Bug 958494 - remove temp code that works around non-support of recursive expressions when WildFly supports it
remove temp code that works around non-support of recursive expressions when ...
Status: NEW
Product: RHQ Project
Classification: Other
Component: Installer (Show other bugs)
4.6
Unspecified Unspecified
unspecified Severity unspecified (vote)
: ---
: RHQ 5.0
Assigned To: RHQ Project Maintainer
Mike Foley
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-01 12:27 EDT by John Mazzitelli
Modified: 2013-05-01 13:03 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description John Mazzitelli 2013-05-01 12:27:46 EDT
See: https://issues.jboss.org/browse/WFLY-1177

EAP/WildFly does not yet support attribute values like ${x:${y}/foo} 

We need this in two places - for the keystore attribute and for the truststore attribute (on the ssl configuration resource).

We have workaround code in:

   org.rhq.enterprise.server.installer.ServerInstallUtil.setupWebConnectors

that will recursively evaluate the values - but this means once the installer finishes, the user can't go in rhq-server.properties and change these values and have them take effect on restart:

rhq.server.tomcat.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
rhq.server.tomcat.security.truststore.file=${jboss.server.config.dir}/rhq.truststore

Instead, the user has to go into the jbossas/standalone/configuration/standalone-full.xml file and change the values directly.

Once WFLY-1177 is fixed and we move away from supporting EAP 6.1.alpha, we can remove this code to allow users to be able to change those settings, restart the server and have it take effect without knowing they have to change standalone-full.xml.

Here's the code that needs to change:

1) In org.rhq.enterprise.server.installer.ServerInstallUtil.setupWebConnectors:

1a) remove this comment obviously:
        // https://issues.jboss.org/browse/WFLY-1177 - we need to resolve the paths right now. the user won't be able
        // to change these again in the future unless they go directly into standalone.xml and change it manually

1b) do not store the resolved paths back into the configuration object, so remove these two lines:

        connector.getSslConfiguration().setCaCertificateFile(truststoreFileString);
        ...
        connector.getSslConfiguration().setCertificateKeyFile(keystoreFileString);

I think that's all that needs to be done in this class.

2) In rhq-container.build.xml, just remove the comment:

# [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change
# rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file
# after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.]
Comment 1 John Mazzitelli 2013-05-01 13:00:06 EDT
don't forget to change:

https://docs.jboss.org/author/display/RHQ/Securing+Communications

First, remove the note about this issue.

Second, this wiki page has a snippet of the rhq-server.properties including the comment:

# [Due to issue https://issues.jboss.org/browse/WFLY-1177, you cannot change
# rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file
# after you install RHQ. If you need to change those again, you must manually do so in standalone-full.xml.]

Remove both instances of that comment from the wiki page (its in there in two places).
Comment 2 John Mazzitelli 2013-05-01 13:03:56 EDT
There are actually three wiki pages that need to be touched once we remove the workaround code. There are yellow boxes about this issue on these three:

https://docs.jboss.org/author/display/RHQ/Running+The+Installer
https://docs.jboss.org/author/display/RHQ/Securing+Communications
https://docs.jboss.org/author/display/RHQ/Startup+Properties

remove the blurb about this issue from all three. The blurb reads something like this

   "Due to some limitations within the app server, there are two RHQ settings that will not take effect immediately upon restart if you change their values after the initial installation. These are settings for the web connector's keystore and truststore file locations (rhq.server.tomcat.security.keystore.file and rhq.server.tomcat.security.truststore.file). If you ever need to change those values after you've installed RHQ, you will need to change them in the app server's standalone/configuration/standalone-full.xml file in the <ssl> node of the https <connector>."

Note You need to log in before you can comment on or make changes to this bug.