Bug 958494

Summary: remove temp code that works around non-support of recursive expressions when WildFly supports it
Product: [Other] RHQ Project Reporter: John Mazzitelli <mazz>
Component: InstallerAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.6CC: hrupp
Target Milestone: ---   
Target Release: RHQ 5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Mazzitelli 2013-05-01 16:27:46 UTC 
See: https://issues.jboss.org/browse/WFLY-1177

EAP/WildFly does not yet support attribute values like ${x:${y}/foo} 

We need this in two places - for the keystore attribute and for the truststore attribute (on the ssl configuration resource).

We have workaround code in:

   org.rhq.enterprise.server.installer.ServerInstallUtil.setupWebConnectors

that will recursively evaluate the values - but this means once the installer finishes, the user can't go in rhq-server.properties and change these values and have them take effect on restart:

rhq.server.tomcat.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
rhq.server.tomcat.security.truststore.file=${jboss.server.config.dir}/rhq.truststore

Instead, the user has to go into the jbossas/standalone/configuration/standalone-full.xml file and change the values directly.

Once WFLY-1177 is fixed and we move away from supporting EAP 6.1.alpha, we can remove this code to allow users to be able to change those settings, restart the server and have it take effect without knowing they have to change standalone-full.xml.

Here's the code that needs to change:

1) In org.rhq.enterprise.server.installer.ServerInstallUtil.setupWebConnectors:

1a) remove this comment obviously:
        // https://issues.jboss.org/browse/WFLY-1177 - we need to resolve the paths right now. the user won't be able
        // to change these again in the future unless they go directly into standalone.xml and change it manually

1b) do not store the resolved paths back into the configuration object, so remove these two lines:

        connector.getSslConfiguration().setCaCertificateFile(truststoreFileString);
        ...
        connector.getSslConfiguration().setCertificateKeyFile(keystoreFileString);

I think that's all that needs to be done in this class.

2) In rhq-container.build.xml, just remove the comment:

# [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change
# rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file
# after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.]
Comment 1 John Mazzitelli 2013-05-01 17:00:06 UTC 
don't forget to change:

https://docs.jboss.org/author/display/RHQ/Securing+Communications

First, remove the note about this issue.

Second, this wiki page has a snippet of the rhq-server.properties including the comment:

# [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change
# rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file
# after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.]

Remove both instances of that comment from the wiki page (its in there in two places).
Comment 2 John Mazzitelli 2013-05-01 17:03:56 UTC 
There are actually three wiki pages that need to be touched once we remove the workaround code. There are yellow boxes about this issue on these three:

https://docs.jboss.org/author/display/RHQ/Running+The+Installer
https://docs.jboss.org/author/display/RHQ/Securing+Communications
https://docs.jboss.org/author/display/RHQ/Startup+Properties

remove the blurb about this issue from all three. The blurb reads something like this

   "Due to some limitations within the app server, there are two RHQ settings that will not take effect immediately upon restart if you change their values after the initial installation. These are settings for the web connector's keystore and truststore file locations (rhq.server.tomcat.security.keystore.file and rhq.server.tomcat.security.truststore.file). If you ever need to change those values after you've installed RHQ, you will need to change them in the app server's standalone/configuration/standalone-full.xml file in the <ssl> node of the https <connector>."