Service Registry 3.1 Administration Guide

Configuring Service Registry

The Sun Java Enterprise System 5 Installation Guide for UNIX describes how to perform post-install configuration of Service Registry using default property settings for the Registry. To use custom property settings, make a copy of the file ServiceRegistry-base/install/install.properties or ServiceRegistry-base/install/install.properties.template and edit it before you perform the configuration.

To configure the Registry, you can be logged in as root or become superuser, or you can be logged in as an non-root user.

For security reasons, it is recommended that you configure the Registry as a non-root user. For instructions, see To Configure Service Registry as a Non-Root User Using Custom Properties After a Configure Later Installation.

The ServiceRegistry-base location is /opt/SUNWsrvc-registry on Solaris OS and /opt/sun/srvc-registry on Linux and HP-UX systems.

Note –

Before you configure Service Registry, you must first install and configure Sun Java System Application Server (“Application Server”). The configuration process for Service Registry installs the Registry into an Application Server domain.

It is recommended that you install Application Server in its default location. If you installed Application Server in a non-default location, follow the instructions in Configuring Service Registry for a Non-Default Application Server Installation before you configure Service Registry.

The install.properties file contains a set of modifiable property settings. The properties that are listed in Table 1–1 are used by the configuration process. Each property name has the prefix registry.install. (terminating in a period). Some of these properties set non-default ports for the Application Server domain created for the Registry. Others set configuration properties described elsewhere in this manual.

You can configure multiple instances of Service Registry either as root or as a non-root user. If you do so, you must change the registry.install.dataHome property to be unique for each Registry instance. If you want to be able to run more than one instance at a time on the server, you must also change the eight port properties to be unique for each instance. For multiple non-root instances, you may want to change the value of registry.install.CACertDir to be unique for each instance.

Table 1–1 Service Registry Configuration Properties


Property Name	Description	Default Property Value
`DomainName`	Application Server domain name	`registry`
`ServerInstanceHost`	The default hostname where Service Registry can be accessed	`localhost`
`ServerInstancePort`	Application Server HTTP port for Service Registry	`6480`
`ServerInstanceSecurePort`	Application Server HTTPS port for Service Registry	`6443`
`ServerJMSPort`	Application Server Message Queue port for Service Registry	`6484`
`ServerIIOPPort`	Application Server IIOP port for Service Registry	`6485`
`ServerIIOPSecurePort`	Application Server IIOP secure port for Service Registry	`6486`
`ServerIIOPMutualAuthPort`	Application Server IIOP mutual authentication port for Service Registry	`6487`
`AdministrationJMXPort`	Application Server JMX port for Service Registry	`6488`
`AdministrationPort`	Application Server Administrative Server port for Service Registry	`6489`
`AdministratorUserID`	User name used to access Application Server Administrative Server	`admin`
`AdministratorPassword`	Password used to access Application Server Administrative Server	`12345678` when you configure as `root` None when you configure as a non-root user
`ApplicationServerKeystorePassword`	Password used to access Application Server keystore	`12345678` when you configure as `root` None when you configure as a non-root user
`RegistryServerKeystorePassword`	Password used to access Service Registry keystore	`12345678` when you configure as `root` None when you configure as a non-root user
`clientDatabase`	Determines whether the Service Registry database runs in embedded or Network Server mode (`true` for Network Server mode)	`false`
`RequireDatabaseAuthentication`	Determines whether access to the Service Registry database requires user authentication	`false`
`DatabaseUserID`	User ID for accessing the Service Registry database if user authentication is required	`APP`
`DatabasePassword`	Password for accessing the Service Registry database if user authentication is required	`app123` when you configure as `root` None when you configure as a non-root user
`backupDir`	Directory to be used for Service Registry backups. Normally commented out; remove comment to specify an alternate location.	`RegistryDomain-base/3.0/backup` when you configure as `root` `$HOME/srvc-registry/3.0/backup` when you configure as a non-root user
`dataHome`	Directory where Service Registry data is stored	`RegistryDomain-base` when you configure as `root` `$HOME/srvc-registry` when you configure as a non-root user
`CACertDir`	Directory for added certificates that the Application Server domain should trust	`ServiceRegistry-base/install/cacerts` when you configure as `root` `$HOME/srvc-registry/cacerts` when you configure as a non-root user

To Configure Service Registry as Root Using Custom Properties After a Configure Later Installation

Before You Begin

These instructions assume that you are logged in as root or have become superuser.

