Bug 1533479

Summary:	Adding a new tomcat web connector not working for JON server
Product:	[JBoss] JBoss Operations Network	Reporter:	Filip Brychta <fbrychta>
Component:	Documentation	Assignee:	Tyler Kelly <tkelly>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Mike Foley <mfoley>
Severity:	medium	Docs Contact:	Tyler Kelly <tkelly>
Priority:	medium
Version:	JON 3.3.10	CC:	loleary, tkelly
Target Milestone:	post-GA	Keywords:	Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-03-05 03:52:54 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Filip Brychta 2018-01-11 13:17:16 UTC

Document URL: 
https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html/admin_and_config/jboss_on_and_ssl-authentication

Section Number and Name: 
Procedure 4.1. (Optional) Adding a new tomcat web connector

Describe the issue: 
The example is not working with JON server, there are 2 issues:
1) JON server is not listening on 9999 port so the command fails
2) password and alias for default stores are not correct


Suggestions for improvement: 
1) all commands must contain --controller=127.0.0.1:6999  e.g.:
jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/:reload'

2) alias should be RHQ, not sure about password -> asking developers

Additional information:

Comment 1 Tyler Kelly 2018-01-12 00:30:06 UTC

> 2) alias should be RHQ, not sure about password -> asking developers

Thanks Filip

Comment 2 Filip Brychta 2018-01-12 09:15:37 UTC

Adding bz1028472 which is relevant for last step in the referenced chapter

Comment 3 Filip Brychta 2018-01-12 10:25:16 UTC

Fixed steps should look like this:
1) jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/socket-binding-group=standard-sockets/socket-binding=httpsbrowser/:add(port=9443)'
2) jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/subsystem=web/connector=httpsbrowser/:add(socket-binding=httpsbrowser,scheme=https,protocol=HTTP/1.1,secure=true,enabled=true)'
3) jboss-cli.sh  --controller=127.0.0.1:6999 --connect --command='/subsystem=web/connector=httpsbrowser/ssl=configuration:add(name=ssl,verify-client=false,key-alias=RHQ,password=${VAULT::restricted::rhq.server.tomcat.security.keystore.password::5fb458952ebdaa86aa0b4e8d3eac5d13},certificate-key-file=${jboss.server.config.dir}/rhq.keystore,certificate-file=${jboss.server.config.dir}/rhq.keystore'
4) jboss-cli.sh --controller=127.0.0.1:6999 --connect --command='/:reload'

Comment 4 Larry O'Leary 2018-01-12 13:51:38 UTC

I think the answer here is that JBoss ON server does not support the reload operation. Instead, step 4) should be "Restart the JBoss ON Server: `rhqctl restart --server`

Perhaps one of the devs can confirm but I think our limitation here is that the JBoss ON components (EAR, WAR, EJBs) get deployed by some rhq-start module. Maybe its a straight forward fix to support the reload but I imagine if it were, rhq would already support it.

Comment 5 Tyler Kelly 2018-02-12 03:22:17 UTC

Updated config guide: Setting up Client Authentication Between Servers and Agents to include --controller=127.0.0.1:6999 and removing references to non-existent reload function.
    Git merge:
https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/120
Preview:
https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/admin_and_config/#JBoss_ON_and_SSL-Authentication

Moving to QA

Comment 7 Tyler Kelly 2018-03-05 03:52:54 UTC

Updated procedure is live on the customer portal at:
https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/admin_and_config/#JBoss_ON_and_SSL-Authentication