12 Replies Latest reply on Jul 18, 2012 3:28 PM by JA NameToUpdate

    Synching Keystore Files in 7.6

      Hi Everyone;


      I am attempting to update expired ketstore certs across multiple application servers.  I have been able to accomplish this on the primary application server but, I am confused about the secondart app servers.


      Accorrding to this KB, I should not update the spawner password in blasadmin on the seconcadry application servers.  However, I do have this deployment present in /usr/nsh/br/deployments.  Please clarify this procedure for me.  What are the steps I need to take to sync the keystores on the seconday app servers, including the spawner.





      Thanks in advance!

        • 1. Re: Synching Keystore Files in 7.6
          Bill Robinson

          You need to copy the bladelogic.keystore in every subdir of NSH/br/deployments.

          Then you need to run blasadmin against each deployment and set the keystore passwd.

          • 2. Synching Keystore Files in 7.6

            I have followed all of the steps.


            However, no matter what I do, I cannot get the procserver to start on the secondary app server...

            I keep getting the followig error:


            problems reading or parsing keystore file:/usr/nsh/br/deployments/_spawner/bladelogic.keystore


            I have verified the password with keytool.

            I have set the spawner password in blasadmin...


            I am at a loss.  Any help would be greatly appreciated!

            • 3. Re: Synching Keystore Files in 7.6
              Bill Robinson

              Can you detail the exact steps you performed ?

              • 4. Synching Keystore Files in 7.6

                I created a new bladelogic.keystore on the primary application server.  I copied this to /usr/nsh/br/deployments/default, _spawner. _launcher, templates).  I verified the ownership as bladmin:baldmin.


                I cd'ed into each of the above and verified the password on the certificate using keytool


                I used blasadmin to set the required passwords in the appserver configurations


                ./basadmin -a

                   set appserver CertPasswd <password>


                ./basadmin -s _launcher

                   set appServerLauncher KeyStorePassword <password>


                ./basadmin -s _spawner

                   set ProcessSpawner KeyStorePassword <password>



                I copied the same keystore file to the secondary app server and performed all of the steps above


                The application server and the AppServerLauncher work fine, it is only the ProcessServer that will not start and is failing on the keystore file, not matter what I do.


                The keystore was created using the hostname of the primary application server rather than "CN=hostname".

                • 5. Synching Keystore Files in 7.6

                  I am getting the same behavior of the Process Spawner not working on all Secondary app servers....

                  • 6. Synching Keystore Files in 7.6
                    Bill Robinson

                    Can you run:


                    Blasadmin –s _spawner set app certpass YOURPASSWORD


                    On each appserver and then start the spawner service?

                    1 of 1 people found this helpful
                    • 7. Synching Keystore Files in 7.6

                      Hi Bill;


                      I do not have app certpass for spawner...


                      bladmin>show proc all      








                      ...and, when I run the command you provided, I got the folloowing:


                      [root@]# /usr/nsh/br/blasadmin –s _spawner set app certpass password

                      To change future application servers, blasadmin must be run against the _template deployment.

                      blasadmin now running against deployment: default

                      Invalid argument: –s

                      available options: [help|set|show]


                      help                 - display available commands

                      set                  - change configuration settings

                      show                 - display configuration settings

                      • 8. Synching Keystore Files in 7.6



                        So, I ran it again and it seemd to work.   However, I am confused.  When I list the options for the spawner, that option is not shown...

                        • 9. Re: Synching Keystore Files in 7.6
                          Bill Robinson

                          sorry - i got my versions confused - you need to run this:


                          blasadmin -s _spawner set app certpass

                          blasadmin -a set proc keystorepass <password

                          • 10. Re: Synching Keystore Files in 7.6

                            Hi Bill;


                            We are running 7.6.


                            You solved my issue with Blasadmin –s _spawner set app certpass YOURPASSWORD.


                            However, I am not really sure how/why.  There is no option for app certpass in the blasadmin spawner space...


                            None of the docs that I found stated that particular command.... the command I had

                            blasadmin -s _spawner set ProcessSpawner KeyStorePassword <password>


                            and, when i looked in blasadmin, there was not option in the spawner space for 'app certpass'.. so, I was unanware of that command needing to be executed!


                            Thank you VERY much!


                            bladmin>show proc all







                            • 11. Re: Synching Keystore Files in 7.6
                              Bill Robinson

                              blasadmin -s _spawner show app CertPass

                              blasadmin -s _spawner show proc KeyStorePass

                              blasadmin -a show app CertPass

                              blasdmin -a show proc KeyStorePass


                              the spawner deployment is an appserver deployment, so it has an 'appserver' and a 'processspawner' section.  this got cleaned up in 8.something so the keystore setting in the 'processpawner' section is no longer there.

                              • 12. Re: Synching Keystore Files in 7.6

                                Thank you!  Resolved!