment
\wrapper_win32_2.2.7\conf\DMPlusWrapper.conf, and then use a text editor to
open it.
Locate the following lines in the file:
# Maximum Java Heap Size (in MB)
wrapper.java.maxmemory=64
On the Windows desktop, right-click the Aldon Deployment Plus shortcut and click Properties.
Click the Shortcut tab.
In the Target field, delete the path to the javaw.exe file, and add the path to the new version of
the javaw.exe file. For example, if you installed version 1.8, add the following path:
C:\Program Files (x86)\Java\jre1.8.0_51\bin\javaw.exe
49
When you install and configure the Deployment client on a computer, it remains inactive until you
start it. Once the Deployment client is started, it periodically looks to see if there is work to do. If there
is, the client processes waiting deployment packages and then waits for more work. The client runs
until the Deployment subsystem where it runs is stopped or until the computer is powered down.
Perform one or more of these tasks.
1.
2.
3.
Prerequisites
These instructions assume the following:
You have the credentials for the QSECOFR user profile, or for another user profile with equivalent
authorities, on the Deployment client computer.
You downloaded the DISTCLNT.zip file required for this upgrade from the Rocket Customer
Portal to a computer on the same network as the application computers, and that you have access
to that file.
Procedure
1.
Log in to the IBM i Deployment client computer and perform the following steps.
a. Enter the following command to create a user profile named ALDONAFF for LM(e) use on the
Deployment client:
CRTUSRPRF USRPRF(ALDONAFF) PASSWORD(x) USRCLS(*PGMR)
SPCAUT(*SAVSYS *JOBCTL)
Enter the following command to create the library in which to restore the client programs:
CRTLIB AFFTLIBR
50
2.
On the IBM i Deployment client computer, enter the following command to create a save file
named DISTCLNT in QGPL or another library of choice:
CRTSAVF FILE(library/DISTCLNT)
Where library is the name of the library in which you want to create the save file.
Take the following steps on the computer where the Rocket Customer Portal downloaded files
are stored:
a. Log in with standard user credentials.
b. Temporarily disable anti-virus and firewall protection.
c. Locate and extract the DISTCLNT.zip file.
d. Follow instructions in the FTPtoIBMi file that is included in the zip file to use File Transfer
Protocol (FTP) to copy the DISTCLNT.savf file to the DISTCLNT save file that you created
in Step 2.
e. Enable anti-virus and firewall protection.
On the IBM i Deployment client computer, enter the following command to restore the save file
contents into the AFFTLIBR library that you created.
3.
4.
5.
On the IBM i Deployment client computer, enter the following command to add the restored
library to the library list:
6.
ADDLIBLE LIB(AFFTLIBR)
AFFTINSDST RSTLIB(AFFTLIBR)
7.
Prerequisites
This task assumes the following:
You have access to credentials for the QSECOFR user profile, or to a user profile with equivalent
authorities.
You have the name of a user profile that can serve as the owner of all files that are installed on
this computer during a deployment. The recommended user profile is the ALDONAFF profile that
you created during the installation task. You can specify any user profile, as long as it meets these
criteria:
The profile is enabled and has an unexpired password.
Obtain deployment configuration information for the Deployment server from the person who
configured it. You need:
The host name or IP address and the port number.
The network location of the Deployment client that you are installing. An internal Deployment
client is in the same network as the Deployment server. An external Deployment client is in a
different network. The default network location is internal.
51
SSL information for secure deployment, if the Deployment server is configured for it. You need:
The path and file name for the SSL keystore file on the Deployment server.
Procedure
1.
2.
Log in to the IBM i computer where you installed the Deployment client.
To configure a user profile that assumes ownership of deployed files that get installed on this
computer, set a user profile name in the AFFDSCLNT job description. Follow these steps:
a. Enter the following command and press F4 (Prompt):
CHGJOBD AFFTLIBR/AFFDSCLNT
b.
Press F10 (Additional parameters), and then locate the User field.
By default, the user profile value is *RQD, which means Required.
Change the value *RQD in the User field to the user profile name that you chose when you
reviewed the prerequisites, and press Enter.
To review and set the Deployment client properties, enter the following command, and press F4
(Prompt):
c.
3.
4.
5.
AFFTLIBR/AFFDCLSTP
On Setup Deployment Client (AFFDCLSTP) display, accept the default values in the Property file
to change and Level of Deployment fields and press Enter once to display additional fields.
You can change the default property file path and file name if desired. If you do, the file that
you specify must exist, and you must also change the Request data or command field of the
AFFDSCLNT job description to refer to the path and file name of the alternate property file.
Type the host name or IP address of the computer that hosts the Deployment Server in the
Server Name field and press Enter once to retrieve and display the default values from the
LMDeployClient.properties file. Then complete the following fields:
Field
Description
Server Port
52
Field
Description
Hold Folder
Description
53
Field
Description
6.
7.
54
Press Enter to run the command and save the configuration settings you typed.
Optional: Review this table of Deployment client properties that are not displayed on the Setup
Distribution Client command display and that do not appear in the /Aldon/Affiniti/
8.
Property
Description
Pull
Client.Pull.IdleTime=
If you make any manual overrides in the property file, save the file and exit.
If this Deployment client computer is in a different network than the Deployment server,
configure it as an external Deployment client. Do the following:
a. Open the /Aldon/Affiniti/affiniti distribution/
LMDeployClient.properties file for editing.
b. Add the following line to the end of the DMPlus details section of the file:
isExternal=true
c.
Next step
Next, register external Deployment clients and configure deployment encryption, if applicable.
Otherwise, start the Deployment client and confirm that it remains running.
Parent topic: Installing Deployment clients on IBM i
Prerequisites
Have the credentials for the QSECOFR user profile or for another profile with equivalent authority.
Know the name of the Deployment subsystem. On an IBM i computer, the subsystem name is
AFFINITIDS.
Know the name of the LM(e) library that contains the Deployment subsystem description. On an
IBM i computer, the subsystem description is in library AFFTLIBR.
REVIEWERS: This topic should have instructions for adding the deployment client to the system
startup program. What is the correct procedure for doing this?
To start or stop the Deployment client on an IBM i computer, you start or end the Deployment
subsystem.
55
1.
