Interactive installation guide

Set up the HAProxy load balancer

Note: Installation of HAProxy load balancer is not supported on Windows platforms.

You must install and configure HAProxy before the cluster can be activated. For more information about HAProxy, see www.haproxy.org.

Note: You can also configure and use IHS instead of HAProxy, but only one of these two methods must be used in a cluster for load balancing. For information about configuring IHS to use as a load balancer, see Configure IHS for load balancing.

I. Installing a non-Dockerized version of HAProxy

HAProxy is part of the official Red Hat Linux repository and can be installed by using the yum command. You must have root user permissions or use the sudo command to do the installation.

1. To install HAProxy, open a command shell and enter the following command:

   yum -y install haproxy

2. By default HAProxy is installed in the /usr/local/haproxy/etc/haproxy directory. Go to the HAProxy installed directory and back up the haproxy.cfg file. For example, create a haproxy.cfg.backup file.
3. Open the haproxy.cfg file for editing and configure it as needed. Use the following example as a reference. For more details about configuration language and available options, see the HAProxy Configuration Manual.

    

   haproxy.cfg sample file

   #---------------------------------------------------------------------
   # Example configuration for a possible web application. See the
   # full configuration options online.
   #
   # http://haproxy.1wt.eu/download/1.6/doc/configuration.txt
   #
   #---------------------------------------------------------------------
   
   #---------------------------------------------------------------------
   # Global settings
   #---------------------------------------------------------------------
   global
   # If not using the dockerized version,
   # to have these messages end up in /var/log/haproxy.log you will
   # need to:
   #
   # 1) configure syslog to accept network log events. This is done
   # by adding the '-r' option to the SYSLOGD_OPTIONS in
   # /etc/sysconfig/rsyslog
   #
   # 2) configure local2 events to go to the /var/log/haproxy.log
   # file. A line like the following can be added to
   # /etc/sysconfig/rsyslog
   #
   # local2.* /var/log/haproxy.log
   #
   # 3) uncomment the line below and comment the other log line
   #log 127.0.0.1 local2
   log /dev/log local2
   
   chroot /var/lib/haproxy
   pidfile /var/run/haproxy.pid
   maxconn 6000
   user haproxy
   group haproxy
   daemon
   
   # turn on stats unix socket
   stats socket /var/lib/haproxy/stats
   
   tune.ssl.default-dh-param 2048
   
   #---------------------------------------------------------------------
   # common defaults that all the 'listen' and 'backend' sections will
   # use if not designated in their block
   #---------------------------------------------------------------------
   defaults
   mode http
   option dontlognull
   option http-server-close
   option redispatch
   retries 3
   timeout http-request 10s
   timeout queue 1m
   timeout connect 10s
   timeout client 5m
   timeout server 5m
   timeout http-keep-alive 10s
   timeout check 10s
   maxconn 6000
   
   #---------------------------------------------------------------------
   # main frontend which proxys to the backends
   #---------------------------------------------------------------------
   frontend lanneluc-proxy
   bind *:80
   bind *:9443 ssl crt /etc/haproxy/ssl/proxy.pem no-sslv3
   log global
   option httplog
   mode http
   capture cookie SERVERID len 32
   redirect scheme https if !{ ssl_fc }
   maxconn 2000 # The expected number of the users of the system.
   # Limits the sockets to this number of concurrent connections. Extraneous
   # connections will remain in the system's backlog until a connection is
   # released. If unspecified, the limit will be the same as the frontend's
   # maxconn.
   default_backend ccm
   
   
   backend ccm
   
   option forwardfor
   http-request set-header X-Forwarded-Port %[dst_port]
   http-request add-header X-Forwarded-Proto https if { ssl_fc }
   fullconn 1000 # if not specified, HAProxy will set this
   # to 10% of 'maxconn' specified on the frontend
   
