3 Replies Latest reply on Jan 26, 2011 7:09 AM by Antonio Caputo

    About bladelogic.keystore

    Antonio Caputo

      As stated at step 2 pag. 52 of the Admin Guide, after installed two App Servers the bladelogic.keystore file has been copied from the installationDirectory/br/deployments/_template/bladelogic.keystore of App Server 1 to the same path of App Server 2.
      Step 3 has been skipped because it is a fresh installation and the password given to the certificate during the inslattation steps was the same on both App Servers.

       

      Now, from the GUI, by running the "Application Server Diagnostics" on the App Server 1 the "Environment Keystore Test" states:

       

      Error Keystore SHA-1 fingerprints does not match master deployment.
      Error Keystore md5sum  does not match master deployment.
      Error Deployment '_template' is inconsistent with the master deployment.

       

      A failure indicates that the keystore files present on this host are not in sync for this enviornment.
      Potential issues include:
      1) Password for the keystore files do not match.
      2) The SHA-1 fingerprint is inconsistent among all keystore files
      3) The MD5SUM of each keystore file is inconsistent.

       

      Is there any missing configuration on the env that should be performed?

       

      Thank you,
      Antonio

        • 1. Re: About bladelogic.keystore

          You may want to sync the keystore file located in the “Default” folder under deployments. I believe this is the keystore it’s trying to match. Then restart the app service on the second app server before trying to run diagnostics.

          1 of 1 people found this helpful
          • 2. Re: About bladelogic.keystore
            Bill Robinson

            here's a script that can do this for you.  you need nsh access between your appservers for the user running this, if you have multiple physical boxes.

             

            #!nsh

            #Script to copy bladelogic.keystore into each deployment

            # Written by Tim Biron. This need to be run from br's parent dir.

             

             

            ######################################################################

            #Print usage on how to run the program

            ######################################################################

            sub print_usage()

            {

            echo ""

            echo ""

            echo "Required Command line options are:"

            echo "  -p new keystore password"

            echo "  -a appserver you are running this on"

            echo ""

            echo "Optional Command line options are:"

            echo "  -t list of other phsyical appservers not including server specified for the -s argument"

            echo "  --help displays usage"

            echo ""

            exit 1

            }

             

            #######################################################################

            # Test to see if the new argument is an argument or a new option

            #######################################################################

            sub is_new_arg()

            {

            #print_debug "Checking $1 to see if it's an argument or an option."

            echo "$1" | egrep -q -e ^-p\|^-a

            RES=$?

             

            # Ensure blank values are ignored

            if test -z "$1"

            then

              RES=0

            fi

             

            #print_debug "Result for argument $1: $RES"

            return $RES

            }

             

            #######################################################################

            #Parse all command line arguments

            #######################################################################

            sub parse_args()

            {

            print_debug "Arguments: $@"

             

            if [ $# -eq 1 ]

            then

              print_usage

            fi

             

            if [ $# -eq "--help" ]

            then

              print_usage

            fi

             

            while test $# -ge 2

            do

                 case "$1" in

              -a)

                        print_debug "Parsing appserver arg."

               shift

               if test $# -lt 1

               then

                print_usage

               fi

             

               while ! is_new_arg "$1" && test $# -ge 1

               do

                            print_debug "Adding $1 to APPSERVER var."

                APPSERVER="$1"

                shift

                break

               done

               ;;

              -p)

                        print_debug "Parsing keystore password arg."

               shift

               if test $# -lt 1

               then

                print_usage

               fi

             

               while ! is_new_arg "$1" && test $# -ge 1

               do

                            print_debug "Adding $1 to KEYSTORE_PASS var."

                KEYSTORE_PASS="$1"

                shift

                break

               done

                  ;;        

              "")

               shift

               ;;

              *)

               echo "Error: Argument $1 not recognized."

               print_usage

               ;;

                 esac

            done

             

                print_debug "Finished parsing arguments."

            }

             

            DEBUG=0

            #######################################################################

            # Set the DEBUG variable to 1 to print out all debug statements

            #######################################################################

            sub print_debug()

            {

            if test $DEBUG -eq 1

            then

              echo `date '+%m/%d-%H:%M:%S'` $@ >> keystore-gen.log

            fi

            }

             

            #######################################################################

            # Backs up an existing keystore in the root of BR directory, if any,

            # and uses the keytool command to create a new keystore in BR directory

            #######################################################################

            sub create_keystore()

            {

                if [ -f $BR_DIR$BL_KEYSTORE ]

                then

                    mv $BR_DIR$BL_KEYSTORE $BR_DIR$BL_KEYSTORE_BAK

                fi

             

                OS=`uname -s`

             

                if [ "$OS" = "WindowsNT" ]

                then

                    KEYTOOL='jre/bin/keytool'

                    print_debug "Keytool command is $KEYTOOL on $OS"

                else

                    KEYTOOL='br/java/bin/keytool'

                    print_debug "Keytool command is $KEYTOOL on $OS"

                fi

             

                if [ "x$APPSERVER" != "x" ] && [ "x$KEYSTORE_PASS" != "x" ]

                then

                    echo 'Creating bladelogic.keystore'