To start the Deployment client, type the following command and press Enter:
STRSBS library_name/subsystem_name
where library_name is the name of the library that contains the subsystem description, and
subsystem_name is the name of the Deployment subsystem, for example:
2.
3.
STRSBS AFFTLIBR/AFFINITIDS
To stop the Deployment client, type the following command and press Enter:
ENDSBS subsystem_name
To check the status of the deployment subsystem, type the following command and press Enter:
WRKACTJOB SBS(subsystem_name)
If the subsystem name does not appear in the list, it is not running and you must start it. If the
subsystem name appears in the list but no jobs appear under the name, you must stop the
subsystem, and then start it.
Parent topic: Installing Deployment clients on IBM i
2.
3.
4.
56
Prerequisites
Have the following:
Determine whether the path to the binary file for the required Java version is not in the root user's
PATH variable. If the root PATH variable contains the path for an earlier version of Java, have
the path for the Java version that the Deployment client must use available for specifying during
installation.
REVIWERS: Is the default path for the JDK 1.7.0 binary the same on all Linux, UNIX, and Mac OS
systems, such that I can state it here? Or should we have them consult the system administrator if
they do not know the default path on the system where they are installting?
The Deployment client computer port number, if it is not the default port number of 2001.
The network location of the Deployment client that you are installing. An internal Deployment
client is in the same network as the Deployment server. An external Deployment client is in a
different network. The default network location is internal.
The temporary path to which the Deployment server will copy deployed packages before the
packages are installed. The default path is /opt/aldon/aldonlmd/current/deploypkgs.
The fully-qualified host name of the Deployment server, for example,
yourserver.yourcompany.com.
The Deployment server port number, if it is not the default port number of 7891.
The end of line formatting choice. For Deployment clients on Linux and UNIX computers it should
be the default, LF. For Mac OS X computers the end of line formatting should be set to CR.
Procedure
1.
2.
3.
If the information returned indicates that the TERM environment variable is set to xterm, do
nothing. If the value returned is not xterm, run the following command to set the variable:
export TERM=xterm
57
4.
5.
6.
Copy the installation file from the network share location where downloaded installation files are
stored to the /tmp directory on the Deployment client computer.
To navigate to the /tmp directory, enter the following command:
cd /tmp
To extract the downloaded .tgz installation file, enter the following command:
gunzip -c filename.tgz | tar -xvf -
If the computer does not have Internet access and the required version of Java is not in the root
user's PATH variable:
./install --lmd --dcjava /[java_path]/java
58
Property
Description
Pull
Client.Pull.IdleTime=
Next step
Take one or more of the following next steps:
If you configured this Deployment client as external, you must register it. For information, see the
topic Registering external Deployment clients, on page 66.
If you configured the Deployment server for SSL, configure the client for SSL as well. For
information, see the topic Configuring secure connections to Deployment clients on Linux, UNIX,
and Mac OS X.
If you will not configure the client for SSL, see the topic about starting and stopping the client that
is appropriate to your operating system, either Starting and stopping the Deployment client on
Linux or UNIX computers or Starting and stopping the client on Max OS X computers.
If you will install the client on multiple Linux or UNIX computers and want to simplify the process
using a parameter file, see the topic Installing the Deployment client on multiple Linux or UNIX
computers. (This is not currently supported on Mac OS X computers.)
2.
3.
4.
59
Prerequisites
To complete this task, you need the following information:
Determine whether the path to the binary file for the required Java version is not in the root user's
PATH variable. If the root PATH variable contains the path for an earlier version of Java, have
the path for the Java version that the Deployment client must use available for specifying during
installation.
REVIWERS: Is the default path for the JDK 1.7.0 binary the same on all Linux, UNIX, and Mac OS
systems, such that I can state it here? Or should we have them consult the system administrator if
they do not know the default path on the system where they are installting?
The port number that the Deployment client computers will use to receive communications from
the Deployment server. The default port number is 2001.
The path location of the directory on Deployment client computers where incoming deployment
packages will be stored for processing. The default path is /opt/aldon/aldonlmd/current/
deploypkgs.
The network location of the Deployment client that you are installing. An internal Deployment
client is in the same network as the Deployment server. An external Deployment client is in a
different network. The default network location is internal.
The host name of the computer that hosts the Deployment server.
The port number that the Deployment server will use for communicating with Deployment clients.
The default port number is 7891.
The line end character. The choice you make depends on how certain it is that the line end
character that is used in the files in the repository is correct for the operating system on this
computer. The default value is LF.
Procedure
1.
2.
3.
To list the contents of the /tmp/aldcs directory, enter the following command:
ls -l
60
4.
5.
6.
To use the sample DCPARMS.TXT file, open the file in an editor, for example enter the following
command to open it in the nano editor:
nano DCPARMS.TXT
Using the sample lines as a guide, supply one line of configuration information for each computer
where you plan to install and configure the Deployment client software. Replace or comment
out the original sample lines by adding a number sign (#) in front of them. For the ClientHost
parameter, use the client computers short host name.
Save and close the file.
Next step
If you configured the Deployment server for SSL, you must configure the Deployment client
installation package for SSL.
Next topic: Creating a package for multiple Deployment client installations
Parent topic: Installing Deployment clients on multiple Linux or UNIX computers
To compress the contents of the /tmp/aldcs directory into a tarball for delivery to the other
deployment target computers, enter the following commands:
tar -cvf DEPLOY.tar aldcs/*
Then:
gzip
DEPLOY.tar
The output is a DEPLOY.tar.gz file that contains everything you need to install and configure
the Deployment client on multiple Linux computers in your network.
Remain signed on as root for the next activity.
Next topic: Sending the Deployment client package to multiple client computers
Previous topic: Preparing a parameter file for multiple Deployment client installations
Parent topic: Installing Deployment clients on multiple Linux or UNIX computers
61
2.
Copy the re-packaged installation file to the /tmp directory on the intended client computer
using the scp command. For example, positioned to the /tmp directory:
scp DEPLOY.tar.gz tgtclient1:/tmp/
3.
4.
Prerequisites
You must have root access to the Deployment client computer.
Procedure
1.
2.
3.
where directory is the location of the file. The suggested location is the /tmp directory.
To unpack the installation files, enter the following commands:
gzip -d DEPLOY.tar.gz
Then:
4.
5.
6.
