A typical Liberty collective consists of a controller and a number of members. The controller provides a number of MBeans to manage its members. Some of these MBeans require establishing a remote connection from the controller to a member. This article will cover the configuration steps in order to establish a successful connection.

Connecting with SSH public and private key pair

Once a member has joined a collective, the member server will generate a pair of RSA SSH keys at the first startup. The public key will be appended to the user’s authorized_keys file and the private key will be published to the controller. The controller will use this private key to establish an SSH connection to this member server. This default connection method works well on UNIX- and Linux-based systems. Not all UNIX-based systems have SSH daemon installed out of the box. Make sure the SSH daemon is configured and running.

Connecting with user name and password

Windows systems do not provide an SSH service out of the box. The controller can still make a connection to Windows systems if the user name and password are provided. The user must be a member of the Administrators group.

Instead of using a public and private key pair, you can also use a user name and password to establish a SSH connection to UNIX- and Linux-based systems. Both root and non-root users can be used.

To connect a member with a user name and password, add the following snippet into the member’s configuration file (wlp/usr/servers/<serverName>/server.xml).

<hostAuthInfo rpcHost="host_name"

You can update the server configuration file while the member server is running. The hostAuthInfo will be published to the controller momentarily. If the server is stopped while you are updating the configuration file, you need to start it once using the server command locally before the controller’s ServerCommands MBean can start or stop it remotely.

For more details on hostAuthInfo element, see Overriding Liberty server host information.

Operating system settings for members running on Windows systems

The following settings are required for connecting Windows members without SSH service installed:

  • For all Windows systems, the user must be a member of the administrators group. Ensure the Remote Registry service is running and startup type is set to automatic.
  • For all Windows systems except Windows XP, you will need to disable the User Account Control (UAC) or use the build-in administrator account. Restart the Windows system after disabling the UAC.
  • Ensure your collective controller is running with an IBM JDK. The remote operation requires some security classes that are in the IBM JDK, and which are not available in the Oracle or OpenJDK JVMs.
  • For Windows XP, ensure the Simple File Sharing is turned off.

For detailed instructions on how to change these settings, see Setting up RXA for Liberty collective operations.

SSH service for Windows

If you would like to install a third-party SSH service such as Cygwin, you do not need to change the operating system settings described in the previous section. You can use either an SSH public and private key pair, or a user name and password to make the connection. Since the third-party SSH service may have a different home directory than the one Windows uses, add the following snippet into the member’s configuration file (wlp/usr/servers/<serverName>/server.xml):

<hostAuthInfo rpcUserHome="[user's home directory]" />

The SSH public and private key pair will be generated in the .ssh directory under this new user’s home directory.

For example,

<hostAuthInfo rpcUserHome="C:cygwinhomebob" />

Setting the Java Runtime Environment in the members

When the collective controller makes a remote connection to its members, the execution environment may not be same as if the user logs in directly on the system. To make sure the ServerCommands MBean uses the correct Java Runtime Environment to run the member server, you can specify the JAVA_HOME property in the server.env file in the ${server.config.dir} where server.xml is residing.

Alternatively, you can set the JAVA_HOME in the system environment variables on Windows or in .bashrc on UNIX- and Linux-based systems.

For detailed instructions on how to change these settings, see Setting the JAVA_HOME variable for Liberty collective members.

Join The Discussion

Your email address will not be published. Required fields are marked *