Registering WebSphere Application Server traditional servers

Add each of your WebSphere® Application Server servers or deployment managers to WebSphere Automation by registering them with the usage metering service. You can then track security vulnerabilities for your servers from a single user interface (UI) in WebSphere Automation.

Before you begin

Ensure that you complete the prerequisites to obtain the URL of the usage metering service and the API key.

If you are registering a WebSphere Application Server deployment manager, it must be version 9.0.5.14 or later. This requirement ensures that the usage metering feature properly reports the server type to WebSphere Automation. For more information, see the list of known issues and limitations.

About this task

To register your application server with WebSphere Automation, you use the API key and URL to configure your WebSphere Application Server server with the usage metering service that is in WebSphere Automation. Additionally, you add the usage metering certificate to the truststore file or use the SSL name of the server SSL configuration for your usage metering service. You use the same usage metering information to register all of your WebSphere Application Server and WebSphere Application Server Liberty servers.

You either register your WebSphere Application Server server with the usage metering service in WebSphere Automation by using the example configuretWasUsageMetering wsadmin script or manually registering it. Choose one of the following options to register your WebSphere Application Server server.

Running the example configuretWasUsageMetering wsadmin script to register your application server with WebSphere Automation

The example script registers a WebSphere Application Server server with the usage metering service by using the configuretWasUsageMetering wsadmin script. You can copy the example script, try it on your development environment, and make changes as needed. To view and copy the example script code, see Script for configuring usage metering on WebSphere Application Server.

The script automatically gets the API key, URL, and usage metering certificate. For the script to do so, you must be in WebSphere Application Server V9.0 with the Red Hat® OpenShift® CLI Client oc command that is installed on all your application servers. Additionally, you must log in to the Red Hat OpenShift cluster with administrative credentials. If the Red Hat OpenShift CLI client is not installed on all your application servers or you are on WebSphere Application Server V8.5.5, the script still gets the usage metering certificate. However, you manually enter the API key and the URL. The script creates a keystore file or uses the existing SSL server configuration and retrieves the certificate from WebSphere Automation. It also creates the was-usage-metering.properties file and copies it to your application server. If you do not supply the node and server names, the script copies the keystore file and was-usage-metering.properties file to all servers. The script also synchronizes the changes to the active nodes. After you synchronize the nodes, you can start all the servers or a specific server by setting the startServers option to the true value.

The following steps assume that the scripting client is connected to the deployment manager, but you can run this script in a single application server environment. If you run it in a single application server environment, copy the script into the $WAS_HOME/profiles/AppSrv/bin directory. Modify the following steps and example configuretWasUsageMetering wsadmin script for your single application server environment.

Remember: Before you use the example configuretWasUsageMetering wsadmin script, test it in a development environment. It might not work properly in some environments.
  1. Create the configuretWasUsageMetering wsadmin script file by copying the script into the $WAS_HOME/profiles/Dmgr/bin directory.
  2. Run the configuretWasUsageMetering wsadmin script file.
    1. If the oc command is not installed on all your application servers in your environment or you are on WebSphere Application Server V8.5.5, ensure that the deployment manager is running. Then, run the configuretWasUsageMetering wsadmin command.
      $WAS_HOME/profiles/dmgr/bin/wsadmin -lang jython -f configuretWasUsageMetering.py url=url apiKey=apiKey_value sslRef=ssl_name or trustStorePassword=password

      Include the value for the sslRef option or the trustStorePassword option, but not both. Specify the URL on the url option and the API key on the apiKey option. If you didn’t already obtain the URL and API key, get them with the Red Hat OpenShift CLI client or from your OpenShift administrative console.

    2. If you are on WebSphere Application Server V9.0 and the Red Hat OpenShift CLI client is installed on all the application servers in your environment, log in to the Red Hat OpenShift cluster with administrative credentials. Ensure that the deployment manager is running and run the configuretWasUsageMetering wsadmin command.
      $WAS_HOME/profiles/Dmgr/bin/wsadmin -lang jython -f configuretWasUsageMetering.py sslRef=ssl_name or trustStorePassword=truststore_password namespace=websphere-automation
      • The script obtains the URL, API key, and usage metering certificate automatically.
      • The namespace is where WebSphere Automation is installed. If no namespace is specified, the default WebSphere Automation namespace is used.
      • Include the value for the sslRef option or the trustStorePassword option, but not both.

Manually creating the environment to register an application server with WebSphere Automation

You create the was-usage-metering.properties file and add in the API key, the URL, and the SSL information. If you want to add in a truststore file but don't have one, you create it and then add the usage metering certificate to it. After you complete the was-usage-metering.properties file, you add it to your installation.

