com.ibm.websphere.collective.controller
Interface CollectiveRegistrationMBean
- public interface CollectiveRegistrationMBean
The ObjectName for this MBean is WebSphere:feature=collectiveController,type=CollectiveRegistration,name=CollectiveRegistration
.
The registration operations must provide sufficient data (the host authentication information) for a remote client to be able to start the server. The unregistration operation removes all data associated with the host or server from the collective.
The values specified to the host authentication information should match the values set in the <hostAuthInfo> configuration element for the registered server. Host authentication information should define sufficient information to authenticate the operating system user, using either the user's password or an SSH private key. Use of keys is encouraged; use of passwords is discouraged.
Supported Properties
Host Authentication Information
The host authentication information map containing properties that would be needed by a remote client to start the server. Must not benull
.
Recognized properties are summarized in the table. All property values are non-empty Strings, with further constraints by key.
Complete details for each property are documented with each property constant.
Property Name | Description | Data Type / Format | Required/Optional |
---|---|---|---|
rpcHost |
The fully qualified host name or IP address | String | optional; defaults to the hostName parameter specified |
rpcPort |
The SSH or RPC port number | Integer | optional; defaults to SSH port (22) |
rpcUser |
The user ID for the remote connection | String | required |
rpcUserPassword |
The password for the user ID | String (either clear text or encoded) | required if the sshPrivateKeyproperty is not specified; otherwise optional |
sshPrivateKey |
The SSH private key | String (either clear text or encoded) | required if the rpcUserPasswordproperty is not specified; otherwise optional |
sshPrivateKeyPassword |
The password for the SSH private key | String (either clear text or encoded) | required if the SSH private key is password protected; otherwise optional |
useSudo |
Indicates whether using sudo should be used | Boolean | optional |
sudoUser |
The sudo user ID | String | optional |
sudoUserPassword |
The password for the sudo user | String (either clear text or encoded) | required if the sudoUserproperty specified and a password is required to authenticate as the sudo user; otherwise optional |
hostReadList |
The list of locations on the host with allowed read-access. | List<String> (The list is allowed to be empty, and string inside it is also allowed to be empty) | optional |
hostWriteList |
The list of locations on the host with allowed write-access. | List<String> (The list is allowed to be empty, and string inside it is also allowed to be empty) | optional |
Certificate Creation Properties
Properties Additional properties to control the certificate creation. May benull
or an empty Map.
If the Map is null
or empty, all default values will be taken.
Recognized properties are summarized in the table. All property values are non-empty Strings, with further constraints by key.
Complete details for each property are documented with each property constant.
Property Name | Description | Data Type / Format | Required/Optional |
---|---|---|---|
serverIdentityKeystorePassword |
The password for the serverIdentity.jks keystore | String (either clear text or encoded) | optional; defaults to the specified keystorePassword parameter |
serverIdentityCertificateValidity |
The validity period in number of days for the server identity certificate is valid for | Integer, unit is days | optional; defaults to 5 years or 1825 days |
collectiveTrustKeystorePassword |
The password for the collectiveTrust.jks keystore | String (either clear text or encoded) | optional; defaults to the specified keystorePassword parameter |
httpsKeystorePassword |
The password for the key.jks keystore | String (either clear text or encoded) | optional; defaults to the specified keystorePassword parameter |
httpsCertificateSubject |
The DN to use as the HTTPS certificate subject | String | optional; defaults to CN=hostname,OU=serverName,O=ibm,C=us |
httpsCertificateValidity |
The validity period in number of days for the HTTPS certificate is valid for | Integer, unit is days | optional; defaults to 5 years or 1825 days |
httpsTruststorePassword |
The password for the trust.jks keystore | String (either clear text or encoded) | optional; defaults to the specified keystorePassword parameter |
Field Summary
Modifier and Type | Field and Description |
---|---|
|
COLLECTIVE_TRUST_KEYSTORE_PASSWORD
The collectiveTrust.jks keystore password for the certificate properties.
|
|
FILE_COLLECTIVE_UUID
Key for the trust.jks entry in the map returned by replicate.
|
|
HOST_JAVA_HOME
The location of the java installation that Altas should use in this host.
|
|
HOST_READ_LIST
A list of locations on the host with allowed read-access.
