Video: Introduction to creating a collective

The following transcript is for the "Introduction to creating a Liberty collective" video, which demonstrates how to create a collective of one controller and one member. This transcript is the video storyboard. Audio describes narration and captions. Onscreen Action describes the content shown in the video.

Video Introduction to creating a Liberty collective

Table 1. Demo creating a Liberty collective. Show commands and server.xml changes.
Scene Audio Onscreen Action
1 Hi, I'm Mike Thompson, a developer with WebSphere Liberty. I'm going to take you today through a brief introduction of Liberty's new administrative domain known as the collective. Show the developer talking on camera.
2 Starting with a Liberty Network Deployment install, we're going to create a simple collective. This can be done in about eight steps. The first step is creating a server to be the administrative server. I'm going to call that myController. Show command window open at wlp/bin, run server create myController, and then show message
Server myController created.
3 Once the server myController is created, we then need to establish the collective configuration necessary for the server to act as a controller. As part of that configuration, we're going to specify a keystore password. The keystore password is not predefined. We do not ship predefined user names or passwords. So, using the keystore password demoPassword will establish the configuration for a collective controller. Show command window open at wlp/bin, and then run the command:
collective create myController --keystorePassword=demoPassword
4 This takes about three seconds and essentially establishes some SSL certificates. We need to copy the configuration printed to the screen and update the server configuration file. Show messages generated by the command, with the following messages marked for copying:
<featureManager>
   <feature>collectiveController-1.0</feature>
</featureManager>

<!-- Define the host name for use by the collective.
     If the host name needs to be changed, the server should be
     removed from the collective and re-joined or re-replicated. -->
<variable name="defaultHostName" value="myhost.ibm.com" />

<!-- TODO: Set the security configuration for Administrative access -->
<quickStartSecurity userName="" userPassword="" />

<!-- clientAuthenticationSupported set to enable bidirectional trust -->
<ssl id="defaultSSLConfig"
     keyStoreRef="defaultKeyStore"
     trustStoreRef="defaultTrustStore"
     clientAuthenticationSupported="true" />

<!-- inbound (HTTPS) keystore -->
<keyStore id="defaultKeyStore" password="{xor}OzoyMA8+LCwoMC07"
          location="${server.config.dir}/resources/security/key.jks" />

<!-- inbound (HTTPS) truststore -->
<keyStore id="defaultTrustStore" password="{xor}OzoyMA8+LCwoMC07"
          location="${server.config.dir}/resources/security/trust.jks" />

<!-- server identity keystore -->
<keyStore id="serverIdentity" password="{xor}OzoyMA8+LCwoMC07"
          location="${server.config.dir}/resources/collective/serverIdentity.jks" />

<!-- collective trust keystore -->
<keyStore id="collectiveTrust" password="{xor}OzoyMA8+LCwoMC07"
          location="${server.config.dir}/resources/collective/collectiveTrust.jks" />

<!-- collective root signers keystore -->
<keyStore id="collectiveRootKeys" password="{xor}OzoyMA8+LCwoMC07"
          location="${server.config.dir}/resources/collective/rootKeys.jks"/>
5 We can do that using Notepad because this is very simple XML and we can essentially paste it right into the contents of the server.xml. Show a Notepad editor open on the myController server.xml file, and then the copied messages pasted into the server.xml file before the ending tag, </server>.
6 In addition to pasting it in, we do need to specify an administrative name. So, I'm going to use admin, with adminpwd as the password. In editor, set user name and password:
<quickStartSecurity userName="admin" userPassword="adminpwd" />
7 Once the server is configured, we can start it. Show command window open at wlp/bin, run server start myController, and then show message:
Starting server myController
8 Now that the collective controller is running, I can create a server to join to the collective. I'm going to create a server called myMember and I'll join this server into the collective. This operation can be done using the collective join command. And, what needs to be specified is the host and port that the collective controller is listening on the HTTPS port, the administrative user name and password, and a keystore password. This password can be the same or different from the password used when we created the collective controller. Show command window open at wlp/bin, run server create myMember, and show message
Server myMember created.
Then run collective join myMember --host=localhost --port=9443 --user=admin --password=adminpwd --keystorePassword=demoPassword.
9 Because this is connecting over SSL to the collective controller, it will prompt us for SSL trust. The certificate presented here is from the collective controller, which we recognize. We will accept the certificate and what will happen in the background is that the collective controller will establish some SSL certificates that will be handed back and laid down in the file system for this particular member. Show messages generated by the collective join command. The messages show that the Issuer DN is controllerRoot. After the message Do you want to accept the above certificate chain? (y/n), enter y to accept the certificate.
10 We copy the configuration, just like we did for the controller, and we update the member's configuration file.
Important: The generated configuration has a hostAuthInfo element that was added to the product after the video was made. Complete the hostAuthInfo element in either of two ways:
  • Specify the operating system login user ID and password for an authorized user of the member host computer. For example, if you log in to the member computer using the user ID user1 and password user1pwd, you can specify:
    <hostAuthInfo rpcUser="user1" rpcUserPassword="user1pwd" />
  • If the member host is registered with the collective controller, you can specify:
    <hostAuthInfo useHostCredentials="true" />
Show messages generated about keystore and truststore references, with the following messages marked for copying:
<featureManager>
    <feature>collectiveMember-1.0</feature>
</featureManager>

<!-- Define the host name for use by the collective.
     If the host name needs to be changed, the server should be
     removed from the collective and re-joined or re-replicated. -->

<variable name="defaultHostName" value="memberHostname" />

<!-- Remote host authentication configuration -->
<hostAuthInfo rpcUser="admin_user_id" rpcUserPassword="admin_user_password" />

<!-- Connection to the collective controller -->
<collectiveMember controllerHost="localhost"
                  controllerPort="9443" />

<!-- clientAuthenticationSupported set to enable bidirectional trust -->

<ssl id="defaultSSLConfig"
     keyStoreRef="defaultKeyStore"
     trustStoreRef="defaultTrustStore"
     clientAuthenticationSupported="true" />

<!-- inbound (HTTPS) keystore -->

<keyStore id="defaultKeyStore" password="yourPassword"
          location="${server.config.dir}/resources/security/key.jks" />

<!-- inbound (HTTPS) truststore -->

<keyStore id="defaultTrustStore" password="yourPassword"
          location="${server.config.dir}/resources/security/trust.jks" />

<!-- server identity keystore -->

<keyStore id="serverIdentity" password="yourPassword"
          location="${server.config.dir}/resources/collective/serverIdentity.jks" />

<!-- collective truststore -->

<keyStore id="collectiveTrust" password="yourPassword"
          location="${server.config.dir}/resources/collective/collectiveTrust.jks" />
11 We can do that also using Notepad. Show the command to open a Notepad editor, notepad usr/servers/myMember/server.xml, show a Notepad editor open on the myMember server.xml file, and then the copied messages pasted into the server.xml file before the ending tag, </server>.
12 Once updated, the member server can be started and the member server will start publishing its information into the controller.

And that's it. You now have a very basic collective. To add more members, you just repeat the join operation on any servers that you want to create. It's that easy. The members are added and the collective grows.

Show command window open at wlp/bin, run server start myMember, and then show messages:
Starting server myMember
Server myMember started

For more information, see Configuring a Liberty collective.


Icon that indicates the type of topic Concept topic

File name: video_transcript_adm_collectives.html