Registering WebSphere Application Server traditional servers
Add each of your WebSphere® Application Server servers or deployment managers to WebSphere Automation by registering them with the usage metering service. You can then track security vulnerabilities for your servers from a single user interface (UI) in WebSphere Automation.
When you register servers with the usage metering service, you also enable them for security monitoring.
Before you begin
Before you start this task, complete the steps in Setting up security monitoring for collecting the files or code snippets that you need to set up the usage metering feature.
If you are registering a WebSphere Application Server deployment manager, it must be version 9.0.5.14 or later. This requirement ensures that the usage metering feature properly reports the server type to WebSphere Automation. For more information, see the list of known issues and limitations.
About this task
To register your application server with WebSphere Automation, you use the API key and URL to configure your WebSphere Application Server server with the usage metering service that is in WebSphere Automation. You also add the usage metering certificate to the truststore file or use the SSL name of the server SSL configuration for your usage metering service. You use the same usage metering information to register all of your WebSphere Application Server and WebSphere Application Server Liberty servers. This information is provided automatically when you use the Register server panel.
Manually creating the environment to register an application server with WebSphere Automation
You create the was-usage-metering.properties file and add in the API key, the URL, and the SSL information. If you want to add in a truststore file but don't have one, you create it and then add the usage metering certificate to it. After you complete the was-usage-metering.properties file, you add it to your installation.
- Save the was-usage-metering.properties from the Register
server panel, or use the following example to create a new one. Specify the properties
that you need to connect your application server to WebSphere Automation through its usage metering service. If you used the Register server panel,
these values are already provided.
## The following properties are required: url=URL for WebSphere Automation metering service apiKey=API key for WebSphere Automation ## One of the following options is required for SSL: # sslRef=SSL name of server SSL configuration # Or the following 3 properties # trustStore=truststore .p12 file name # trustStorePassword=truststore password # httpsProtocol=TLS protocol, defaults to TLSv1.2
- If you created your own was-usage-metering.properties
file by using the example in the previous step, add the URL and API key to the file.
You can obtain both the URL and the API key of the usage metering service either from the Register server panel in the UI, or manually.
Note: Storing the API key in plain text format is not a security concern. The key permits access only to the usage metering APIs, and is only used to register servers. No information is returned back to the caller by the usage metering APIs. - In the was-usage-metering.properties file, uncomment the appropriate lines
to add one of the SSL options for the SSL properties.
Either add the sslRef property or the group of three properties that consists of the trustStore, trustStorePassword, and httpsProtocol properties. If you use the trustStore properties, set the trustStore value to the .p12 file name only. Do not specify a full or relative path.
- sslRef
- Set the
sslRef
property to the SSL alias name that corresponds to an SSL configuration for your application server. - trustStore, trustStorePassword, httpsProtocol
- Specify the trustStore, trustStorePassword, and
httpProtocol properties.
If you already created a truststore.p12 file to connect an application server to WebSphere Automation, you can also use this same file to connect your WebSphere Application Server server to WebSphere Automation. This truststore.p12 file that you already created is one that you created for a Liberty server or a WebSphere Application Server server.
If you obtained the truststore from the Register server panel, set the value for the trustStorePassword parameter to
changeMe
.If you did not create a truststore.p12 file and did not obtain one from the Register server panel, you can create one by running the following commands:
Create the truststore.p12 file by first starting the wsadmin scripting tool with the -lang jython option. Then, run the createKeyStore command.
AdminTask.createKeyStore('[-keyStoreName metering_keystore_name -keyStoreType PKCS12 -keyStoreLocation full_path_to_keystore_PKCS12_file_to_create -keyStorePassword keyStorePassword -keyStorePasswordVerify keyStorePassword -keyStoreDescription "metering truststore file" ]')
- Add the usage metering certificate that you obtained from the Register
server panel to the truststore.p12 file by using
the retrieveSignerFromPort
command.
If you did not use the Register server panel, you can obtain the usage metering host for the command from the usage metering URL either with the Red Hat OpenShift CLI client or from your Red Hat OpenShift administrative console. For example, if the URL is
https://example-automation.com/websphereauto/meteringapi
, the host isexample-automation.com
. The default usage metering port is 443.If you use the sslRef option, you can obtain the keystore (or truststore) name and keystore scope for the command from your WebSphere Application Server traditional server administrative console. In the console, navigate to . Click the sslConfig to obtain the keystore (or truststore) name and keystore scope.
AdminTask.retrieveSignerFromPort('[-keyStoreName metering_keystore_name -host usage_metering_host_or_IP_Address -port usage-metering_Port -certificateAlias certificateAlias]')
Run the following command to save the configuration changes from the createKeyStore and retrievingSignerFromPort commands.AdminConfig.save()
- Add the was-usage-metering.properties and
truststore.p12 files to your installation.