  1. Create a was-usage-metering.properties file to specify the properties that you need to connect your application server to WebSphere Automation through its usage metering service.
    ## The following properties are required:
    url=URL for WebSphere Automation metering service
    apiKey=API key for WebSphere Automation
    
    ## One of the following options is required for SSL:
    # sslRef=SSL name of server SSL configuration
    # Or the following 3 properties
    # trustStore=truststore .p12 file name
    # trustStorePassword=truststore password
    # httpsProtocol=TLS protocol, defaults to TLSv1.2
  2. Add the URL and API key to the was-usage-metering.properties file.

    You obtained both the URL and the API key of the usage metering service either from the UI, or manually.

    Note: Storing the API key in plain text format is not a security concern. The key permits access only to the usage metering APIs, and is only used to register servers. No information is returned back to the caller by the usage metering APIs.
  3. Add one of the SSL options for the SSL properties to the was-usage-metering.properties file.

    Either add the sslRef property or the group of three properties that consists of the trustStore, trustStorePassword, and httpsProtocol properties. If you use the trustStore properties, set the trustStore value to the .p12 file name only. Do not specify a full or relative path.

    sslRef
    Set the sslRef property to the SSL alias name that corresponds to an SSL configuration for your application server.
    trustStore, trustStorePassword, httpsProtocol
    Specify the trustStore, trustStorePassword, and httpProtocol properties.

    If you already created a truststore.p12 file to connect an application server to WebSphere Automation, you can also use this same file to connect your WebSphere Application Server server to WebSphere Automation. This truststore.p12 file that you already created is one that you created for a Liberty server or a WebSphere Application Server server.

    If you didn't create a truststore.p12 file, run the following commands:

    Create the truststore.p12 file by first starting the wsadmin scripting tool with the -lang jython option. Then, run the createKeyStore command.

    AdminTask.createKeyStore('[-keyStoreName metering_keystore_name -keyStoreType PKCS12 -keyStoreLocation full_path_to_keystore_PKCS12_file_to_create -keyStorePassword keyStorePassword -keyStorePasswordVerify keyStorePassword -keyStoreDescription "metering truststore file" ]')
  4. Obtain the usage metering certificate and add it to the truststore.p12 file by using the retrieveSignerFromPort command.

    You can obtain the usage metering host for the command from the usage metering URL either with the Red Hat OpenShift CLI client or from your Red Hat OpenShift administrative console. For example, if the URL is https://example-automation.com/websphereauto/meteringapi, the host is example-automation.com. The default usage metering port is 443.

    If you use the sslRef option, you can obtain the keystore (or truststore) name and keystore scope for the command from your WebSphere Application Server traditional server administrative console. In the console, navigate to Security > SSL certificate and key management > SSL configurations (under Related Items). Click the sslConfig to obtain the keystore (or truststore) name and keystore scope.

    AdminTask.retrieveSignerFromPort('[-keyStoreName metering_keystore_name -host usage_metering_host_or_IP_Address -port usage-metering_Port -certificateAlias certificateAlias]')
    Run the following command to save the configuration changes from the createKeyStore and retrievingSignerFromPort commands.
    AdminConfig.save()
  5. Add the was-usage-metering.properties and truststore.p12 files to your installation.

    Add the files to any of the directories in the following table, depending on whether you want to register servers at the server, cluster, node, or cell level.

    The table contains two columns. The first column specifies the level. The second column specifies the directory.
    Level Directory
    Server profile_root/config/cells/cellName/nodes/nodeName/servers/servername
    Cluster profile_root/config/cells/cellName/clusters/clusterName
    Node profile_root/config/cells/cellName/nodes/nodeName
    Cell profile_root/config/cells/cellName
    If your environment uses a deployment manager, put the files in the directory tree for the deployment manager profile. Then, propagate the files to each of the managed nodes by starting the wsadmin scripting tool and running the following commands:
    repository=AdminControl.queryNames('type=ConfigRepository,process=dmgr,*')
    AdminControl.invoke(repository, 'refreshRepositoryEpoch')
    AdminNodeManagement.syncActiveNodes()

    If your environment does not use a deployment manager, put the files in the corresponding directory for each server, node, or cell that you want to register.

    If the application server is running after you add the files, the application server registers with WebSphere Automation through the usage metering service. Otherwise, the application server registers with WebSphere Automation the next time that it starts.

    A correctly registered WebSphere Application Server server is indicated with output similar to the following message.

    [10/20/21 7:56:04:940 PDT] 0000004a RegisterTask I CWWKR0400I: The server was registered with the IBM Cloud Private Metering service on the specified URL https://websphere-automation.example.com/websphereauto/meteringapi.