Bug 1316623 - Add a way to setup SSL settings in jboss-cli.xml
Add a way to setup SSL settings in jboss-cli.xml
Status: CLOSED CURRENTRELEASE
Product: JBoss Operations Network
Classification: JBoss
Component: Plugin -- JBoss EAP 7 (Show other bugs)
JON 3.3.5
Unspecified Unspecified
medium Severity medium
: ER01
: One-off release
Assigned To: Michael Burman
Hayk Hovsepyan
: Triaged
Depends On:
Blocks: 1314853
  Show dependency treegraph
 
Reported: 2016-03-10 11:02 EST by Hayk Hovsepyan
Modified: 2016-06-06 14:58 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1236631
Environment:
Last Closed: 2016-06-06 14:58:08 EDT
Type: Enhancement
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Comment 1 Michael Burman 2016-03-10 11:23:58 EST
This is available as part of the initial commit for EAP7.
Comment 4 Hayk Hovsepyan 2016-03-23 12:43:21 EDT
Tested on revision: jon-plugin-pack-eap-3.3.0.GA-update-03-DR02

Hited a problem while executing CLI commands on secured EAP7.
Error message is:

2016-03-23 12:34:28,796 INFO  [ResourceContainer.invoker.nonDaemon-8] (modules.plugins.wildfly10.util.ProcessExecutionLogger)- Output from process execution: 
-----------------------
Failed to connect to the controller: The controller is not available at 127.0.0.1:10093: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:10093. The connection failed: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:10093. The connection failed: XNIO000812: Connection closed unexpectedly

-----------------------

Steps executed:
1. Register secured EAP7 into JON server which has new plugins.
2. Do all configurations and make sure EAP7 is shown UP. 
3. Execute "Setup CLI" operation.
4. Try to schedule some CLI command to be executed by agent on EAP7, for isntance ":whoami". It will fail.

The same steps work for secured EAP6.


Additional Info:
The same steps work for unsecured EAP7. (after making sure that "Native Host/Port" parameters are set correctly)
After discussion with Thomas Segismont, it was decided to test this with RHQ master.
The reason to test on RHQ is that "Native Host/Port" parameters will be gone for JON and are already removed from RHQ for EAP7 servers.
The same problem was found on RHQ as well.
Comment 5 Michael Burman 2016-04-08 06:10:03 EDT
The reason is this, we only supply hostname + port, not in case of the https the https-remoting part also. I don't think EAP6 required this, so something potentially has changed in the EAP7.

    # Connecting to the secured EAP7 instance
     
     --controller    - the default controller host and port to connect to when
                       --connect option (described below) is specified or when the
                       connect command is issued w/o the arguments. The default
                       controller host is localhost and the port is 9990.
     
    # With just hostname + port
    [miburman@miranda bin]$ ./jboss-cli.sh -c -u=rhqadmin -p=rhqadmin --commands=:whoami --controller=127.0.0.1:9993
    Failed to connect to the controller: The controller is not available at 127.0.0.1:9993: java.net.ConnectException: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:9993. The connection failed: WFLYPRT0053: Could not connect to http-remoting://127.0.0.1:9993. The connection failed: XNIO000812: Connection closed unexpectedly
     
    # By defining https-remoting + hostname + port
    [miburman@miranda bin]$ ./jboss-cli.sh -c -u=rhqadmin -p=rhqadmin --commands=:whoami --controller=https-remoting://127.0.0.1:9993
    {
        "outcome" => "success",
        "result" => {"identity" => {
            "username" => "rhqadmin",
            "realm" => "httpsRealm"
        }}
    }
     
    # Without defining
    [miburman@miranda bin]$ ./jboss-cli.sh -c -u=rhqadmin -p=rhqadmin --commands=:whoami
    {
        "outcome" => "success",
        "result" => {"identity" => {
            "username" => "rhqadmin",
            "realm" => "httpsRealm"
        }}
    }
    [miburman@miranda bin]$
Comment 6 Michael Burman 2016-04-08 07:02:26 EDT
Fixed in the master:

commit 417f4994eb1fd05ee311ca415346d3a314b0c170
Author: Michael Burman <miburman@redhat.com>
Date:   Fri Apr 8 13:56:01 2016 +0300

    [BZ 1316623] Add https-remoting:// to the controller path if connection is secured
Comment 9 Hayk Hovsepyan 2016-04-13 13:54:20 EDT
Verified on revision jon33-eap-update04 ER01.

Note You need to log in before you can comment on or make changes to this bug.