   balance leastconn
   cookie SERVERID insert indirect nocache
   
   # minconn = 100, the server will always accept at least 100,
   # but no more than 'maxconn' connections. Should be the same as CCM Liberty
   # settings in server.xml
   # maxconn = 500, the max number of connections that will be sent to a server.
   # The overage will be queued. The total for all nodes should be equal to maxxcon
   # on 'frontend'
   server ccm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm1 verify none
   server ccm2 node2.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm2 verify none
   server ccm3 node3.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm3 verify none
   server ccm4 node5.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm4 verify none
   
   listen statistics
   bind *:1936
   stats uri /
   stats admin if TRUE
   stats enable
   stats hide-version
   stats auth root:clu8ter8
   stats refresh 5s
   

   You must ensure that several important entries in the configuration file are entered correctly:

   • /etc/haproxy/ssl/proxy.pem: This references the certificate that must be available to HAProxy so the proxy server can examine SSL-encrypted traffic. This ability is required for session affinity, which is an important component of clustering in CLM.
   • balance leastconn: This is the balancing strategy. The cookie SERVERID insert indirect nocache setting ensures that the user login information is passed between different sessions. Without this setting, the user will be required to log in again after navigating to any URL that requires user validation.
   • Back-end servers: Replace ccmx with your application names and nodex.host.com:9443 with your server URLs.
   • minconn, maxconn, fullconn: The minimum connection, maximum connection, and full connection parameters.
   • Administration interface:

     listen statistics
     bind *:1936
     stats uri /
     stats admin if TRUE
     stats enable
     stats hide-version
     stats auth root:clu8ter8
     stats refresh 5s
     

     These entries are explained in details in the next sections.

4. Open a command shell and enter the following command to enable the service:

   systemctl enable haproxy

5. Enter the following command to start the service:

   service haproxy start

II. Installing a certificate

HAProxy requires a certificate to parse encrypted traffic. You can use a self-signed certificate. The following commands create a self-signed certificate for your testing environment, but you must obtain a real certificate if required.

OpenSSL prompts you to enter the details for the certificate, such as the host name and so on. Double quotation marks are optional. The host name (CN) is the host name of the server where HAProxy is installed:

cd /usr/local/haproxy/etc
openssl genrsa -des3 -out ssl/proxy.key 2048
openssl req -new -key "ssl/proxy.key" -out "ssl/proxy.csr"
openssl x509 -req -days 365 -in "ssl/proxy.csr" -signkey "ssl/proxy.key" -out "ssl/proxy.crt"
cat ssl/proxy.crt ssl/proxy.csr > ssl/proxy.pem

III. Using a load-balancing rule

HAProxy offers several load-balancing algorithms. In the configuration example, the balance leastconn option is used. The balance leastconn option instructs HAProxy to direct traffic to the back-end server with the least number of connections.

IV. Configuring back-end servers

The back-end servers are the lines that start with "server" in the configuration file. These entries instruct the HAProxy to redirect traffic to the nodes. In the configuration example, there are four nodes. Replace the nodex.host.com parts with the actual host-name of the servers (nodes) on which you install your CCM servers (replicas).

You can preconfigure HAProxy with as many back-end servers (nodes) as the number of CCM nodes that you are planning to have. For the initial setup stage, start with one instance of CCM on one node by commenting out all the other server lines except for the first line:

server ccm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm1 verify none
#server ccm2 node2.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm2 verify none
#server ccm3 node3.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm3 verify none
#server ccm4 node5.host.com:9443 minconn 100 maxconn 500 ssl check cookie ccm4 verify none

After HAProxy is configured, if it is running as a service, you can start, stop, and restart it by entering the following command:

sudo service haproxy start|stop|restart|reload

V. Optimizing the number of connections

The minconn, maxconn, and fullconn parameters are used to fine-tune the server and to control the number of simultaneous connections the server can handle. If more connections are established, the overage will be buffered. It can be difficult to determine the optimal numbers for these parameters, because they depend on the expected number of users and the server responsiveness, which can be influenced by available resources, network bandwidth, and so on. The number of connections can be fine-tuned depending on the number of users that are expected to use the clustered applications.

