Clustering CA Process Automation with NGiNX for Windows

Document ID : KB000044456
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

This document includes:

Installing NGiNX for Windows
Setting up NGiNX as a Windows Service
Configuring NGiNX as the load balancer for CA Process Automation
Installation steps for CA Process Automation specific to a cluster

As of the writing of this document (June 2016) the current stable release of NGiNX is 1.10.1 which is what was used here. This does not infer support of the NGiNX load balancer by CA Technologies or CA Technologies Support.
Please see the following for more information:

http://nginx.org/en/docs/windows.html

 

For the purposes of this document, NGiNX, EEM and MS SQL Server are installed on ServerA
CA Process Automation Node1 is installed on ServerB
CA Process Automation Node2 is installed on ServerC
IIS is disabled on all three servers so as to avoid port conflicts

 

CA Process Automation; 4.2 release and later; is not limited to having only two domain orchestrator cluster nodes, but more than two is outside the scope of this document.

It is suggested that you have a text editor that displays line numbers; like NotePad++; installed on the NGiNX server for working with the config files as this document will reference line numbers in the files for ease of location and accuracy.

 

Instructions:

Installing NGiNX for Windows

Download the free release of NGiNX from http://nginx.org/en/download.html
What you get is a zip file named nginx-1.10.1.zip
Extract the file to your preferred location, ex c:\nginx
The folder structure should look like this:

a. install dir.png

Open a command window and navigate to c:\nginx
At the command prompt type
start nginx.exe
You must leave this command window open in order for NGiNX to remain alive.
Open a web browser and navigate to the address
http://localhost

 

You will be presented with the NGiNX Welcome screen:

b. welcome.png

You will also see two nginx processes running in your task manager:

c. task_mgr.png

If this was successful, stop NGiNX by issuing at the command prompt in the NGiNX command window:

nginx.exe –s stop

Please note you must type this into the command window, do not copy and paste from this document or the command will fail.

 

Setting up NGiNX as a Windows Service

This document outlines the use of NSSM for creating the Windows Service for NGiNX.

When NGiNX is started, it starts up two processes. One is the master process, the other the worker process. So in your task manager you will see two nginx.exe processes running.
The way instsrv/srvany (from Microsoft) or FireDaemon work is to start the program, and then when you stop the service it closes the process. Neither of these options however is able to close the second nginx.exe process. So each time you stop/start/restart you are creating an extra nginx.exe process which could eventually leave you with several orphaned nginx.exe processes running in the task manager.

 

Using NSSM, we can create a service that will properly stop and start NGiNX.

1. Download NSSM from http://nssm.cc . The current release is 2.24 and you will get a zip file named nssm-2.24.zip
2. Extract the contents anywhere. You will have a folder named nssm-2.24
3. Open a command window and run the following:

    C:\> cd C:\nssm-2.24\win64
    C:\> nssm.exe install nginx

This will pop up a GUI in which to enter the nginx information

nssm_svc_installer.png

Press the Install service button to install the service

nssm_success.png

4. You will now have a service named nginx
5. Start this service, verify that there are two processes for nginx in the task manager and again verify that http://localhost opens the welcome page.
6. Stop the nginx service and verify that both processes in the task manager have stopped.

 

Configuring NGiNX for CA Process Automation, initial steps

From the CA Process Automation media, DVD1, copy the NginxConfig.zip from the NginxConfTemplates folder at the root of DVD1 to ServerA (NGiNX server).
Extract the zip and copy the three files to the  c:\nginx\conf folder

e. conf_files.png

For the purpose of this document, you do not need to have the secure-pam-server.conf file as this document does not go over the secure setup.
The pam-rest.conf is for the REST configuration in PAM, and pam-server.conf is for the non-secured configuration which is what this document will describe.

 

Open the pam-server.conf file.
There are four code blocks that initially need editing at the beginning of the file, and two at the end of the file.
The first four are the following:

Beginning on line 6   upstream loadbalancer  {

Beginning on line 17   upstream uiloadbalancer  {

Beginning on line 30   upstream jettyloadbalancer{

Beginning on line 42   # Define node1

For
upstream loadbalancer
upstream uiloadbalancer
upstream jettyloadbalancer

Change  <Enter node1 hostname here> to reflect the hostname/FQDN of ServerB (PAM Node1) for the node1 definition of each code block.

NOTE:The code block for upstream jettyloadbalancer has a port listed of 80. Change this to 8080

All three of these code blocks use port 8080. This is the HTTP port that will be defined during the installation of CA Process Automation.

In the last code block section named  Define node1 change <hostname of machine where you have installed node1> to the hostname/FQDN of ServerB and the >:<jetty server port> is the JBoss WebServer port that will be defined during the CA Process Automation installation.
This is important.
In the CA Process Automation installation you will be asked for the JBoss WebServer port number. By default this is 80, and for the purposes of this document this is the assumption.

 

Do not make changes to the node2 sections of the code blocks yet.


At the end of this file, lines 223 through 231, please comment both blocks so they appear as:

# node2 is the upstream name provided above
#location = /ws/node2 {
#proxy_pass http://node2;
#}

# node2 is the upstream name provided above
#location /ws/node2/ {
#proxy_pass http://node2;
 #}

 


Save the changes, close the file and start the nginx service.

