DataPower Secure Backup with DPBuddy

Secure backup is the only way to backup the entire device, including keys and certificates. Therefore, it is desirable to run it on a regular basis.

You can easily do it with dpbuddy using its support for "do-action" command. Secure backup is simply one of the actions with a few additional parameters.

Here's how it could be expressed using Ant and dpbuddy. Note that we're using "local://" filesystem as a destination; in reality you probably want to use "ftp:" instead.

<target name="secure-backup" description="Backup the entire device">
    <tstamp/>
    <dp:action>
        <SecureBackup>
            <cert>test-cert</cert>
            <destination>local://sbackup-${DSTAMP}</destination>
        </SecureBackup>
    </dp:action>
</target>

WebSphere Application Server Tutorial and FAQ — WAS in 5 Minutes

If you're developing applications for WAS and you're new to it, this is what you need to know:

• What is the default URL of the admin console. https://$hostname:9043/ibm/console.
• What are the default ports. HTTP: 9080, HTTPS: 9443.
• How to locate the logs. Logs can be found under $install_root/profiles/$profile_name/logs/$server_name. The default profile name is AppSrv01 and the default server name is server1. Example:/usr/IBM/WebSphere/AppServer/profiles/AppSrv01/logs/server1. SystemOut.log is the file containing everything that was logged to standard out. Logs can also be viewed from the admin console by navigating to Troubleshooting/Logging and Tracing/server_name/Runtime.
• How to start/stop a server. If you're dealing with a "Network Deployment" type of installation (multiple application servers running under the control of the "deployment manager"), your can start/stop a server from the console (Server/Server Types/WebSphere application servers). Otherwise you have to do it from command line. Go to install_root/bin and run ./startServer.sh server_name, e.g., ./startServer.sh server1 (this assumes that your installation has only one profile defined, otherwise you may need to "cd" to the profile_name/bin directory). Make sure that you run all commands using the appropriate system account. To stop the server, run ./stopServer.sh server_name -username user_name -password password. user_name and password is the credentials of an admin account, typically the same one you use to login to the console.
• How to deploy an application. In admin console, navigate to Applications/Application Types/WebSphere enterprise applications, click on "Install new application", select "Fast path", accept all the defaults except that on "step 2" make sure that you targeted correct servers (if you have multiple servers/clusters in your environment). Note that you can deploy a WAR file directly, you don't have to build an EAR. In this case, make sure that you set a context root on "step 4" screen of the wizard.
• How to change context root of a Web application. Go to Applications/Application Types/WebSphere enterprise applications/application_name/Context Root For Web Modules in the console. Re-start the application after the change.
• How to change the order of classloaders. If you're getting a ClassNotFoundException when you're starting the app, changing the order of classloaders is the first thing you may want to try. Go to Applications/Application Types/WebSphere enterprise applications/application_name/Manage Modules/module_name and make the appropriate selection in the "Class loader order" drop-down (this assumes you're doing it for a WAR module).
• How to enable dynamic class reloading. If you need to frequently update your deployed application (e.g., you use a local WAS installation for development), enabling dynamic reloading could be a huge time saver. Go to your application in the console, "Class loading and update detection", set "Override class reloading settings ..." and set polling interval to 2 seconds. See this post for more details on how to configure your development environment to support class reloading.
• How to find a host name and a port of the server. Go to Server/Server Types/WebSphere application servers. You'll find the host name in the Host Name column. To find a port, click on your server, and expand Ports. WC_defaulthost is the HTTP port and WC_defaulthost_secure is the HTTPS port.
• How to kill a JVM. If the normal "stop" routine failed to stop the server in a reasonable amount of time, you may need to kill it. In a "Network Deployment" environment, simply navigate to the list of servers, select the server and click "Terminate". A node agent will kill the JVM for you. To achieve the same from command line (the only option if you're running standalone), cd to install_root/profiles/profile_name/logs/server_name, and kill the process ID contained in the file server_name.pid. On Unix, you can simply do kill -9 `cat server1.pid` (assuming server1 is your server name). Use task manager of taskkill /PID on Windows.
• How to browse JMS messages. Go to Buses/Your bus name/Destinations/Your destination/Queue points/Your queue point/Runtime/Messages.
• Where to find configuration files. WAS has many configuration file, most of them are in XML/XMI format. The files are located under $install_root/profiles/$profile_name/config/cells/$cell_name.

This post is part of the series on WebSphere Application Server administration. Please subscribe to our blog if you'd like to receive updates.

Note: We offer professional services in the area of WebSphere architecture, implementation and operations. If you're looking for help with any of these tasks, please let us know.

Why Pay for DPBuddy Support?

You can find information on our support services here.

Keeping Multiple DataPower Devices in Sync

Most DataPower installations in production contain two DataPower devices with identical or similar configuration.
It is actually quite easy to keep the two devices in sync using Apache Ant and DPBuddy administration tool.
DPBuddy supports a notion of an environment prefix. The prefix groups together connectivity properties for each device:

dp.username=dpbuddy
dp.password=123 
dp.domain=deployTest
prod1.dp.xmlmgm.url=https://dp1.prod
prod2.dp.xmlmgm.url=https://dp2.prod

The above property list defines dp.username, dp.password and dp.domain properties that are common to all environments and two XML management URLs for our DataPower cluster.

Then the Ant target for importing configuration into both devices could look like this:

<parallel>
    <dp:import envPrefix="prod1" file="${import.file}" overwriteFiles="true" overwriteObjects="true" />
    <dp:import envPrefix="prod2" file="${import.file}" overwriteFiles="true" overwriteObjects="true" />
</parallel>

Note that for speed we chose to execute both imports in parallel; it is perfectly save to do it with dpbuddy as all of its tasks are thread-safe.

If your "dp:import" tasks is more complex (e.g. because of use of deployment policies), you may want to create an Ant macro for each task to avoid duplicating parameters.

MyArch, Inc. offers paid support for dpbuddy, including implementing custom enhancements. If you're interested, please contact us as info at myarch.com.