![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
![[z/OS]](../images/ngzos.gif)
linkCells|linkCellsZOS 脚本
设置星型拓扑时,可以使用 linkCells 脚本来配置多个单元之间的覆盖通信。在 z/OS® 系统上,改为使用 linkCellsZOS 脚本。
用途
使用 linkCells 脚本可启用 Intelligent Management 单元包含服务器之间的通信,这些服务器由将工作请求路由到另一管理单元的随需应变路由器 (ODR) 启用。
在 z/OS 系统上,使用 linkCellsZOS 脚本。
位置
linkCells 脚本在 app_server_root/bin 目录中可用。
linkCellsZOS 脚本在 app_server_root/bin 目录中可用。
用法
![[AIX Solaris HP-UX Linux Windows]](../images/dist.gif)
./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
![[z/OS]](../images/ngzos.gif)
./linkCellsZOS.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
示例
./linkCells.sh centerHost:8879:centerUID:centerPWD point1Host:8880:point1UID:point1PWD
故障诊断
运行 linkCells 脚本时,可能会显示以下错误消息。要解决这些错误,请验证是否将 profile_home/properties/ssl.client.props 文件中的 com.ibm.ssl.enableSignerExchangePrompt 属性设置为 gui、true 或 stdin。通过设置此属性,客户机可以从该服务器获得签署者证书,从而与 Intelligent Management 进行通信。
将 com.ibm.ssl.enableSignerExchangePrompt 属性设置为 gui 或 true 时,会显示签署者交换窗口,询问您接受还是拒绝该证书。如果接受该证书,那么它将自动安装在信任库中并且握手将成功。如果拒绝该证书,那么它未安装在信任库中,且握手会失败,因为不信任该证书。
将 com.ibm.ssl.enableSignerExchangePrompt 属性设置为 stdin 时,会显示签署者交换 ASCII 提示,并询问您接受还是拒绝该证书。如果接受该证书,那么它将自动安装在信任库中并且握手将成功。如果拒绝该证书,那么它未安装在信任库中,且握手会失败,因为不信任该证书。
$ ./linkCells.sh centerHost:center_cell_soap_port:user_id:password pointHost:point_cell_soap_port:user_id:password
"Begin linking cells..."
WASX7209I: Connected to process "dmgr" on node dmgr using SOAP connector. The type of process is: DeploymentManager
CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=edgeaphid16.rtp.raleigh.ibm.com, OU=e16VEcell,
OU=edgeaphid16CellManager02, O=IBM, C=US" was sent from target host:port "9.42.96.77:8915".
The signer may need to be added to local trust store "c:/AutoWAS2/09072011/WAS/profiles/node1/etc/trust.p12"
located in SSL configuration alias "DefaultSSLSettings" loaded from SSL configuration file
"file:c:\AutoWAS2\09072011\WAS\profiles\node1/properties/ssl.client.props".
The extended error message from the SSL handshake exception is:
"PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com,
OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02, O=IBM, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error".
CWPKI0040I: An SSL handshake failure occurred from a secure client. The server's SSL signer has to be added to the
client's trust store. A retrieveSigners utility is provided to download signers from
the server but requires administrative permission. Check with your administrator to have this utility run to setup
the secure environment before running the client.
Alternatively, the com.ibm.ssl.enableSignerExchangePrompt can be enabled in ssl.client.props for "DefaultSSLSettings"
in order to allow acceptance of the signer during the connection attempt.
WASX7023E: Error creating "SOAP" connection to host "edgeaphid16.rtp.raleigh.ibm.com";
exception information:
com.ibm.websphere.management.exception.ConnectorNotAvailableException:
[SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g:
PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com,
OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02,
O=IBM, C=US is not trusted;
internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error;
targetException=java.lang.IllegalArgumentException: Error opening socket: javax.net.ssl.SSLHandshakeException:
com.ibm.jsse2.util.g: PKIX path building failed:
java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.;
internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by CN=edgeaphid16.rtp.raleigh.ibm.com,
OU=Root Certificate, OU=e16VEcell, OU=edgeaphid16CellManager02,
O=IBM, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error]
WASX7213I: This scripting client is not connected to a server process; please refer to the log file
c:\AutoWAS2\09072011\WAS\profiles\node1\logs\wsadmin.traceout for additional information.