This document includes:
Installing NGiNX for Windows
Setting up NGiNX as a Windows Service
Configuring NGiNX as the load balancer for CA Process Automation
Installation steps for CA Process Automation specific to a cluster
As of the writing of this document (June 2016) the current stable release of NGiNX is 1.10.1 which is what was used here. This does not infer support of the NGiNX load balancer by CA Technologies or CA Technologies Support.
Please see the following for more information:
For the purposes of this document, NGiNX, EEM and MS SQL Server are installed on ServerA
CA Process Automation Node1 is installed on ServerB
CA Process Automation Node2 is installed on ServerC
IIS is disabled on all three servers so as to avoid port conflicts
CA Process Automation; 4.2 release and later; is not limited to having only two domain orchestrator cluster nodes, but more than two is outside the scope of this document.
It is suggested that you have a text editor that displays line numbers; like NotePad++; installed on the NGiNX server for working with the config files as this document will reference line numbers in the files for ease of location and accuracy.
Installing NGiNX for Windows
Download the free release of NGiNX from nginx: download
What you get is a zip file named nginx-1.10.1.zip
Extract the file to your preferred location, ex c:\nginx
The folder structure should look like this:
Open a command window and navigate to c:\nginx
At the command prompt type
start nginx.exe
You must leave this command window open in order for NGiNX to remain alive.
Open a web browser and navigate to the address
http://localhost
You will be presented with the NGiNX Welcome screen:
You will also see two nginx processes running in your task manager:
If this was successful, stop NGiNX by issuing at the command prompt in the NGiNX command window:
nginx.exe –s stop
Please note you must type this into the command window, do not copy and paste from this document or the command will fail.
Setting up NGiNX as a Windows Service
This document outlines the use of NSSM for creating the Windows Service for NGiNX.
When NGiNX is started, it starts up two processes. One is the master process, the other the worker process. So in your task manager you will see two nginx.exe processes running.
The way instsrv/srvany (from Microsoft) or FireDaemon work is to start the program, and then when you stop the service it closes the process. Neither of these options however is able to close the second nginx.exe process. So each time you stop/start/restart you are creating an extra nginx.exe process which could eventually leave you with several orphaned nginx.exe processes running in the task manager.
Using NSSM, we can create a service that will properly stop and start NGiNX.
1. Download NSSM from NSSM - the Non-Sucking Service Manager . The current release is 2.24 and you will get a zip file named nssm-2.24.zip
2. Extract the contents anywhere. You will have a folder named nssm-2.24
3. Open a command window and run the following:
C:\> cd C:\nssm-2.24\win64
C:\> nssm.exe install nginx
This will pop up a GUI in which to enter the nginx information
Press the Install service button to install the service
4. You will now have a service named nginx
5. Start this service, verify that there are two processes for nginx in the task manager and again verify that http://localhost opens the welcome page.
6. Stop the nginx service and verify that both processes in the task manager have stopped.
Configuring NGiNX for CA Process Automation, initial steps
From the CA Process Automation media, DVD1, copy the NginxConfig.zip from the NginxConfTemplates folder at the root of DVD1 to ServerA (NGiNX server).
Extract the zip and copy the three files to the c:\nginx\conf folder
For the purpose of this document, you do not need to have the secure-pam-server.conf file as this document does not go over the secure setup.
The pam-rest.conf is for the REST configuration in PAM, and pam-server.conf is for the non-secured configuration which is what this document will describe.
Open the pam-server.conf file.
There are four code blocks that initially need editing at the beginning of the file, and two at the end of the file.
The first four are the following:
Beginning on line 6 upstream loadbalancer {
Beginning on line 17 upstream uiloadbalancer {
Beginning on line 30 upstream jettyloadbalancer{
Beginning on line 42 # Define node1
For
upstream loadbalancer
upstream uiloadbalancer
upstream jettyloadbalancer
Change <Enter node1 hostname here> to reflect the hostname/FQDN of ServerB (PAM Node1) for the node1 definition of each code block.
NOTE:The code block for upstream jettyloadbalancer has a port listed of 80. Change this to 8080
All three of these code blocks use port 8080. This is the HTTP port that will be defined during the installation of CA Process Automation.
In the last code block section named Define node1 change <hostname of machine where you have installed node1> to the hostname/FQDN of ServerB and the >:<jetty server port> is the JBoss WebServer port that will be defined during the CA Process Automation installation.
This is important.
In the CA Process Automation installation you will be asked for the JBoss WebServer port number. By default this is 80, and for the purposes of this document this is the assumption.
Do not make changes to the node2 sections of the code blocks yet.
At the end of this file, lines 223 through 231, please comment both blocks so they appear as:
# node2 is the upstream name provided above
#location = /ws/node2 {
#proxy_pass http://node2;
#}
# node2 is the upstream name provided above
#location /ws/node2/ {
#proxy_pass http://node2;
#}
Save the changes, close the file and start the nginx service.
Installation steps for CA Process Automation specific to a cluster
Log onto ServerB and begin the installation for CA Process Automation, node1.
This document will only go over the information specific to the clustering.
