linkCells|linkCellsZOS script
When we set up a star topology, we can use the linkCells script to configure the overlay communication between multiple cells. On z/OS systems, use the linkCellsZOS script instead.
Use the linkCells script to enable communication between a Intelligent Management cell containing servers enabled with an on demand router that routes work requests to other administrative cells.
On z/OS systems, use the linkCellsZOS script.
The linkCells script is available in the app_server_root/bin directory.
(ZOS) The linkCellsZOS script is available in the app_server_root/bin directory.
(Dist) Run the linkCells script from the center cell to link the center cell with a point cell:
./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password(ZOS) Run the linkCellsZOS script from the center cell to link the center cell with a point cell:
./linkCellsZOS.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
Example
Consider a scenario in which there are two cells, center and point1, with security enabled in both. For the center cell, the host name of the deployment manager is centerHost, the SOAP port is 8879, the user name is centerUID, and the password is centerPWD. For the point cell, the host name of the deployment manager is point1Host, the SOAP port is 8880, the user name is point1UID, and the password is point1PWD. The following example illustrates how to link the center and point1 cells together as is needed to support a star topology.
./linkCells.sh centerHost:8879:centerUID:centerPWD point1Host:8880:point1UID:point1PWD
Troubleshoot
When we run the linkCells script, the following error messages might be displayed. To resolve the errors, verify that the com.ibm.ssl.enableSignerExchangePrompt property in the profile_home/properties/ssl.client.props file is set to gui, true, or stdin. By setting this property, clients can obtain a signer certificate from the server, and thus communicate with Intelligent Management.
When the com.ibm.ssl.enableSignerExchangePrompt property is set to gui or true, a signer-exchange window is displayed, and we are asked to accept or reject the certificate. If we accept the certificate, it is installed in the trust store automatically and the handshake succeeds. If we reject the certificate, it is not installed in the trust store and the handshake fails since the certificate is not trusted.
When the com.ibm.ssl.enableSignerExchangePrompt property is set to stdin, a signer-exchange ASCII prompt is displayed, and we are asked to accept or reject the certificate. If we accept the certificate, it is installed in the trust store automatically and the handshake succeeds. If we reject the certificate, it is not installed in the trust store and the handshake fails since the certificate is not trusted.
$ ./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password "Begin linking cells..." WASX7209I: Connected to process "dmgr" on node dmgr using SOAP connector. The type of process is: DeploymentManager CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=edgeaphid16.rtp.raleigh.ibm.com, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US" was sent from target host:port "9.42.96.77:8915". The signer may need to be added to local trust store "c:/AutoWAS2/09072011/WAS/profiles/node1/etc/trust.p12" located in SSL configuration alias "DefaultSSLSettings" loaded from SSL configuration file "file:c:\AutoWAS2\09072011\WAS\profiles\node1/properties/ssl.client.props". The extended error message from the SSL handshake exception is: "PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com, OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error". CWPKI0040I: An SSL handshake failure occurred from a secure client. The server's SSL signer has to be added to the client's trust store. A retrieveSigners utility is provided to download signers from the server but requires administrative permission. Check with your administrator to have this utility run to setup the secure environment before running the client. Alternatively, the com.ibm.ssl.enableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSettings" in order to allow acceptance of the signer during the connection attempt. WASX7023E: Error creating "SOAP" connection to host "edgeaphid16.rtp.raleigh.ibm.com"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com, OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error; targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com, OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error] WASX7213I: This scripting client is not connected to a server process; please refer to the log file c:\AutoWAS2\09072011\WAS\profiles\node1\logs\wsadmin.traceout for additional information.
Configure multi-cell performance management: Star Topology Manually disabling communication between multiple cells unlinkCells|unlinkCellsZOS script importOverlayConfig.py script Changing the signer auto-exchange prompt at the client