modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/CoreJBossASClient.java
| 23
modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/LoggingJBossASClient.java
| 4
modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java
| 109 ----
modules/enterprise/server/appserver/src/main/dev-resources/bin/rhq-autoinstall.sh
| 2
modules/enterprise/server/appserver/src/main/scripts/rhq-container.build.xml
| 30 -
modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/Installer.java
| 30 -
modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerService.java
| 17
modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerServiceImpl.java
| 75 ---
modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/ServerInstallUtil.java
| 250 ++--------
9 files changed, 101 insertions(+), 439 deletions(-)
New commits:
commit 4c50679d28c84c2d0057c2438bb985c562fc8ac5
Author: John Mazzitelli <mazz(a)redhat.com>
Date: Wed May 1 12:14:40 2013 -0400
BZ 893609 - remove temp workaround code now that we are on a newer EAP that
doesn't have the bad issues anymore
diff --git
a/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/CoreJBossASClient.java
b/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/CoreJBossASClient.java
index 9a766f4..8cef6e1 100644
---
a/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/CoreJBossASClient.java
+++
b/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/CoreJBossASClient.java
@@ -46,6 +46,29 @@ public class CoreJBossASClient extends JBossASClient {
}
/**
+ * Given a string with possible ${x} expressions in it, this will resolve that
expression
+ * using system property values that are set within the AS JVM itself. If the string
+ * to resolve has no expressions, or has no expressions that are resolveable, the
expression
+ * string itself is returned as-is (this includes if
<code>expression</code> is <code>null</code>).
+ *
+ * @param expression string containing zero, one or more ${x} expressions to be
resolved
+ * @return the expression with the expressions resolved using system properties of
the AS JVM
+ * @throws Exception if failed to resolve the expression.
+ */
+ public String resolveExpression(String expression) throws Exception {
+ if (expression == null || expression.length() == 0) {
+ return expression;
+ }
+ final ModelNode request = createRequest("resolve-expression",
Address.root());
+ request.get("expression").set(expression);
+ final ModelNode response = execute(request);
+ if (!isSuccess(response)) {
+ throw new FailureException(response);
+ }
+ return getResults(response).asString();
+ }
+
+ /**
* This returns the system properties that are set in the AS JVM. This is not the
system properties
* in the JVM of this client object - it is actually the system properties in the
remote
* JVM of the AS instance that the client is talking to.
diff --git
a/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/LoggingJBossASClient.java
b/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/LoggingJBossASClient.java
index babe373..ee7466e 100644
---
a/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/LoggingJBossASClient.java
+++
b/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/LoggingJBossASClient.java
@@ -72,7 +72,7 @@ public class LoggingJBossASClient extends JBossASClient {
final ModelNode request;
if (isLogger(loggerName)) {
- request = createWriteAttributeRequest("level", level.toUpperCase(),
addr);
+ request = createWriteAttributeRequest("level", level, addr);
} else {
final String dmrTemplate = "" //
+ "{" //
@@ -80,7 +80,7 @@ public class LoggingJBossASClient extends JBossASClient {
+ ", \"level\" => \"%s\" " //
+ ", \"use-parent-handlers\" => \"true\"
" //
+ "}";
- final String dmr = String.format(dmrTemplate, loggerName,
level.toUpperCase());
+ final String dmr = String.format(dmrTemplate, loggerName, level);
request = ModelNode.fromString(dmr);
request.get(OPERATION).set(ADD);
diff --git
a/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java
b/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java
index f977f0a..5caa45e 100644
---
a/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java
+++
b/modules/common/jboss-as-dmr-client/src/main/java/org/rhq/common/jbossas/client/controller/SecurityDomainJBossASClient.java
@@ -26,6 +26,7 @@ import
javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import org.jboss.as.controller.client.ModelControllerClient;
import org.jboss.dmr.ModelNode;
+import org.jboss.dmr.ModelType;
/**
* Provides convenience methods associated with security domain management.
@@ -71,49 +72,6 @@ public class SecurityDomainJBossASClient extends JBossASClient {
* Create a new security domain using the SecureIdentity authentication method.
* This is used when you want to obfuscate a database password in the configuration.