Add the files to any of the directories in the following table, depending on whether you want to register servers at the server, cluster, node, or cell level.
The table contains two columns. The first column specifies the level. The second column specifies the directory.Level Directory Server profile_root/config/cells/cellName/nodes/nodeName/servers/servername Cluster profile_root/config/cells/cellName/clusters/clusterName Node profile_root/config/cells/cellName/nodes/nodeName Cell profile_root/config/cells/cellName If your environment uses a deployment manager, put the files in the directory tree for the deployment manager profile. Then, propagate the files to each of the managed nodes by starting the wsadmin scripting tool and running the following commands:repository=AdminControl.queryNames('type=ConfigRepository,process=dmgr,*') AdminControl.invoke(repository, 'refreshRepositoryEpoch') AdminNodeManagement.syncActiveNodes()
If your environment does not use a deployment manager, put the files in the corresponding directory for each server, node, or cell that you want to register.
If the application server is running after you add the files, the application server registers with WebSphere Automation through the usage metering service. Otherwise, the application server registers with WebSphere Automation the next time that it starts.
A correctly registered WebSphere Application Server server is indicated with output similar to the following message.
[10/20/21 7:56:04:940 PDT] 0000004a RegisterTask I CWWKR0400I: The server was registered with the IBM Cloud Private Metering service on the specified URL https://websphere-automation.example.com/websphereauto/meteringapi.
Running the example configuretWasUsageMetering wsadmin script to register your application server with WebSphere Automation
The example script registers a WebSphere Application Server server with the usage metering service by using the configuretWasUsageMetering wsadmin script. You can copy the example script, try it on your development environment, and make changes as needed. To view and copy the example script code, see Script for configuring usage metering on WebSphere Application Server.
The script automatically gets the API key, URL, and usage metering certificate. For the script to
do so, you must be in WebSphere Application Server V9.0 with the Red Hat®
OpenShift® CLI Client oc command that is installed
on all your application servers. You must log in to the Red Hat OpenShift cluster with administrative credentials. If the Red Hat OpenShift CLI client is not installed on all your application servers or you are on WebSphere Application Server V8.5.5, the script still gets the usage metering
certificate. However, you manually enter the API key and the URL. The script creates a keystore file
or uses the existing SSL server configuration and retrieves the certificate from WebSphere Automation. It also creates the
was-usage-metering.properties file and copies it to your application server. If
you do not supply the node and server names, the script copies the keystore file and
was-usage-metering.properties file to all servers. The script also synchronizes
the changes to the active nodes. After you synchronize the nodes, you can start all the servers or a
specific server by setting the startServers option to the true
value.
The following steps assume that the scripting client is connected to the deployment manager, but you can run this script in a single application server environment. If you run it in a single application server environment, copy the script into the $WAS_HOME/profiles/AppSrv/bin directory. Modify the following steps and example configuretWasUsageMetering wsadmin script for your single application server environment.
- Create the configuretWasUsageMetering wsadmin script file by copying the script into the $WAS_HOME/profiles/Dmgr/bin directory.
- Run the configuretWasUsageMetering wsadmin script file.
- If the oc command is not installed on all your application servers in your
environment or you are on WebSphere Application Server V8.5.5, ensure that the
deployment manager is running. Then, run the configuretWasUsageMetering wsadmin
command.
$WAS_HOME/profiles/dmgr/bin/wsadmin -lang jython -f configuretWasUsageMetering.py url=url apiKey=apiKey_value sslRef=ssl_name or trustStorePassword=password
Include the value for the sslRef option or the trustStorePassword option, but not both. Specify the URL on the url option and the API key on the apiKey option. If you didn’t already obtain the URL and API key, get them with the Red Hat OpenShift CLI client or from your OpenShift administrative console.
- If you are on WebSphere Application Server V9.0 and the Red Hat OpenShift CLI client is installed on all the application
servers in your environment, log in to the Red Hat OpenShift
cluster with administrative credentials. Ensure that the deployment manager is running and run the
configuretWasUsageMetering wsadmin command.
$WAS_HOME/profiles/Dmgr/bin/wsadmin -lang jython -f configuretWasUsageMetering.py sslRef=ssl_name or trustStorePassword=truststore_password namespace=websphere-automation
- The script obtains the URL, API key, and usage metering certificate automatically.
- The namespace is where WebSphere Automation is installed. If no namespace is specified, the default WebSphere Automation namespace is used.
- Include the value for the sslRef option or the trustStorePassword option, but not both.
- If the oc command is not installed on all your application servers in your
environment or you are on WebSphere Application Server V8.5.5, ensure that the
deployment manager is running. Then, run the configuretWasUsageMetering wsadmin
command.