Introduction
This guide is Part 2 of a two-part guide detailing how to configure a WAS ND Liberty Profile Collective. If you have not read Part 1, please do so now.
Note: You candownload this guide from http://downloads.themiddlewareshopcom/public/WAS_ND_8.5.5.x_LibertyProfile_CollectiveGuide_BlogPosting.pdf
In the Previous guide (Part 1) we covered how to install Liberty Profile from a WAS ND repository. We will now configure the collective to for a Liberty Cluster.
Configure a server as a collective controller
To configure the server, we simply modify server.xml. Below is the default server.xml
| <server description=”new server”> <!– Enable features –> <featureManager> <feature>jsp-2.2</feature> </featureManager> <httpEndpoint id=”defaultHttpEndpoint” host=”localhost” httpPort=”9080″ httpsPort=”9443″ /> </server> |
I would also recommend that the server description attribute be changed to something like “Collective Controller 1″
| <server description=”Collective Controller 1″> |
To configure a Liberty server as a collective controller use the following steps:
Create the collective controller configuration using the collective command with the create action from the bin folder of the Liberty profile installation
| ./collective create controller1 –keystorePassword=secureme |
Result:
| Add the following lines to the server.xml to enable: <featureManager> <feature>collectiveController-1.0</feature> </featureManager>
<!– Define the host name for use by the collective. If the host name needs to be changed, the server should be removed from the collective and re-joined or re-replicated. –> <variable name=”defaultHostName” value=”localhost” />
<!– TODO: Set the security configuration for Administrative access –> <quickStartSecurity userName=”” userPassword=”” />
<!– clientAuthenticationSupported set to enable bidirectional trust –> <ssl id=”defaultSSLConfig” keyStoreRef=”defaultKeyStore” trustStoreRef=”defaultTrustStore” clientAuthenticationSupported=”true” />
<!– inbound (HTTPS) keystore –> <keyStore id=”defaultKeyStore” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/security/key.jks” />
<!– inbound (HTTPS) truststore –> <keyStore id=”defaultTrustStore” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/security/trust.jks” />
<!– server identity keystore –> <keyStore id=”serverIdentity” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/serverIdentity.jks” />
<!– collective trust keystore –> <keyStore id=”collectiveTrust” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/collectiveTrust.jks” />
<!– collective root signers keystore –> <keyStore id=”collectiveRootKeys” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/rootKeys.jks” />
Please ensure administrative security is configured for the server. An administrative user is required to join members to the collective. |
Paste the code into the server.xml the resulting server.xml should look something like
| <server description=”Collective Controller 1″> <!– Enable features –> <featureManager> <feature>jsp-2.2</feature>
</featureManager>
<httpEndpoint id=”defaultHttpEndpoint” host=”localhost” httpPort=”9080″ httpsPort=”9443″ />
<!– Define the host name for use by the collective. If the host name needs to be changed, the server should be removed from the collective and re-joined or re-replicated. –> <variable name=”defaultHostName” value=”localhost” />
<!– TODO: Set the security configuration for Administrative access –> <quickStartSecurity userName=”” userPassword=”” />
<!– clientAuthenticationSupported set to enable bidirectional trust –> <ssl id=”defaultSSLConfig” keyStoreRef=”defaultKeyStore” trustStoreRef=”defaultTrustStore” clientAuthenticationSupported=”true” />
<!– inbound (HTTPS) keystore –> <keyStore id=”defaultKeyStore” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/security/key.jks” />
<!– inbound (HTTPS) truststore –> <keyStore id=”defaultTrustStore” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/security/trust.jks” />
<!– server identity keystore –> <keyStore id=”serverIdentity” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/serverIdentity.jks” />
<!– collective trust keystore –> <keyStore id=”collectiveTrust” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/collectiveTrust.jks” />
<!– collective root signers keystore –> <keyStore id=”collectiveRootKeys” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/rootKeys.jks” />
</server> |
You will notice that there is a commented out stanza with the element TODO, below it we see a quickStartSecurity element
| <quickStartSecurity userName=”” userPassword=”” /> |
You can use the <quickStartSecurity> element to quickly enable a simple (one user) security setup for the Liberty profile.