Change to the ServiceRegistry-base/install directory.

Copy the file install.properties to a secure location.

Use a command like the following:
cp install.properties $HOME/hidden_dir/sr.properties

Change the permissions on the properties file to make it writable.

Use a command like the following:
chmod 600 $HOME/hidden_dir/sr.properties

Edit the modifiable properties in the file.

For example, it is recommended that you change all the passwords from the default values.

Change the permissions back to the original read-only value.

Use a command like the following:
chmod 400 $HOME/hidden_dir/sr.properties

In the ServiceRegistry-base/install directory, run the following command (all on one line), specifying the location of the modified install.properties file.

Use a command like the following:

Ant-base/ant -f build-install.xml -Dinstall.properties=$HOME/hidden_dir/sr.properties configure

The ant command requires the JAVA_HOME environment variable to be set. Ordinarily, you set this variable to the following value:
```
/usr/jdk/entsys-j2se
```
The Registry configuration process creates an Application Server domain at RegistryDomain-base/domains/${registry.install.DomainName}. The default domain name is registry. The configuration process then starts the domain, deploys the Registry, and leaves the domain running.

The Registry configuration process installs the Registry database and server keystore in the directory RegistryDomain-base/3.0. This directory is not removed when the Registry is uninstalled, so that the database can be preserved for use in a future release. The administrator has control over when and whether to remove this directory.

The RegistryDomain-base location is /var/opt/SUNWsrvc-registry on Solaris OS and /var/opt/sun/srvc-registry on Linux and HP-UX systems.

The Registry configuration process creates a directory named ServiceRegistry-base/install/cacerts for you to place added certificates that the Application Server domain should trust.

Review the output of the ant configure command for any errors.

If there are no errors, you can now begin using the Web Console or the Admin Tool.

To Configure Service Registry as a Non-Root User Using Custom Properties After a Configure Later Installation

Before You Begin

These instructions assume that you are logged in as an ordinary user, not as root, and that someone logged in as root has installed Service Registry.

Change to the ServiceRegistry-base/install directory.

Copy the file install.properties.template to a location in your home directory and rename it.

Use a command like the following:
cp install.properties.template $HOME/sr.properties

Open your copy of the file in a text editor and modify properties as needed.

You must supply password values for the following properties, which are left empty in the template file:
```
registry.install.AdministratorPassword=
registry.install.ApplicationServerKeystorePassword=
registry.install.RegistryServerKeystorePassword=
```

Change the permissions on the file so that only you can read it.

Use a command like the following:
chmod 400 $HOME/sr.properties

In the ServiceRegistry-base/install directory, run a command like the following (all on one line), specifying the location of the modified file.

Ant-base/ant -f build-install.xml -Dinstall.properties=$HOME/sr.properties configure

Use a similar command to run any other configuration targets that you need.

The Registry configuration process creates an Application Server domain at $HOME/srvc-registry/domains/${registry.install.DomainName}. The default domain name is registry.

The Registry configuration process installs the Registry database and server keystore in the directory $HOME/srvc-registry/3.0.

The Registry configuration process creates a directory named $HOME/srvc-registry/cacerts for you to place added certificates that the Application Server domain should trust.

Review the output of the ant configure command for any errors.

If there are no errors, you can now begin using the Web Console or the Admin Tool.

Administering the Application Server Domain for Service Registry

The configuration process for Service Registry by default creates an Application Server domain named registry, to which the Service Registry web application is deployed. This domain is in the RegistryDomain-base/domains/registry directory.

This location is different from the default location for Application Server domains, /var/opt/SUNWappserver/domains (Solaris OS) or /var/opt/sun/appserver/domains (Linux and HP-UX systems).

Note –

It is recommended that you not run any applications other than Service Registry in the registry domain.

To administer the registry domain, you can use the Application Server Administration Console (“Admin Console”). You can use the Admin Console to start and stop the domain, view the server log, and perform other administrative tasks. See To Use the Application Server Admin Console for details.

You can also examine the server log directly. The log is in the file RegistryDomain-base/domains/registry/logs/server.log.

In addition to the Admin Console, you can use the asadmin command to administer the registry domain. Because the domain is not in the default location, you must specify the --domaindir option when you use asadmin commands that provide that option. The argument to the --domaindir option is RegistryDomain-base/domains.

If you want to use the --passwordfile option of asadmin commands, you need a file with a copy of the administrator password for the Registry domain. To create such a file, use the generate.password.file target of the build-install.xml file. The file is RegistryDomain-base/3.0/data/security/pw.txt.

