Registering WebSphere Application Server traditional servers

Add each of your WebSphere® Application Server servers or deployment managers to WebSphere Automation by registering them with the usage metering service. You can then track security vulnerabilities for your servers from a single user interface (UI) in WebSphere Automation.

When you register servers with the usage metering service, you also enable them for security monitoring.

Before you begin

Before you start this task, complete the steps in Setting up security monitoring for collecting the files or code snippets that you need to set up the usage metering feature.

If you are registering a WebSphere Application Server deployment manager, it must be version 9.0.5.14 or later. This requirement ensures that the usage metering feature properly reports the server type to WebSphere Automation. For more information, see the list of known issues and limitations.

About this task

To register your application server with WebSphere Automation, you use the API key and URL to configure your WebSphere Application Server server with the usage metering service that is in WebSphere Automation. You also add the usage metering certificate to the truststore file or use the SSL name of the server SSL configuration for your usage metering service. You use the same usage metering information to register all of your WebSphere Application Server and WebSphere Application Server Liberty servers. This information is provided automatically when you use the Register server panel.

You can either register your WebSphere Application Server server manually using the information you collected from the Register server UI panel, or by using the example configuretWasUsageMetering wsadmin script. Choose one of the following options to register your WebSphere Application Server server.

Manually creating the environment to register an application server with WebSphere Automation

You create the was-usage-metering.properties file and add in the API key, the URL, and the SSL information. If you want to add in a truststore file but don't have one, you create it and then add the usage metering certificate to it. After you complete the was-usage-metering.properties file, you add it to your installation.

Save the was-usage-metering.properties from the Register server panel, or use the following example to create a new one. Specify the properties that you need to connect your application server to WebSphere Automation through its usage metering service. If you used the Register server panel, these values are already provided.

## The following properties are required:
url=URL for WebSphere Automation metering service
apiKey=API key for WebSphere Automation

## One of the following options is required for SSL:
# sslRef=SSL name of server SSL configuration
# Or the following 3 properties
# trustStore=truststore .p12 file name
# trustStorePassword=truststore password
# httpsProtocol=TLS protocol, defaults to TLSv1.2

If you created your own was-usage-metering.properties file by using the example in the previous step, add the URL and API key to the file.
You can obtain both the URL and the API key of the usage metering service either from the Register server panel in the UI, or manually.

Note: Storing the API key in plain text format is not a security concern. The key permits access only to the usage metering APIs, and is only used to register servers. No information is returned back to the caller by the usage metering APIs.
In the was-usage-metering.properties file, uncomment the appropriate lines to add one of the SSL options for the SSL properties.
Either add the sslRef property or the group of three properties that consists of the trustStore, trustStorePassword, and httpsProtocol properties. If you use the trustStore properties, set the trustStore value to the .p12 file name only. Do not specify a full or relative path.
sslRef

Set the sslRef property to the SSL alias name that corresponds to an SSL configuration for your application server.

trustStore, trustStorePassword, httpsProtocol
Specify the trustStore, trustStorePassword, and httpProtocol properties.
If you already created a truststore.p12 file to connect an application server to WebSphere Automation, you can also use this same file to connect your WebSphere Application Server server to WebSphere Automation. This truststore.p12 file that you already created is one that you created for a Liberty server or a WebSphere Application Server server.

If you obtained the truststore from the Register server panel, set the value for the trustStorePassword parameter to changeMe.

If you did not create a truststore.p12 file and did not obtain one from the Register server panel, you can create one by running the following commands:

Create the truststore.p12 file by first starting the wsadmin scripting tool with the -lang jython option. Then, run the createKeyStore command.
```
AdminTask.createKeyStore('[-keyStoreName metering_keystore_name -keyStoreType PKCS12 -keyStoreLocation full_path_to_keystore_PKCS12_file_to_create -keyStorePassword keyStorePassword -keyStorePasswordVerify keyStorePassword -keyStoreDescription "metering truststore file" ]')
```
Add the usage metering certificate that you obtained from the Register server panel to the truststore.p12 file by using the retrieveSignerFromPort command.
If you did not use the Register server panel, you can obtain the usage metering host for the command from the usage metering URL either with the Red Hat OpenShift CLI client or from your Red Hat OpenShift administrative console. For example, if the URL is https://example-automation.com/websphereauto/meteringapi, the host is example-automation.com. The default usage metering port is 443.

If you use the sslRef option, you can obtain the keystore (or truststore) name and keystore scope for the command from your WebSphere Application Server traditional server administrative console. In the console, navigate to Security > SSL certificate and key management > SSL configurations (under Related Items). Click the sslConfig to obtain the keystore (or truststore) name and keystore scope.
```
AdminTask.retrieveSignerFromPort('[-keyStoreName metering_keystore_name -host usage_metering_host_or_IP_Address -port usage-metering_Port -certificateAlias certificateAlias]')
```
Run the following command to save the configuration changes from the createKeyStore and retrievingSignerFromPort commands.
```
AdminConfig.save()
```

Add the was-usage-metering.properties and truststore.p12 files to your installation.