 

Installation steps for CA Process Automation specific to a cluster

Log onto ServerB and begin the installation for CA Process Automation, node1.
This document will only go over the information specific to the clustering.
There is a knowledge document specifically for the installation of CA Process Automation here: TEC607491

 

 

The first dialog in the CA Process Automation installation that is used for the cluster is the Domain Configuration screen:

d. node1_config.png

Select the check box next to Configure Load Balancer
Load Balancer Worker Node is the value “node1” , no quotes. This is not a hostname, a servername, or an IP. The value is “node1”

 

Public Host Name is the Servername of the load balancer
Public Host Port Number is “80” for the purposes of this document as NGiNX has been configured to run on port 80.

Once this information is filled out correctly, click Next.

 

The next dialog in the CA Process Automation installation that is important for the cluster configuration is the General Properties screen:

f. node1_jbossconfig.png

The value for Server Host is automatically filled in as the current servername. Leave this information as is.

Display Name can be whatever you wish. The default is the Public Host Name value.

Server Port – this is the value that is used in the pam-server.conf file for NGiNX as the jetty server port discussed previously. For the purposes of this document (as previously stated IIS is disabled on all three servers) this value will remain as 80.

HTTP Port is the port that the CA Process Automation deployed application will bind to and run on. This is not to be confused with the simplified communications, which happens over TCP. For the purposes of this document, we are using the default values. This port is also used in the pam-server.conf file for the three blocks of code:

upstream loadbalancer
upstream uiloadbalancer
upstream jettyloadbalancer

Continue with the CA Process Automation installation.
Once the installation has completed, start the CA Process Automation service and verify that you are able to log in to CA Process Automation using the direct URL of:

http://serverB:8080/itpam

 

Once you have verified that you are able to log in to CA Process Automation directly, please stop the CA Process Automation service, and make sure that there are no running java.exe processes in the task manager.

 

Configuring NGiNX for CA Process Automation, next steps

Return to ServerA, NGiNX and stop the nginx service.
Open the nginx.conf file located in the conf folder where the pam-server.conf and pam-rest.conf files are also located.
Add the following include line to the http block of code:

 

 

include pam-server.conf;

This begins on line 17 and will look like the following when complete:

http {

 

    include       mime.types;
    default_type  application/octet-stream;
    include pam-server.conf;

Next, delete the server block of code from this file. This will be from line 36 to 80 beginning with:

  server {

        listen       80;
        server_name  localhost;

Save and close the file. Start the nginx service.
Log back on to ServerB and start the CA Process Automation Service. Give this a few minutes to completely start up.
Open a browser and enter the URL to open via the load balancer: 

http://serverA/itpam

This should present you with the login page for CA Process Automation. Log in and verify that this works.

 

Leave everything up and running.


Installing CA Process Automation, node2

Log on to ServerC, CA Process Automation node2.

Open a browser and navigate to the load balanced URL:

http://serverA/itpam

 

Log in as the pamadmin user, navigate to the Configuration tab.
Select the Installation palette, and select Install Cluster Node For Domain Orchestrator

g. cluster_install.png

This should begin the installation of CA Process Automation.
If you are prompted to open or save the file “installation”, this means that your file association on this machine is not setup correctly.
You want to open this file using Java WebStart, javaws.exe, located in the bin folder of the JRE under the JDK installation folder.

The steps will be the same as was done for node1 with one minor change.

 

On the load balancer configuration page you will enter node2 for the Load Balancer Worker Node as follows:

h. node2_config.png

The general configuration will remain the same, with the exception that the Server Host information will be automatically set for the hostname for this server, ServerC.
There is nothing additional to configure on this installation as everything will be picked up from the configuration files for node1.

 

 

Once this installation is complete, do not start the service.

 

Configuring NGiNX for CA Process Automation, final steps

Log back on to ServerA, NGiNX, and stop the nginx service.
Open the pam-server.conf file again and perform the same steps for modifying the four code blocks as discussed in the initial steps above.

For
upstream loadbalancer
upstream uiloadbalancer
upstream jettyloadbalancer

 

You must uncomment the “server” line in in each of the above listed sections for the “Define node2” data.
Each of the three listed sections will have a "Define node1" and "Define node2" - for all three, "Define node2" the line:

 # server <Enter node2 hostname here>:<HTTP port> max_fails=3 fail_timeout=3s;

is commented. Remove the comment/hash mark in each of the three sections before the word server.

 

In the code block specifically labeled as Define node 2, uncomment lines 50, 51 and 52 – from upstream node2 to the closing bracket so that it looks like:

 

# Define node2
# node2 is the worker node name
upstream node2{
server <hostname of machine where you have installed node2>:<jetty server port> max_fails=3 fail_timeout=3s;
} 

 

Change <hostname of machine where you have installed node2> to the hostname/FQDN of ServerC and the >:<jetty server port> again to port 80 as was defined during the CA Process Automation node2 installation.

Uncomment the section at the end of the file beginning on line 223 so that it looks like:

     # node2 is the upstream name provided above
      location = /ws/node2 {
            proxy_pass http://node2;                                                          
      } 

      # node2 is the upstream name provided above       
      location /ws/node2/ {
            proxy_pass http://node2;                                          
      }

 

Lines 223 through 231 should now be uncommented.

 

Save and close the file.
Start the service on ServerC for CA Process Automation - do not start NGiNX yet.
Give it some time to start up, then access it directly using the URL http://serverC:8080/itpam and log in.
Once node2 can be accessed directly, go back to ServerA and start the nginx service.

 

From any machine that has access to the network segment that Servers A, B and C are a part of, you should now be able to open a browser and access CA Process Automation using http://serverA/itpam

 

Additional Information:


NGiNX - http://nginx.org/

NSSM - http://nssm.cc/