                    $KEYTOOL -genkey -alias blade -keyalg RSA -keysize 1024 -dname CN=$APPSERVER -keypass $KEYSTORE_PASS -storepass $KEYSTORE_PASS -keystore $BR_DIR$BL_KEYSTORE -validity 1000

                    echo 'Finished creating bladelogic.keystore'

                else

                    echo 'Either -a and/or -p requrired argument is missing'

                    print_usage

                fi

            }

             

            #######################################################################

            # Copies the keystore at root of BR directory to all deployments and

            # configures the appservers with new keystore password

            #######################################################################

            sub copy_keystore_config_appserver()

            {

                if [ -f $BR_DIR$BL_KEYSTORE ]

                then

                  BR_DEPLOYMENTS='br/deployments/'

                  DEPLOYMENTS=`ls -p $BR_DEPLOYMENTS`

                  for d in $DEPLOYMENTS

                  do

                      if [ -f $BR_DEPLOYMENTS$d$BL_KEYSTORE ]

                      then

                        echo 'Backing up the' $BL_KEYSTORE 'in' $BR_DEPLOYMENTS$d 'to' $BL_KEYSTORE_BAK

                        cp $BR_DEPLOYMENTS$d$BL_KEYSTORE $BR_DEPLOYMENTS$d$BL_KEYSTORE_BAK

                        cp $BR_DIR$BL_KEYSTORE $BR_DEPLOYMENTS$d$BL_KEYSTORE

             

                        if [ "$OS" != "WindowsNT" ]

                        then

                            chown bladmin:bladmin $BR_DEPLOYMENTS$d$BL_KEYSTORE

                        fi

             

                        if [ $d = '_launcher/' ]

                        then

                            $BLASADMIN -s $d set AppServerLauncher KeyStorePassword $KEYSTORE_PASS

                        else

                            $BLASADMIN -s $d set appserver CertPasswd $KEYSTORE_PASS

                            $BLASADMIN -s $d set ProcessSpawner KeyStorePassword $KEYSTORE_PASS

                        fi

                      fi

                  done

                  echo 'Finished updating' $BL_KEYSTORE 'files.'

                else

                  echo 'Failed to create' $BL_KEYSTORE 'OR' $BL_KEYSTORE 'file does not exist in' $BR_DIR 'under <INSTALL> (e.g. /usr/nsh)'

                fi

            }

             

            ######################################################################

            #Main

            ######################################################################

             

            #Parse arguments.

            parse_args "$@"

             

            BR_DIR='br/'

            BL_KEYSTORE='bladelogic.keystore'

            BL_KEYSTORE_BAK='bladelogic.keystore.bak'

            BLASADMIN='bin/blasadmin'

             

            create_keystore

            copy_keystore_config_appserver

            #!nsh

            #Script to copy bladelogic.keystore into each deployment

            # Written by Tim Biron. This need to be run from br's parent dir.

             

             

            ######################################################################

             

            #Print usage on how to run the program

             

            ######################################################################

             

            sub print_usage()

             

            {

             

            echo ""

             

            echo ""

             

            echo "Required Command line options are:"

             

            echo "  -p new keystore password"

             

            echo "  -a appserver you are running this on"

             

            echo ""

             

            echo "Optional Command line options are:"

             

            echo "  -t list of other phsyical appservers not including server specified for the -s argument"

             

            echo "  --help displays usage"

             

            echo ""

             

            exit 1

             

            }

             

             

            #######################################################################

             

            # Test to see if the new argument is an argument or a new option

             

            #######################################################################

             

            sub is_new_arg()

             

            {

             

            #print_debug "Checking $1 to see if it's an argument or an option."

             

            echo "$1" | egrep -q -e ^-p\|^-a

             

            RES=$?

             

             

            # Ensure blank values are ignored

             

            if test -z "$1"

             

            then

             

              RES=0

             

            fi

             

             

            #print_debug "Result for argument $1: $RES"

             

            return $RES

             

            }

             

             

            #######################################################################

             

            #Parse all command line arguments

             

            #######################################################################

             

            sub parse_args()

             

            {

             

            print_debug "Arguments: $@"

             

             

            if [ $# -eq 1 ]

             

            then

             

              print_usage

             

            fi

             

             

            if [ $# -eq "--help" ]

             

            then

             

              print_usage

             

            fi

             

             

            while test $# -ge 2

             

            do

             

                 case "$1" in

             

              -a)

             

                        print_debug "Parsing appserver arg."

             

               shift

             

               if test $# -lt 1

             

               then

             

                print_usage

             

               fi

             

             

               while ! is_new_arg "$1" && test $# -ge 1

             

               do

             

                            print_debug "Adding $1 to APPSERVER var."

             

                APPSERVER="$1"

             

                shift

             

                break

             

               done

             

               ;;

             

              -p)

             

                        print_debug "Parsing keystore password arg."

