Updating and Monitoring LB plug-in with Web Server 7.0

My previous blog talks about setting up a SSL connection between DAS and load balancer (Web Server 6.0), configuration changes can be pushed from DAS (Domain Administration Server) to Load Balancer automatically. This avoids manual copying of loadbalancer.xml. The monitoring data about load balancer can also be obtained, once SSL is setup. The following instructions talk about setting up Load Balancer in SSL Mode in Web Server 7.0.

Instructions to install load balancer (Web Server 7.0) and enable the 9.0 features:

Please install Web Server 7 Preview 2. Please make sure you do not use the default directory on windows (Program Files/Sun/WebServer7). Please choose a directory which does not contain any spaces. Otherwise create-selfsigned-cert command fails. This bug is fixed in the upcoming Web Server 7 Preview 3 release. Once the web server is installed in a non default directory, start the admin server as follows:

C:\\Sun\\WebServer7\\admin-server>bin\\startserv.bat
The Sun Java System Web Server 7.0 Administration Server service is starting....
The Sun Java System Web Server 7.0 Administration Server service was started successfully.

Get the config name of the server instance by using the wadm command.

C:\\Sun\\WebServer7>bin\\wadm.bat --user admin
Please enter admin-user-password>
Sun Java System Web Server 7.0-Technology-Preview-2 B06/19/2006 16:59
wadm> list-configs
CHAND-NT

I will be working with the CHAND-NT configuration. Most commands need the --config parameter, so instead of typing that over and over, I'll set it once:

wadm>set wadm_config CHAND-NT

Then create a self signed certificate as follows

wadm> create-selfsigned-cert --server-name=CHAND-NT --nickname=ServerCert --token=internal

With the certificate installed, I now need a listener on some port which will have SSL enabled. I'll need a default virtual server associated with a listener, so first I want to check what virtual servers are configured so far:

wadm>list-virtual-servers
CHAND-NT

Ok there is only one (the default) virtual server here, so I'll go with that one:

wadm>create-http-listener --server-name=CHAND-NT --default-virtual-server-name=CHAND-NT --listener-port=8090 http-listener-ssl

Finally I need to set a few things on my new SSL listener: at the very least it needs to be enabled and it needs to be associated with the nickname of the cert it's going to use:

wadm>set-ssl-prop --http-listener=http-listener-ssl enabled=true
wadm>set-ssl-prop --http-listener=http-listener-ssl server-cert-nickname=MyServerCert

After all the configuration is done, I just need to deploy this new configuration and start my server:

wadm>deploy-config host.red.iplanet.com
wadm>start-instance

I can now go and check https://CHAND-NT:8090 from a browser to verify the setup is working.

Please export DAS certificate by executing the command

<as home>/lib/upgrade/pk12util -d <domain root>/config -o sjsas.p12 -W <file password> -K <master password> -n s1as

Please import the das certificate into webserver instance.

pk12util -i sjsas.p12 -d C:\\Sun\\WebServer7\\admin-server\\config-store\\JHAUK\\config


If obj.conf does not contain the following lines, please inser the following lines to the end of obj.conf

<Object ppath="\*lbconfigupdate\*">
PathCheck fn="get-client-cert" dorequest="1" require="1"
<Object>
<Object ppath="\*lbgetmonitordata\*">
PathCheck fn="get-client-cert" dorequest="1" require="1"
</Object>

You can verify the above setup from DAS. From the appserver admin gui, create a cluster, load balancer. Instead of using local CA, you can use any other CA and server certificate. In that case you skip step 5 and 6, but need to import server certificate you obtained from other CAs.
From CLI, the following creates the load balancer and sets it up, so that DAS posts the configuration changes automatically to that load balancer.

asadmin create-http-lb-config --target cluster1 sample_lb_config

asadmin create-http-lb --config sample_lb_config --autoapplyenabled=true --devicehost device_host_or_ip --deviceport device_port sample_lb

Give the webserver host and https listener port for device host and port. Click on test connection to test the connection. By default load balancer created from GUI uses SSL connection to connect to load balancer device.

Comments:

Post a Comment:
Comments are closed for this entry.
About

sv96363

Search

Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today