The first dialog in the CA Process Automation installation that is used for the cluster is the Domain Configuration screen:
Select the check box next to Configure Load Balancer
Load Balancer Worker Node is the value “node1” , no quotes. This is not a hostname, a servername, or an IP. The value is “node1”
Public Host Name is the Servername of the load balancer
Public Host Port Number is “80” for the purposes of this document as NGiNX has been configured to run on port 80.
The next dialog in the CA Process Automation installation that is important for the cluster configuration is the General Properties screen:
The value for Server Host is automatically filled in as the current servername. Leave this information as is.
Display Name can be whatever you wish. The default is the Public Host Name value.
Server Port – this is the value that is used in the pam-server.conf file for NGiNX as the jetty server port discussed previously. For the purposes of this document (as previously stated IIS is disabled on all three servers) this value will remain as 80.
HTTP Port is the port that the CA Process Automation deployed application will bind to and run on. This is not to be confused with the simplified communications, which happens over TCP. For the purposes of this document, we are using the default values. This port is also used in the pam-server.conf file for the three blocks of code:
upstream loadbalancer
upstream uiloadbalancer
upstream jettyloadbalancer
Continue with the CA Process Automation installation.
Once the installation has completed, start the CA Process Automation service and verify that you are able to log in to CA Process Automation using the direct URL of:
http://serverB:8080/itpam
Once you have verified that you are able to log in to CA Process Automation directly, please stop the CA Process Automation service, and make sure that there are no running java.exe processes in the task manager.
Configuring NGiNX for CA Process Automation, next steps
Return to ServerA, NGiNX and stop the nginx service.
Open the nginx.conf file located in the conf folder where the pam-server.conf and pam-rest.conf files are also located.
Add the following include line to the http block of code:
include pam-server.conf;
This begins on line 17 and will look like the following when complete:
http {
include mime.types;
default_type application/octet-stream;
include pam-server.conf;
Next, delete the server block of code from this file. This will be from line 36 to 80 beginning with:
server {
listen 80;
server_name localhost;
Save and close the file. Start the nginx service.
Log back on to ServerB and start the CA Process Automation Service. Give this a few minutes to completely start up.
Open a browser and enter the URL to open via the load balancer:
http://serverA/itpam
This should present you with the login page for CA Process Automation. Log in and verify that this works.
Leave everything up and running.
Installing CA Process Automation, node2
Log on to ServerC, CA Process Automation node2.
Open a browser and navigate to the load balanced URL:
http://serverA/itpam
Log in as the pamadmin user, navigate to the Configuration tab.
Select the Installation palette, and select Install Cluster Node For Domain Orchestrator
This should begin the installation of CA Process Automation.
If you are prompted to open or save the file “installation”, this means that your file association on this machine is not setup correctly.
You want to open this file using Java WebStart, javaws.exe, located in the bin folder of the JRE under the JDK installation folder.
The steps will be the same as was done for node1 with one minor change.
On the load balancer configuration page you will enter node2 for the Load Balancer Worker Node as follows:
The general configuration will remain the same, with the exception that the Server Host information will be automatically set for the hostname for this server, ServerC.
There is nothing additional to configure on this installation as everything will be picked up from the configuration files for node1.
Once this installation is complete, do not start the service.
Configuring NGiNX for CA Process Automation, final steps
Log back on to ServerA, NGiNX, and stop the nginx service.
Open the pam-server.conf file again and perform the same steps for modifying the four code blocks as discussed in the initial steps above.
For
upstream loadbalancer
upstream uiloadbalancer
upstream jettyloadbalancer
You must uncomment the “server” line in in each of the above listed sections for the “Define node2” data.
Each of the three listed sections will have a "Define node1" and "Define node2" - for all three, "Define node2" the line:
# server <Enter node2 hostname here>:<HTTP port> max_fails=3 fail_timeout=3s;
is commented. Remove the comment/hash mark in each of the three sections before the word server.
In the code block specifically labeled as Define node 2, uncomment lines 50, 51 and 52 – from upstream node2 to the closing bracket so that it looks like:
# Define node2
# node2 is the worker node name
upstream node2{
server <hostname of machine where you have installed node2>:<jetty server port> max_fails=3 fail_timeout=3s;
}
Change <hostname of machine where you have installed node2> to the hostname/FQDN of ServerC and the >:<jetty server port> again to port 80 as was defined during the CA Process Automation node2 installation.
Uncomment the section at the end of the file beginning on line 223 so that it looks like:
# node2 is the upstream name provided above
location = /ws/node2 {
proxy_pass http://node2;
}
# node2 is the upstream name provided above
location /ws/node2/ {
proxy_pass http://node2;
}
Lines 223 through 231 should now be uncommented.
Save and close the file.
Start the service on ServerC for CA Process Automation - do not start NGiNX yet.
Give it some time to start up, then access it directly using the URL http://serverC:8080/itpam and log in.
Once node2 can be accessed directly, go back to ServerA and start the nginx service.
From any machine that has access to the network segment that Servers A, B and C are a part of, you should now be able to open a browser and access CA Process Automation using http://serverA/itpam
NGiNX - http://nginx.org/
NSSM - http://nssm.cc/