In the scope of https://bugzilla.redhat.com/show_bug.cgi?id=1236631 new operation was added into JON, called "Setup CLI". The purpose of this new operation is: "For being able to execute CLI operation on secured EAP side, jboss-cli needs to accept certificate, this can be done via "Setup CLI" operation" Please add this info into Admin & Config guide.
I have a question about this bug (and the previous referenced one) and whether the problem I'm seeing is related. Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON <=> agent insecure communication). The collocated agent however is communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection). The certificate is self-signed. In the EAP 7 plugin connection settings -- it's configured correctly for SSL, and Trust Strategy is "Trust Self-Signed". Hostname Verification is "Skip". This all works in JON. I can start, stop the EAP 7 server. I can also receive metrics from it. # # # The problem is when I try to patch the EAP 7.0 instance via JON (from EAP 7.0 to 7.0.1). The operation fails with the following error message: “Unable to connect due to unrecognized server certificate. Server certificate needs to be manually accepted by user.” -- same error message mentioned in bug 1236631.
JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificates either manually or via Setup CLI operation.(In reply to Richard Robinson from comment #1) > I have a question about this bug (and the previous referenced one) and > whether the problem I'm seeing is related. > > Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON > <=> agent insecure communication). The collocated agent however is > communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection). > > The certificate is self-signed. In the EAP 7 plugin connection settings -- > it's configured correctly for SSL, and Trust Strategy is "Trust > Self-Signed". Hostname Verification is "Skip". > > This all works in JON. I can start, stop the EAP 7 server. I can also > receive metrics from it. > > # # # > > The problem is when I try to patch the EAP 7.0 instance via JON (from EAP > 7.0 to 7.0.1). The operation fails with the following error message: “Unable > to connect due to unrecognized server certificate. Server certificate needs > to be manually accepted by user.” -- same error message mentioned in bug > 1236631. JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificate either manually or via Setup CLI operation.
Moving back to assigned to fix following problems: 1 - eap6 variant does not contain screen shots which are referenced in the text - Figure 32.7. Example of the Setup CLI operation and Figure 32.8. Example result of the Setup CLI operation 2 - It would be good to add a note that this operation is optional and user can configure the jboss-cli manually following eap documentation (this operation can do it for him). e.g. in case of 2-Way SSL/TLS for the Management Interfaces the operation does what is described in https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#setting_up_2_way_ssl_tls_for_the_management_interfaces in step 6: "6. Add the SSL configuration for the CLI,"
Updated: Added note indicating that the operation is optional and provided link to the procedure in the eap6/7 documentation. Added EAP 6 screenshots in EAP section. Git Commit: https://gitlab.cee.redhat.com/tkelly/doc-jon-docs/commit/744c69eb49ae5c11599ad0fddc961e587f077d95 Git Merge: https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/110/diffs Preview: https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap6-setup_cli-operation https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap7-setup_cli-operation Moving to QA
Verified link https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap6-setup_cli-operation https://access.qa.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html-single/users_guide/#eap7-setup_cli-operation
Merge to master branch: https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/114 Merge to Staging branch: https://gitlab.cee.redhat.com/red-hat-jboss-operations-network-documentation/doc-jon-docs/merge_requests/117 Changes now live on the customer portal: https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html/users_guide/#eap6-setup_cli-operation https://access.redhat.com/documentation/en-us/red_hat_jboss_operations_network/3.3/html/users_guide/#eap7-setup_cli-operation