The registry domain uses a set of non-default ports so as not to cause conflicts with the default Application Server domain, domain1. These Service Registry port values are registered with the Internet Assigned Numbers Authority (IANA). Table 1–2 lists and describes these ports. For more information, see Ports in the Application Server in Sun Java System Application Server Enterprise Edition 8.2 Administration Guide.

Table 1–2 Service Registry Domain Default Ports


Port Value	Description
6480	HTTP port
6443	HTTPS over SSL
6484	Message Queue port
6485	IIOP port
6486	IIOP SSL port
6487	IIOP Mutual Authentication port
6488	JMX port
6489	Application Server domain administration port

To Use the Application Server Admin Console

In a web browser, go to the URL https://hostname:6489/.

hostname is the system on which Application Server and Service Registry are running.

Accept the certificate that is offered.

A login page appears.

On the login page, type admin in the User Name field.

If you changed the default value of the registry.install.AdministratorUserID property when you configured the Registry, type the value you specified.

Type the Application Server administrator password in the Password field. Use the value that you specified for the registry.install.AdministratorPassword property when you configured the Registry. The default is 12345678.

Click Log In.

Changing the Service Registry Logging Level

To change the logging level for Service Registry, follow the instructions in the Admin Console online help. The property to specify in the Additional Properties area is org.freebxml.omar.

To change the logging for particular Service Registry subcomponents, refer to the following file: RegistryDomain-base/domains/registry/applications/j2ee-modules/soar/WEB-INF/classes/log4j.properties. You can specify any of the subcomponent names listed in this file. Do not include the string log4j.logger. For example, you can log server calls by specifying org.freebxml.omar.server.

To Stop and Restart the Application Server Domain for the Registry

The configuration process for the Registry starts the Application Server domain in which the registry is deployed. After you perform certain administrative tasks, you need to stop and restart the domain. Examples of such tasks are Configuring the Java Virtual Machine (JVM) for the Registry Domain and Creating an Administrator.

The Admin Console informs you if you need to restart the domain. You can use the Admin Console to perform this task. If you are using the asadmin command, you can use Ant tasks to stop and start the domain.

Change to the Service Registry install directory.

cd ServiceRegistry-base/install

Run the following command (all on one line):

Ant-base/ant -f build-install.xml -Dinstall.properties=props-file appserver.domain.bounce

where props-file is the path name of the copy of install.properties file that you edited in To Configure Service Registry as Root Using Custom Properties After a Configure Later Installation or To Configure Service Registry as a Non-Root User Using Custom Properties After a Configure Later Installation.

The appserver.domain.bounce target stops the domain and then restarts it.

The build-install.xml file also contains separate Ant targets for stopping and starting the Registry domain. To stop the domain, use the Ant target appserver.domain.stop. To start the domain, use the Ant target appserver.domain.start.

To Add Root Certificates to the Trusted Certificates in the Registry Domain

This task extends the list of trusted certificates in the Application Server registry domain.

Perform this task only if you use a third-party certificate and the root Certificate Authority (CA) certificate for the third party is not already in the Application Server truststore. Do not perform this task if you use only registry-issued certificates.

To determine whether the CA certificate you need is already available, you can use the list.cacerts target of the build-install.xml file:

Ant-base/ant -f build-install.xml -Dinstall.properties=props-file list.cacerts

where props-file is the path name of the copy of install.properties file that you edited in To Configure Service Registry as Root Using Custom Properties After a Configure Later Installation or To Configure Service Registry as a Non-Root User Using Custom Properties After a Configure Later Installation.

Download any root certificates that you want to support.

Sites that provide root certificates include the following:

If necessary, use the unzip command to extract .cer files from the downloaded archive.

Note –
Some files have the suffix .der.

Copy the .cer files to the directory specified by the registry.install.CACertDir property in your copy of the install.properties file.

This value is normally ServiceRegistry-base/install/cacerts if you configured as root, or $HOME/srvc-registry/cacerts if you configured as a non-root user.

Change to the directory ServiceRegistry-base/install.

Run the following command (all on one line):

Ant-base/ant -f build-install.xml -Dinstall.properties=props-file install.cacerts

This command installs any certificates found in the directory specified by the registry.install.CACertDir property into the Application Server domain truststore.

You can use the list.cacerts target again to make sure that the certificates have been installed correctly.

Follow the instructions in To Stop and Restart the Application Server Domain for the Registry.