In addition, the Red Hat Enterprise Linux version 5 default policy for security-enhanced Linux (SELinux) prevents WebSphere Application Server versions 6.0 and 6.1 from installing and running properly.
Resolving the problem
Complete the following steps:
1. Disable SELinux on the Red Hat Enterprise Linux version 5 operating system before installing WebSphere Application Server versions 6.0 or 6.1. For more information, see the Red Hat Enterprise Linux Deployment Guide.
2. After installing WebSphere Application Server versions 6.0 or 6.1, perform. one of the following upgrade actions:
* For WebSphere Application Server version 6.0, install WebSphere Application Server version 6.0.2.21 or later and IBM SDK version 1.4.2 Service Release 8 or later on your system. These updates are available through the following Web site: Recommended fixes for WebSphere Application Server.
* For WebSphere Application Server version 6.1, install WebSphere Application Server version 6.1.0.9 or later and IBM SDK version 1.5 Service Release 5 or later on your system. These updates are available through the following Web site: Recommended fixes for WebSphere Application Server.
原因如下:
如果想在RHEL版本5以上的操作系统使用WAS6.0以及WAS6.1,那么必须使用WAS6.0.2.21或者以上的版本,同时必须安装IBM的SDK1.5.5或者以上的版本。
另外,红帽企业Linux版本5的增强安全 (SELinux) 的缺省策略阻止了WAS版本6.0 和6.1的正确安装和运行。
解决问题完成如下的步骤:
1、对症下药,在安装WAS6.0或者6.1之前,禁用红帽企业Linux版本5操作系统的SELinux。更多详情,就要参考“红帽企业Linux开发指南”。
2、在安装WASWAS6.0或者6.1之后,执行如下的升级动作其中之一:
对于WAS6.0,在你的系统上安装WAS 6.0.2.21及其以上版本并同时安装IBM的SDK1.4.2.8及其以上版本。
对于WAS6.1,在你的系统上安装WAS 6.1.0.9及其以上版本并同时安装IBM的SDK1.5.5及其以上版本。
三、正解
问题来了,如何禁用SELinux,又要动手搜索查看“红帽企业Linux开发指南”。再抛出如下的参考:
Deployment_Guide-en-US,所谓的“开发指南”:
RedHat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/index.html
如何启用或者禁用SELinux,参考“开发指南”的章节“44.2.7. Enable or Disable SELinux”:
禁用SELinux方法有两种:
1、命令方式下编辑/etc/sysconfig/selinux,把SELINUX=permissive改成SELINUX=disabled。需要提醒的是,修改SELINUX或者SELINUXTYPE后,只有在下次重启机器的时候修改方可生效。
[root@host2a ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
2、图形界面方式修改SELinux
注意:图形界面方式修改SELinux需要administrator权限。操作步骤如下,我就不再赘述了。
(1).On the System menu, point to Administration and then click Security Level and Firewall to display the Security Level Configuration dialog box.
(2).Click the SELinux tab.
(3).In the SELinux Setting select either Disabled, Enforcing or Permissive, and then click OK.
(4).If you changed from Enabled to Disabled or vice versa, you need to restart the machine for the change to take effect.
Changes made using this dialog box are immediately reflected in /etc/sysconfig/selinux.
经过以上的折腾,WAS安装包的install脚本终于运行起来,安装界面跳出来了。功夫真是不负啊。
四、回顾
最后我从硬件需求和软件需求(操作系统)方面对SELinux阻止WAS6.1正常安装的场景下如何解决问题总结如下:
1、硬件是64位的,操作系统是64位,操作系统是RHEL 5.0+。
2、不再使用超级用户,而是使用非root的用户和用户组安装WAS6.1。
3、如何禁用SELinux,使得WAS6.1的图形化安装界面能够正确启动和安装进程能够顺利运行。