HCL Workload Automation, Version 9.4

Configuring to use the same LTPA token_keys

About this task

To use the same LTPA token_keys between more than one WebSphere Application Server, you must run this procedure between Dynamic Workload Console and each engine you want to which you want to connect.

The LTPA token_keys can be either exported from Dynamic Workload Console and imported into the engine, or exported from the engine and imported into Dynamic Workload Console.

Procedure

  1. Use the following script to export the LTPA token_keys from the WebSphere Application Server where the Dynamic Workload Console is installed, and to import them into the other instance of WebSphere Application Server. The script is located in the following path:
    HCL Workload Automation
    <TWA_home>/wastools/manage_ltpa.sh or ...\manage_ltpa.bat
    Dynamic Workload Console
    <Dynamic_Workload_Console_install_directory>/wastools/manage_ltpa.sh or ...\manage_ltpa.bat, for example, /opt/IBM/TWAUI/wastools/manage_ltpa.sh

    There is also a copy of manage_ltpa.sh and manage_ltpa.bat on each installation image.

    Make sure that the user who runs this script is allowed to access the WebSphere Application Server profile that hosts the Dynamic Workload Console or the engine.

    The syntax used to run the script is the following: 
    manage_ltpa -operation import|export -profilepath profile_path 
            -ltpafile LTPA_file_path -ltpapassword LTPA_file_password 
            [-user username -password password] 
            -port SOAP_port -server server_name
    where:
    –operation
    Select export to read the LTPA token_keys from the profile and save it to a file. Select import to update the profile with the LTPA token_keys stored in a file.
    –profilepath
    Specify the path to the profile on top of which the application, either Dynamic Workload Console or HCL Workload Automation is installed.
    –ltpafile
    Specify the fully qualified path name of the file that contains, if you import, or where to encrypt, if you export, the LTPA token_keys.
    –ltpapassword
    Specify a password of your choice to encrypt the file that contains the LTPA keys when exporting them, or, when importing them, the password that was used to encrypt them when they were exported. This password is used only when importing and exporting that LTPA token_keys. It does not need to match the administrator password.
    –user
    The administrator of the server hosting the Dynamic Workload Console or the engine. In the case of HCL Workload Automation, the administrator is, by default, the owner of the instance (TWS_user). The user and password arguments are optional. By default, the script looks for the credentials in the soap.client.props file located in the properties directory of the WebSphere Application Server profile.
    –password
    The password of the administrator of the server defined in the selected profile. The user and password arguments are optional. By default, the script looks for the credentials in the soap.client.props file located in the properties directory of the WebSphere Application Server profile.
    –port
    Specify the SOAP port used by the profile. By default the SOAP port is 28880 for Dynamic Workload Console installed on the WebSphere Application Server, and 31118 for HCL Workload Automation installed on the WebSphere Application Server.
    –server
    Specify the name of the server of the profile on which to import or export the LTPA tokens. The default server name varies, depending on how it was installed. See Table 1.
    Note:
    1. The server and path might have been modified from the default value after installation.
    2. This keyword is mandatory if the HCL Workload Automation server name is different from the Dynamic Workload Console server name.
    Table 1. Product versions and default server names
    Product version WebSphere Application Server version Default server name
    HCL Workload Automation, V9.x: The WebSphere Application Server installed in an instance of HCL Workload Automation (on which any HCL Workload Automation component is installed). server1, found in the following path: 
    <WAS_profile_path>/config/cells/TWSNodeCell/
nodes/TWSNode/servers/server1/server.xml
    where the default value of WAS_profile_path is <TWA_home>/WAS/TWSprofile
    Your version of the WebSphere Application Server on which the Dynamic Workload Console is installed. server1, found in the following path:
    JazzSM_profile_dir/config/cells/JazzSMNode01Cell/
nodes/JazzSMNode01/servers/server1/
    where, the default value of JazzSM_profile_dir is:
    On Windows operating systems
    C:\Program Files\IBM\JazzSM\profile
    On UNIX operating systems
    /opt/IBM/JazzSM/profile
  2. Stop and start each server involved in this activity to enable it.
  3. If you are configuring Single Sign-On, test that the configuration is correctly set between and the engine by performing the following steps:
    1. Log in to Dynamic Workload Console.
    2. Create an engine connection without specifying User ID and password.
    3. Perform a test connection.

Results

The next step is to disable the automatic generation of the LTPA token_keys, for which see: Disabling the automatic generation of LTPA token_keys