Configure a Liberty server farm manually
Overview
To install a Liberty server farm step by step, we...
- Create the database
- Write the configuration file
- Configure SSL security
- Configure the runtime database, operations console, and administration web applications
- Set JNDI properties
- Exchange signer certificates between truststores
Configure the REST connector for each farm server, defining the following parameters...
- The Liberty administrator and password for the farm plug-in: admin.jmx.user and admin.jmx.pwd.
- The keystore, required to exchange public certificates.
Configure a Liberty server farm
- Create the administration services database.
We create this database only once, whatever the number of servers.
See...
- Write the configuration file for the farm plug-in.
- Write an XML file
Give it a meaningful name, for example LibertyFarm.xml.
<?xml version="1.0" encoding="UTF-8"?> <Farm xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FarmSchema.xsd"> <LibertyNode ServerID="server id" AdminPass="user password" AdminUser="user name" Hostname="host_name" JMXPortNumber="port_number"/> ..... </Farm>Where:
- server id is the unique identifier of the server
- user password is for connecting to the Liberty REST Connector.
- user name is connecting to he Liberty REST Connector.
- host name address is the host name of the Liberty server
- port number is the HTTPS port number of the Liberty server
The port number must be different for each server that is hosted on the same computer.
Create one <LibertyNode> element per server in the farm. For example:
<?xml version="1.0" encoding="UTF-8"?> <Farm xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FarmSchema.xsd"> <LibertyNode ServerID="S1" AdminPass="demo" AdminUser="demo" Hostname="MyHostName" JMXPortNumber="9443"/> <LibertyNode ServerID="S2" AdminPass="demo" AdminUser="demo" Hostname="MyHostName" JMXPortNumber="9444"/> </Farm>The complete syntax of the elements and attributes of this XML file and the underlying XML schema is documented in Define a server farm.
- Copy the configuration file to each computer where Liberty is installed or on a shared file system that all the servers of the farm can access.
- Configure the runtime database.
We create this database only once, whatever the number of servers. For more information for each database, see the following documentation.
- Set up the DB2 databases manually
- Set up the Oracle databases manually
- Set up the MySQL databases manually
- Configure the operations console application.
- Make a backup of...
LIBERTY_HOME/servers/server_name/server.xml
Add the following lines into server.xml...
<application id="worklightconsole" name="worklightconsole" location="worklightconsole.war" type="war"> <application-bnd> <security-role name="worklightadmin"> <user name="demo"/> </security-role> </application-bnd> </application>
- Copy the operations console WAR file...
MF_HOME/WorklightServer/worklightconsole.war
...to the "apps" server directory of each Liberty farm server. The "apps" directory is in the same directory as the server.xml file.
- Configure the administration services application.
- Make a backup of...
LIBERTY_HOME/servers/server_name/server.xml
- Add the following lines into server.xml...
<jndiEntry jndiName="worklightconsole/ibm.worklight.admin.endpoint" value='"*://*:*/worklightadmin"'/> <application id="worklightadmin" name="worklightadmin" location="worklightadmin.war" type="war"> <application-bnd> <security-role name="worklightadmin"> <user name="demo"/> </security-role> </application-bnd> <classloader delegation="parentLast"> <privateLibrary> <fileset dir="${wlp.install.dir}/lib" includes="com.ibm.ws.crypto.passwordutil_1.0.2.jar"/> </privateLibrary> </classloader> </application>
- Copy the administration services WAR file...
MF_HOME/WorklightServer/worklightadmin.war
...to the "apps" server directory of each Liberty farm server. The "apps" directory is in the same directory as server.xml.
- Configure the data sources as described in the following documentation.
- DB2: Configure Liberty profile manually
- Oracle: Configure Liberty profile manually
- MySQL: Configure Liberty profile manually
- Configure the JNDI properties
- Make a backup of...
LIBERTY_HOME/servers/server_name/server.xml
- Add the following lines in server.xml...
<jndiEntry jndiName="ibm.worklight.topology.platform" value="Liberty"/> <jndiEntry jndiName="ibm.worklight.topology.clustermode" value="Farm"/> <jndiEntry jndiName="ibm.worklight.farm.type" value="File"/> <jndiEntry jndiName="ibm.worklight.farm.definition.location" value="<plugin xml file location>"/> <jndiEntry jndiName="ibm.worklight.admin.serverid" value="<server id>"/> <jndiEntry jndiName="ibm.worklight.admin.jmx.host" value="host"/> <jndiEntry jndiName="ibm.worklight.admin.jmx.port" value="<server HTTPS port number>"/> <jndiEntry jndiName="ibm.worklight.admin.jmx.user" value="demo" /> <jndiEntry jndiName="ibm.worklight.admin.jmx.pwd" value="demo"/>Where
- <plugin xml file location> is the location of the configuration file that you wrote in step 2.
- host is the host name of this server. This value must match the Hostname attribute of the <LibertyNode> element that corresponds to this server in the configuration file.
- <server id> must have the same value as the ServerId attribute for this server in the <LibertyNode> element of the configuration file.
- <server HTTPS port number> is the value of the httpsPort attribute in the <httpEndpoint> entry for this server.
- The ibm.worklight.admin.jmx.user JNDI property must have the same value as the AdminUser attribute in the <LibertyNode> element of the configuration file.
- The ibm.worklight.admin.jmx.pwd JNDI property must have the same value as the AdminPass attribute in the <LibertyNode> element of the configuration file.
- Configure the data sources as described in the following documentation.
- DB2: Configure Liberty profile for DB2 manually for MobileFirst Server administration
- Oracle: Configure Liberty profile for Oracle manually for MobileFirst Server administration
- MySQL: Configure Liberty profile for MySQL manually for MobileFirst Server administration
- Configure the MobileFirst runtime environments.
- Follow the instructions in Configure the Liberty profile manually.
- Make a backup copy of...
LIBERTY_HOME/servers/server_name/server.xml
- Edit server.xml and insert...
LIBERTY_HOME/servers/server_name/server.xml
...and add the following lines...
<jndiEntry jndiName="runtime name/publicWorkLightProtocol" value='"http"'/> <jndiEntry jndiName="runtime name/publicWorkLightPort" value='"http port"'/>The http port placeholder represents the port value of the httpPort attribute in the <httpEndpoint> element.
- Exchange signer certificates between server truststores.
We can configure the truststore using such IBM utilities as KeyTool or iKeyman.
- Import the public certificates of the other servers of the farm into this truststore.
- Restart each instance of WebSphere Application Server so that this security configuration takes effect.
- Replicate the LTPA keystores across farm members.
This step is required for Single Sign On (SSO) to work.
- Start one of the farm member.
In case of a default LTPA configuration, the Liberty server generates a LTPA keystore...
LIBERTY_HOME/servers/server_name/resources/security/ltpa.keys
...after it has successfully started.
- Copy this ltpa.keys file in the directory LIBERTY_HOME/servers/server_name/resources/security of each farm member.
What to do next
Set up an IBM HTTP Server for Liberty.
Parent topic: Install a server farm