To start the installation, enter the following command and supply the name of the parameter file:
./install --lmd -f parameter_file
where parameter_file is the name of your parameter file. For example, if you used the sample
parameter file, enter the following command:
./install --lmd -f DCPARMS.TXT
62
7.
The installer scans the parameter file, looking for a match between the first data field (which
is the Deployment Client host name or parameter dchost) and the value returned by issuing a
hostname -s command. (The command returns a short host name, not a fully qualified domain
name.) If no match is found, the installer issues an error message and exits. If a match is found,
the contents of the rest of the line are used to fill in the necessary data fields, and the installation
is performed. It takes only seconds, and a series of messages appear on the terminal screen,
including a confirmation that the installation is complete.
If you configured the package for SSL, create a new directory and copy the SSL keystore file to it:
a. Navigate to the /opt/aldon directory:
cd /opt/aldon
b.
c.
8.
9.
Wait a few minutes and check the status of the client. If it is still running, the installation is a
success.
Next step
If any of the Deployment clients installed with the parameter file are configured as external, you must
register them on the DB2 server.
Previous topic: Sending the Deployment client package to multiple client computers
Parent topic: Installing Deployment clients on multiple Linux or UNIX computers
63
installation. A default path is offered, but it can be changed by the person who installs the software.
The default path is:
/opt/aldon/aldonlmd/current/deploypkgs
1.
2.
3.
4.
The messages Stopped Aldon LM(e) Deployment Client at PID xxxxx and Started Aldon LM(e)
Deployment Client at PID xxxxx are displayed, where xxxxx is the process identifier number.
To display the status of the client, enter the following command:
/etc/init.d/aldondcp status
The message Aldon LM(e) Deployment Client is running. Process ID = xxxxx is displayed, where
xxxxx is the process identifier number.
Parent topic: Starting and stopping Deployment clients on Linux, UNIX, or Mac computers
Procedure
1.
2.
3.
To check the status of the deployment client, enter the following command:
launchctl list | grep com.rocket.LMeDMPlus
64
If the name of the com.rocket.LMeDMPlus.plist file is returned, and the line starts
with a - (hyphen), then the com.rocket.LMeDMPlus.plist file is loaded but the client is
not running.
4.
5.
If the com.rocket.LMeDMPlus.plist file name is returned and the line starts with a
number, then the client is running (the number is the PID of the client process).
To stop the deployment client, enter the following command:
launchctl stop com.rocket.LMeDMPlus
Parent topic: Starting and stopping Deployment clients on Linux, UNIX, or Mac computers
Procedure
1.
2.
3.
To enable the following properties, uncomment them by removing the <!-- and --> characters:
/Library/LaunchDaemons/com.rocket.LMeDMPlus.plist
65
Property
Description
KeepAlive
ThrottleInterval
4.
5.
Prerequisites
These steps assume that one or both of the following are true:
66
You have configured one or more new Deployment clients as external during installation, and they
need to be registered.
You have one or more existing Deployment clients that you want to configure and register as
external.
Procedure
1.
2.
3.
4.
On Microsoft Windows, open the LMDeployClient.properties file and set the isExternal
parameter to true. The default location of the file is C:\program_location\Aldon
\Aldon LM x.x\Deployment where program_location is the name of the folder where
programs are installed on this version of Windows, and x.x is the LM(e) version number.
On IBM i, open the LMDeployClient.properties file and set the isExternal parameter to
true. The default location of the file is /Aldon/Affiniti/affiniti distribution/
LMDeployClient.properties.
On the Deployment client computer, open a command prompt (Windows) or a command line
shell (Linux, UNIX, Mac). On IBM i, place your cursor on the command line.
To set DB2 parameters, enter the following command for each external Deployment client that
you want to register:
ald deploy destinfo [-x "yes/no"][-y computer_name][-p port]
[-s dmserver_name:port][-t "1/0"][-e "description with spaces"][-u]
computer_name
Table 1: Command options
Option
Description
-x "yes/no"
67
Option
Description
-y system_name
-p port
-s dmserver_name:port
-t 1/0
-e description
-u
computer_name
The following example defines the client computer as external (-x "yes"), that deployments
should be sent to the client (-t "1"), that the name of the client computer is dmclient1, that port
number of the client is 2001, that the name and port number of the Deployment server computer
for this external client is dms1.enterprise.com:5154, that the name of the LM(e) computer
definition is dmclient1, and that the parameters should print after they are set:
ald deploy destinfo -u -x "yes" -t "1" -y dmclient1 p 2001
s dms1.enterprise.com:5154 dmclient1
68
After the command runs, the following information prints because the -u option is included:
DM
DM
DM
DM
DM
DM
Client
Client
Client
Server
Client
Client
The following example demonstrates how to look up the stored DB2registration information for a
Deployment client:
ald deploy destinfo -u dmclient2
69
2.
3.
4.
70
Prerequisites
You must have root access to the Linux computer that hosts the Security Server and LM(e) server.
Certificates can be self-signed, corporate signed, or signed by a third party. The method used in
your organization determines how long it takes to get a signed certificate. Your network security
administrator can advise you how long the process might take.
Procedure
1.
2.
On the Linux computer that hosts Security Server and LM(e) server, log in as root.
Navigate to the /opt/aldon/aldonss directory, and enter the following command to create a
/certs directory:
mkdir certs
This is the suggested location for storing SSL files for Security Server connections.
Note: The /certs directory is the recommended directory for SSL files, but you can use
any directory that is not below a /current directory. For example, use /opt/aldon/
aldonss, but not /opt/aldon/aldonss/current. Adding files to the /current
directory or its subdirectories renders them inaccessible to subsequent releases.
3.
Contact the network security administrator and ask that person to create or request an SSL
trust certificate for establishing secure sessions between Security Server and the LM(e) server or
browsers.
To use the trust certificate in an LM(e) environment on Linux, the trust certificate file must be
in PKCS#12 format. To convert the certificate to PKCS#12 format, the security administrator
must use the keytool -importkeystore command, and then use the openssl pkcs12
command. For information, they can reference OpenSSL documentation.
The network security administrator must return the following items that are generated when
creating the trust certificate:
Trust certificate file, for example trust.crt
4.
5.
Ensure that all required files are in the directory you created in Step 2. You must also have the
passwords for both files.