These numbers are also related to how WebSphere Liberty is configured. By default, the WebSphere Liberty instance that runs CLM is configured with coreThreads="100" which is the lowest number of threads that handle incoming requests. The maximum is limited by the available system resources. Therefore, the minconn parameter should be set to the value of the coreThreads setting. The maxconn value in the back-end section (that is, one per back-end server) should be set to the maximum number of users that the server is capable of handling without showing any degradation in performance or response times. In the configuration example provided earlier, the maxconn value is set to 500 on each back end. The total of all back-end maxconn values should equal the maxconn value that is set in the front-end section of the configuration file. For example, if there are four nodes that are each set to maxconn=500, the maxconn value in the front-end should be set to 2000.

VI. Accessing the monitoring console and logs

The last section in the configuration file specifies how to access the HAProxy monitoring console. The console shows the number of nodes and their statuses, as well as the incoming and outgoing traffic. For a well-functioning cluster, assuming all nodes have been brought online at about the same time, the number of sessions (Total and lbTotal) should be roughly the same, and the number of bytes transferred should not vary too much between nodes. There should be no errors or warnings.

HAProxy maintains a log file in this directory: /var/log/haproxy.log. This log file contains information about which requests were redirected to which back-end servers and other HAProxy information such as session-affinity cookies and response codes.

Optional: Set up HAProxy high availability

Optional: Set up a custom loadbalancing

HAProxy provides different parameters for adapting and tuning its behavior, including a property named weight that you can use to identify servers for balancing. This property is only used for the first session request, because all the other requests for this session are routed to the same server with session affinity. The weight must be a value between 1 and 256. When the weight property is not set, the default value of 1 is used.

The weight property can be added to any server declaration in a back end, as shown in the following line:

backend ccm
...
server ccm1 node1.host.com:9443 minconn 100 maxconn 500 ssl check weight 50 cookie ccm1 verify none

The weight parameter enables you to define a specific weight for your server. However, you must edit the haproxy.cfg file each time that you want to change the weight. To avoid opening the haproxy.cfg file to change the weight, you can use a socket interface to change the weight while the HAProxy server is running. Use the following procedure to install the Socat program, which allows you to send messages to the HAProxy TCP stats socket:

Procedure

1. To install Socat, enter the following command in the shell:

   yum -y install socat

2. Open and edit the haproxy.cfg file to declare the socket and set its permission and level. Add the following lines to the general section of haproxy.cfg. In the following example, the socket in the /var/lib/haproxy/stats.sock directory is used. Only the user that is declared as the HAProxy user in the haproxy.cfg file is permitted to connect to the socket mode 600. The access level is set to administrator to allow updates to the weight parameter by using the socket:

   stats socket /var/lib/haproxy/stats.sock mode 600 level admin
   stats timeout 2m

3. Restart the HAProxy server.
4. Determine the correct weight for the nodes based on the server activities. You can gather system data from all nodes and compute a weight based on the gathered data. After you compute the correct weight based on system data, you can create a script and use the weight for all nodes. In the following example, ccm is the name of the back end, ccm1 is the name of the server node, and the new weight is set to 50: :

   echo "set weight ccm/<serverName> <newWeight>" | socat unix-connect:/var/lib/haproxy/stats.sock stdio
   ex: echo "set weight ccm/ccm1 50" | socat unix- connect:/var/lib/haproxy/stats.sock stdio

Set up IBM IoT MessageSight

Note: Installation of IBM IoT MessageSight is not supported on Windows platforms.

IBM IoT MessageSight provides secure, rapid, bidirectional messaging for the Internet of Things (IoT) and mobile environments. IBM IoT MessageSight is a high performance MQTT broker.

