Bug 1316623

Summary: Add a way to setup SSL settings in jboss-cli.xml
Product: [JBoss] JBoss Operations Network Reporter: Hayk Hovsepyan <hhovsepy>
Component: Plugin -- JBoss EAP 7Assignee: Michael Burman <miburman>
Status: CLOSED CURRENTRELEASE QA Contact: Hayk Hovsepyan <hhovsepy>
Severity: medium Docs Contact:
Priority: medium    
Version: JON 3.3.5CC: fbrychta, hhovsepy, loleary, lzoubek, miburman, rhatlapa, spinder, theute
Target Milestone: ER01Keywords: Triaged
Target Release: One-off release   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1236631 Environment:
Last Closed: 2016-06-06 18:58:08 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1314853    

Comment 1 Michael Burman 2016-03-10 16:23:58 UTC 
This is available as part of the initial commit for EAP7.
Comment 4 Hayk Hovsepyan 2016-03-23 16:43:21 UTC 
Tested on revision: jon-plugin-pack-eap-3.3.0.GA-update-03-DR02

Hited a problem while executing CLI commands on secured EAP7.
Error message is:

2016-03-23 12:34:28,796 INFO  [ResourceContainer.invoker.nonDaemon-8] (modules.plugins.wildfly10.util.ProcessExecutionLogger)- Output from process execution: 
-----------------------
Failed to connect to the controller: The controller is not available at 127.0.0.1:10093: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:10093. The connection failed: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:10093. The connection failed: XNIO000812: Connection closed unexpectedly

-----------------------

Steps executed:
1. Register secured EAP7 into JON server which has new plugins.
2. Do all configurations and make sure EAP7 is shown UP. 
3. Execute "Setup CLI" operation.
4. Try to schedule some CLI command to be executed by agent on EAP7, for isntance ":whoami". It will fail.

The same steps work for secured EAP6.


Additional Info:
The same steps work for unsecured EAP7. (after making sure that "Native Host/Port" parameters are set correctly)
After discussion with Thomas Segismont, it was decided to test this with RHQ master.
The reason to test on RHQ is that "Native Host/Port" parameters will be gone for JON and are already removed from RHQ for EAP7 servers.
The same problem was found on RHQ as well.
Comment 5 Michael Burman 2016-04-08 10:10:03 UTC 
The reason is this, we only supply hostname + port, not in case of the https the https-remoting part also. I don't think EAP6 required this, so something potentially has changed in the EAP7.

    # Connecting to the secured EAP7 instance
     
     --controller    - the default controller host and port to connect to when
                       --connect option (described below) is specified or when the
                       connect command is issued w/o the arguments. The default
                       controller host is localhost and the port is 9990.
     
    # With just hostname + port
    [miburman@miranda bin]$ ./jboss-cli.sh -c -u=rhqadmin -p=rhqadmin --commands=:whoami --controller=127.0.0.1:9993
    Failed to connect to the controller: The controller is not available at 127.0.0.1:9993: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:9993. The connection failed: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:9993. The connection failed: XNIO000812: Connection closed unexpectedly
     
    # By defining https-remoting + hostname + port
    [miburman@miranda bin]$ ./jboss-cli.sh -c -u=rhqadmin -p=rhqadmin --commands=:whoami --controller=https-remoting://127.0.0.1:9993
    {
        "outcome" => "success",
        "result" => {"identity" => {
            "username" => "rhqadmin",
            "realm" => "httpsRealm"
        }}
    }
     
    # Without defining
    [miburman@miranda bin]$ ./jboss-cli.sh -c -u=rhqadmin -p=rhqadmin --commands=:whoami
    {
        "outcome" => "success",
        "result" => {"identity" => {
            "username" => "rhqadmin",
            "realm" => "httpsRealm"
        }}
    }
    [miburman@miranda bin]$
Comment 6 Michael Burman 2016-04-08 11:02:26 UTC 
Fixed in the master:

commit 417f4994eb1fd05ee311ca415346d3a314b0c170
Author: Michael Burman <miburman>
Date:   Fri Apr 8 13:56:01 2016 +0300

    [BZ 1316623] Add https-remoting:// to the controller path if connection is secured
Comment 9 Hayk Hovsepyan 2016-04-13 17:54:20 UTC 
Verified on revision jon33-eap-update04 ER01.