Bug 1316631 - Mention newly created "Setup CLI" operation from BZ#1236631
Mention newly created "Setup CLI" operation from BZ#1236631
Status: CLOSED CURRENTRELEASE
Product: JBoss Operations Network
Classification: JBoss
Component: Documentation (Show other bugs)
JON 3.3.5
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Tyler Kelly
Mike Foley
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-10 11:13 EST by Hayk Hovsepyan
Modified: 2018-01-08 20:46 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-01-08 20:46:09 EST
Type: Enhancement
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Hayk Hovsepyan 2016-03-10 11:13:58 EST
In the scope of https://bugzilla.redhat.com/show_bug.cgi?id=1236631 new operation was added into JON, called "Setup CLI".
The purpose of this new operation is: "For being able to execute CLI operation on secured EAP side, jboss-cli needs to accept certificate, this can be done via "Setup CLI" operation"

Please add this info into Admin & Config guide.
Comment 1 Richard Robinson 2016-09-28 20:25:01 EDT
I have a question about this bug (and the previous referenced one) and whether the problem I'm seeing is related.

Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON <=> agent insecure communication). The collocated agent however is communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection).

The certificate is self-signed. In the EAP 7 plugin connection settings -- it's configured correctly for SSL, and Trust Strategy is "Trust Self-Signed". Hostname Verification is "Skip".

This all works in JON. I can start, stop the EAP 7 server. I can also receive metrics from it.

 # # #

The problem is when I try to patch the EAP 7.0 instance via JON (from EAP 7.0 to 7.0.1). The operation fails with the following error message: “Unable to connect due to unrecognized server certificate. Server certificate needs to be manually accepted by user.” -- same error message mentioned in bug 1236631.
Comment 2 Filip Brychta 2016-10-03 05:31:31 EDT
JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificates either manually or via Setup CLI operation.(In reply to Richard Robinson from comment #1)
> I have a question about this bug (and the previous referenced one) and
> whether the problem I'm seeing is related.
> 
> Have a JON server at 3.3.7. It's communicating with an agent insecurely (JON
> <=> agent insecure communication). The collocated agent however is
> communicating securely with EAP 7.0 (agent <=> EAP 7 secure connection).
> 
> The certificate is self-signed. In the EAP 7 plugin connection settings --
> it's configured correctly for SSL, and Trust Strategy is "Trust
> Self-Signed". Hostname Verification is "Skip".
> 
> This all works in JON. I can start, stop the EAP 7 server. I can also
> receive metrics from it.
> 
>  # # #
> 
> The problem is when I try to patch the EAP 7.0 instance via JON (from EAP
> 7.0 to 7.0.1). The operation fails with the following error message: “Unable
> to connect due to unrecognized server certificate. Server certificate needs
> to be manually accepted by user.” -- same error message mentioned in bug
> 1236631.

JON is using jboss-cli client for EAP patching so it's necessary to configure the client to accept certificate either manually or via Setup CLI operation.
Comment 13 Filip Brychta 2017-12-14 09:43:34 EST
Moving back to assigned to fix following problems:
1 - eap6 variant does not contain screen shots which are referenced in the text - Figure 32.7. Example of the Setup CLI operation and Figure 32.8. Example result of the Setup CLI operation
2 - It would be good to add a note that this operation is optional and user can  configure the jboss-cli manually following eap documentation (this operation can do it for him). e.g. in case of 2-Way SSL/TLS for the Management Interfaces the operation does what is described in https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/6.4/html/how_to_configure_server_security/securing_the_server_and_its_interfaces#setting_up_2_way_ssl_tls_for_the_management_interfaces in step 6: "6. Add the SSL configuration for the CLI,"

Note You need to log in before you can comment on or make changes to this bug.