I. Installing the non-Dockerized version of IBM IoT MessageSight

Procedure

To install a non-Dockerized version of IBM IoT MessageSight, follow these steps:

1. Download the required packages for the latest IBM IoT MessageSight 2.0 from ibm.com.

   Note: An IBMid is required to access these files. If you do not have an IBMid, you will be prompted to create one before you can download IBM IoT MessageSight.

2. Follow the instructions in the IBM IoT MessageSight documentation to install the non-Dockerized (RPM) version.

II. Logging in to the IBM IoT MessageSight Web UI

About this task

You can use the URL http://server:Port to connect to the IBM IoT MessageSight Web UI. This task uses https://10.10.2.149:9087/ to connect to the IBM IoT MessageSight Web UI. To use this URL, your IBM IoT MessageSight Web UI container must be running on the host with IP address 10.10.2.149.

You must accept a certificate and server certificate before you can start using the IBM IoT MessageSight Web UI. You must change both of these certificates if you move from a non-production to a production environment.

Procedure

1. Open a Microsoft Internet Explorer 11, Mozilla Firefox, or Google Chrome browser and connect to the IBM IoT MessageSight Web UI by entering the following URL: 10.10.2.149:9087
2. Accept the IBM IoT MessageSight Web UI certificate so that you can view the login page.
3. Log in and accept the IBM IoT MessageSight server certificate in one of the following ways:
   • If you are using Internet Explorer 11, complete the following steps to log in and accept the IBM IoT MessageSight server certificate:
     1. At the login prompt, type the default ID and password (admin/admin) and click Log in.
     2. After you are logged in, follow the browser prompts to accept the certificate. The Common configuration and customization tasks section of the IBM IoT MessageSight Web UI home page is displayed.
   • If you are using Firefox or Google Chrome, complete the following steps to log in and accept the IBM IoT MessageSight server certificate:
     1. At the login prompt, type the default ID and password (admin/admin) and click Log in. The Cannot connect to the IBM IoT MessageSight server error is displayed.
     2. Click Click here in the message text. An error page is displayed that indicates that you need to accept the certificate.
     3. Follow the browser prompts to accept the certificate. The About IBM IoT MessageSight page is displayed in a new browser window.
     4. Return to the IBM IoT MessageSight Web UI page. If the error is still displayed, refresh the page. The Common configuration and customization tasks section of the IBM IoT MessageSight Web UI home page is displayed.

     Note: To prevent repeatedly having to accept certificates, you can replace the default certificate with your own appropriately signed certificate. For information about specifying your own certificate, see Changing the IBM IoT MessageSight Web UI security certificate.

III. Configuring IBM IoT MessageSight

IBM IoT MessageSight uses organizational configuration objects called hubs to define configuration policies.

Procedure

1. After logging in to the IBM IoT MessageSight Web UI by following the procedure in the previous task, create a new hub and then create and assign a connection policy, messaging policy and endpoint.
2. Create a new connection policy. Provide a name and a description. Enter a client ID and select MQTT for protocol. Under Specify the resources that an MQTT client is permitted to consume, select Allow Clients with Durable Subscriptions and Allow Persistent Messages check boxes.
3. Go to the Message Policy tab and create a new topic policy. Provide a name and a description for the new topic policy. Enter a client ID and select MQTT for the protocol. In the Topic field enter an asterisk (*) and, under Authority, select both the Publish and Subscribe check boxes. Under Subscriber Settings, ensure that you enter 10000 for the Max Messages value and select Discard Old Messages for the Max Messages Behavior value.
4. Finally, create a new endpoint. Provide a name and a description. In the Port field, specify the port that your clients (CCM nodes) use to connect to publish and subscribe to messages. Later, you will add this port to the server.startup file. Select MQTT as the protocol. Set the Max Message Size value to 4096. Under Connection Policies and Messaging Policies, associate the connection policy and messaging policy (topic policy) that you created in the previous steps.

