enterprise content management system monitor · the jmx monitor application requires a user –...
TRANSCRIPT
Enterprise Content Management
System Monitor
How to deploy the JMX monitor application in WebSphere
ND clustered environments
Revision 1.3
CENIT AG Author: Juergen Poiger
25. August 2015
2
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Content
Disclaimer ............................................................................................................................. 4
Overview ............................................................................................................................... 4
Preparation ............................................................................................................................ 6
Virtual Hosts ...................................................................................................................... 6
User account ..................................................................................................................... 8
Deploying the application .....................................................................................................10
Verification ...........................................................................................................................20
SSL certificates – HTTPS .....................................................................................................22
4
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Disclaimer
The content of this document is based on ECM SM in version 5.2.0. The descriptions and
guidelines in this document are for informational purposes only. Up-to-dateness, content
completeness, appropriateness and validity for all possible scenarios cannot be guaranteed.
All information is provided on an as-is basis. The author is not liable for any errors or omissions
in this document or any losses, injuries and damages arising from its use.
If you are planning to setup or configure ECM SM or to adjust an existing installation, it is
absolutely necessary to take into account current security whitepapers, release notes and
announcements from the official IBM ECM System Monitor product documentation website.
If you want to notify us about mistakes or improvement suggestions send us a mail to
Overview
This guide provides a description how to deploy the ECM SM JMX monitor application in
WebSphere ND clustered environments. Screenshots are taken from a WAS ND 8.5.5.6
environment.
Goal of the JMX monitoring is to monitor MBeans provided by the JVMs. It provides detailed
information about the status of the backend of the applications without taking load balancing
and webservers into account. Rules and additional monitors can be set up to give a status of
the front end availability of the application. This guide focuses on the backend monitoring.
Below is an example of a possible topology. A WAS ND cell contains two WAS clusters,
each cluster has a cluster node (physical server). On each cluster is a productive application
and the JMX monitor application deployed. On each cluster nodes server (operating system)
is an ECM SM agent installed. The monitoring agent connects to the JMX monitoring
application using the application port.
5
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
The environment used for the screenshots contained only one physical node for the cluster
nodes. All cluster members were created on the same node.
The HTTP server farm and availability of the business service through the load balancer is
monitored by an ECM SM agent using the HTTP(S) monitors (WebStatus monitor, PingPage
monitor, …).
6
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Preparation
Virtual Hosts
To simplify the deployment process depending on the way the web applications are set up,
creating a virtual host for the JMX monitor application is recommended unless the
“default_host “ is used for the applications.
The virtual host for the JMX monitor application should contain all application ports for all
nodes (secure and unsecure where applicable). For the shown example topology it would be
e.g.:
Virtual host “ECMSM_JMX_host”
Host aliases:
Host Name Port
* 9080
* 9081
7
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
8
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
User account
The JMX monitor application requires a user – role mapping to be able to access the
MBeans. The minimum role for this task is “Auditor”. Prepare a user using the WebSphere’s
“User and Groups” – “Administrative user roles” menu. Add the role “Auditor” or higher to the
user which will be mapped to the JMX monitor application. The user name and password is
used in the configuration for the JMX monitor inside ECM SM (using the Core Agent installer
or the Monitoring Manager).
9
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Changes in virtual hosts and user mappings require application server restart.
10
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Deploying the application
The JMX monitor application must be deployed to each cluster that will be monitored. The
monitor application must run in the same JVM as the applications which will be monitored.
The EAR and WAR file can be found on the ECM SM server in the directory
<install directory>/repos/install/webapps
The files are named applicationserver.jmx.monitor.ear and
applicationserver.jmx.monitor.war. The applicationserver.jmx.monitor.ear already contains
the property “context root = /jmxmonitor”, otherwise there is no difference between the files.
Copy the file to the computer where the WAS administrative console is running or to the
Deployment Manager node or any other node from the WAS cell.
Log on to the WAS console using an administrative account, open the “New Application”
menu and select “New Enterprise Application”.
Select the applicationserver.jmx.monitor.ear from the location where the file was stored.
11
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Choose “Detailed” in the next step to show all installation options and parameters.
Select “Precompile JavaServer Pages files” and type in an application name (or use the
default) in Step 1:
12
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
In step 2 insert the check mark for the fsmtools.applicationserver.jmx.monitor web module
and select all WebSphere clusters where the module should be installed. The clusters should
be displayed in the table after “Apply” was clicked.
13
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
In step 3 verify the JDK Source Level, it needs to be 15 which is the default on WAS 8.5.
No changes are necessary in steps 4 to 6.
Select the virtual host created before for the JMX monitor module (or default_host if it
contains all application ports) in step 7.
Step 8 defines the context root of the module. Use the default “jmxmonitor” or type in your
own. The context root has to be used in the configuration of the JMX monitors inside ECM
SM.
14
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
With step 9 the security roles to user mapping is defined. Map the prepared user to the
jmx_monitoring role.
15
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
No changes required in steps 10 to 13. Click “Finish” to install the application.
16
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
If the installation completed successfully, save directly to the master configuration.
17
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
The JMX monitor application is installed. Synchronize the nodes, select all nodes for the
application clusters.
If the application servers haven’t been restarted after the creation of the virtual host and the
user – role mapping restart them now. Otherwise a restart is not necessary.
Switch to the “Applications” menu and start the JMX monitor application.
You should see the updated “started” status. To check the target specific application status
click on the JMX monitor application link.
18
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
The target specific application status shows you the state of the application on all deployed
clusters.
19
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
20
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Verification
A quick check to test the application can be done by requesting all JMX MBeans in a web
browser.
Open a new browser session so the application requests the credentials instead of using the
running session credentials. Request the URL http(s)://<application server
hostname>:<application port>/jmxmonitor/configuration.jsp, e.g.
http://was8556.de.cenit-group.com:9080/jmxmonitor/configuration.jsp
The result page should show an xml page displaying all available MBeans, attributes and
values.
21
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
Search within the page for e.g. “HeapSize” and check if values are shown.
If the values contain the error message "#Error: Exception: Error: An Invokation Exception
was thrown, when trying to invoke the request on the application server EC0005" most likely
the user to role mapping is wrong or not sufficient.
22
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
SSL certificates – HTTPS
If the applications are SSL secured and only reachable using https protocol, the SSL
certificate needs to be imported into a keystore that can be used by the ECM SM agent. The
keystore needs to be published to the ECM SM agent monitoring that specific server by
running the ECM SM configuration task “Configure Keystore Settings”.
One way to export the certificate is to use a browser to access the secured page
https://<application server hostname>:<application secure
port>/jmxmonitor/configuration.jsp. The certificate will be saved in the browser
certificate cache when the page is being accessed for first time. Using the export function in
the browser, e.g. Firefox “Options – Advanced – Certificates – View Certificates – Servers -
Export”. Save the exported certificate in “X.509 Certificate (PEM) .crt” format in a location
that can be accessed by the ECM SM agent.
The certificate needs to be imported into an existing or new keystore. The keytool command
to do this is:
<path to keytool>\keytool -import -file <path and file name to
certificate> -alias <description> -keystore <path and file name to
keystore>
e.g.
jre\bin\keytool -import -file svwap021ti.de.cenit-group.com.crt -
alias appserv1_certificate -keystore ECMSMagent_keystore
The path, file name and the password for the keystore is published to the ECM SM agent
using the task “Configure Keystore Settings”.
The procedure must be repeated for each ECM SM agent where JMX monitor will be
configured to run.
23
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
24
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015
25
CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015