Setting up RXA for Liberty collective operations
Liberty collective controllers use the Tivoli® Remote Execution and Access (RXA) toolkit to perform selected operations on collective members. Use RXA to remotely start and stop servers, including starting and stopping servers on your local computer.
Procedure
Set up Linux, UNIX or z/OS machines
Install and enable SSH on your machine. For Linux and UNIX machines, ensure that the configuration is set according to the following instructions. For z/OS® machines, consult the following instructions for guidance.
To enable SSH, configure OpenSSH 3.6.1, OpenSSH 4.7 (on AIX), or Oracle SSH 1.1 so that it supports RXA connections. OpenSSH 3.7.1 or later contains security enhancements not available in earlier releases and is recommended.
Avoid trouble: OpenSSH Version 4.7.0.5302 for IBM® AIX® Version 5.3 is not compatible with RXA Version 2.3. If machines are running AIX Version 5.3 with OpenSSH Version 4.7.0.5302 installed, file transfers might not complete. To avoid this problem, revert from OpenSSH Version 4.7.0.5302 to Version 4.7.0.5301.- Using Secure Shell (SSH) protocol
RXA does not supply SSH code for UNIX operating systems. You must ensure that SSH is installed and enabled on all machines that include collective members.
In all UNIX environments except Solaris, the Bourne shell (sh) is used. On Solaris machines, the Korn shell (ksh) is used instead due to problems encountered with the Bourne shell (sh).
To use password-based authentication for SSH communications, edit the /etc/ssh/sshd_config file on each machine that includes one or more collective members. Set the PasswordAuthentication property to yes. For example:
The default value for the PasswordAuthentication property is no.PasswordAuthentication yes
After you change this setting, stop and restart the SSH daemon by using the following commands:/etc/init.d/sshd stop /etc/init.d/sshd start
Some collective controller commands require that the path to the Java installation jre/bin directory be available in the .bashrc file, so set a path to jre/bin in the .bashrc file.
Set up IBM i machines
Using SSH public/private key authentication to IBM i machines is not supported.
Set up Windows machines
- Ensure that your collective controller is running with an IBM JDK.
RXA requires some security classes that are in the IBM JDK, and that are not available in the Oracle or OpenJDK JVMs.
- Ensure the system environment variables JAVA_HOME and PATH
are set to the Java path (jre directory) on the computer. Some collective
controller commands require that the path to the Java installation jre\bin
directory is available in the System path, so also add a path to the jre\bin
directory.
In Windows, system environment variables are visible only inside the shell that RXA connects to. Setting PATH in the command window is not sufficient. You must set PATH in the system variable section of the environment variables, or use -hostJavaHome <PATH TO IBM JAVA> with the updateHost option.
See Setting the JAVA_HOME variable for Liberty collective members and controllers.
- Ensure that the server.xml file of each server to be managed specifies the
account user name and password.
Specify the user name and password in a hostAuthInfo statement in the server.xml file:
<hostAuthInfo rpcUser="Windows_user_ID" rpcUserPassword="Windows_user_password" />
- Enable connections to member servers on Windows
computers.
To enable connections to Windows members, you can use a third-party SSH service such as Cygwin on your Windows member computer or change Windows operating system settings on a member computer that does not have an SSH service installed.
- Use a third-party SSH service such as Cygwin on the Windows member computer.
If the member computer uses an SSH service, the controller connects the member server with SSH. Specify a hostAuthInfo rpcUserHome parameter and the RPC user name and password in the member server.xml file because the third-party SSH service might have a different home directory than the one Windows uses:
<hostAuthInfo rpcUser="Windows_user_ID" rpcUserPassword="Windows_user_password" rpcUserHome="user_home_directory"/>
For user_home_directory, specify the user home for the SSH service, for example: rpcUserHome="C:\cygwin\home\user1". The SSH public and private key pair is generated in the .ssh directory under this user home directory.
- If the Windows member computer does not use a third-party SSH service such as Cygwin, change the
Windows operating system settings of the member computer to enable connections.
- Ensure that your user account belongs to the Administrators group.
Many RXA operations require access to resources that standard user accounts cannot access. Thus, the configuration of a collective member must include the name and password of a Windows user who belongs to the Administrators group.
- Ensure File and Printer Sharing for Microsoft
Networks is enabled for your network stack.
- Click Start > Control Panel > Network and Sharing Center > Change advanced sharing settings.
- Select Turn on file and printer sharing.
- Save the changes.
Ensure that file sharing operations (on port 445) are not blocked on machines that include collective controllers or collective members. For more information, see the documentation for your operating system or your firewall software.
- Start the Remote Registry service.The Remote Registry service must be running on computers that include collective members for the collective controllers to remotely run commands and scripts.
- Click Start > Administrative Tools > Services.
- Within the list of services, locate the Remote Registry entry and verify that the status is Started. If you intend to use RXA regularly, consider setting the Remote Registry Startup type property to Automatic.
- Disable User Account Control.
- Click Start > Control Panel > User Accounts > Change User Account Control settings.
- Set the User Account Control level to Never notify.
- Click OK.
- Restart the computer for the changes to take effect.
- Ensure that your user account belongs to the Administrators group.
- Use a third-party SSH service such as Cygwin on the Windows member computer.
For more information, see Liberty Collectives Remote Operation Configuration.
- Ensure that your collective controller is running with an IBM JDK.
What to do next
If you modify the server.xml of a managed server, manually start the server so that it publishes the new data to the controller.
After you enable RXA, test the host configuration and verify RXA connectivity.

File name: twlp_set_rxa.html