Generating a plugin-cfg.xml to route to multiple collectives

Generate a plugin-cfg.xml that enables Intelligent Management in the WebSphere® plug-in to route to multiple collectives.

1. For each collective that you want Intelligent Management in the WebSphere plug-in to route requests to, do the following:
   1. Select a collective controller
   2. Edit the server.xml of the collective controller and add the dynamicRouting tag. Specify a unique name for the connectorClusterName property.
      For example: <dynamicRouting connectorClusterName="collective1" />
   3. On the selected collective controller machine, use the following dynamicRouting setup command to generate the plugin-cfg.xml and plugin-key.p12 files.

      <Liberty server root>/bin/dynamicRouting setup --port=<controllerport> --host=<controller host> --user=<administrator id> --password=<administrator password> --keystorePassword=<keystore password> --pluginInstallRoot=<root directory of the WebSphere plugin on the WebServer host> --webServerNames=<web server name> --keystoreType=pkcs12

2. Merge <ConnectorClustor> tags from the generated plugin-cfg.xml files.
   1. Copy the <ConnectorCluster> elements from all plugin-cfg.xml files into one plugin-cfg.xml file.

      For example, if you have two collectives, copy <ConnectorCluster> stanza from plugin-cfg.xml of the "collective2" into the plugin-cfg.xml of the "collective1".

      The merged plugin-cfg.xml file appears similar to the following example:

      <?xml version="1.0" encoding="UTF-8"?><!--HTTP server plug-in config file for defaultServer generated on 2014.05.13 at 15:24:23 EDT-->
      <Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false"><Log LogLevel="Error" Name="/opt/IBM/HTTPServer_Plugins/logs/webserver1/http_plugin.log"/>
      		<Property Name="ESIEnable" Value="true"/>
      		<Property Name="ESIMaxCacheSize" Value="1024"/>
      		<Property Name="ESIInvalidationMonitor" Value="false"/>
      		<Property Name="ESIEnableToPassCookies" Value="false"/>
      		<Property Name="PluginInstallRoot" Value="/opt/IBM/HTTPServer_Plugins/"/>
      		<!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint-->
      
      		<Property Name="Keyfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/>
      		<Property Name="Stashfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.sth"/>
      
      		<IntelligentManagement>
      			<TraceSpecification name="default" specification=":DEBUG"/>
      			<Property name="webserverName" value="webserver1"/>
      
      			<ConnectorCluster enabled="true" maxRetries="10" name="collective1" retryInterval="30">
      				<Property name="uri" value="/ibm/api/dynamicRouting"/>
      				<Connector host="controller1.acme.com" port="9443" protocol="https">
      					<Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/>
      				</Connector>
      			</ConnectorCluster>
      
      			<ConnectorCluster enabled="true" maxRetries="10" name="collective2" retryInterval="30">
      				<Property name="uri" value="/ibm/api/dynamicRouting"/>
      				<Connector host="controller2.acme.com" port="9443" protocol="https">
      					<Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective2.kdb"/>
      				</Connector>
      			</ConnectorCluster>
      
      		</IntelligentManagement>
      </Config>

3. For each collective, convert the pkcs12 formatted keystore to a CMS format.
   1. Copy generated plugin-key-<connectorClusterName>.p12 file to /tmp directory on the IHS host.
   2. Run gskcapicmd to convert it to a CMS formatted store as instructed in the dynamicRouting setup command output.

      ./gskcapicmd -keydb -convert -pw <<password>> -db /tmp/plugin-key-collective1.p12 -old_format p12 -target /tmp/plugin-key-collective1.kdb  -new_format cms -stash 

   3. Use chown <user>:<group> plugin-key.kdb plugin-key.rdb plugin-key.sth on the files that are created by the gskcapicmd in the temporary directory. The user and group should match the ones found listed as User and Group in the file IHSinstallRoot/conf/httpd.conf. Then copy the resulting .kdb, .sth and .rdb stores to the <plugininstallRoot>/config/<webServerName> directory.
4. Extract all memberroot certificates from each collective kdb store and import it into a new keystore, which is used for front-end user requests over SSL.

   For example, run the following command to extract the memberroot certificate:

   ./gskcapicmd  -cert -extract -db /tmp/plugin-key-collective1.kdb -label memberroot -pw <<password>> -target /tmp/memberroot.cer

   Create a new CMS formatted store that is called plugin-key.kdb, and import the memberroot certificates into it.

   ./gskcapicmd  -cert  -add -db /tmp/plugin-key.kdb -pw <<password>> -file /tmp/memberroot.cer -label memberroot

   Copy the resulting plugin-key .kdb, .sth and .rdb files to the <plugininstallRoot>/config/<webServerName> directory.

5. Modify the merged plugin-cfg.xml to change the keyfile and Stashfile properties to use the plugin-key.kdb and plugin-key.sth. The modified plugin-cfg.xml appears similar to the following example:

   <?xml version="1.0" encoding="UTF-8"?><!--HTTP server plug-in config file for defaultServer generated on 2014.05.13 at 15:24:23 EDT-->
   		<Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false">
   		<Log LogLevel="Error" Name="/opt/IBM/HTTPServer_Plugins/logs/webserver1/http_plugin.log"/>
   		<Property Name="ESIEnable" Value="true"/>
   		<Property Name="ESIMaxCacheSize" Value="1024"/>
   		<Property Name="ESIInvalidationMonitor" Value="false"/>
   		<Property Name="ESIEnableToPassCookies" Value="false"/>
   		<Property Name="PluginInstallRoot" Value="/opt/IBM/HTTPServer_Plugins/"/>
   		<!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint-->
   
   		<Property Name="Keyfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key.kdb"/>
   		<Property Name="Stashfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key.sth"/>
   
   			<IntelligentManagement>
   				<TraceSpecification name="default" specification=":DEBUG"/>
   				<Property name="webserverName" value="webserver1"/>
   
   				<ConnectorCluster enabled="true" maxRetries="10" name="collective1" retryInterval="30">
   					<Property name="uri" value="/ibm/api/dynamicRouting"/>
   					<Connector host="controller1.acme.com" port="9443" protocol="https">
   						<Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/>
   					</Connector>
   				</ConnectorCluster>
   
   				<ConnectorCluster enabled="true" maxRetries="10" name="collective2" retryInterval="30">
   					<Property name="uri" value="/ibm/api/dynamicRouting"/>
   					<Connector host="controller2.acme.com" port="9443" protocol="https">
   						<Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective2.kdb"/>
   					</Connector>
   				</ConnectorCluster>
   
   			<IntelligentManagement>
   		</Config>