Manage Server Module Files

The Manage Server Module Files task uploads new or updated modular or custom assertions to a Gateway cluster directly from the Policy Manager. This task eliminates the need to copy a module file manually to each node and then change the file permissions.
gateway92
The
Manage Server Module Files
task uploads new or updated modular or custom assertions to a Gateway cluster directly from the Policy Manager. This task eliminates the need to copy a module file manually to each node and then change the file permissions.
Each uploaded file can contain one or more assertions.
To access this task: Tasks > Extensions and Add-Ons > Manage Server Module Files
Only 
.saar
and 
.sjar
files are supported. Custom and Modular assertions within 
.rpm
packages cannot be uploaded using this task. For those assertions, continue to use the installation instructions that are located under Install Purchased Custom Assertions.
Contents:
Prerequisites
  • Modules to be uploaded must be signed. 
Cluster Properties
Related cluster properties for this task:
serverModuleFile.upload.enable
serverModuleFile.upload.maxSize
For more information about these properties, see Miscellaneous Cluster Properties,
Security
To enable access to this task, either:
  • Assign users to the "Manage Modules Installable using the Policy Manager" predefined role (recommended)
  • Create a custom role with access to the following entities:
    Server Module Files
    (full CRUD access required) 
    Cluster Node Info Records
    (minimum Read access)
    Add Read permission to the following cluster properties:
    serverModuleFile.upload.enable 
    serverModuleFile.upload.maxSize
The Server Module File Entity cannot be placed into security zones.
Properties
Setting
What you should know...
Name
This is the name of the server module file. You can use the file name or some other friendly name. This name is displayed on:
State
Possible states:
  • Uploaded:
    The module is uploaded successfully. The module currently resides in the database, but is inactive pending acceptance and installation
  • Accepted:
    The module signature is verified and the module is awaiting loading.
  • Rejected:
    The module signature could not be verified and the module is not loaded.
  • Loaded:
    The module is loaded successfully into the Gateway node. Contents are visible in the Policy Manager (after reconnecting to the Gateway) and the module can be considered "installed".
  • Error:
    An error occurred while verifying the module signature.
Example: How a module moves through the various states
The following example shows how module states progress when uploading a module file in a clustered environment:
  1. User uploads the module file from the Policy Manager. Initial state: UPLOADED.
  2. System attempts to verify the module signature:
    • If the verification is successful, the state transitions to ACCEPTED.
    • If the verification is unsuccessful, the state is set to REJECTED.
    • If an error occurs during this stage, the state is set to ERROR. Additional information about the error is available by viewing the module properties.
  3. When a module is ACCEPTED, the system attempts to load ("install") the module.
    • If the load is successful, the state moves to LOADED and the module is available the next time the Policy Manager starts.
      Tip:
      To make the module available immediately, disconnect and reconnect the Policy Manager.
    • If the load is unsuccessful, the state is set to ERROR. Additional information about the error is available by viewing the module properties.
Frequently Asked Questions
Question
Answer
Why are the controls disabled in the Manage Serve Module Files dialog?
Check the following:
  • Server Module Files functionality has been disabled.
    Solution: Check that the
    serverModuleFile.upload.enable
    cluster property is set to 'true'.
  • Selected node is not connected.
    Solution: This behavior is by design. Controls available only when the currently connected node is selected.
  • Insufficient security permissions.
    Solutions, do either: (1) Assign the predefined role "Manage Modules Installable via Policy Manager". (2) Ensure that any custom roles meet the requirements that are described under "Security".
Why is it saying the functionality is currently disabled?
This functionality is enabled by default. Check with your system administrator for reasons why the feature is disabled.
Why can't I upload my custom/modular assertion?
Verify that the module is signed. The Policy Manager uploads only signed modules, to prevent malware. Check with your system administrator on how to sign your modules.
Why is my module REJECTED?
If the custom or modular assertion was uploaded before v9.0, then this error is expected.
If the custom or modular assertion was uploaded in v9.0 or later, then it was not signed properly. The
Layer7 API Gateway
rejects a module if its signature cannot be verified.
Why aren't my module contents visible even though the state is "Loaded"?
Disconnect and then reconnect to the Gateway for the new content to appear. Also, verify that you are connected to the correct node. A clustered environment that is connected to a Load Balancer may result in a different cluster node.
What happens if I disable this feature?
If you disable the server module files functionality using the
serverModuleFile.upload.enable
cluster property, all controls are disabled within Manage Server Modules. You cannot use this task to upload any modules. However, imports using the REST Management API that include server module files continue to succeed. The imported files reside in the Gateway's database. These files not loaded (State="Loaded") until you enable the feature and restart the Gateway node.