Specify SSL parameters:
a. On the Linux computer that hosts LM(e) and Security Server navigate to the /opt/aldon/
aldonlm/current/bin directory.
b. Enter the ./afftsslset command with the following options. The command sets SSL
parameters in the /opt/aldon/aldonlm/current/etc/AldonLM.conf file on the
server:
71
Option
Description
-ssa
Use to activate SSL on the Security Server channel. If this option is present SSL is
enabled. If this option is missing SSL is disabled. To change an SSL configuration value and keep SSL enabled, ssa must be included. Sets the SS-SSL= parameter to 1 in
the AldonLM.conf file.
-sst trust_certificate_file
-ssp trust_certificate_password
Note: You use the afftsslset command to specify SSL parameters both for
connections between Security Server and the LM(e) server and browsers, and
connections between the LM(e) server and development clients. The options shown here
are the only ones required for Security Server. Enter the afftsslset -h command to
see all options.
For example:
./afftsslset ssa -sst trustcert_file -ssp trustcert_pwd
6.
Where trustcert_file is the path and file name of the trust certificate file, and
trustcert_file_pwd is the password for that file.
Configure the Security Server application to enable SSL and define the location of the server
certificate file:
a. Log in to Security Server.
b. On the home page, click Configuration.
c. On the Configuration page, do all of the following:
Check the box labeled Enable SSL for RPC and HTTPS.
d.
In the Certificate Store Name and Path field, type the path and file name of the server
certificate file that contains the public and private keys. This is the file with the .jks
extension, for example servercert.jks.
In the Certificate Store Password field, type the server certificate file password.
In the HTTPS Port field, accept the default port number that browser clients should use
when SSL processing is enabled, or provide an alternate port number if the default port is
in use by another web application. Consult with the network administrator to obtain an
alternate port number if necessary. The default port is 8080.
Test the configuration by directing a web browser to the secure URL, which is constructed
like this:
https://servername.companydomain:port#/aldonsecurityservice
72
For example:
https://server1.company1.com:8080/aldonsecurityservice
2.
3.
On the Linux computer that hosts Security Server and LM(e) server, log in as root.
Navigate to /opt/aldon/aldonlm directory and enter the following command to create a /
certs directory:
mkdir certs
This is the suggested location for storing SSL files for LM(e) server connections.
Note: The /certs is the recommended directory for SSL files, but you can use any directory
that is not below a /current directory. For example, use /opt/aldon/aldonlm, but
not /opt/aldon/aldonlm/current. Adding files to the /current directory or its
subdirectories renders them inaccessible to subsequent releases.
3.
Contact the network security administrator and ask that person to create or request an SSL trust
certificate for establishing secure sessions between the LM(e) server and development clients.
Tell them that the Common Name value in the server certificate signing request must be this
case-sensitive value: LMe
The network security administrator must return the following items that are generated when
creating the trust certificate:
73
4.
5.
Ensure that all required files are in the directory you created in Step 2. You must also have the
passwords for both files.
Specify SSL parameters:
a. On the Linux computer that hosts LM(e), navigate to the /opt/aldon/aldonlm/
current/bin directory.
b. Enter the ./afftsslset command with the following options. The command sets SSL
parameters in the /opt/aldon/aldonlm/current/etc/AldonLM.conf file on the
server:
Option
Description
-c
-a
-t trust_certificate_file
-k server_certificate_file
-y server_key_file
-p server_key_password
Note: You use the afftsslset command to specify SSL parameters both for
connections between Security Server and the LM(e) server and browsers, and
connections between the LM(e) server and development clients. The options shown
here are the only ones required for the LM(e) server and development clients. Enter the
afftsslset h command to see all options.
For example:
[root@myserver certs]# cd /opt/aldon/aldonlm/current/bin
74
Next step
Configure SSL on all of the development clients in your network.
Parent topic: Configuring LM(e) server encryption
Know the location on the LM(e) server where the certificate files are stored. The suggested location
is /opt/aldon/aldonlm/certs.
Know the location on the client computer where you plan to store the trust certificate file. The
suggested location is c:/program_files_dir/Aldon, where program_files_dir is Program
Files (x86) on 64bit versions of Microsoft Windows and Program Files on 32bit versions of
Microsoft Windows.
Perform these steps only when the LM(e) server is configured to use an SSL connection.
1.
2.
3.
4.
5.
6.
Copy the trust certificate file from the storage location on the LM(e) server to the chosen location
on the client computer.
Click Start program_location Aldon LM x.x LMCS Configuration Editor, where
program_location is the location on this computer where installed client files reside, and x.x is the
LM(e) version number.
On the LMCS Configuration Editor display, ensure that the check box that is labeled Enable SSL is
selected.
In the Truststore field, type the path and file name for the trust certificate file on this LM(e) client
computer, or click Browse to locate and select the file.
Confirm that the path and file name match the location where you stored the trust certificate file.
Then, click Save and then Close.
Repeat steps 1 through 5 on each LM(e) client that runs on Microsoft Windows.
Prerequisites
Know the location on the Linux LM(e) server where the trust certificate file for client computers is
stored. The suggested location is /opt/aldon/aldonlm/certs.
75
Procedure
1.
2.
3.
4.
5.
6.
7.
8.
Remove the comment characters from the SSL=set and SSLTrustStore= lines.
After SSLTrustStore=, type the path and file name for the trust certificate file on this computer.
Verify that the information that you typed matches the location where you stored the file.
Save and close the file.
Restart the AldCS program:
a. To stop AldCS, run this command:
ald shutdown
b.
9.
Repeat steps 18 on each LM(e) client in the network that runs on Linux, UNIX, or Mac.
Next step
If LM(e) releases are not yet defined, it is too soon to test for a successful connection. However, if
releases exist and the command line client has been used, you can test the connection by positioning
the directory to a local folder and issue LM(e) commands to try to initialize and sign on.
Parent topic: Configuring LM(e) server encryption
76
Prerequisites
This task assumes the following:
You have access to the root user credentials, or to credentials for a user that has sudo access to
root.
LM Web Portal is installed on the same computer as LM(e) server and Security Server.
Procedure
1.
2.
