IBM Support

Administering CCRC WAN server

Question & Answer


Question

How do I administer IBM Rational ClearCase Remote Client (CCRC) WAN server?

Answer

Note: The content of this technote has been incorporated into the ClearCase version 8.0 of IBM Knowledge Center, as updated for version 8.0.0.1 (https://www.ibm.com/support/knowledgecenter/SSSH27_8.0.0/com.ibm.rational.clearcase.help.ic.doc/helpindex_clearcase.html).

This document describes how to administer and monitor a CCRC WAN server in ClearCase 8.0. Topics covered in this document include:

  • Configuring the WebSphere profile for the CCRC WAN Server
  • General configuration of the CCRC WAN Server
  • Securing the CCRC WAN Server using WebSphere
  • Configuring the ClearCase UCM/ClearQuest integration
  • Running the CCRC WAN Server with a non-root user identity

Configuring the WebSphere Profile for the CCRC WAN Server

If you install the CCRC WAN server into a new WebSphere profile, the ClearCase installer will automatically configure the profile for you. However, if you install the CCRC WAN server into an existing WebSphere profile, you will need to manually configure that profile.

See the section "WAS Configuration parameters for the CCRC WAN Server Profile" in technote 1514940: Configuration guidelines for the CCRC WAN server for information for manually configuring an existing WebSphere profile.

General Configuration of the CCRC WAN Server

The CCRC WAN server gets most of its configuration information from a text configuration file that is stored in the ClearCase configuration directory on the server machine:
    <clearcase_home>/config/ccrc/server.conf

To change the server's settings, simply edit the values in this file. By default, this file does not exist when the CCRC WAN server is first installed, and so the server simply uses reasonable default values for its settings. However, if you upgrade a 7.1.x CM Server system to the 8.0 CCRC WAN server, the installation process creates a "server.conf" file preserving the 7.1.x MBean-based configuration settings that are relevant to the new server.

To override any or all of these default settings, copy the sample file provided:
    <clearcase_home>/config/ccrc/server.conf.sample

to "server.conf" in that same directory. The sample file contains a description of the file format and usage, describes each configuration setting, and gives its default value, commented out (disabled). For example:
    #############################################################
    # This parameter provides an optional way to control the
    # server capacity from ... [long description elided].
    #
    # The default value of this parameter is 200.
    #
    # ccrcMaxSessionsOverall = 200

To override the default setting for a particular configuration parameter, remove the leading "#" character from that line and change the value. Then save the file to disk.

To view the current configuration settings for your CCRC WAN server, point your web browser to this URL on your server:
    http://<your-ccrc-wan-server>/ccrc/admin/settings

The act of viewing the settings in your browser causes the CCRC WAN server to reload the settings from the server configuration file and start using them immediately. It is not necessary to restart the entire CCRC WebSphere profile to have these changes take effect.

You can also use your browser to view a list of the current active or idle sessions on your CCRC WAN server:
    http://<your-ccrc-wan-server>/ccrc/admin/sessions

Whenever a ClearTeam Explorer user logs in to the CCRC WAN server, their new session will appear on this page. After that user has been idle for a certain length of time (controlled by the "ccrcLoginSessionTimeout" configuration parameter), that session will disappear from the page.

Please refer to technotes 1514940: Configuration guidelines for the CCRC WAN server and 1515393: About CCRC WAN Server parallel view loading for more information about specific CCRC WAN server configuration parameters.

Securing the CCRC WAN Server

When the CCRC WAN server is first installed, its administration URLs:
    http://<your-ccrc-wan-server>/ccrc/admin/*

are accessible to anyone that has web access to the server machine. It is very important that you secure access to these URLs to prevent unauthorized users from seeing sensitive session and configuration information. Perform the following steps to first enable WebSphere administrative security, then enable WebSphere application security. Both "administrative" and "application" security must be enabled.

To enable WebSphere administrative security:
  1. In a browser, connect to
    http://<server>:<port>/ibm/console
    where <port> is the "Administrative console port" in
     <profile_root_directory>/logs/AboutThisProfile.txt
  2. Navigate to Security>Global security.
  3. Check the box for "Enable administrative security".
  4. Uncheck the box for "Use Java 2 security".
  5. Click on the "Security Configuration Wizard".
  6. Ensure that the box for "Enable Application Security" is checked and the box for "JAVA 2 security is unchecked.
  7. Click "Next".
  8. Choose authentication repository. Do not choose "Federated".
  9. Enter the credentials of the Administrator.
  10. Click "Next".
  11. Review the summary and Click "Finish".
  12. Restart the profile. You will need to supply the username and password of the Administrator configured above when using the "startServer.[bat,sh]" and "stopServer.[bat,sh]" scripts.
  13. Connecting to the WAS console will now require the use of the administrative credentials.

