|
Problem(Abstract) |
When federating a node into a deployment manager, if
either the node or the deployment manager are not using the dummy
certificates, extra steps need to be followed to make sure that the node
is federated properly. |
|
|
|
Resolving the
problem |
Before federating the node, there are some settings that
should be checked to ensure that the application server you are about to
federate will not have SSL communication errors once added to the
deployment manager:
- The application server should trust the deployment
manager. This means that the application server's trust store file must
contain the deployment manager's certificate. If it does not, add it
now.
- The deployment manager should also trust the node. The
deployment manager's trust store file should contain the application
server's certificate. If it does not, add it now.
- If you have multiple application servers in the cell, and
want them to communicate over SSL with each other, make sure to share
their certificates if they don't use the same certificate.
- Please note that the only way to add a node when security
is enabled is with the addNode command (this is either addNode.sh or
addNode.bat in the bin directory of the application server, depending on
the platform). It cannot be done through the administrative console.
Steps to follow:
- Run the addNode command with the options you plan to use (such as the
host name and port for the deployment manager) but make sure to add the
-noagent option. If the -noagent option is not used, the addNode process
will hang. With this option the node agent will not be started by the
addNode command. It is the starting of the node agent that causes the
hang.
- Once the addNode command has finished, access the administrative
console and navigate to System Administration -> Node Agents.
- Click on the node agent that was just created for the new node.
- Click on Administration Services and then JMX Connectors.
- Select the SOAPConnector.
- Click Custom Properties.
- There should be an sslConfig property here. Make sure that the value
of this variable is the same as the SSL repertoire that the application
server for this node agent is using. To find out which SSL repertoire the
application server is using do the following:
- Navigate to Servers -> Application Servers in the administrative
console and select the server you just added.
- Click on Administration Services and then JMX Connectors.
- Select the SOAPConnector.
- Click Custom Properties.
- The sslConfig property here is the one the node agent should also
use.
- After the sslConfig property for the node agent is changed, click OK
and save the changes. Be sure that 'Synchronize changes with Nodes' is
enabled when you save the configuration.
- On the application server that you just added, run the syncNode
command (syncNode.bat or syncNode.sh in the bin directory of the
application server). Note: It is important that both the application
server and node agent are not running at this time. If they have been
started make sure both are stopped before running syncNode.
- Start the node agent and application server once the syncNode command
is complete. The administrative console should show that the server is
running and synchronized properly.
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|