|
|
HOST_WRITE_LIST
A list of locations on the host with allowed write-access.
|
|
HTTPS_CERTIFICATE_SUBJECT
The subject of the HTTPS certificate for the certificate properties.
|
|
HTTPS_CERTIFICATE_VALIDITY
The validity in days of the HTTPS certificate for the certificate properties.
|
|
HTTPS_KEYSTORE_PASSWORD
The key.jks keystore password for the certificate properties.
|
|
HTTPS_TRUSTSTORE_PASSWORD
The trust.jks keystore password for the certificate properties.
|
|
KEYSTORE_COLLECTIVE_TRUST_JKS
Key for the collectiveTrust.jks entry in the map returned by join and replicate.
|
|
KEYSTORE_KEY_JKS
Key for the key.jks entry in the map returned by join and replicate.
|
|
KEYSTORE_ROOT_KEYS_JKS
Key for the rootKeys.jks entry in the map returned by replicate.
|
|
KEYSTORE_SERVER_IDENTITY_JKS
Key for the serverIdentity.jks entry in the map returned by join and replicate.
|
|
KEYSTORE_TRUST_JKS
Key for the trust.jks entry in the map returned by join and replicate.
|
|
OBJECT_NAME
A String representing the
ObjectName that this MBean maps to.
|
|
RPC_HOST
Host name for host authentication information map.
|
|
RPC_PORT
Port for host authentication information map.
|
|
RPC_USER
User ID for host authentication information map.
|
|
RPC_USER_PASSWORD
User password for host authentication information map.
|
|
SERVER_IDENTITY_CERTIFICATE_VALIDITY
The validity in days of the serverIdentity certificate for the certificate properties.
|
|
SERVER_IDENTITY_KEYSTORE_PASSWORD
The serverIdentity.jks keystore password for the certificate properties.
|
|
SSH_PRIVATE_KEY
SSH private key for host authentication information map.
|
|
SSH_PRIVATE_KEY_PASSWORD
SSH private key password for host authentication information map.
|
|
SUDO_USER
sudo user for host authentication information map.
|
|
SUDO_USER_PASSWORD
sudo user password for host authentication information map.
|
|
USE_SUDO
Use sudo key for host authentication information map.
|
Method Summary
Modifier and Type | Method and Description |
---|---|
|
avow(java.lang.String hostName,java.lang.String wlpUserDir,java.lang.String serverName)
Avow the server to the collective.
|
|
disavow(java.lang.String hostName,java.lang.String wlpUserDir,java.lang.String serverName)
Disavow the server from the collective.
|
|
join(java.lang.String hostName,java.lang.String wlpUserDir,java.lang.String serverName,java.lang.String wlpInstallDir,java.lang.String keystorePassword,java.util.Map<java.lang.String,java.lang.Object> certProperties,java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
Join the specified server to the collective as a member.
|
|
registerHost(java.lang.String hostName,java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
Registers a host with the collective.
|
|
remove(java.lang.String hostName,java.lang.String wlpUserDir,java.lang.String serverName)
Removes the server from the collective.
|
|
replicate(java.lang.String hostName,java.lang.String wlpUserDir,java.lang.String serverName,java.lang.String wlpInstallDir,java.lang.String keystorePassword,java.util.Map<java.lang.String,java.lang.Object> certProperties,java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
Replicates the collective controller configuration it order to allow
the specified server to act as a collective controller.
|
|
unregisterHost(java.lang.String hostName)
Unregisters a host from the collective.
|
|
updateHost(java.lang.String hostName,java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
Updates the authentication information for a known host with the collective.
|
Field Detail
OBJECT_NAME
- static final java.lang.String OBJECT_NAME
RPC_HOST
- static final java.lang.String RPC_HOST
The host can take on the form of a fully qualified domain name, or an IP address. The host name must be unique within the network and must be the host name on which the remote connection protocol is listening (SSH, or OS specific RPC). The host name should match the defaultHostName or configured value for <hostAuthInfo> in the server.xml.
This property is optional. If it is not specified, the hostName specified will be used.
RPC_PORT
- static final java.lang.String RPC_PORT
The port on which the remote connection protocol is listening (SSH, or other supported RPC mechanism). See product documentation for supported RPC mechanisms.
