How to change port 443, lacking documentation

Hi.

One would think, that changing the port agents connect to on primary servers would be a common taks, well documented, and relatively easy to do.

Unfortunately, that doesn't seem to be the case.

First, the documentation is strangely hidden in the "disaster recovery" section, e.g fpr 23.4 here:

https://www.novell.com/documentation/zenworks-23.4/zen_sys_disaster_recovery/data/t4mi8pv5vba5.html

Second, a google search only finds the 2020.2 version of the docs:

https://www.novell.com/documentation/zenworks-2020-update-3/zen_sys_disaster_recovery/data/b1htfzg2.html

Which differ vastly from the 23.3 and 23.4, which comes a bit as surprise.

The files to be edited are apparently very different
/etc/opt/microfocus/zenworks/tomcat-conf/zenclient-mgmt/server.xml on 2020.2 vs. /etc/opt/microfocus/zenworks/zen-api-gateway/application.properties on 23.3 or later, although on 23.3 and later the server.xml files also exists and contains the port 443 prominently. So the first question is, is server.xml no longer used on 23.3 and later? Why is it still there then on a fresh installed 23.4 appliance?

So, the current doc tell you to change the port in application.properties, and then, I quote:

"

  • Open an SQL console to execute the following SQL queries:

    • For MSSQL run the following queries:

      • update zzenserver set SSLPort = <NEW_HTTPS_PORT> where zuid = 0x<SERVER_GUID>

    • For Oracle run the following queries:

      • update zzenserver set SSLPort = <NEW_HTTPS_PORT> where zuid = HEXTORAW('<SERVER_GUID>)

    • For PostgreSQL run the following queries:

      • update zzenserver set SSLPort = <NEW_HTTPS_PORT> where zuid = '\x<SERVER_GUID>'"


I have some issues with this.

1. No mention or link *how* one should "Open an SQL console". I understand that for external DBs, but it should *at least* contain a link or a subsection that explains how to do that on a ZCM appliance.

Also

2. "where zuid = '\x<SERVER_GUID>" Again, not a word what that is (it is clear to me, but to the regular ZCM admin?), nor any word how to find the zuid of the server you want to change the port on.

Seriously, me thinks changing the ports ZCM uses should be an easy option reachable in the ZEN appliance config, whithout having to manually fiddle around with a critical SQL database without proper documentation.

  • 0  

    You are correct the steps are overly complex and that is likely why few change the ports.  You could post in the idea section adding options to do this.  In the latest versions of ZCM, the Agent Communication flows through the API-Gateway to the other services, which is why you edit that and not the other services directly.

    FYI...The DB Queries do not change the port on which the server communicates...It changes the Port in the location rules so agents know which port to use.

    --

    In a Multi-Server Zone, there is little to do on the agent side if only changing one Primary, since they can talk to the other to learn about the changes.  The single server zone is the most difficult as it will require manually touching every device.  The simplest thing to do would be to unregister locally and then re-register.  The steps provided in the docs about deleting the cache folder while it would work at horrifically bad.  It would cause all bundles to reinstall and a massive amount of data to recache.  Just doing a local unreg and rereg would avoid all of that....not to mention we secure the cache folder to prevent folks from deleting it.....

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0   in reply to   

    Hi Craig.

    I'll do that with the idea later.


    As for the API-Gateway: I got that much. I'm just wondering, why is the server.xml for port 443 still there (not on an updated server, mind you, but a completely fresh 23.4 appliance), and does it still have any relevance now? I *assume* not, given that the api-gateway already listens on 443, but who am I assuming? ;)


  • Suggested Answer

    0   in reply to   

    My understanding is that the API Gateway will still talk to the other services as defined in the server.xml.

    With some minor tweaks you can disable the API Gateway and access the other services directly....Nothing I would recommend, I just know it's possible based on some initial troubleshooting I did with a co-worker who had a bad API-Gateway during some Pre-Release testing for introducing the gateway.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0   in reply to   

    Of course, the dockerization obfuscates this all a bit, I'll have to check on how many docker IPs port 443 is active.. ;)

  • 0   in reply to   

    I now have the image in my mind of a Whale performing a juggling act with those containers.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.