Scripting tools for managing process applications

Manage process applications with the WebSphere administrative (wsadmin) scripting program by using administrative commands (AdminTasks) or the Process Application LifeCycle (PAL) MBean.

The wsadmin scripting program is a powerful, non-graphical command interpreter environment that you can use to run administrative operations in a scripting language. You can use the wsadmin tool in connected mode to install, manage, and undeploy snapshots. You can use administrative commands or call an MBean. Both provide the same function.

Administrative commands (AdminTasks)

In a network deployment environment, an application cluster member runs the Process Server and Process Center applications. Therefore, you must run these wsadmin commands on the node that contains that application cluster member. Do not run the commands from the deployment manager profile.

Not all commands can be used on both the Process Center server and process servers. Use the following table to determine which commands can be used on each type of server. Additional information about the commands and wsadmin scripting is found in the Commands (wsadmin scripting) topic.
Table 1. wsadmin commands for managing process applications
Task Command Description Applicable product versions
Commands for installing and undeploying snapshots (connected and offline servers) BPMCheckOrphanTokens Detects the possibility of orphaned tokens before you install a new snapshot; enables you to identify whether to delete or move each token.

Available for Process Center server and any running process server instance.

Checks activities only. These include user tasks, system tasks, decision tasks, subprocesses, event subprocesses, linked processes, and nodes.

IBM® BPM Standard

IBM BPM Advanced
BPMInstall Installs a snapshot on a connected process server.

Available for Process Center server only.

IBM BPM Standard

IBM BPM Advanced
BPMCreateOfflinePackage Use this set of commands to create an installation package for a snapshot, extract it to a compressed file on a local file system, and install the package on an offline process server.

BPMCreateOfflinePackage and BPMExtractOfflinePackage are available for Process Center server only.BPMInstallOfflinePackage is available for offline process server only.

IBM BPM Standard

IBM BPM Advanced
BPMExtractOfflinePackage

IBM BPM Standard

IBM BPM Advanced
BPMInstallOfflinePackage

IBM BPM Standard

IBM BPM Advanced
BPMDeleteSnapshot Deletes the snapshot and any link to toolkit dependencies. This command does not delete the dependent toolkit snapshot.

Available for any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMUndeploy

Removes the corresponding business level application (BLA) and related artifacts of a snapshot from the Process Center server or the process server. However, the snapshot remains in the repository.

For a Process Center server, the BPMUndeploy forces an implicit stop of the snapshot before the command is completed.

Available for Process Center server and any running process server instance.

IBM BPM Advanced
Commands for viewing process applications and artifacts BPMListProcessApplications Lists all process application snapshots on a given server.

Available for Process Center server and any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMShowProcessApplication Lists information about a process application on a given server.

Available for Process Center server and any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMShowSnapshot Lists information about a process application or toolkit snapshot on a given server.

Available for Process Center server and any running process server instance.

IBM BPM Standard

IBM BPM Advanced
Commands for administering snapshots BPMActivate Activates a snapshot on a server.

Available for Process Center server and any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMDeactivate Deactivates a snapshot that is running on a server.

Available for Process Center server and any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMExport Exports a process application snapshot to a .twx file so that it can be imported on another Process Center server.

Available for Process Center server only.

IBM BPM Standard

IBM BPM Advanced
BPMImport Imports a process application snapshot that has been exported from another Process Center server.

Available for Process Center server only.

IBM BPM Standard

IBM BPM Advanced
BPMSetDefaultSnapshot Sets the specified snapshot to be the default snapshot.

Available for any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMSnapshotCleanup Deletes all the unnamed and archived snapshots of a process application on a Process Center server.

Available for Process Center server only.

IBM BPM Standard

IBM BPM Advanced
BPMProcessInstancesCleanup Deletes business process definition (BPD) instance data for a process application snapshot

Available for any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMStop

Stops the snapshot and its BLA on a process server.

Available for any running process server instance.

IBM BPM Advanced
Commands for working with servers BPMListServers Lists all process server instances that are federated into the Process Center server.

Available for Process Center server only.

IBM BPM Standard

IBM BPM Advanced
BPMSecurityUnlock Unlocks an application cluster member during server startup.

Available for Process Center server and any running process server instance.

IBM BPM Standard

IBM BPM Advanced
BPMShowServer Lists information about a specific server.

Available for Process Center server only.

