Bug 1316631 - Mention newly created "Setup CLI" operation from BZ#1236631
Summary: Mention newly created "Setup CLI" operation from BZ#1236631
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Operations Network
Classification: JBoss
Component: Documentation
Version: JON 3.3.5
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Tyler Kelly
QA Contact: Mike Foley
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-10 16:13 UTC by Hayk Hovsepyan
Modified: 2018-01-09 01:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-09 01:46:09 UTC
Type: Enhancement
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1489880 0 medium CLOSED Setting up Client Authentication Between Servers and Agents is not documented correctly 2023-09-14 04:07:37 UTC

Internal Links: 1489880

Description Hayk Hovsepyan 2016-03-10 16:13:58 UTC
In the scope of https://bugzilla.redhat.com/show_bug.cgi?id=1236631 new operation was added into JON, called "Setup CLI".
The purpose of this new operation is: "For being able to execute CLI operation on secured EAP side, jboss-cli needs to accept certificate, this can be done via "Setup CLI" operation"

Please add this info into Admin & Config guide.

Comment 1 Richard Robinson 2016-09-29 00:25:01 UTC
I have a question about this bug (and the previous referenced one) and whether the problem I'm seeing is related.

Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON <=> agent insecure communication). The collocated agent however is communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection).

The certificate is self-signed. In the EAP 7 plugin connection settings -- it's configured correctly for SSL, and Trust Strategy is "Trust Self-Signed". Hostname Verification is "Skip".

This all works in JON. I can start, stop the EAP 7 server. I can also receive metrics from it.

 # # #

The problem is when I try to patch the EAP 7.0 instance via JON (from EAP 7.0 to 7.0.1). The operation fails with the following error message: “Unable to connect due to unrecognized server certificate. Server certificate needs to be manually accepted by user.” -- same error message mentioned in bug 1236631.

Comment 2 Filip Brychta 2016-10-03 09:31:31 UTC
JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificates either manually or via Setup CLI operation.(In reply to Richard Robinson from comment #1)
> I have a question about this bug (and the previous referenced one) and
> whether the problem I'm seeing is related.
> 
> Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON
> <=> agent insecure communication). The collocated agent however is
> communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection).
> 
> The certificate is self-signed. In the EAP 7 plugin connection settings --
> it's configured correctly for SSL, and Trust Strategy is "Trust
> Self-Signed". Hostname Verification is "Skip".
> 
> This all works in JON. I can start, stop the EAP 7 server. I can also
> receive metrics from it.
> 
>  # # #
> 
> The problem is when I try to patch the EAP 7.0 instance via JON (from EAP
> 7.0 to 7.0.1). The operation fails with the following error message: “Unable
> to connect due to unrecognized server certificate. Server certificate needs
> to be manually accepted by user.” -- same error message mentioned in bug
> 1236631.

JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificate either manually or via Setup CLI operation.

Comment 13 Filip Brychta 2017-12-14 14:43:34 UTC
Moving back to assigned to fix following problems:
1 - eap6 variant does not contain screen shots which are referenced in the text - Figure 32.7. Example of the Setup CLI operation and Figure 32.8. Example result of the Setup CLI operation
2 - It would be good to add a note that this operation is optional and user can  configure the jboss-cli manually following eap documentation (this operation can do it for him). e.g. in case of 2-Way SSL/TLS for the Management Interfaces the operation does what is described in https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#setting_up_2_way_ssl_tls_for_the_management_interfaces in step 6: "6. Add the SSL configuration for the CLI,"


Note You need to log in before you can comment on or make changes to this bug.