This property is optional. Type is Integer. If the property is not specified, the SSH port (22) is assumed.
RPC_USER
- static final java.lang.String RPC_USER
The operating system user ID to use to connect to the host.
This property is required.
RPC_USER_PASSWORD
- static final java.lang.String RPC_USER_PASSWORD
The password for the operating system user.
Either "rpcUserPassword" or sshPrivateKey
should be specified, but not both.
If both are specified, an IllegalArgumentException will be thrown.
This property is optional.
SSH_PRIVATE_KEY
- static final java.lang.String SSH_PRIVATE_KEY
The SSH private key to use for authenticating the specified operating system user. The SSH private key value is expected to be in the PEM format; a path to a key file is not supported.
Example PEM format
-----BEGIN RSA PRIVATE KEY----- .... -----END RSA PRIVATE KEY-----Any key algorithm supported by the target sshd server is valid.
Either rpcUserPassword
or "sshPrivateKey" should be specified, but not both.
If both are specified, an IllegalArgumentException will be thrown.
This property is optional.
SSH_PRIVATE_KEY_PASSWORD
- static final java.lang.String SSH_PRIVATE_KEY_PASSWORD
The password for the SSH private key.
If this property is set but no sshPrivateKey
has been set,
an IllegalArgumentException will be thrown.
This property is optional.
USE_SUDO
- static final java.lang.String USE_SUDO
If this property is set to true, then sudo will be used to invoke commands.
The user to sudo as can be controlled by setting sudoUser
.
If sudoUser
is not set, then the user to sudo as will be
the configured default sudo user for the target host.
If this property is not set, and either sudoUser
or sudoUserPassword
are set, then "useSudo" is assumed
to be true.
If this property is set to false, and either sudoUser
or sudoUserPassword
are set, then an IllegalArgumentException
will be thrown.
This property is optional. Type is Boolean. Defaults to false if no sudo options are set.
SUDO_USER
- static final java.lang.String SUDO_USER
Causes sudo to run the as specified user.
This property must not be set when useSudo
is set to false.
This property is optional.
SUDO_USER_PASSWORD
- static final java.lang.String SUDO_USER_PASSWORD
Set this property if the sudo user (explicit or implied) requires a password.
This property must not be set when useSudo
is set to false.
This property is optional.
HOST_READ_LIST
- static final java.lang.String HOST_READ_LIST
Set this property if file access is needed outside of the server instance level. An example scenario is routing (host level context) a file transfer operation through the collective controller into a registered member.
This property is optional. Type is List<String>.
This property is only valid for registerHost
and updateHost
.
HOST_WRITE_LIST
- static final java.lang.String HOST_WRITE_LIST
Set this property if file access is needed outside of the server instance level. An example scenario is routing (host level context) a file transfer operation through the collective controller into a registered member.
This property is optional. Type is List<String>.
This property is only valid for registerHost
and updateHost
.
HOST_JAVA_HOME
- static final java.lang.String HOST_JAVA_HOME
Set this property if a different java instance is to be used by the collective controller when invoking archive expansion on the host during routing file transfer uploads.
This property is optional. This property is only valid for registerHost
and updateHost
.
SERVER_IDENTITY_KEYSTORE_PASSWORD
- static final java.lang.String SERVER_IDENTITY_KEYSTORE_PASSWORD
This property is optional.
SERVER_IDENTITY_CERTIFICATE_VALIDITY
- static final java.lang.String SERVER_IDENTITY_CERTIFICATE_VALIDITY
This property is optional. Type is Integer, unit is days. Defaults to 5 years or 1825 days.
COLLECTIVE_TRUST_KEYSTORE_PASSWORD
- static final java.lang.String COLLECTIVE_TRUST_KEYSTORE_PASSWORD
This property is optional.
HTTPS_KEYSTORE_PASSWORD
- static final java.lang.String HTTPS_KEYSTORE_PASSWORD
This property is optional.
HTTPS_CERTIFICATE_SUBJECT
- static final java.lang.String HTTPS_CERTIFICATE_SUBJECT
This property is optional.
HTTPS_CERTIFICATE_VALIDITY
- static final java.lang.String HTTPS_CERTIFICATE_VALIDITY
This property is optional. Type is Integer, unit is days. Defaults to 5 years or 1825 days.
