Registering Liberty servers

Add each of your WebSphere® Application Server Liberty servers to WebSphere Automation by registering them with the usage metering service. You can then track issues for your servers, such as security vulnerabilities and health problems, from a single user interface (UI) in WebSphere Automation.

When you register servers with the usage metering service, you also enable them for security monitoring.

Before you begin

Before you start this task, complete the steps in Setting up security monitoring for collecting the files or code snippets that you need to set up the usage metering feature.

Ensure that SSL communication is enabled in your Liberty server.

About this task

To register your application server with WebSphere Automation, you need the API key, URL, and usage metering certificate. You use them to configure your Liberty server with the usage metering service that is in WebSphere Automation. You also need the truststore file for the usage metering service. You use the same usage metering information to register all of your WebSphere Application Server and Liberty servers. This information is provided automatically when you use the Register server panel.

Create your configuration and add it to your Liberty server.xml file by completing the following steps.

Procedure

  1. In the server.xml configuration file for the Liberty server that you register with the usage metering service, add the usageMetering feature.
    Use the <featureManager> code snippet that you copied from the Register server panel or the following example.
    <featureManager>
  <feature>usageMetering-1.0</feature>
</featureManager>
  2. Import the usage metering certificate, which is in the metering_certificate_file.pem file, into your existing keystore file.
    Run the following command from the path_to_liberty/wlp/bin directory to import the usage metering certificate:
    keytool -import -trustcacerts -file metering_certificate_file.pem -keystore ../usr/servers/server_name/resources/security/key.p12 -storetype PKCS12
    When prompted by this command, type the keystore password. When prompted to trust the certificate, type yes.

    You obtained the usage metering certificate either from the Register server panel in the UI, or manually.

  3. In the server configuration, define the keystore and truststore files for SSL communication between the Liberty server and the usage metering service in WebSphere Automation.
    Use the <keystore> code snippet that you copied from the Register server panel or the following example.
    <keyStore id="meteringKeyStore"
          location="key.p12"
          password="xor keystore password"
          type="PKCS12"/>
<ssl id="meteringSSL"
          keyStoreRef="meteringKeyStore"
          trustStoreRef="meteringKeyStore"
          sslProtocol="TLSv1.2"/>
    The following information describes the elements and attributes:
    • The id attribute on the ssl element specifies a unique configuration ID.
    • The keyStoreRef and trustStoreRef attributes are references to the keyStore element.
    • The sslProtocol attribute is the SSL handshake protocol and defaults to TLS V1.2.
    • The location attribute on the keyStore element is the absolute or relative path to the keystore file.
    • The password attribute contains the password to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility command to encode the password.
    • The type attribute contains the keystore type, which defaults to the PKCS12 value.
  4. Configure the usageMetering element so that you can register your application server with the usage metering service in WebSphere Automation.
    Use the <usageMetering> code snippet that you copied from the Register server panel or the following example.
    <usageMetering url="metering_service_host"
         apiKey="API_key" sslRef="meteringSSL"/>
    • Specify the URL for the url attribute and the API key for the apiKey attribute.

      You obtained both the URL and the API key of the usage metering service either from the UI, or manually.

    • On the sslRef attribute, reference the ID of the ssl element that you defined in the previous step.
    Note: Storing the API key in plain text format is not a security concern. The key permits access only to the usage metering APIs, and is only used to register servers. No information is returned back to the caller by the usage metering APIs.
  5. Add your configuration to the Liberty server.xml file.

    The configuration that you add to your Liberty server.xml file is similar to the following example:

    <?xml version="1.0" encoding="UTF-8"?>
<server description="new server">
    <!-- Enable features -->
    <featureManager>
        <feature>usageMetering-1.0</feature>
        <feature>transportSecurity-1.0</feature>
    </featureManager>
    <keyStore id="meteringKeyStore" password="3dkeoL229" location="key.p12" type="PKCS12" />
    <ssl id="meteringSSL" keyStoreRef="meteringKeyStore" trustStoreRef="meteringKeyStore" sslProtocol="TLSv1.2" />
    <usageMetering url="https://example.com/websphereauto/meteringapi" sslRef="meteringSSL" apiKey="" />
</server>

Results

A correctly registered Liberty server results in output similar to the following message.
[10/20/21 7:53:07:535 PDT] 00000029 com.ibm.ws.usage.metering.common.RegisterTask I CWWKR0400I: The server was registered with the IBM Cloud Private Metering service on the specified URL https://websphere-automation.example.com/websphereauto/meteringapi.