IV. Monitoring subscriptions

You can view subscription monitoring statistics by using the IBM IoT MessageSight Web UI. To access the monitoring subscriptions, go to the Subscriptions page by selecting Monitoring > Subscriptions.

In the Monitoring view, you can see all MQTT clients (nodes), the topics being subscribed to and published, the active consumers, the number of messages, and the buffer sizes. You can use various options to filter the data.

V. Optional: IBM IoT MessageSight high availability

To implement high availability for IBM IoT MessageSight (primary and standby nodes), see the following topics in the IBM IoT MessageSight documentation:

• High Availability overview
• Configuring your system for high availability
• Configuring MessageSight by using the Web UI
• Configuring MessageSight by using REST Administration APIs

Distributed Cache Microservice

The Distributed Cache Microservice (DCM) is a small Java application that consists of a main JAR file, distributedCache.jar, the distributedCache.cfg file for configuration properties, and required dependencies in the jarlib directory. The microservice provides a centralized management and storage location for distributed data for clustered Collaborative Lifecycle Management (CLM) applications. The DCM is required for cluster operation; if the DCM is not accessible, then all clustered applications will be in a 'wait' state until the DCM is back online.

Note: For the best performance, copy the DCM from the Jazz Team Server location and run it on a separate server that is independent from Jazz Team Server.

Initial Setup Considerations:

The DCM must be installed and run on a server that is accessible by all nodes of the clustered application. It must also be installed in a location with read and write access. Accessing most user interface resources of the DCM requires the user to have a JazzAdmins role. By default, the microservice is installed on Jazz Team Server and is started as part of the Jazz Team Server startup sequence. Specifically, a clustered application calls Jazz Team Server to discover the status of the microservice. The Jazz Team Server attempts to locate a running process, and starts the microservice if it is not running. This sequence will only complete successfully in a basic environment where the following is true:

• The microservice is accessible in the network by the clustered application nodes at the Jazz Team Server (JTS) public uri hostname with the default port of 10001. For example, if Jazz Team Server is running at https://jts.hostname.com:9443/jts, then the microservice must be available at https://jts.hostname.com:10001/dcm. In environments fronted by IBM HTTP SERVER (IHS), the 10001 port must be set up to forward properly. See the Deployment wiki article for details.
• The Jazz Authorization Server (JAS) is using the default credentials (ADMIN/ADMIN) for client registration. The DCM attempts to register itself as a JAS client at startup, and if the default credentials are not valid, the DCM registration fails and the microservice stops. In this case, you can provide the authentication server parameters in the distributedCache.cfg file.

  If the CLM environment uses an LDAP user registry, you must also configure the User Registry settings in the distributedCache.cfg file.

1. Open the Jazz_Install_Dir\server\clustering\cache\distributedCache.cfg/server/clustering/cache/distributedCache.cfg file for editing.
2. Under [AuthServer] update the following parameters with your server URL and credentials:

# URL for contacting the Authorization Server. Must be set if using OIDC.
# i.e. https://server.company.com:9643/oidc/endpoint/jazzop
auth_url = $S{AuthServer.auth_url}

# Authorization Server Admin User ID
# After the Auth Server is registered, this will be reset to the default (ADMIN)
as_admin_id = $S{AuthServer.as_admin_id, ADMIN}

# Authorization Server Admin Password (as_admin_pass)
# After the Auth Server is registered, this will be reset to the default (ADMIN)
as_admin_pass = $S{AuthServer.as_admin_pass, ADMIN}

# Authorization Server Trusted URL. This should be the network
# accessible URL for this microservice, i.e. https://server.company.com:10001
as_trusted_url = $S{AuthServer.as_trusted_url}

Manually starting the microservice:

The DCM has operating specific start and stop scripts provided with the jar file. In the default setup, the startup script uses the JRE from the Jazz Team Server installation to run the DCM. If you copy the DCM to a new location, you must provide a path to a version 1.7 or later JRE bin folder as an argument to the startup script. Note that the scripts start the DCM in the foreground, which may require the terminal to stay open. The scripts can be edited to run the DCM in the background if required.