HTTPS_TRUSTSTORE_PASSWORD
- static final java.lang.String HTTPS_TRUSTSTORE_PASSWORD
This property is optional.
KEYSTORE_SERVER_IDENTITY_JKS
- static final java.lang.String KEYSTORE_SERVER_IDENTITY_JKS
This entry should be written to: ${server.config.dir}/resources/collective/serverIdentity.jks
KEYSTORE_COLLECTIVE_TRUST_JKS
- static final java.lang.String KEYSTORE_COLLECTIVE_TRUST_JKS
This entry should be written to: ${server.config.dir}/resources/collective/collectiveTrust.jks
KEYSTORE_KEY_JKS
- static final java.lang.String KEYSTORE_KEY_JKS
This entry should be written to: ${server.config.dir}/resources/security/key.jks
KEYSTORE_TRUST_JKS
- static final java.lang.String KEYSTORE_TRUST_JKS
This entry should be written to: ${server.config.dir}/resources/security/trust.jks
KEYSTORE_ROOT_KEYS_JKS
- static final java.lang.String KEYSTORE_ROOT_KEYS_JKS
This entry should be written to: ${server.config.dir}/resources/collective/rootKeys.jks
FILE_COLLECTIVE_UUID
- static final java.lang.String FILE_COLLECTIVE_UUID
This entry should be written to: ${server.config.dir}/resources/collective/collective.uuid
Method Detail
registerHost
- void registerHost(java.lang.String hostName,
- java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
The host authentication information requires either the user password or the SSH private key.
hostName
- The host name. Must not be null
or an empty string. hostAuthInfo
- See the "Host Authentication Information" CollectiveRegistrationMBean
java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid or
if any of the keys in the properties map are unrecognized java.lang.IllegalStateException
- If the host was already registered updateHost
- void updateHost(java.lang.String hostName,
- java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
The host authentication information requires either the user password or the SSH private key.
hostName
- The host name. Must not be null
or an empty string. hostAuthInfo
- See the "Host Authentication Information" CollectiveRegistrationMBean
java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid or
if any of the keys in the properties map are unrecognized java.lang.IllegalStateException
- If the host was not registered unregisterHost
- void unregisterHost(java.lang.String hostName)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
hostName
- The host name. Must not be null
or an empty string. java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid java.lang.IllegalStateException
- If the host was not registered join
- java.util.Map<java.lang.String,byte[]> join( java.lang.String hostName,
- java.lang.String wlpUserDir,
- java.lang.String serverName,
- java.lang.String wlpInstallDir,
- java.lang.String keystorePassword,
- java.util.Map<java.lang.String,java.lang.Object> certProperties,
- java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
- java.security.cert.CertificateException
- java.security.KeyStoreException
This will register the server and generate the security credentials required by the server to communicate with the collective.
A server is uniquely identified by its name, the host on which it resides, and the wlpUserDir within which it resides. The wlpUserDir is used in the repository path to differentiate between servers of the same name on the same host.
The host authentication information requires either the user password or the SSH private key.
hostName
- The host name. Must not be null
or an empty string. The
host name set here will directly control where the server's
information is stored within the repository. This host name should
match the host name set to the defaultHostName variable for the
server's server.xml
Must not be null
or an empty string. wlpUserDir
- The canonical path for the user directory of server.
This should match the WLP_USER_DIR environment variable for the server.
Must not be null
or an empty string. Must not have a trailing slash.
Must not be encoded. serverName
- The server name. Must not be null
or an empty string. wlpInstallDir
- The Liberty install directory for this server.
Must not be null
or an empty string. keystorePassword
- The password to protect the created keystores.
Must not be null
. Each keystore's password can be
overridden individually by specifying additional certProperties. certProperties
- See the "Certificate Creation Properties" CollectiveRegistrationMBean
hostAuthInfo
- See the "Host Authentication Information" CollectiveRegistrationMBean
java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid or if any of the keys in the properties maps are unrecognized java.lang.IllegalStateException
- If the server was already registered java.security.cert.CertificateException
- If there is a problem creating the certificates java.security.KeyStoreException
- If there is a problem creating the keystore replicate
- java.util.Map<java.lang.String,byte[]> replicate( java.lang.String hostName,
- java.lang.String wlpUserDir,
- java.lang.String serverName,
- java.lang.String wlpInstallDir,
- java.lang.String keystorePassword,
- java.util.Map<java.lang.String,java.lang.Object> certProperties,
- java.util.Map<java.lang.String,java.lang.Object> hostAuthInfo)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
- java.security.cert.CertificateException
- java.security.KeyStoreException
This will register the server and generate the security credentials required by the server to communicate with the collective.
