Add each of your WebSphere® Application Server
Liberty servers to WebSphere Automation by registering them with the usage metering service.
You can then track issues for your servers, such as security vulnerabilities and health problems,
from a single user interface (UI) in WebSphere Automation.
When you register servers with the usage metering service, you also enable them for security
monitoring.
About this task
To register your application server with WebSphere Automation, you
need the API key, URL, and usage metering certificate. You use them to configure your Liberty server with the usage metering service that is in WebSphere Automation. You also need the truststore file for the usage
metering service. You use the same usage metering information to register all of your WebSphere Application Server and Liberty
servers. This information is provided automatically when you use the Register
server panel.
Create your configuration and add it to your Liberty
server.xml file by completing the following steps.
Procedure
- In the server.xml configuration file for the Liberty server that you register with the usage metering
service, add the
usageMetering
feature. Use the
<featureManager>
code snippet that you copied from the
Register
server panel or the following example.
<featureManager>
<feature>usageMetering-1.0</feature>
</featureManager>
- Import the usage metering certificate, which is in the
metering_certificate_file.pem file, into your existing
keystore file.
Run the following command from the
path_to_liberty/wlp/bin directory to import the usage
metering
certificate:
keytool -import -trustcacerts -file metering_certificate_file.pem -keystore ../usr/servers/server_name/resources/security/key.p12 -storetype PKCS12
When prompted by this command, type the keystore password. When prompted to trust the certificate,
type
yes
.
You obtained the usage metering certificate either from the Register server panel in the UI, or manually.
- In the server configuration, define the keystore and truststore files for SSL
communication between the Liberty server and the usage
metering service in WebSphere Automation.
Use the
<keystore>
code snippet that you copied from the
Register
server panel or the following example.
<keyStore id="meteringKeyStore"
location="key.p12"
password="xor keystore password"
type="PKCS12"/>
<ssl id="meteringSSL"
keyStoreRef="meteringKeyStore"
trustStoreRef="meteringKeyStore"
sslProtocol="TLSv1.2"/>
The following information describes the elements and attributes:
- The
id
attribute on the ssl
element specifies a unique
configuration ID.
- The
keyStoreRef
and trustStoreRef
attributes are references
to the keyStore
element.
- The
sslProtocol
attribute is the SSL handshake protocol and defaults to
TLS V1.2
.
- The location attribute on the
keyStore
element is the absolute or relative path
to the keystore file.
- The password attribute contains the password to load the keystore file. The value can be stored
in clear text or encoded form. Use the securityUtility command to encode the
password.
- The type attribute contains the keystore type, which defaults to the
PKCS12
value.
- Configure the
usageMetering
element so that you can register your
application server with the usage metering service in WebSphere Automation. Use the
<usageMetering>
code snippet that you copied from the
Register
server panel or the following example.
<usageMetering url="metering_service_host"
apiKey="API_key" sslRef="meteringSSL"/>
Note: Storing the API key in plain text format is not a security concern. The key permits
access only to the usage metering APIs, and is only used to register servers. No information is
returned back to the caller by the usage metering APIs.
- Add your configuration to the Liberty
server.xml file.
The configuration that you add to your Liberty
server.xml file is similar to the following example:
<?xml version="1.0" encoding="UTF-8"?>
<server description="new server">
<!-- Enable features -->
<featureManager>
<feature>usageMetering-1.0</feature>
<feature>transportSecurity-1.0</feature>
</featureManager>
<keyStore id="meteringKeyStore" password="3dkeoL229" location="key.p12" type="PKCS12" />
<ssl id="meteringSSL" keyStoreRef="meteringKeyStore" trustStoreRef="meteringKeyStore" sslProtocol="TLSv1.2" />
<usageMetering url="https://example.com/websphereauto/meteringapi" sslRef="meteringSSL" apiKey="" />
</server>
Results
A correctly registered Liberty server results in
output similar to the following
message.[10/20/21 7:53:07:535 PDT] 00000029 com.ibm.ws.usage.metering.common.RegisterTask I CWWKR0400I: The server was registered with the IBM Cloud Private Metering service on the specified URL https://websphere-automation.example.com/websphereauto/meteringapi.