Bug 1316631
| Summary: | Mention newly created "Setup CLI" operation from BZ#1236631 | ||
|---|---|---|---|
| Product: | [JBoss] JBoss Operations Network | Reporter: | Hayk Hovsepyan <hhovsepy> |
| Component: | Documentation | Assignee: | Tyler Kelly <tkelly> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Mike Foley <mfoley> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | JON 3.3.5 | CC: | fbrychta, loleary, pyadav, rrobinso, tkelly |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-01-09 01:46:09 UTC | Type: | Enhancement |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Hayk Hovsepyan
2016-03-10 16:13:58 UTC
I have a question about this bug (and the previous referenced one) and whether the problem I'm seeing is related. Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON <=> agent insecure communication). The collocated agent however is communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection). The certificate is self-signed. In the EAP 7 plugin connection settings -- it's configured correctly for SSL, and Trust Strategy is "Trust Self-Signed". Hostname Verification is "Skip". This all works in JON. I can start, stop the EAP 7 server. I can also receive metrics from it. # # # The problem is when I try to patch the EAP 7.0 instance via JON (from EAP 7.0 to 7.0.1). The operation fails with the following error message: “Unable to connect due to unrecognized server certificate. Server certificate needs to be manually accepted by user.” -- same error message mentioned in bug 1236631. JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificates either manually or via Setup CLI operation.(In reply to Richard Robinson from comment #1) > I have a question about this bug (and the previous referenced one) and > whether the problem I'm seeing is related. > > Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON > <=> agent insecure communication). The collocated agent however is > communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection). > > The certificate is self-signed. In the EAP 7 plugin connection settings -- > it's configured correctly for SSL, and Trust Strategy is "Trust > Self-Signed". Hostname Verification is "Skip". > > This all works in JON. I can start, stop the EAP 7 server. I can also > receive metrics from it. > > # # # > > The problem is when I try to patch the EAP 7.0 instance via JON (from EAP > 7.0 to 7.0.1). The operation fails with the following error message: “Unable > to connect due to unrecognized server certificate. Server certificate needs > to be manually accepted by user.” -- same error message mentioned in bug > 1236631. JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificate either manually or via Setup CLI operation. Moving back to assigned to fix following problems: 1 - eap6 variant does not contain screen shots which are referenced in the text - Figure 32.7. Example of the Setup CLI operation and Figure 32.8. Example result of the Setup CLI operation 2 - It would be good to add a note that this operation is optional and user can configure the jboss-cli manually following eap documentation (this operation can do it for him). e.g. in case of 2-Way SSL/TLS for the Management Interfaces the operation does what is described in https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#setting_up_2_way_ssl_tls_for_the_management_interfaces in step 6: "6. Add the SSL configuration for the CLI," Updated: Added note indicating that the operation is optional and provided link to the procedure in the eap6/7 documentation. Added EAP 6 screenshots in EAP section.
Git Commit:
https://gitlab.cee.redhat.com/tkelly/doc-jon-docs/commit/744c69eb49ae5c11599ad0fddc961e587f077d95
Git Merge:
https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/110/diffs
Preview:
https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap6-setup_cli-operation
https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap7-setup_cli-operation
Moving to QA
Verified link https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap6-setup_cli-operation https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap7-setup_cli-operation Merge to master branch: https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/114 Merge to Staging branch: https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/117 Changes now live on the customer portal: https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html/users_guide/#eap6-setup_cli-operation https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html/users_guide/#eap7-setup_cli-operation |