             

               shift

             

               if test $# -lt 1

             

               then

             

                print_usage

             

               fi

             

             

               while ! is_new_arg "$1" && test $# -ge 1

             

               do

             

                            print_debug "Adding $1 to KEYSTORE_PASS var."

             

                KEYSTORE_PASS="$1"

             

                shift

             

                break

             

               done

             

                  ;;        

             

              "")

             

               shift

             

               ;;

             

              *)

             

               echo "Error: Argument $1 not recognized."

             

               print_usage

             

               ;;

             

                 esac

             

            done

             

             

                print_debug "Finished parsing arguments."

             

            }

             

             

            DEBUG=0

             

            #######################################################################

             

            # Set the DEBUG variable to 1 to print out all debug statements

             

            #######################################################################

             

            sub print_debug()

             

            {

             

            if test $DEBUG -eq 1

             

            then

             

              echo `date '+%m/%d-%H:%M:%S'` $@ >> keystore-gen.log

             

            fi

             

            }

             

             

            #######################################################################

             

            # Backs up an existing keystore in the root of BR directory, if any,

             

            # and uses the keytool command to create a new keystore in BR directory

             

            #######################################################################

             

            sub create_keystore()

             

            {

             

                if [ -f $BR_DIR$BL_KEYSTORE ]

             

                then

             

                    mv $BR_DIR$BL_KEYSTORE $BR_DIR$BL_KEYSTORE_BAK

             

                fi

             

             

                OS=`uname -s`

             

             

                if [ "$OS" = "WindowsNT" ]

             

                then

             

                    KEYTOOL='jre/bin/keytool'

             

                    print_debug "Keytool command is $KEYTOOL on $OS"

             

                else

             

                    KEYTOOL='br/java/bin/keytool'

             

                    print_debug "Keytool command is $KEYTOOL on $OS"

             

                fi

             

             

                if [ "x$APPSERVER" != "x" ] && [ "x$KEYSTORE_PASS" != "x" ]

             

                then

             

                    echo 'Creating bladelogic.keystore'

             

                    $KEYTOOL -genkey -alias blade -keyalg RSA -keysize 1024 -dname CN=$APPSERVER -keypass $KEYSTORE_PASS -storepass $KEYSTORE_PASS -keystore $BR_DIR$BL_KEYSTORE -validity 1000

             

                    echo 'Finished creating bladelogic.keystore'

             

                else

             

                    echo 'Either -a and/or -p requrired argument is missing'

             

                    print_usage

             

                fi

             

            }

             

             

            #######################################################################

             

            # Copies the keystore at root of BR directory to all deployments and

             

            # configures the appservers with new keystore password

             

            #######################################################################

             

            sub copy_keystore_config_appserver()

             

            {

             

                if [ -f $BR_DIR$BL_KEYSTORE ]

             

                then

             

                  BR_DEPLOYMENTS='br/deployments/'

             

                  DEPLOYMENTS=`ls -p $BR_DEPLOYMENTS`

             

                  for d in $DEPLOYMENTS

             

                  do

             

                      if [ -f $BR_DEPLOYMENTS$d$BL_KEYSTORE ]

             

                      then

             

                        echo 'Backing up the' $BL_KEYSTORE 'in' $BR_DEPLOYMENTS$d 'to' $BL_KEYSTORE_BAK

             

                        cp $BR_DEPLOYMENTS$d$BL_KEYSTORE $BR_DEPLOYMENTS$d$BL_KEYSTORE_BAK

             

                        cp $BR_DIR$BL_KEYSTORE $BR_DEPLOYMENTS$d$BL_KEYSTORE

             

             

                        if [ "$OS" != "WindowsNT" ]

             

                        then

             

                            chown bladmin:bladmin $BR_DEPLOYMENTS$d$BL_KEYSTORE

             

                        fi

             

             

                        if [ $d = '_launcher/' ]

             

                        then

             

                            $BLASADMIN -s $d set AppServerLauncher KeyStorePassword $KEYSTORE_PASS

             

                        else

             

                            $BLASADMIN -s $d set appserver CertPasswd $KEYSTORE_PASS

             

                            $BLASADMIN -s $d set ProcessSpawner KeyStorePassword $KEYSTORE_PASS

             

                        fi

             

                      fi

             

                  done

             

                  echo 'Finished updating' $BL_KEYSTORE 'files.'

             

                else

             

                  echo 'Failed to create' $BL_KEYSTORE 'OR' $BL_KEYSTORE 'file does not exist in' $BR_DIR 'under <INSTALL> (e.g. /usr/nsh)'

             

                fi

             

            }

             

             

            ######################################################################

             

            #Main

             

            ######################################################################

             

             

            #Parse arguments.

             

            parse_args "$@"

             

             

            BR_DIR='br/'

             

            BL_KEYSTORE='bladelogic.keystore'

             

            BL_KEYSTORE_BAK='bladelogic.keystore.bak'

             

            BLASADMIN='bin/blasadmin'

             

             

            create_keystore

             

            copy_keystore_config_appserver

            • 3. About bladelogic.keystore
              Antonio Caputo

              Thank you guys.