To configure WebSphere application security:
    Note: Administrative security must be enabled prior to configuring Application Security.
  1. In a browser, connect to
    http://<server>:<port>/ibm/console
    where <port> is the "Administrative console port" in
    <profile_root_directory>/logs/AboutThisProfile.txt
  2. Enter Administrator credentials (Administrator security must be enabled for this profile).
  3. Navigate to Applications>Application Types>WebSphere enterprise applications>ccrc.
  4. Select "Security role to user/group mapping".
  5. Check the box under "Select" for the Administrator role.
  6. Click on "Map Users".
  7. Select the relevant realm and click on "Search".
  8. Add user(s) to the administrator role for this profile by selecting the user under "Available" and clicking on the right arrow.
  9. Click "OK".
  10. The user(s) selected will appear alongside the Administrator role
  11. Click "OK".
  12. Click on "Save".
  13. Restart the profile.
  14. When http://server/ccrc/admin/* URIs are accessed, the user is presented with a authentication dialog. Enter the user added above.

Configuring the ClearCase UCM/ClearQuest Integration

Starting with 8.0, the ClearCase UCM/ClearQuest integration uses HTTP-based protocols to permit the CCRC WAN server and the ClearQuest web server to reside on different machines in the network.

The CCRC WAN server consults a new configuration file to determine how to connect to ClearQuest web servers to process integration requests. By default, this file resides in the ClearCase configuration directory:
    <clearcase_home>/config/ccrc/cq-db-mapfile.conf

You can override this default location using the "ccrcClearQuestDatabaseMapFile" configuration parameter in server.conf. A sample CQ db map file is installed here and can be used as a template:
    <clearcase_home>/config/ccrc/cq-db-mapfile.conf.sample

View this sample file for a detailed description of the file format and usage.

Create one entry in the CQ database map file for each ClearQuest user database used in CC UCM/CQ integration operations by users of that ClearCase WAN server. Each entry must contain the following parameters:
  • The name of the ClearQuest user database ("UDB")
  • The user database's dbset ("DBSet")
  • The OSLC URI for the CQWeb server hosting the user database ("OSLC-URI"). This is URI the CCRC WAN server will use to make OSLC requests.
  • The CQ CM Server URI for the CQWeb server hosting the user database ("CQ-TEAM-URI"). This is the URI the ClearTeam Explorer (client) will use to make CQWeb services requests.

The two URIs should refer to the same logical CQWeb server machine, but will have different paths and possibly different domain names. For example, if your ClearTeam Explorer users go through a firewall/proxy to access the CQWeb server, the domain name will typically be that of the proxy, not the CQWeb server itself.

Here is a sample user database entry:
    UDB=RATLC, DBSet=RATLC.LEX1, OSLC-URI=http://server1/cqweb/oslc, CQ-TEAM-URI=http://server1/TeamWeb/services/Team

Please note the following limitations of the CCRC WAN server to CQWeb server OSLC connection:
  • The connection cannot go through an HTTP proxy unless it is a non-authenticating proxy
  • If the connection is an HTTP/SSL connection and an SSL certificate exception occurs during the connection process, the CCRC WAN server will ignore the exception
  • The CQWeb server must be version 8.0 or later

Running the CCRC WAN Server with a non-root user identity

CCRC WAN Server must be installed using the "existing profile" model.
  • After deploying WAS and IHS, log in as the non-root user before creating a profile.
  • Create a profile in WAS logged in as this non-root user.
  • Login as "root" and install ClearCase including the CCRC WAN Server. Choose the option to deploy it in the profile created above. Please refer to ClearCase product documentation for more details on install.
  • After successful installation, the profile with the CCRC WAN Server will be started by the install process. This profile must be stopped as it is running as "root".
  • Log in as the non-root user (or "su" to the non-root user) and start the above profile.
  • Modify the system startup script to add startup of the CCRC WAN Server profile as the non-root user, by adding this command : "
  • Set the setuid bit on /opt/rational/clearcase/bin/ccbe-web (chmod +s ccbe-web).
  • If using automatic views: set the setuid bit on /opt/rational/clearcase/bin/rviewbe-web (chmod +s rviewbe-web).
  • NOTE: Start the server as the non-root user in the system startup files.
  • Related WAS documentation pointers :

[{"Product":{"code":"SSSH27","label":"Rational ClearCase"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"CM Server","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.0;8.0.0.1;8.0.0.10;8.0.0.11;8.0.0.12;8.0.0.13;8.0.0.14;8.0.0.2;8.0.0.3;8.0.0.4;8.0.0.5;8.0.0.6;8.0.0.7;8.0.0.8;8.0.0.9;8.0.1;8.0.1.1;8.0.1.2;8.0.1.3;8.0.1.4;8.0.1.5;8.0.1.6;8.0.1.7","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
01 August 2018

UID

swg21506940