REVIEWERS: Per Dave Lewak, installing mod_ssl was not enough for self-signed certs. He thinks
we still have to do steps 410 from the UOB document, but that step 9 is only needed if the cert
is corporate-signed which it could well be depending on decisions that were made when LMe
was configured for SSL. I know we decided during scrum to assume self-signed certs, but if the
customer is adding WP into an already existing SSL config, those decisions have already been
made and either seems possible given that these are internal machines. I have left step 9 in with
instructions to skip it if the certs are self-signed. This can be resolved during this last bit. JE: After
discussion with Juan and Dave, just installing mod_ssl is enough. This essentially uses a selfsigned certificate. When you hit WP you get prompted that the site is not trusted, but when you
get past that you can view using https.
3.
Take the following steps to test the Web Portal connection with browsers:
a. Open a browser and navigate to the following URL to open Web Portal:
https://[wp_servername]/aldonlmw
Where [wp_servername] is the name of the computer that hosts Web Portal. Note that if
the server certificate was created using the domain name, then the URL must include the
domain name. For example:
https://[wp_servername.domain.com]/aldonlmw
4.
Where [wp_server] is the name of the Web Portal computer. In Web Portal, you can specify
in deployment profiles that notification emails be sent out after a deployment to provide
information about the deployment. Those emails include the Web Portal URL, so that if there is a
problem the user can open Web Portal and see what went wrong. The LMURL property provides
the base URL for constructing those links. Here we are changing the address to use the https
77
security protocol, meaning an SSL-enabled address. Note that if the server certificate was created
using the domain name, then the URL would include the domain name. For example:
LMURL=https://[wp_servername.domain.com]/aldonlmw
Prerequisites
This task assumes the following:
The LM(e) server and LM Web Portal are installed on the same computer.
You have access to root credentials on the computer that hosts Web Portal and LM(e) server.
You know the location where the trust certificate file for client computers is stored for the LM(e)
server. The suggested location is /opt/aldon/aldonlm/certs.
Procedure
1.
2.
3.
4.
5.
6.
7.
78
Remove the comment characters from the SSL=set and SSLTrustStore= lines.
After SSLTrustStore=, type the path location and file name for the trust certificate file on this
computer. Verify that the information that you typed matches the location where the trust
certificate file resides.
Save and close the file.
8.
Next step
To test the connection, open a browser and type the LM Web Portal URL in the address field, specifying
the HTTPS security protocol. For example:
https://server1/aldonlmw
If the certificate was created using the domain name, then you must use the domain name in the URL,
like this:
https://server.domain.com/aldonlmw
If the log-in page appears and you can log in successfully and see LM(e) data in the portal, then the
secure connection is working.
2.
3.
4.
5.
6.
79
Prerequisites
Have access to a network security administrator who is familiar with your companys SSL policy
and who manages the keystore files that are needed for SSL connections on a Linux, UNIX, or Mac
computer.
Procedure
1.
Then:
2.
mkdir certs
Ask your network security administrator to generate an SSL keystore file for each Deployment
sever that you plan to use for secure deployment in LM(e). Provide the following information to
the administrator for each Deployment server that you expect to configure:
The location on each Deployment server in which to store the generated keystore file: /opt/
aldon/certs.
The following sample command string and parameter information that they can use to
generate the keystore:
keytool -genkey -keystore '/opt/aldon/certs/filename.jks'
-storepass password -keypass password
-keyalg RSA -keysize 2048
where filename is the name of the keystore file (it can be anything), and password is the same
password for the keystore and the truststore.
The recommended key algorithm is RSA. The recommended keysize is 2048 instead of using
the default value of 1024. The password values must have at least six characters, and the same
value can be used for both passwords. The identity prompts can have the default value of
Unknown.
3.
When the requested keystore file or files have been generated, confirm that they are stored in
the requested location, and make a note of the keystore file name, path, and password values for
each file. In addition to using this information for configuring each Deployment server, you must
provide this information to the people in your organization who will configure the Deployment
client computers with which each server will communicate.
Next step
Enable secure connections on the Deployment server.
Parent topic: Configuring deployment encryption
Prerequisites
Confirm the following prerequisites:
The amount of time, in seconds, that the server should wait for a successful connection before
closing the connection. The default is 60 seconds.
Procedure
1.
2.
3.
4.
5.
To enable encrypted deployment, remove the number sign (#) comment character from the
beginning of the SSL.Server and SSL.Client lines.
After SSL.keyStore=, type the path and file name to the keystore file you generated, after the
equals sign. For example:
/opt/aldon/certs/keystore_file.jks
b.
12. If during the course of completing this activity you changed the location where your keystore file
is stored, remember to notify the person or people who will configure your Deployment client
computers.
Parent topic: Configuring deployment encryption
Copy the SSL keystore file from the Deployment server to a location on this Deployment client
computer. The suggested location for storing the file is C:\program_location\Aldon,
where program_location is the folder where installed programs are stored on this version of
Microsoft Windows. Ensure that the file permissions remain intact after copying. All users require
read, write, and execute permissions.
Note: Do not store the SSL keystore file in or below the \Aldon LM x.x folder because this will
make the file inaccessible to subsequent versions of LM(e).
Click Start program_location Aldon LM x.x Aldon DM Setup, where program_location is
the name of the folder where programs are installed on this version of Windows and x.x is the
LM(e) version number.
Under SSL Properties, select Enable SSL, and then supply the path and file name of the keystore
file that was copied to the client location. Enter the password for the SSL keystore file. The
password must be at least 6 characters.
In the Connect Timeout field, type the amount of time in seconds that the Deployment server
should wait for a successful authentication before closing the connection. The default value is 60
seconds. A blank value is interpreted as 60 seconds. You can adjust this value to suit the typical
response time on your network.
Click OK to save your choices.
2.
3.
4.
5.
Prerequisites
82
Confirm that the Deployment server is configured for SSL, and obtain SSL information for
configuring Deployment clients from the person who configured the Deployment server. You need:
The path and filename of the keystore file on the Deployment server.
The password that secures the key information in the keystore file, if it is different from the
keystore file password.
An amount of time, in seconds, that the client should wait for a successful connection before
ending the connection attempt. The default is 60 seconds. If the value for this property is blank,
a default of 60 seconds is assumed.
Know where to find the LMDeployClient.properties file on the client computer. The default
path for a client on an IBM i computer is /Aldon/Affiniti/affiniti distribution.
Have root access to the Deployment server computer, and access to the QSECOFR profile or a
profile with *SECADM and *ALLOBJ authority on the Deployment client computer.
3.
4.
5.
6.
7.
