linkCells|linkCellsZOS script
When you set up a star topology, we can use the linkCells script to configure the overlay communication between multiple cells. On z/OS systems, use the linkCellsZOS script instead.
Purpose
Use the linkCells script to enable communication between a Intelligent Management cell containing servers that are enabled with an on demand router (ODR) that routes work requests to other administrative cells.
(WAS v8.5.0.1)
On z/OS systems, use the linkCellsZOS script.
Location
(dist) The linkCells script is available in the app_server_root/bin directory.
(zos)(WAS v8.5.0.1)
The linkCellsZOS script is available in the app_server_root/bin directory.
Usage
(dist) Run the linkCells script from the center cell to link the center cell with a point cell:
./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
(zos)(WAS v8.5.0.1)
Run the linkCellsZOS script from the center cell to link the center cell with a point cell:
./linkCellsZOS.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
Example
Consider a scenario in which there are two cells, center and point1, with security enabled in both. For the center cell, the host name of the deployment manager is centerHost, the SOAP port is 8879, the user name is centerUID, and the password is centerPWD. For the point cell, the host name of the deployment manager is point1Host, the SOAP port is 8880, the user name is point1UID, and the password is point1PWD. The following example illustrates how to link the center and point1 cells together as is needed to support a star topology.
./linkCells.sh centerHost:8879:centerUID:centerPWD point1Host:8880:point1UID:point1PWD
Troubleshooting
When you run the linkCells script, the following error messages might be displayed. To resolve the errors, verify that the com.ibm.ssl.enableSignerExchangePrompt property in the profile_home/properties/ssl.client.props file is set to gui, true, or stdin. By setting this property, clients can obtain a signer certificate from the server, and thus communicate with Intelligent Management.
When the com.ibm.ssl.enableSignerExchangePrompt property is set to gui or true, a signer-exchange window is displayed, and you are asked to accept or reject the certificate. If we accept the certificate, it is installed in the trust store automatically and the handshake succeeds. If we reject the certificate, it is not installed in the trust store and the handshake fails since the certificate is not trusted.
When the com.ibm.ssl.enableSignerExchangePrompt property is set to stdin, a signer-exchange ASCII prompt is displayed, and you are asked to accept or reject the certificate. If we accept the certificate, it is installed in the trust store automatically and the handshake succeeds. If we reject the certificate, it is not installed in the trust store and the handshake fails since the certificate is not trusted.
$ ./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password "Begin linking cells..." WASX7209I: Connected to process "dmgr" on node dmgr using SOAP connector. The type of process is: DeploymentManager CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=edgeaphid16.rtp.raleigh.ibm.com, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US" was sent from target host:port "9.42.96.77:8915". The signer may need to be added to local trust store "c:/AutoWAS2/09072011/WAS/profiles/node1/etc/trust.p12" located in SSL configuration alias "DefaultSSLSettings" loaded from SSL configuration file "file:c:\AutoWAS2\09072011\WAS\profiles\node1/properties/ssl.client.props". The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com, OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error". CWPKI0040I: An SSL handshake failure occurred from a secure client. The server's SSL signer has to be added to the client's trust store. A retrieveSigners utility is provided to download signers from the server but requires administrative permission. Check with the administrator to have this utility run to setup the secure environment before running the client. Alternatively, the com.ibm.ssl.enableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSettings" in order to allow acceptance of the signer during the connection attempt. WASX7023E: Error creating "SOAP" connection to host "edgeaphid16.rtp.raleigh.ibm.com"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com, OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error; targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com, OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error] WASX7213I: This scripting client is not connected to a server process; please refer to the log file c:\AutoWAS2\09072011\WAS\profiles\node1\logs\wsadmin.traceout for additional information.
Related tasks
Configure multi-cell performance management: Star Topology Manually disabling communication between multiple cells
unlinkCells|unlinkCellsZOS script importOverlayConfig.py script
Related information:
prompt at the client