- Update the quickStartSecurity elements attributes as required
| <quickStartSecurity userName=”admin” userPassword=”letmein” /> |
- Start the Controller
| ./server start controller1 |
 |
When you are starting the collective controller the first time (or any server), use the server run command to start the controller rather than the server start command. This allows you to monitor the startup messages to catch any configuration errors. When you are copying text from the output of a command into the server.xml file there is always the possibility of syntax problems, for example, extra spaces in words. You could also use the tail command and tail the messages.log file |
Verify that the controller started correctly by looking for this message: CWWKX9003I: CollectiveRegistration MBean is available. The message is located in the message.log file of the controller.
Result:
| [02/03/15 22:28:36:967 GMT] 00000011 nagement.repository.internal.CollectiveRegistrationMBeanImpl I CWWKX9003I: CollectiveRegistration MBean is available. |
Create Collective Member
We will now create a collective member.
Create a new server called member1
| ./create server memeber1 |
Join a Member to the Collective
To join a Liberty server to the collective controller, use the collective command with the join action. The command and action are targeted to the Liberty controller name and use as options the host, https port, administrative user and password of the controller, and a password for the member keystore as were created earlier in the controller configuration.
This command will produce a few configuration lines that you will be instructed to add to the collective member server.xml file for the configuration to be completed.
Note you will be prompted to accept the certificate during the command processing
Add the server to the collective
| ./collective join member1 –host=localhost –port=9443 –user=admin –password=letmein –keystorePassword=secureme |
Result:
| [root@localhost bin]# ./collective join member1 –host=localhost –port=9443 –user=admin –password=letmein –keystorePassword=secureme Joining the collective with target controller localhost:9443… This may take a while.
SSL trust has not been established with the target server.
Certificate chain information: Certificate [0] Subject DN: CN=localhost, OU=controller1, O=ibm, C=us Issuer DN: OU=controllerRoot, O=e4c6751d-8c76-4f88-8bb5-ccf0e573d195, DC=com.ibm.ws.collective Serial Number: 547,886,959,810,458 Expires: 29/02/20 22:22 SHA-1 digest: E9:1E:87:FC:A8:A1:45:54:A4:7B:08:D3:FB:34:05:FE:1D:33:E4:56 MD5 digest: 5C:89:20:90:C4:DD:50:69:04:C0:FF:A6:00:D3:5A:B3
Certificate [1] Subject DN: OU=controllerRoot, O=e4c6751d-8c76-4f88-8bb5-ccf0e573d195, DC=com.ibm.ws.collective Issuer DN: OU=controllerRoot, O=e4c6751d-8c76-4f88-8bb5-ccf0e573d195, DC=com.ibm.ws.collective Serial Number: 547,885,449,033,281 Expires: 24/02/40 22:22 SHA-1 digest: A2:7E:33:8D:90:32:F4:51:57:38:C0:E8:F6:DD:63:BE:78:AA:0C:49 MD5 digest: 7F:4E:20:9B:B9:C6:4A:B0:96:09:15:77:BF:B7:75:73
Do you want to accept the above certificate chain? (y/n) y Successfully completed MBean request to the controller.