Using your preferred utility, copy the keystore file from the Deployment server computer to the
keystore folder on the Deployment client computer.
Verify that all users have read, write, and execute permissions for the keystore file.
On the command line of the Deployment client computer, run the WRKLNK command to
navigate to the location on this computer where the LMDeployClient.properties file
resides, for example:
wrklnk '/Aldon/Affiniti/affiniti distribution/*'
To open the file for editing, type option 2=Edit beside the LMDeployClient.properties file
entry.
Page down to the bottom of the file, and then do one of the following choices:
8.
9.
For an existing deployment setup, add the above parameters, exactly as shown, to the end of
the file.
To enable encrypted deployment, remove the comment character from the beginning of the
SSL.Server and SSL.Client lines.
After SSL.keyStore=, type the path and file name of the keystore file where it resides on this
computer, for example:
/Aldon/Affiniti/affiniti distribution/certs/keystore
10. After SSL.keyStorePassword=, type the password that secures the keystore file.
11. After SSL.trustStore=, copy and paste the file name from the SSL.keyStore parameter.
12. After SSL.trustStorePassword=, copy and paste the password from the
SSL.keyStorePassword= property.
83
13. After ConnectTimeout=, either accept the default value of blank, which is interpreted as 60
seconds, or type a different value to represent the number of seconds the server should wait for a
successful connection before ending the attempt.
14. Press F3 twice to save your changes and close the file.
15. If the Deployment client is running when you change the LMDeployClient.properties file,
end and restart the Deployment client to put the property changes into effect. See Starting and
stopping the Deployment client on IBM i, on page 55.
Parent topic: Configuring deployment encryption
Prerequisites
To complete this task:
Confirm that the Deployment server is configured for secure deployment, and obtain the following
information from the person who configured it:
The path and filename of the keystore file on the Deployment server. The suggested location
is/opt/aldon/certs.
The amount of time, in seconds, that the client should wait for a successful connection before
ending the connection attempt. The default is 60 seconds. If this value is blank, a default of 60
seconds is assumed. The value you choose for this setting depends on the operating conditions
on your network and on each computers individual operating speed. If you find that a client
cannot successfully connect to the Deployment server and you have determined that all other
configuration values are correct, it may be that the computer needs more time to accomplish
the secure connection.
Procedure
1.
Log in as root on the computer where you installed the Deployment client.
2.
3.
4.
5.
6.
cd /opt/aldon
mkdir certs
Copy the SSL keystore file on the Deployment server from its server location to the /opt/
aldon/certs directory on this client computer.
Ensure that all users have read, write, and execute permission for the keystore file.
Open the LMDeployClient.properties file in an editor. For example, to open it in the nano
editor:
nano /opt/aldon/aldonlmd/current/etc/LMDeployClient.properties
Page down to the bottom of the file and locate the following parameters:
#SSL.Server
#SSL.Client
84
7.
8.
SSL.keyStore=
SSL.keyStorePassword=
SSL.trustStore=
SSL.trustStorePassword=
ConnectTimeout=60
To enable encrypted deployment, remove the number sign (#) comment character from the
beginning of the SSL.Server and SSL.Client lines.
Supply values for the remaining parameters, as follows:
Option
Description
SSL.keyStore
SSL.trustStore
SSL.trustStorePassword
ConnectTimeout
85
Prerequisites
Confirm the following prerequisites:
That the Deployment server is configured for SSL, and obtain the following information from the
person who configured it:
The path and filename of the keystore file on the Deployment server. The suggested location on
the server is/opt/aldon/certs.
The amount of time, in seconds, that the client should wait for a successful connection before
ending the connection attempt. The default is 60 seconds. If this value is blank, a default of 60
seconds is assumed. The value you choose for this setting depends on the operating conditions
on your network and on each computers individual operating speed. If you find that a client
cannot successfully connect to the Deployment server and you have determined that all other
configuration values are correct, it may be that the computer needs more time to accomplish
the secure connection.
That you have root user access to the computer on which you are creating the installation package
for multiple computers.
Procedure
1.
2.
Then:
mkdir working
3.
4.
cp /tmp/aldcs/LMD_version_PKG.tar.bz2 /tmp/aldcs/working
cd /tmp/aldcs/working
Then:
bzip2 -d LMD_version_PKG.tar.bz2
Then:
86
etc/init.d/
etc/init.d/aldondcp
etc/init.d/aldondc
etc/LMDeployClient.properties
lib/
lib/LMeDMPlus.jar
lib/AffDist.jar
lib/DMContainer.jar
Note: If deployment will only use the DMPlus deployment processing, then the
AffDist.jar file can be excluded from the package.
5.
b.
Locate the lines marked as SSL details section at the end of the file:
#SSL.Server
#SSL.Client
SSL.keyStore=
SSL.keyStorePassword=
SSL.trustStore=
SSL.trustStorePassword=
ConnectTimeout=
c.
d.
e.
Description
SSL.keyStore
SSL.keyStorePassword
SSL.trustStore
SSL.trustStorePassword
87
6.
7.
8.
Option
Description
ConnectTimeout
bzip2 LMD_version_PKG.tar
Next step
Create a Deployment client installation package.
Parent topic: Configuring deployment encryption
88
Chapter 6: Upgrade
Upgrade the LM(e) server, and then upgrade all LM(e) clients that communicate with that server.
1.
2.
3.
4.
5.
Prerequisites
Confirm the following prerequisites:
Your current version of LM(e) must be version 6.3A, 6.3B, or 6.4A. If you have a version that is
earlier than 6.3A, for example version 6.2C, you must upgrade to version 6.3A, 6.3B, or 6.4A, and
then upgrade to version 6.5. For information on upgrading to version 6.3A, 6.3B, or 6.4A, see the
appropriate upgrade documentation.
Make sure the computer meets the system requirements. The upgrade program fails if the
computer does not meet the hardware requirements.
You must know the password for user aldondbi, which owns the DB2 instance. When you installed
LM(e), the installation program used an encrypted default password. You can view the unencrypted
version of that default password in your LM(e) Installation Notes. If you have changed the
password using the encryption option (see Changing the DB2 passwords), you must know the new
password.
After the upgrade, you must apply a new license key and feature codes. Be sure to have the
Validation document containing the new license key and feature codes. If you did not receive a
Validation document, contact your Rocket sales representative or Rocket Technical Support.
