Generating a plugin-cfg.xml to route to multiple collectives
Generate a plugin-cfg.xml that enables Intelligent Management in the WebSphere® plug-in to route to multiple collectives.
Procedure
-
For each collective that you want Intelligent Management in the WebSphere plug-in to route requests to, do the following:
- Select a collective controller
-
Edit the server.xml of the collective controller and add the
dynamicRouting tag. Specify a unique name for the
connectorClusterName property.
For example:
<dynamicRouting connectorClusterName="collective1" />
-
On the selected collective controller machine, use the following dynamicRouting
setup command to generate the plugin-cfg.xml and
plugin-key.p12 files.
<Liberty server root>/bin/dynamicRouting setup --port=<controllerport> --host=<controller host> --user=<administrator id> --password=<administrator password> --keystorePassword=<keystore password> --pluginInstallRoot=<root directory of the WebSphere plugin on the WebServer host> --webServerNames=<web server name> --keystoreType=pkcs12
-
Merge <ConnectorClustor> tags from the generated
plugin-cfg.xml files.
-
Copy the <ConnectorCluster> elements from all
plugin-cfg.xml files into one plugin-cfg.xml file.
For example, if you have two collectives, copy <ConnectorCluster> stanza from plugin-cfg.xml of the "collective2" into the plugin-cfg.xml of the "collective1".
The merged plugin-cfg.xml file appears similar to the following example:
<?xml version="1.0" encoding="UTF-8"?><!--HTTP server plug-in config file for defaultServer generated on 2014.05.13 at 15:24:23 EDT--> <Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false"><Log LogLevel="Error" Name="/opt/IBM/HTTPServer_Plugins/logs/webserver1/http_plugin.log"/> <Property Name="ESIEnable" Value="true"/> <Property Name="ESIMaxCacheSize" Value="1024"/> <Property Name="ESIInvalidationMonitor" Value="false"/> <Property Name="ESIEnableToPassCookies" Value="false"/> <Property Name="PluginInstallRoot" Value="/opt/IBM/HTTPServer_Plugins/"/> <!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint--> <Property Name="Keyfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/> <Property Name="Stashfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.sth"/> <IntelligentManagement> <TraceSpecification name="default" specification=":DEBUG"/> <Property name="webserverName" value="webserver1"/> <ConnectorCluster enabled="true" maxRetries="10" name="collective1" retryInterval="30"> <Property name="uri" value="/ibm/api/dynamicRouting"/> <Connector host="controller1.acme.com" port="9443" protocol="https"> <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/> </Connector> </ConnectorCluster> <ConnectorCluster enabled="true" maxRetries="10" name="collective2" retryInterval="30"> <Property name="uri" value="/ibm/api/dynamicRouting"/> <Connector host="controller2.acme.com" port="9443" protocol="https"> <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective2.kdb"/> </Connector> </ConnectorCluster> </IntelligentManagement> </Config>
-
Copy the <ConnectorCluster> elements from all
plugin-cfg.xml files into one plugin-cfg.xml file.
-
For each collective, convert the pkcs12 formatted keystore to a CMS
format.
- Copy generated plugin-key-<connectorClusterName>.p12 file to /tmp directory on the IHS host.
-
Run gskcapicmd to convert it to a CMS formatted store as instructed in the
dynamicRouting setup command output.
./gskcapicmd -keydb -convert -pw <<password>> -db /tmp/plugin-key-collective1.p12 -old_format p12 -target /tmp/plugin-key-collective1.kdb -new_format cms -stash
- Use chown <user>:<group> plugin-key.kdb plugin-key.rdb
plugin-key.sth on the files that are created by the gskcapicmd in the
temporary directory. The user and group should match the ones found listed as
User
andGroup
in the fileIHSinstallRoot/conf/httpd.conf
. Then copy the resulting .kdb, .sth and .rdb stores to the<plugininstallRoot>/config/<webServerName>
directory.
-
Extract all memberroot certificates from each collective
kdb store and import it into a new keystore, which is used for front-end user
requests over SSL.
For example, run the following command to extract the memberroot certificate:
./gskcapicmd -cert -extract -db /tmp/plugin-key-collective1.kdb -label memberroot -pw <<password>> -target /tmp/memberroot.cer
Create a new CMS formatted store that is called plugin-key.kdb, and import the memberroot certificates into it.
./gskcapicmd -cert -add -db /tmp/plugin-key.kdb -pw <<password>> -file /tmp/memberroot.cer -label memberroot
Copy the resulting plugin-key .kdb, .sth and .rdb files to the <plugininstallRoot>/config/<webServerName> directory.
-
Modify the merged plugin-cfg.xml to change the keyfile
and Stashfile properties to use the plugin-key.kdb and
plugin-key.sth. The modified plugin-cfg.xml appears
similar to the following example:
<?xml version="1.0" encoding="UTF-8"?><!--HTTP server plug-in config file for defaultServer generated on 2014.05.13 at 15:24:23 EDT--> <Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false"> <Log LogLevel="Error" Name="/opt/IBM/HTTPServer_Plugins/logs/webserver1/http_plugin.log"/> <Property Name="ESIEnable" Value="true"/> <Property Name="ESIMaxCacheSize" Value="1024"/> <Property Name="ESIInvalidationMonitor" Value="false"/> <Property Name="ESIEnableToPassCookies" Value="false"/> <Property Name="PluginInstallRoot" Value="/opt/IBM/HTTPServer_Plugins/"/> <!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint--> <Property Name="Keyfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key.kdb"/> <Property Name="Stashfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key.sth"/> <IntelligentManagement> <TraceSpecification name="default" specification=":DEBUG"/> <Property name="webserverName" value="webserver1"/> <ConnectorCluster enabled="true" maxRetries="10" name="collective1" retryInterval="30"> <Property name="uri" value="/ibm/api/dynamicRouting"/> <Connector host="controller1.acme.com" port="9443" protocol="https"> <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/> </Connector> </ConnectorCluster> <ConnectorCluster enabled="true" maxRetries="10" name="collective2" retryInterval="30"> <Property name="uri" value="/ibm/api/dynamicRouting"/> <Connector host="controller2.acme.com" port="9443" protocol="https"> <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective2.kdb"/> </Connector> </ConnectorCluster> <IntelligentManagement> </Config>