Successfully joined the collective for server member1
Add the following lines to the server.xml to enable:
<featureManager> <feature>collectiveMember-1.0</feature> </featureManager>
<!– Define the host name for use by the collective. If the host name needs to be changed, the server should be removed from the collective and re-joined or re-replicated. –> <variable name=”defaultHostName” value=”localhost” />
<!– Connection to the collective controller –> <collectiveMember controllerHost=”localhost” controllerPort=”9443″ />
<!– clientAuthenticationSupported set to enable bidirectional trust –> <ssl id=”defaultSSLConfig” keyStoreRef=”defaultKeyStore” trustStoreRef=”defaultTrustStore” clientAuthenticationSupported=”true” />
<!– inbound (HTTPS) keystore –> <keyStore id=”defaultKeyStore” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/security/key.jks” />
<!– inbound (HTTPS) truststore –> <keyStore id=”defaultTrustStore” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/security/trust.jks” />
<!– server identity keystore –> <keyStore id=”serverIdentity” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/serverIdentity.jks” />
<!– collective truststore –> <keyStore id=”collectiveTrust” password=”{xor}LDo8Ki06Mjo=” location=”${server.config.dir}/resources/collective/collectiveTrust.jks” /> |
- Start the server once you have copied the appropriate elements in to the server.xml of member1
Result:
| ./server start member1 Starting server member1. Server member1 started with process ID 5799. |
If we look at the messages.log of member1 we will see output messages such as:
| [03/03/15 00:05:34:491 GMT] 00000017 gement.repository.client.internal.RemoteConnectionHelperImpl I CWWKX8055I: The collective member has established a connection to the collective controller. [03/03/15 00:05:36:009 GMT] 00000026 nt.repository.member.internal.publisher.ServerPathsPublisher I CWWKX8114I: The server’s paths were successfully published to the collective repository. [03/03/15 00:05:36:214 GMT] 00000026 om.ibm.ws.management.filetransfer.internal.mbean.FileService I CWWKX7912I: The FileServiceMXBean attribute ReadList was successfully updated. [03/03/15 00:05:36:323 GMT] 00000026 om.ibm.ws.management.filetransfer.internal.mbean.FileService I CWWKX7912I: The FileServiceMXBean attribute WriteList was successfully updated. [03/03/15 00:05:36:408 GMT] 00000026 nt.repository.member.internal.publisher.ServerStatePublisher I CWWKX8116I: The server STARTED state was successfully published to the collective repository. |
We now have a collective created. Before we finish we need to cover a few Collective Administration practices.
Summary
In this guide, we have learned how to install WAS 8.5.5 Liberty Profile using IBM Installation Manager and then using the imcl command line tool to initiate the binary installations using command line variables as input. This is a very powerful command-line tool and can easily be integrated into master shell scripts.
We looked at how to create and configure a collective controller server and one join one member to the collective. We did not cover Administration of a collective nor test an application deployed to the collective. We will cover a details of provisioning for highly available application in the Guide
titled: WASND_8.5.5.x_LibertyProfile_HighAvailability, which can be purchased from http://www.themiddlewareshop.com.
We also covered how to remove the IBM SDK and uninstall WAS 8.5.5 Liberty Profile.
Consulting
If you or your organization require support in architecture, performance tuning, automation or simply advice, then please contact me via my support site and request a conversation, where we can discuss your requirement.
About Steve
Steve is a seasoned passionate technology professional, strategist and leader.
An expert in technical communications, and adept in almost all forms of Internet and mobile related technology, Steve has time and time again proven his tenacity to improve systems around him and deliver.
Steve has worn many hats during his career such as Chief Technical Officer, Founding Member of several business ventures, Programmer, Systems Administrator, Architect, Blogger and Published Author to name a few.
Due to 20 years Industry experience in Middleware, Programming, Networks and Internet Technologies, He combines systems knowledge with efficient working methods and inter personal skills required to build effective relationship with clients and colleagues alike. Exceeding typical expectations in any role undertaken, Steve is certain to become a valuable asset within any organisation He joins.
Key Skills
• Leadership (Team, Project, Business, People).
• Architecture (Solutions, Information, Technical, Applications).
Simply, I help you deal with CANETI: Constant And Never Ending Technological Innovation
Specific IBM WebSphere skills:
WebSphere Application Server (WAS Base, WAS ND & Liberty Profile & Liberty Runtime)
Automation
Security, SSL
Dev Ops
Architecture
Performance Tuning
Middleware Integration Skills:
.NET programming, and Architecture
Java Programming, and Architecture
SOA, SOAP and XML messaging
JBoss Fuse, WMQ, IIB, Mule
Integration Skills:
SOA
Process Improvement
ICD’s
Messaging Architecture
Governance
General Digital Architecture & Governance
Lightweight Architectures
Digital Strategy, platform stacks for example IAAS, PAAS, SAAS
PCI-DSS
Industry Qualifications & Recognition
TOGAF 9.1
IBM Champion 2013