There are three LM(e) databases in DB2: ALDONLM, ALDONSS, and ALDONCFG. Each database
has a SYSCATSPACE, USERSPACE, and a SYSTOOLSPACE tablespace. SYSCATSPACE is the system
catalog tablespace, and the other two are temporary tablespaces. It is important that these
tablespaces are allocated enough disk space before you upgrade to LM(e) 6.4A and DB2 10.5.03.
For example, the SYSCATSPACE tablespace should have an equal amount of used and free space.
89
Chapter 6: Upgrade
For information on checking the currently used disk space and increasing it if necessary, see the
IBM DB2 upgrade topic Increasing table space and log file sizes before upgrade.
Procedure
1.
2.
4.
5.
To unzip the LM(e) installation program file, enter the following command:
6.
Where filename is the name of the LM(e) installation program .zip file.
To extract the installation program file, enter the following command:
7.
3.
cd /tmp
unzip filename.zip
8.
9.
cd /tmp/aldonadm
The program determines if the default backup location (/tmp) has enough disk space to back
up the existing databases. If not, a message is displayed and the upgrade stops. To specify a
location that has adequate disk space, open the /tmp/aldonadm/upgrade/upgrade.cfg
file. For the DEFAULT_BACKUP_LOCATION property, specify the location, and save the file. After
the computer meets the hardware requirements, you must start these steps again.
10. When you are asked if DB2 is already installed, type Y and press Enter.
11. In the DB2 Configuration Menu, take the following steps to specify the password of the user
aldondbi (the DB2 instance owner) and upgrade DB2:
a. Type 3 and press Enter.
b. Type aldondbi's password and press Enter.
c. Type the password again to confirm it.
d. Press any key to continue.
e. Press N.
DB2 is upgraded.
12. On the Upgrade Configuration Menu, review the configuration information, and then perform one
of the following steps:
90
When the upgrade phase finishes, the LM(e) server, the Security Server, the Deployment server,
and IBM DB2 are automatically restarted.
13. Log into the Security Server, and then click the Manage Products and Instances tab.
14. Select the instance of LM(e), and then click License.
The license status will be Expired.
15. In the License Key field, enter the license key that came with the Validation document, and then
click Verify.
If the license key is not valid, the message Invalid license key is displayed. If the license key is
valid, the Product Licensing page is displayed. This page lists the version number and instance
name of the LM(e) release and the license key type and expiration date.
16. Enter a feature code in the Feature Codes field, and then click Verify New Feature Code. Repeat
this step for each feature code.
If a feature code is successfully validated, it is displayed in the table of feature codes, along with
the current value and expiration date of the code.
17. When you finish entering all feature codes, click Commit to activate the codes.
Next step
REVIEWERS: Should we withhold the restart instruction until all of the servers have been upgraded?
And then should it be done from the DB2 server, to restart all of them at once?
Upgrade the remote LM(e) server.
Parent topic: Upgrade
Prerequisites
The DB2 server upgrade must be completed before you upgrade the remote LM(e) server.
91
Chapter 6: Upgrade
Procedure
1.
2.
3.
4.
Copy the REMOTE_SERVER.tgz file from the /opt/aldon/SaveArea directory on the DB2
server computer to the /tmp directory on the remote LM(e) server computer.
To extract the file, enter the following command :
5.
6.
7.
/etc/init.d/aldonsys stoplm
REVIEWERS: Should we hold off starting all of the servers back up until the Deployment server(s)
are upgraded?
To start the LM(e) server after the upgrade completes, enter the following command:
/etc/init.d/aldonsys startlm
Next step
If Deployment is installed, upgrade the remote Deployment server or servers.
Parent topic: Upgrade
Prerequisites
You must stop the LM(e) and DB2 servers. See Starting and stopping servers, on page 23.
Procedure
1.
2.
3.
92
Copy the REMOTE_SERVER.tgz file from the /opt/aldon/SaveArea directory on the LM(e)
server computer to the /tmp directory on the remote Deployment server computer.
4.
5.
6.
7.
8.
./dm-upgrade
REVIEWERS: Because the servers should be stopped for each upgrade process, should we wait
until all servers are upgraded, and then issue the start aldonsys start command from the DB2
server instead of starting each server immediately after upgrading it?
To start the Deployment server, enter the following command:
/etc/init.d/aldonsys startdm
Prerequisites
Have access to the installation zip file that was downloaded from the Rocket Customer Portal and
stored in a network location.
Have access to the credentials for a user with Administrator rights on the computer that you are
upgrading.
Procedure
1.
Copy the downloaded installation zip file to an empty folder on the Windows computer where the
LM(e) Client for Microsoft Windows is installed.
2.
3.
4.
Next step
When you upgrade the LM(e) Client for Microsoft Windows from version 6.3 or earlier, the new version
is installed in a different path, with a new aldcds.conf file. The aldcs.conf file contains client
configuration information, including information required to connect with LM(e) instances. After
upgrade, you must copy configuration information from the old aldcs.conf file into the new
aldcs.conf. These are the locations of the aldcs.conf files:
93
Chapter 6: Upgrade
Where [X.X] is the version number of the old client and [Y.Y] is the version number of the new client.
Prerequisites
Your current command line client must be version 1.8 or higher. To upgrade versions lower than 1.8
you must uninstall the current version and install the new version. To find your current version run
the command ald -v. The command returns several lines showing the versions of your different
Rocket Aldon products. The aldcs ver line displays the version, for example aldcs ver:
1.9 means you have version 1.9 of the command line client. For information on uninstalling the
command line client, see the topic Uninstalling the LM(e) clients from Linux or UNIX computers. For
information on installing the command line client, see the topic Installing the LM(e) command line
client on Linux or UNIX.
You must install Java 1.7 or later, and the command line client installation program requires the
path to the java binary file. If you install a compatible Java version and add the binary file path to
root's PATH variable, the installation program finds it automatically. When you upgrade on Linux
computers, the installation program installs Java 1.7 automatically if it is not installed, and adds
the binary file path to root's PATH variable. When you upgrade on Solaris or AIX, if a compatible
Java version is installed but the binary path is not in root's PATH variable (possibly because root
must use an earlier version of Java for other tasks), then you must provide the binary path using
the --dcjava option in the command that starts the installation program.
Procedure
1.
2.
3.
4.