Add the files to any of the directories in the following table, depending on whether you want to register servers at the server, cluster, node, or cell level.

The table contains two columns. The first column specifies the level. The second column specifies the directory.

Level	Directory
Server	`profile_root`/config/cells/`cellName`/nodes/`nodeName`/servers/`servername`
Cluster	`profile_root`/config/cells/`cellName`/clusters/`clusterName`
Node	`profile_root`/config/cells/`cellName`/nodes/`nodeName`
Cell	`profile_root`/config/cells/`cellName`

If your environment uses a deployment manager, put the files in the directory tree for the deployment manager profile. Then, propagate the files to each of the managed nodes by starting the wsadmin scripting tool and running the following commands:

repository=AdminControl.queryNames('type=ConfigRepository,process=dmgr,*')
AdminControl.invoke(repository, 'refreshRepositoryEpoch')
AdminNodeManagement.syncActiveNodes()

If your environment does not use a deployment manager, put the files in the corresponding directory for each server, node, or cell that you want to register.

If the application server is running after you add the files, the application server registers with WebSphere Automation through the usage metering service. Otherwise, the application server registers with WebSphere Automation the next time that it starts.

A correctly registered WebSphere Application Server server is indicated with output similar to the following message.

[10/20/21 7:56:04:940 PDT] 0000004a RegisterTask I CWWKR0400I: The server was registered with the IBM Cloud Private Metering service on the specified URL https://websphere-automation.example.com/websphereauto/meteringapi.

Running the example configuretWasUsageMetering wsadmin script to register your application server with WebSphere Automation

The example script registers a WebSphere Application Server server with the usage metering service by using the configuretWasUsageMetering wsadmin script. You can copy the example script, try it on your development environment, and make changes as needed. To view and copy the example script code, see Script for configuring usage metering on WebSphere Application Server.

The script automatically gets the API key, URL, and usage metering certificate. For the script to do so, you must be in WebSphere Application Server V9.0 with the Red Hat® OpenShift® CLI Client oc command that is installed on all your application servers. You must log in to the Red Hat OpenShift cluster with administrative credentials. If the Red Hat OpenShift CLI client is not installed on all your application servers or you are on WebSphere Application Server V8.5.5, the script still gets the usage metering certificate. However, you manually enter the API key and the URL. The script creates a keystore file or uses the existing SSL server configuration and retrieves the certificate from WebSphere Automation. It also creates the was-usage-metering.properties file and copies it to your application server. If you do not supply the node and server names, the script copies the keystore file and was-usage-metering.properties file to all servers. The script also synchronizes the changes to the active nodes. After you synchronize the nodes, you can start all the servers or a specific server by setting the startServers option to the true value.

The following steps assume that the scripting client is connected to the deployment manager, but you can run this script in a single application server environment. If you run it in a single application server environment, copy the script into the $WAS_HOME/profiles/AppSrv/bin directory. Modify the following steps and example configuretWasUsageMetering wsadmin script for your single application server environment.

Remember: Before you use the example configuretWasUsageMetering wsadmin script, test it in a development environment. It might not work properly in some environments.

Create the configuretWasUsageMetering wsadmin script file by copying the script into the $WAS_HOME/profiles/Dmgr/bin directory.
Run the configuretWasUsageMetering wsadmin script file.
1. If the oc command is not installed on all your application servers in your environment or you are on WebSphere Application Server V8.5.5, ensure that the deployment manager is running. Then, run the configuretWasUsageMetering wsadmin command.
```
$WAS_HOME/profiles/dmgr/bin/wsadmin -lang jython -f configuretWasUsageMetering.py url=url apiKey=apiKey_value sslRef=ssl_name or trustStorePassword=password
```
  Include the value for the sslRef option or the trustStorePassword option, but not both. Specify the URL on the url option and the API key on the apiKey option. If you didn’t already obtain the URL and API key, get them with the Red Hat OpenShift CLI client or from your OpenShift administrative console.
2. If you are on WebSphere Application Server V9.0 and the Red Hat OpenShift CLI client is installed on all the application servers in your environment, log in to the Red Hat OpenShift cluster with administrative credentials. Ensure that the deployment manager is running and run the configuretWasUsageMetering wsadmin command.
```
$WAS_HOME/profiles/Dmgr/bin/wsadmin -lang jython -f configuretWasUsageMetering.py sslRef=ssl_name or trustStorePassword=truststore_password namespace=websphere-automation
```
  - The script obtains the URL, API key, and usage metering certificate automatically.
  - The namespace is where WebSphere Automation is installed. If no namespace is specified, the default WebSphere Automation namespace is used.
  - Include the value for the sslRef option or the trustStorePassword option, but not both.