WebSphere Application Server & Liberty

 View Only

WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers

By Brian Hanczaryk posted Mon April 11, 2022 04:55 PM

  
WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers

Previous blogs in this WebSphere Automation "How To" series :
WebSphere Automation "How To" Series #1 : How to get WebSphere Automation UI 
WebSphere Automation "How To" Series #2 : How to specify user roles and permissions 
WebSphere Automation "How To" Series #3 : How to configure WebSphere Automation with an Enterprise LDAP 
WebSphere Automation "How To" Series #4 : How to register WebSphere Application Server traditional servers using configuretWasUsageMetering.py script 

This post will focus on how to register WebSphere Liberty servers.

To register your WebSphere Liberty servers with WebSphere Automation, you will use the URL, API key and usage metering certificate to configure your Liberty server with the usage metering service that is in WebSphere Automation. You will use the same usage metering information to register all of your WebSphere Liberty servers.

For this example, we initially have no servers registered. The following is the WebSphere Automation UI screenshot showing no registered servers.
Security_1


IBM Docs https://www.ibm.com/docs/en/ws-automation?topic=monitoring-registering-liberty-servers provides information on registering WebSphere Liberty servers.

To get the URL of the usage metering service, you can issue the following oc command.
oc get route cpd -n NAMESPACE -o jsonpath=https://{.spec.host}/websphereauto/meteringapi

To get the API key, you first need to know the instance name. You can get the instance name with the following command.
oc get WebSphereSecure -n NAMESPACE -o jsonpath='{.items[?(@.kind=="WebSphereSecure")].metadata.name}'

To get the usage metering certificate, you can issue the following oc command.
oc -n NAMESPACE get secret external-tls-secret -o jsonpath='{.data.cert\.crt}' | base64 -d > metering_certificate_file.pem

With the information gathered for URL, API key and usage metering certificate, you can create your configuration and add it to your Liberty server.xml file by executing the following steps.

1. In the server.xml for the Liberty server you'd like to register, include usageMetering and transportSecurity features.
<featureManager>
  <feature>usageMetering-1.0</feature>
  <feature>transportSecurity-1.0</feature>
</featureManager>


2. Copy the metering_certificate_file.pem to your Liberty server host. For this example, we copied the metering_certificate_file.pem to PATH_TO_LIBERTY/wlp/bin directory. Using the java keytool command, import the usage metering certificate into your existing keystore file. If you don't have an existing keystore file, you can utilize the securityUtility command (https://www.ibm.com/docs/en/was-liberty/base?topic=applications-securityutility-command) to create it with the following command.
securityUtility createSSLCertificate --password=XXX --server=SERVERNAME

The following is an example keytool command to import the usage metering certificate into your existing keystore file.
keytool -import -trustcacerts -file metering_certificate_file.pem -keystore ../usr/servers/SERVERNAME/resources/security/key.p12 -storetype PKCS12 -storepass XXX -noprompt


3. If the keystore and truststore do not already exist in your Liberty server configuration, define the keystore and truststore files for SSL communication between the Liberty server and the usage metering service in WebSphere Automation. You can refer to https://www.ibm.com/docs/en/ws-automation?topic=monitoring-registering-liberty-servers for more information on the specific elements and attributes. The following is an example of the keyStore and ssl elements.
<keyStore id="meteringKeyStore" location="key.p12" password="xor keystore password" type="PKCS12"/>
<ssl id="meteringSSL" keyStoreRef="meteringKeyStore" trustStoreRef="meteringKeyStore" sslProtocol="TLSv1.2"/>


4. Configure the usageMetering element that allows you to register your Liberty server with the usage metering service in WebSphere Automation. You will specify the URL and the API key that were previously gathered, along with the id of your configured ssl element. An example of the usageMetering element syntax is as follows.
<usageMetering url="URL" apiKey="API_key" sslRef="meteringSSL"/>


Your Liberty server.xml configuration should include elements similar to the following example.
<?xml version="1.0" encoding="UTF-8"?>
<server description="SERVERNAME">
<featureManager>
<feature>usageMetering-1.0</feature>
<feature>transportSecurity-1.0</feature>
</featureManager>
<keyStore id="meteringKeyStore" location="key.p12" password="xor keystore password" type="PKCS12"/>
<ssl id="meteringSSL" keyStoreRef="meteringKeyStore" trustStoreRef="meteringKeyStore" sslProtocol="TLSv1.2"/>
<usageMetering url="https://example.com/websphereauto/meteringapi" sslRef="meteringSSL" apiKey="XXXXXXXXXXXXXXXXXXXX" />
</server>


After configuring and starting the Liberty server, for this example we now a Liberty server registered. The following is the WebSphere Automation UI screenshot showing the registered Liberty server.
Security_2


When successfully registered, your Liberty server's messages.log should display the following output
[4/8/22 6:44:46:654 PDT] 00000025 com.ibm.ws.usage.metering.common.RegisterTask I CWWKR0400I: The server was registered with the IBM Cloud Private Metering service on the specified URL https://XXXXXXXX.com/websphereauto/meteringapi.

You can find more IBM Docs related to WebSphere Automation at https://www.ibm.com/docs/en/ws-automation.
#WebSphere
#Automation #WSA#WebSphereAutomation​​
0 comments
50 views

Permalink