Cache backup:

The cache data is continuously backed up to disk in case of an unexpected shutdown. The default directory is distributedData, a sub directory of the DCM installation path. You can change this default directory in the distributedCache.cfg file under [Cache] section.

Log files:

By default, the logs folder is created as a sub directory of the DCM installation path as well, and all log information is written to this directory. You can change this default directory in the distributedCache.cfg file under [Logging] section, logDir parameter. In addition, you can also change all other logging parameters such as file name or date formats in this section.

Counters:

Counters can be enabled to monitor the DCM in the [Counters] section of the distributedCache.cfg file. To view counters in a web browser, set the enabled = $S{Counters.enabled,false} parameter to true, and browse to https://microservice_host:10001/dcm/counters. Counters can also be published to MQTT topics by configuring the MQTT properties under the [Counters] section of the distributedCache.cfg file.

Replicate the CCM nodes

After you complete the setup and configuration of a single Change and Configuration Management node, you can transform it into a cluster by replicating the nodes.

I. Add Message Broker URL to the Advanced Properties

1. Log in to the server on the first node.
2. Click Application and, under Configuration click Advanced Properties.
3. Search for com.ibm.team.repository.service.mqtt.internal.MqttService and click Edit in the title bar.
4. In the Current Value field for MQTT Broker address, enter the IP address or host name of the MQTT Broker (IBM IoT MessageSight), followed by the port number that you specified when you configured the endpoint in IBM IoT MessageSight.
5. To save the changes, click Preview.

II. Add the cluster information to the server.startup script

1. Log in to the server that you set up to use as your first node and stop the Change and Configuratopm Management application.
2. Go to the CCM_Install_Dir/server directory and open server.startup for editing, and add the following lines:

   JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.cluster.nodeId="ccm1""
   JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.service.internal.db.allowConcurrentAccess=true"
   JAVA_OPTS="$JAVA_OPTS -Dretry.count=0"
   JAVA_OPTS="$JAVA_OPTS -Dretry.wait=10"
   JAVA_OPTS="$JAVA_OPTS -Dactivation.code.ClusterSupport=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
   

   Replace ccm1 with the name or ID of the node. This name must be unique among all the nodes. Later on when you copy the settings to other nodes, you must change this value on all nodes, for example, ccm2, ccm3, and so on. Enter the activation code you obtained from IBM Support in -Dactivation.code.ClusterSupport.

3. Save and close the server.startup file.

III. Adding nodes to the Jazz Authorization Server client registration

When you registered your Change and Configuration Management application, you used the HAProxy URL, so the Jazz Authorization Server does not have host names for the specific nodes. After you add a new node to your cluster, you must also add it to the Jazz Authorization Server client registration.

Note: When you add your second node, you must also add the first node's hostname to the registration.

1. Go to the directory where you installed your CLM applications and copy all files under the clustering directory to the computer where Jazz Authorization Server is installed. Ensure to keep the directory structure.

   The following files are included in the clustering directory:

   • addNodeReg.sh
   • JASConfig.params
   • addNodeReg.bat
   • addNodeReg.ps1
   • JASConfig.params
2. On Linux systems run chmod 755 with the script file to make it executable.
3. Edit the JASConfig.params file to add your Jazz Authorization Server administrator credentials and the path to Jazz Authorization Server installation directory.
4. Run addNodeReg.shaddNodeReg.bat with the client ID and local node URL as a parameters.

Client ID: The client ID of the clustered CCM application registered on Jazz Authorization Server. To obtain the client ID open the CCM teamserver.properties file and look for the com.ibm.team.repository.servlet.sso_clientId property.