A server is uniquely identified by its name, the host on which it resides, and the wlpUserDir within which it resides. The wlpUserDir is used in the repository path to differentiate between servers of the same name on the same host.
The host authentication information requires either the user password or the SSH private key.
hostName
- The host name. Must not be null
or an empty string. The
host name set here will directly control where the server's
information is stored within the repository. This host name should
match the host name set to the defaultHostName variable for the
server's server.xml wlpUserDir
- The canonical path for the user directory of server.
This should match the WLP_USER_DIR environment variable for the server.
Must not be null
or an empty string. Must not have a trailing slash.
Must not be encoded. serverName
- The server name. Must not be null
or an empty string. wlpInstallDir
- The Liberty install directory for this server.
Must not be null
or an empty string. keystorePassword
- The password to protect the created keystores.
Must not be null
. Each keystore's password can be
overridden individually by specifying additional certProperties. certProperties
- See the "Certificate Creation Properties" CollectiveRegistrationMBean
hostAuthInfo
- See the "Host Authentication Information" CollectiveRegistrationMBean
java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid or if any of the keys in the properties maps are unrecognized java.lang.IllegalStateException
- If the server was already registered java.security.cert.CertificateException
- If there is a problem creating the certificates java.security.KeyStoreException
- If there is a problem creating the keystore remove
- void remove(java.lang.String hostName,
- java.lang.String wlpUserDir,
- java.lang.String serverName)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
A server is uniquely identified by its name, the host on which it resides, and the wlpUserDir within which it resides. The wlpUserDir is used in the repository path to differentiate between servers of the same name on the same host.
hostName
- The host name. Must not be null
or an empty string.
This host name should match the host name set to the defaultHostName
variable for the server's server.xml wlpUserDir
- The canonical path for the user directory of server.
This should match the WLP_USER_DIR environment variable for the server.
Must not be null
or an empty string. Must not have a trailing slash.
Must not be encoded. serverName
- The server name. Must not be null
or an empty string. java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid java.lang.IllegalStateException
- If the server was not registered avow
- void avow(java.lang.String hostName,
- java.lang.String wlpUserDir,
- java.lang.String serverName)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
A server is uniquely identified by its name, the host on which it resides, and the wlpUserDir within which it resides. The wlpUserDir is used in the repository path to differentiate between servers of the same name on the same host.
hostName
- The host name. Must not be null
or an empty string.
This host name should match the host name set to the defaultHostName
variable for the server's server.xml wlpUserDir
- The canonical path for the user directory of server.
This should match the WLP_USER_DIR environment variable for the server.
Must not be null
or an empty string. Must not have a trailing slash.
Must not be encoded. serverName
- The server name. Must not be null
or an empty string. java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid java.lang.IllegalStateException
- If the server was not registered disavow
- void disavow(java.lang.String hostName,
- java.lang.String wlpUserDir,
- java.lang.String serverName)
- throws java.io.IOException
- java.lang.IllegalArgumentException
- java.lang.IllegalStateException
A server is uniquely identified by its name, the host on which it resides, and the wlpUserDir within which it resides. The wlpUserDir is used in the repository path to differentiate between servers of the same name on the same host.
hostName
- The host name. Must not be null
or an empty string.
This host name should match the host name set to the defaultHostName
variable for the server's server.xml wlpUserDir
- The canonical path for the user directory of server.
This should match the WLP_USER_DIR environment variable for the server.
Must not be null
or an empty string. Must not have a trailing slash.
Must not be encoded. serverName
- The server name. Must not be null
or an empty string. java.io.IOException
- If there was any problem completing the operation java.lang.IllegalArgumentException
- If any of the parameters are not valid java.lang.IllegalStateException
- If the server was not registered
ObjectName
that this MBean maps to.