+

Search Tips   |   Advanced Search

Generating a plugin-cfg.xml to route to multiple collectives

Generate a plugin-cfg.xml that enables Intelligent Management in the WebSphere plug-in to route to multiple collectives.

  1. For each collective we want Intelligent Management in the WebSphere plug-in to route requests to, do the following:

    1. Select a collective controller

    2. Edit the server.xml of the collective controller and add the dynamicRouting tag.

      Specify a unique name for the connectorClusterName property. For example:

        <dynamicRouting connectorClusterName="collective1" />

    3. On the selected collective controller machine, generate the plugin-cfg.xml and plugin-key.p12 files... 

        dynamicRouting setup
    --port=<controllerport> 
    --host=<controller host>
    --user=<administrator id> 
    --password=<administrator password> 
    --keystorePassword=<keystore password>
    --pluginInstallRoot=<root directory of the WebSphere plugin on the WebServer host>
    --webServerNames=<web server name>
    --keystoreType=pkcs12

  2. Merge <ConnectorClustor> tags from the generated plugin-cfg.xml files.

    1. Copy the <ConnectorCluster> elements from all plugin-cfg.xml files into one plugin-cfg.xml file.

      For example, if we have two collectives, copy <ConnectorCluster> stanza from plugin-cfg.xml of the "collective2" into the plugin-cfg.xml of the "collective1".

      The merged plugin-cfg.xml file appears similar to the following example: 

      <?xml version="1.0" encoding="UTF-8"?>
<!--HTTP server plug-in config file for defaultServer generated on 2014.05.13 at 15:24:23 EDT-->

<Config ASDisableNagle="false" 
           AcceptAllContent="false" 
           AppServerPortPreference="HostHeader" 
           ChunkedResponse="false" 
           FIPSEnable="false" 
           IISDisableNagle="false" 
           IISPluginPriority="High" 
           IgnoreDNSFailures="false" 
           RefreshInterval="60" 
           ResponseChunkSize="64" 
           SSLConsolidate="false" 
           TrustedProxyEnable="false" 
           VHostMatchingCompat="false">

<Log LogLevel="Error" Name="/opt/IBM/HTTPServer_Plugins/logs/webserver1/http_plugin.log"/>

  <Property Name="ESIEnable" Value="true"/>
  <Property Name="ESIMaxCacheSize" Value="1024"/>
  <Property Name="ESIInvalidationMonitor" Value="false"/>
  <Property Name="ESIEnableToPassCookies" Value="false"/>
  <Property Name="PluginInstallRoot" Value="/opt/IBM/HTTPServer_Plugins/"/>
  <!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint-->

  <Property Name="Keyfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/>
  <Property Name="Stashfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.sth"/>

  <IntelligentManagement>
   <TraceSpecification name="default" specification=":DEBUG"/>
   <Property name="webserverName" value="webserver1"/>

   <ConnectorCluster enabled="true" maxRetries="10" name="collective1" retryInterval="30">
    <Property name="uri" value="/ibm/api/dynamicRouting"/>
    <Connector host="controller1.acme.com" port="9443" protocol="https">
     <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/>
    </Connector>
   </ConnectorCluster>

   <ConnectorCluster enabled="true" maxRetries="10" name="collective2" retryInterval="30">
    <Property name="uri" value="/ibm/api/dynamicRouting"/>
    <Connector host="controller2.acme.com" port="9443" protocol="https">
     <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective2.kdb"/>
    </Connector>
   </ConnectorCluster>

  </IntelligentManagement>
</Config>

  3. For each collective, convert the pkcs12 formatted keystore to a CMS format.

    1. Copy generated plugin-key-<connectorClusterName>.p12 file to /tmp directory on the IHS host.

    2. Run gskcmd to convert it to a CMS formatted store as instructed in the dynamicRouting command output.

        ./gskcmd -keydb -convert -pw <<password>> -db /tmp/plugin-key-collective1.p12 -old_format p12 -target /tmp/plugin-key-collective1.kdb -new_format cms -stash

    3. Copy resulting .kdb, .sth and .rdb stores to the <plugininstallRoot>/config/<webServerName> directory.

  4. Extract all memberroot certificates from each collective kdb store and import it into a new keystore, which is used for front-end user requests over SSL.

    For example, to extract the memberroot certificate:

      ./gskcmd -cert -extract -db /tmp/plugin-key-collective1.kdb -label memberroot -pw <<password>> -target /tmp/memberroot.cer

    Create a new CMS formatted store called plugin-key.kdb, and import the memberroot certificates into it.

      ./gskcmd -cert -add -db /tmp/plugin-key.kdb -pw <<password>> -file /tmp/memberroot.cer -label memberroot

    Copy the resulting plugin-key .kdb, .sth and .rdb files to the <plugininstallRoot>/config/<webServerName> directory.

  5. Modify the merged plugin-cfg.xml to change the keyfile and Stashfile properties to use the plugin-key.kdb and plugin-key.sth. The modified plugin-cfg.xml appears similar to the following example: 

    <?xml version="1.0" encoding="UTF-8"?>
<!--HTTP server plug-in config file for defaultServer generated on 2014.05.13 at 15:24:23 EDT-->
  <Config ASDisableNagle="false" 
             AcceptAllContent="false" 
             AppServerPortPreference="HostHeader" 
             ChunkedResponse="false" 
             FIPSEnable="false" 
             IISDisableNagle="false" 
             IISPluginPriority="High" 
             IgnoreDNSFailures="false" 
             RefreshInterval="60" 
             ResponseChunkSize="64" 
             SSLConsolidate="false" 
             TrustedProxyEnable="false" 
             VHostMatchingCompat="false">
  <Log LogLevel="Error" Name="/opt/IBM/HTTPServer_Plugins/logs/webserver1/http_plugin.log"/>
  <Property Name="ESIEnable" Value="true"/>
  <Property Name="ESIMaxCacheSize" Value="1024"/>
  <Property Name="ESIInvalidationMonitor" Value="false"/>
  <Property Name="ESIEnableToPassCookies" Value="false"/>
  <Property Name="PluginInstallRoot" Value="/opt/IBM/HTTPServer_Plugins/"/>
  <!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint-->

  <Property Name="Keyfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key.kdb"/>
  <Property Name="Stashfile" Value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key.sth"/>

   <IntelligentManagement>
    <TraceSpecification name="default" specification=":DEBUG"/>
    <Property name="webserverName" value="webserver1"/>

    <ConnectorCluster enabled="true" maxRetries="10" name="collective1" retryInterval="30">
     <Property name="uri" value="/ibm/api/dynamicRouting"/>
     <Connector host="controller1.acme.com" port="9443" protocol="https">
      <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective1.kdb"/>
     </Connector>
    </ConnectorCluster>

    <ConnectorCluster enabled="true" maxRetries="10" name="collective2" retryInterval="30">
     <Property name="uri" value="/ibm/api/dynamicRouting"/>
     <Connector host="controller2.acme.com" port="9443" protocol="https">
      <Property name="keyring" value="/opt/IBM/HTTPServer_Plugins/config/webserver1/plugin-key-collective2.kdb"/>
     </Connector>
    </ConnectorCluster>

   <IntelligentManagement>
  </Config>


Parent topic:

Set up Dynamic Routing for Liberty collectives

Concepts:

  • Liberty collective troubleshooting

    Tasks:

  • Set up Dynamic Routing for Liberty collectives

    Reference:

  • Dynamic Routing command