94
Copy the new installation files to the /tmp directory on the client computer.
Navigate to the /tmp directory.
5.
where filename is the name of the installation file, for example aldcs-111-Linux64.tgz for
Linux.
6.
7.
Note: If the path to the Java 1.7 or later binary is not in root#s PATH variable, you must
specify the path and executable file here using the #dcjava option, for example:
./install --lmc --dcjava /[java_path]/java
Where java_path is the path to the directory containing the Java executable file, for example:
--dcjava /usr/java7/jre/bin/java
8.
9.
Description
If you installed the new command line client next to the existing command line client without
answering configuration questions and want to reuse your old configuration settings, you can
replace the new aldcs.conf file with a copy of the old aldcs.conf file:
Location of the old aldcs.conf file:
/opt/aldon/aldonlmc/[x.x]/etc
Where x.x is the old version number.
Location of the new aldcs.conf file:
/opt/aldon/aldonlmc/current/etc
Chapter 7: Uninstall
Uninstall LM(e), Security Server, IBM DB2, the command line client and Rocket Aldon Client Services
(AldCS), by using uninstall programs.
LM(e) server
Security Server
IBM Java 7
The script then reboots the computer. Content in the /tmp directory is not removed.
Procedure
1.
2.
3.
4.
Log in as root.
Enter the following command to navigate to the location of the uninstallation program:
cd /opt/aldon/util/current
Enter the following command to uninstall all components and reboot the computer:
./uninstall-local -a
Optional: To verify that the components were uninstalled, run the following commands. The
system for each response should be null:
cat
cat
cat
cat
If the aldondbi group or a user was not removed, a response similar to the following is displayed:
aldondbi:x:2558
If a group, user, or password was not removed, run the uninstallation program again.
96
Procedure
1.
2.
Log in with root credentials, or with credentials that have sudo access.
Change the current directory to the location of the uninstallation program:
3.
where x.x is the version of the Deployment client software that you want to remove.
Run the uninstallation program in one of the following ways:
To uninstall only the Deployment client, enter the following command:
cd /opt/aldon/aldonlmc/x.x
./uninstall --lmd
To uninstall only the command line client, enter the following command:
./uninstall --lmc
To uninstall the command line client and the Deployment client, enter the following
command:
./uninstall --lmc --lmd
4.
After you answer all prompts, a series of messages report progress and confirms that the software is
removed.
Prerequisites
Determine whether the Deployment client is in use on the computer where you are uninstalling,
and determine whether it runs as an application or a service.
To remove the development client and a deployment client that runs as an application, you close
the application window to stop the client, and then run the uninstallation program.
To remove the development client and a deployment client that runs as a service, you stop the
service, remove the deployment service wrapper, and then run the uninstallation program.
To remove the development client and the deployment client from a computer where the
deployment client is not used, you stop the LM(e) client and end all server connections, and then
run the uninstallation program.
If the Deployment client runs as a service and you run the uninstallation program without first
removing the service wrapper, the service remains and the wrapper uninstallation program is
97
Chapter 7: Uninstall
removed. If this happens, you must re-install the LM(e) client and remove the service wrapper, and
then re-run the uninstallation program.
Procedure
1.
2.
3.
If the Deployment client is not in use on this computer, begin with step 4.
If the Deployment client is running on this computer as an application, close the application
window to end the program. Then continue with step 4.
If the Deployment client is running on this computer as a service, follow these steps to stop the
service and remove the service wrapper:
a. Open Control Panel Administrative Tools Services
b. In the services list, locate the service you use and stop it if it is running. Then, close the
Services window. Stop one of the following services:
Aldon LM(e) Deployment Wrapper
c.
d.
4.
5.
6.
7.
8.
98
UninstallAffDMPlusWrapper-NT.bat
Description
aldondbi
dasusr
INSTANCE_MEMORY = AUTOMATIC
AGENT_STACK_SZ = 1024
MAXQUERYDEGREE = 1
LOGFILESIZ = 20000
LOGPRIMARY = 25
LOGSECOND = 50
STMTHEAP = AUTOMATIC
AUTO_MAINT = ON
AUTO_TBL_MATIN = ON
AUTO_RUNSTATS = ON
You might want to have your DB2 administrator review these defaults to verify that they are
appropriate for your configuration.
Default value
Activity log
The file
SecurityServerLog4J.properties in the
directory /opt/aldon/aldonss/current/
conf/conf
/opt/aldon/tomcat
99
Object
Default value
Ports
Default value
/opt/aldon/aldonlm
Default value
/tmp
100
Installation defaults
Object
C:\Program Files\Aldon\Aldon LM
x.x\aldcs.conf
On 64-bit Windows installations:
C:\Program Files\Aldon\Aldon LM
x.x\affiniti.exe
On 64-bit Windows installations:
C:\Program Files (x86)\Aldon\Aldon
LM x.x\affiniti.exe
Installation defaults for the LM(e) command line (development) client on Linux, UNIX,
or Mac OS X
The following default objects are created when you install the LM(e) command line client on Linux,
UNIX, or Mac OS X client computers:
Object
Default value
/var/log/aldon/aldonlmc
/opt/aldon/aldonlmc/current/bin
101
Object
Default location where files are stored during the On 32-bit Windows installations:
Deploy step
C:\Program Files\Aldon\Aldon LM
x.x\Deployment\Deployment Packages
On 64-bit Windows installations:
C:\Program Files (x86)\Aldon\Aldon
LM x.x\Deployment\Deployment
Packages
Default location where backup zip files are stored On 32-bit Windows installations:
for support backout and restore
C:\Program Files\Aldon\Aldon LM
x.x\Deployment\Deployment Packages
\backup
On 64-bit Windows installations:
Installation defaults for the Deployment client on Linux, UNIX, or Mac OS X computers
The following default objects are created when you install the Deployment client on a Linux, IBM AIX,
Sun Solaris, or or Mac OS X computer:
Object
Default value
File LMDeployClient.properties in
directory /opt/aldon/aldonlmd/
current/etc/
102
Port 2001
Installation defaults
Object
Default value
/opt/aldon/aldonlmd/current/etc
/init.d
/etc/init.d
/opt/aldon/aldonlmd/current
/deploypkgs
/opt/aldon/aldonlmd/current
/deploypkgs/backup
/var/log/aldon/aldonlmd/deploylog
103