Manage Server Module Files
The Manage Server Module Files task uploads new or updated modular or custom assertions to a Gateway cluster directly from the Policy Manager. This task eliminates the need to copy a module file manually to each node and then change the file permissions.
Manage Server Module Filestask uploads new or updated modular or custom assertions to a Gateway cluster directly from the Policy Manager. This task eliminates the need to copy a module file manually to each node and then change the file permissions.
Each uploaded file can contain one or more assertions.
To access this task: Tasks > Extensions and Add-Ons > Manage Server Module Files
.sjarfiles are supported. Custom and Modular assertions within
.rpmpackages cannot be uploaded using this task. For those assertions, continue to use the installation instructions that are located under Install Purchased Custom Assertions.
- Modules to be uploaded must be signed.
Related cluster properties for this task:
For more information about these properties, see Miscellaneous Cluster Properties,
To enable access to this task, either:
- Assign users to the "Manage Modules Installable using the Policy Manager" predefined role (recommended)
- Create a custom role with access to the following entities:Server Module Files(full CRUD access required)Cluster Node Info Records(minimum Read access)Add Read permission to the following cluster properties:serverModuleFile.upload.enableserverModuleFile.upload.maxSize
The Server Module File Entity cannot be placed into security zones.
What you should know...
Example: How a module moves through the various states
The following example shows how module states progress when uploading a module file in a clustered environment:
- User uploads the module file from the Policy Manager. Initial state: UPLOADED.
- System attempts to verify the module signature:
- If the verification is successful, the state transitions to ACCEPTED.
- If the verification is unsuccessful, the state is set to REJECTED.
- If an error occurs during this stage, the state is set to ERROR. Additional information about the error is available by viewing the module properties.
- When a module is ACCEPTED, the system attempts to load ("install") the module.
- If the load is successful, the state moves to LOADED and the module is available the next time the Policy Manager starts.Tip:To make the module available immediately, disconnect and reconnect the Policy Manager.
- If the load is unsuccessful, the state is set to ERROR. Additional information about the error is available by viewing the module properties.
Frequently Asked Questions
Why are the controls disabled in the Manage Serve Module Files dialog?
Check the following:
Why is it saying the functionality is currently disabled?
This functionality is enabled by default. Check with your system administrator for reasons why the feature is disabled.
Why can't I upload my custom/modular assertion?
Verify that the module is signed. The Policy Manager uploads only signed modules, to prevent malware. Check with your system administrator on how to sign your modules.
Why is my module REJECTED?
If the custom or modular assertion was uploaded before v9.0, then this error is expected.
If the custom or modular assertion was uploaded in v9.0 or later, then it was not signed properly. The
Layer7 API Gatewayrejects a module if its signature cannot be verified.
Why aren't my module contents visible even though the state is "Loaded"?
Disconnect and then reconnect to the Gateway for the new content to appear. Also, verify that you are connected to the correct node. A clustered environment that is connected to a Load Balancer may result in a different cluster node.
What happens if I disable this feature?
If you disable the server module files functionality using the
serverModuleFile.upload.enablecluster property, all controls are disabled within Manage Server Modules. You cannot use this task to upload any modules. However, imports using the REST Management API that include server module files continue to succeed. The imported files reside in the Gateway's database. These files not loaded (State="Loaded") until you enable the feature and restart the Gateway node.