IBM BPM Standard

IBM BPM Advanced
Some of the commands require administrative access; the user ID must belong to either the tw_admins or tw_authors group.
Connection types

All wsadmin commands for managing process applications must be run in connected mode and the server must be running. Use the -contype argument to indicate what connection type you want to use (SOAP or RMI). See Using the wsadmin scripting tool in the WebSphere Application Server Information Center for detailed instructions.

Example

In the following syntax examples, myHostName.mycompany.com is the host name of the server that is configured for IBM Process Server or for the Process Center server. Make sure to substitute your own port, host name, user name, and password when creating a connection.

In a network deployment environment, use the port configured for the application cluster member that runs the Process Server or Process Center applications. To determine the correct port number, see the WebSphere administrative console Ports collection page (click Servers > Server Types > WebSphere application servers > server_name > Communications > Ports). The values for SOAP_CONNECTOR_ADDRESS and BOOTSTRAP_ADDRESS indicate the SOAP and RMI port numbers.
Important:
  • Jython example
    wsadmin -conntype SOAP -port 8880 -host myHostName.mycompany.com -user admin -password admin -lang jython

AdminTask.taskName('[options ]')
  • Jacl example
    wsadmin -conntype SOAP -port 8880 -host myHostName.mycompany.com -user admin -password admin -lang jacl

$AdminTask.taskName {options}

The Process Application LifeCycle (PAL) MBean

The PAL managed bean (MBean), provides similar function to the wsadmin commands. The name of the MBean is PALService. Each wsadmin command has a corresponding method on the MBean. In an environment with multiple security domains configured, consider using MBean administrative tasks instead of wsadmin tasks. In addition, you can use the MBeans in other environments if you prefer to work with MBeans. You can use the MBean to configure fine-grained security for the PAL administrative actions with multiple security domains and administrative authorization groups.

In an environment with multiple security domains, each security domain can have its own user registry. Security domains can be attached to resources like servers, clusters, and buses. In addition, global security settings apply to all administrative functions and are the default security configuration for user applications. Use security domains to define a customized configuration for user applications. All administrative applications, such as the administrative console, naming resources, and MBeans, use global security configurations. If no security domains are configured, applications use information from the global security configuration.

In WebSphere Application Server, several administrative roles are defined to provide degrees of authority that are required for certain administrative functions from either the administrative console or the system management scripting interface, as described in Administrative roles. Access can be granted to each user per resource. For example, WebSphere Application Server users can be granted configurator access to a specific instance of a resource only (an application, an application server, or a node). WebSphere Application Server users cannot access any other resources outside of the resources that are assigned to them. The administrative roles apply per resource and do not apply to the entire cell. However, there is a cell-wide authorization group for compatibility with earlier versions. WebSphere Application Server users that are assigned to administrative roles in the cell-wide authorization group can still access all of the resources within the cell. To achieve this instance-based security, or fine-grained security, resources that require the same privileges are placed in a group that is called the administrative authorization group or authorization group. WebSphere Application Server users are granted access to the authorization group by assigning to them the required administrative role. See Fine-grained administrative security.

Java Management Extensions (JMX) MBeans represent the management interface for a particular piece of logic. See Java Management Extensions (JMX) for WebSphere Application Server. The PALService MBean runs on all cluster members of an IBM BPM cluster. The MBean has methods for each of the IBM BPM wsadmin tasks. The MBean methods are protected by administrative roles. For example, you can use administrative authorization groups to make a user a deployer on DE1 but not on DE2.

The IBM BPM RunAs role must be configured with a user ID that has the required privileges to perform the requested function in the cluster security domain. If the RunAs role is configured, the user ID that is defined as the RunAs user role completes the actions. If the RunAs user is not configured, the user ID that called the MBean completes the actions.

The BPMAdminJobUser user role is configured in a similar way to other IBM BPM user roles. If you run BPMConfig to configure your environment, add the following properties to your properties file, which creates a new authentication alias and maps it to the BPMAdminJobUser user role:
bpm.de.authenticationAlias.4.name=AdminJobAlias
bpm.de.authenticationAlias.4.user=
bpm.de.authenticationAlias.4.password=
bpm.de.roleMapping.3.name=BPMAdminJobUser
bpm.de.roleMapping.3.alias=AdminJobAlias
Parent topic: Managing installed snapshots
Related information:
Commands (wsadmin scripting)
Default users and groups