Local node URL: Is the fully qualified host name and port number of the computer where CCM application is installed. Note that this is not the public URL of the CCM application that was used during application registration. This host name is also used in the HAProxy config file in the backend section.

./addNodeReg.shaddNodeReg.bat client ID https://CCM_Hostname:Port/appContext

Note: Ensure to run the addNodeReg script on the first node that you used for the initial setup.

IV. Replicate Change and Configuration Management to all nodes

You can replicate the CCM application on all nodes in two ways. You can install the CCM application on all other nodes and only copy the teamserver.properties and server.startup files from the first node to the other nodes. Alternatively, you can copy the entire installation directory from the first node to the other nodes. Do not forget to change the node IDs in the server.startup file on all nodes so that they all have unique IDs.

V. Update the HAProxy configuration

Open the HAProxy configuration file and verify that it lists the host names of your actual CCM nodes and that the number of lines matches the number of nodes. Edit the configuration file as needed, and restart the HAProxy service.

VI. Start the nodes

Start CCM server on every node. Check the HAProxy console to ensure all back-end servers are online.

Add replicas later

Complete the following steps to add more CCM replicas after your clustered environment is set up.

1. Stop one of the CCM nodes.
2. Copy the teamserver.properties and server.startup files to the new CCM installation directory on the new node.
3. Edit the server.startup file and enter a unique node ID.
4. Use the CCM -rebuildIndices and -rebuildTextIndices repository tools (repotools) commands to build the Apache Lucene index.
5. Add an entry for the new node to the list of back-end servers in the HAProxy configuration file and restart the HAProxy server.
6. If the new node is not registered with Jazz Authorization Server, run the addNodeReg script to register the new node.
7. Start the server on the new node.

Troubleshooting the cluster

Synchronizing all applications with Jazz Team Server

After completing the Jazz Team Server custom setup, you might see the following diagnostic failure message for one or more applications:

Application: the discovery resource at https://JTS_HOST:9443/ccm/rootservices for "/ccm" has different OAuth domains than the entry does.

OAuth domains from the discovery resource: [https://JTS_HOST:9443/ccm] Application OAuth domains: []

This error might be caused by an incomplete synchronization of applications from the repository tools (repotools) commands. To fix the issue, complete the following steps to manually synchronize the applications:

1. First, obtain the application ID that you need to synchronize with Jazz Team Server. Open a command shellwindow and enter the following commands:

   cd JazzInstallDir/\server
   ./repotools-jtsrepotools-jts -listFriends repositoryURL=https://JTS_HOST:9443/jts adminUserId=adminUserId adminPassword=adminPassword

2. Obtain the application ID from the previous step and enter the following command:

   ./repotools-jtsrepotools-jts -synchFriend repositoryURL=https://JTS_HOST:9443/jts adminUserId=adminUserId adminPassword=adminPassword friendId=FriendID_From_PreviousStep

3. After the repotools commands are successfully completed, return to the Jazz Team Server diagnostic page and run the diagnostics to ensure no more errors occur.

Accepting all "Content" for requests through proxy

If you installed IBM HTTP Server or another similar proxy server in front of the clustered environment, you must ensure that it is enabled to accept the content (payload) from all HTTP requests such as GET, PUT, POST, and so on. If this capability is not enabled, you might receive HTTP 400 Bad request errors in the proxy server because some of the HTTP GET requests are sent with a payload and rejected by the proxy.

To avoid such errors, in the proxy server's plugin-cfg.xml file, set AcceptAllContent="true".

Discarding HAProxy messages in the log files

The number of requests between CCM cluster members and Jazz Team Server can quickly increase and fill the disk space. You can modify the rsyslog config file so that certain HAProxy messages are discarded while logging the rest. To do this, add a tilde (~) to the end of the line that you want to discard. Example:

:msg, regex, "/map/" ~
local2.* /var/log/haproxy.log
& stop