Overriding Liberty server host information
The collectiveMember-1.0
feature enables a server to be managed by the
collective controller. Most server host information can be automatically detected. However, in
certain scenarios, you must provide extra host information so that the collective controller can
establish a connection to the server.
collectiveController-1.0
feature and its
capabilities are available only in WebSphere® Application Server Network Deployment Liberty or
WebSphere Application Server for z/OS® Liberty. The feature is not available in
WebSphere Application Server Liberty, or WebSphere Application Server Liberty Core. If you have a WebSphere Application Server Network Deployment Liberty installation, you can use its
collectiveController-1.0
feature to work with collective members from WebSphere Application Server Liberty, or WebSphere Application Server Liberty Core installations.<hostAuthInfo rpcPort="ssh_port"
rpcUser="user_ID"
rpcUserPassword="password"
rpcUserHome="user_home"
rpcHost="host_name"
sudoUser="sudo_user"
sudoPassword="sudo_user_password"
sshPublicKeyPath="public_key_path"
sshPrivateKeyPath="private_key_path"
sshPrivateKeyPassword="private_key_password"
useHostCredentials="true_or_false"
useCollectiveSSHKey="true_or_false"/>
- rpcPort
- This parameter specifies the port for the RPC mechanism, which is SSH port 22 by default. If
your system uses a nonstandard port, set this value accordingly. If this value is not specified, the
default value is
22
. - rpcUser
- This parameter specifies the user ID that the collective controller uses to connect to the
server. If the host does not support SSH or the use of SSH keys is not wanted, you can use this
parameter to specify an operating system login user. For example, if you log in to the host with the
myID
user, then you specifyrpcUser="myID"
. If this value is not specified, the default value isSystem.getProperty("user.name")
. - rpcUserPassword
- This parameter specifies the password for the specified user ID. For example, if you log in to
the host with the
myID
user and themyPwd
password, then you specifyrpcUser="myID"
andrpcUserPassword="myPwd"
. If this value is not specified, the server either generates an SSH key pair or uses the SSH key pair for the connection as specified by the privateKeyPath and publicKeyPath parameters.If this value is not specified, the server uses the collective-wide SSH key pair if available. That SSH key pair is the SSH key pair as specified by the sshPrivateKeyPath and sshPublicKeyPath parameters, or generates an SSH key pair. If SSH is not installed on the server (such as, for a Windows or OS/400® operating system), the password is required.
- rpcUserHome
- This parameter specifies the home directory of the user. If this value is not specified, the
default value is
System.getProperty("user.home")
. If rpcUser is specified, specify rpcUserHome. - rpcHost
- This parameter specifies the host on which the RPC mechanism is configured to listen. If this value is not specified, the default value is the value of the defaultHostName variable. If your system uses a host other than the defaultHostName, set this value accordingly.
- sudoUser
- If this value is specified, it allows the collective controller to run commands as another, or "sudo", user instead of as the user ID used for the connection. This parameter applies only to servers that have an SSH server installed. This parameter has no default value.
- sudoPassword
- This parameter specifies the password for the sudo user specified by the sudoUser parameter. This parameter applies only to servers that have an SSH server installed. This parameter has no default value.
- sshPublicKeyPath
- This parameter specifies the path and file name of a user-specified public key file. If this
value is not specified, the default is
${server.output.dir}/resources/security/ssh/id_rsa.pub
. If the specified file (or default file) does not exist, a new public key file is generated.If this value is not specified, the server uses the collective-wide SSH key pair if available, or the server generates an SSH key pair at the default location.
- sshPrivateKeyPath
- This parameter specifies the path and file name of a user-specified private key file and is
intended for use with
sshPrivateKeyPassword
to establish a password protected private key. If this value is not specified, the default is${server.output.dir}/resources/security/ssh/id_rsa
. If the specified file (or default file) does not exist, a new private key file will be generated.If this value is not specified, the server will use the collective-wide SSH key pair if available, or the server will generate an SSH key pair at the default location.
- sshPrivateKeyPassword
- This parameter specifies the password for the private key. This parameter has no default value.
For the private key to be used, the password must be provided by using
sshPrivateKeyPassword
. The Liberty default configuration uses non-protected private keys. If you generate your own private key with a password, then usesshPrivateKeyPassword
or your own private key is not usable.Note:- When a private key is protected by a password, the key bytes, as stored, are encrypted with a password-derived symmetric key. A private key is readily encodable as a sequence of bytes, and can be copied, encrypted, and decrypted just like any file.
- For key-based authentication, if you use
sshPrivateKeyPassword
a<hostAuthInfo sshPrivateKeyPassword="private_key_password" />
CWWKX8120W
message occurs warning you that thesshPrivateKeyPassword
was set without using a correspondingsshPrivateKeyPath
.
- useHostCredentials
- This parameter specifies whether collective member server commands inherit RPC credentials from
the host. The default is
false
, requiring the user to specify RPC credentials for the controller to remotely start or stop the member. When set totrue
, collective member server commands inherit RPC credentials from the host registration and ignore all other RPC credentials in thehostAuthInfo
configuration element. - useCollectiveSSHKey
This property specifies whether the server uses the collective-wide SSH key pair or another RPC mechanism. If not set, the server uses another RPC mechanism if specified, the collective-wide SSH key pair if available, or generate a new SSH key pair for use exclusively by this server. If set to true, the server uses the collective-wide SSH key pair or issue an error message if a collective-wide key is not available. If set to false, the server uses another RPC mechanism if specified or generate an SSH key pair for use exclusively by this server
.
Examples
<hostAuthInfo rpcUserPassword="myPassword"/>
<hostAuthInfo rpcPort="2222"/>
<hostAuthInfo sudoUser="anotherUser" sudoPassword="anotherPassword"/>
<hostAuthInfo rpcUserHome="<user's home directory>" />
useHostCredentials
to true in the
server.xml file of the member. Complete the following steps to configure the
member to inherit RPC credentials from the host by specifying --useHostCredentials
in the join command that joins a server as a member to the collective.--useHostCredentials
option, you do not need to specify the operating
system user ID and password in the member server.xml file because the member
inherits credentials from the host. Later, if the operating system user ID or password of the member
server changes, run the updateHost command to change the user ID or password. For
more information about the registerHost and updateHost
commands, see Registering host computers with a Liberty collective.