*
- * @param securityDomainName the name of the new security domain
- * @param username the username associated with the security domain
- * @param password the value of the password to store in the configuration (e.g. the
obfuscated password itself)
- *
- * @throws Exception if failed to create security domain
- */
- public void createNewSecureIdentitySecurityDomain71(String securityDomainName, String
username, String password)
- throws Exception {
-
- Address addr = Address.root().add(SUBSYSTEM, SUBSYSTEM_SECURITY, SECURITY_DOMAIN,
securityDomainName);
- ModelNode addTopNode = createRequest(ADD, addr);
- addTopNode.get(CACHE_TYPE).set("default");
-
- ModelNode addAuthNode = createRequest(ADD, addr.clone().add(AUTHENTICATION,
CLASSIC));
- ModelNode loginModulesNode = addAuthNode.get(LOGIN_MODULES);
- ModelNode loginModule = new ModelNode();
- loginModule.get(CODE).set("SecureIdentity");
- loginModule.get(FLAG).set("required");
- ModelNode moduleOptions = loginModule.get(MODULE_OPTIONS);
- moduleOptions.setEmptyList();
- // TODO: we really want to use addExpression (e.g.
${rhq.server.database.user-name})
- // for username and password so rhq-server.properties can be used to set these.
- // However, AS7.1 doesn't support this yet - see
https://issues.jboss.org/browse/AS7-5177
- moduleOptions.add(USERNAME, username);
- moduleOptions.add(PASSWORD, password);
- loginModulesNode.add(loginModule);
-
- ModelNode batch = createBatchRequest(addTopNode, addAuthNode);
-
- System.err.println("== security domain ==> " +
batch.toJSONString(false));
-
- ModelNode results = execute(batch);
- if (!isSuccess(results)) {
- throw new FailureException(results, "Failed to create security domain
[" + securityDomainName + "]");
- }
-
- return;
- }
-
- /**
- * Create a new security domain using the SecureIdentity authentication method.
- * This is used when you want to obfuscate a database password in the configuration.
- *
* This is the version for as7.2+ (e.g. eap 6.1)
*
* @param securityDomainName the name of the new security domain
@@ -139,11 +97,8 @@ public class SecurityDomainJBossASClient extends JBossASClient {
loginModule.get(FLAG).set("required");
ModelNode moduleOptions = loginModule.get(MODULE_OPTIONS);
moduleOptions.setEmptyList();
- // TODO: we really want to use addExpression (e.g.
${rhq.server.database.user-name})
- // for username and password so rhq-server.properties can be used to set these.
- // However, AS7.1 doesn't support this yet - see
https://issues.jboss.org/browse/AS7-5177
- moduleOptions.add(USERNAME, username);
- moduleOptions.add(PASSWORD, password);
+ addPossibleExpression(moduleOptions, USERNAME, username);
+ addPossibleExpression(moduleOptions, PASSWORD, password);
ModelNode batch = createBatchRequest(addTopNode, addAuthNode, loginModule);
@@ -178,11 +133,8 @@ public class SecurityDomainJBossASClient extends JBossASClient {
loginModule.get(FLAG).set("required");
ModelNode moduleOptions = loginModule.get(MODULE_OPTIONS);
moduleOptions.setEmptyList();
- // TODO: we really want to use addExpression (e.g.
${rhq.server.database.user-name})
- // for username and password so rhq-server.properties can be used to set these.
- // However, AS7.1 doesn't support this yet - see
https://issues.jboss.org/browse/AS7-5177
- moduleOptions.add(USERNAME, username);
- moduleOptions.add(PASSWORD, password);
+ addPossibleExpression(moduleOptions, USERNAME, username);
+ addPossibleExpression(moduleOptions, PASSWORD, password);
// login modules attribute must be a list - we only have one item in it, the
loginModule
ModelNode loginModuleList = new ModelNode();
@@ -202,6 +154,14 @@ public class SecurityDomainJBossASClient extends JBossASClient {
return;
}
+ private void addPossibleExpression(ModelNode node, String name, String value) {
+ if (value != null && value.contains("${")) {
+ node.add(name, new ModelNode(ModelType.EXPRESSION).setExpression(value));
+ } else {
+ node.add(name, value);
+ }
+ }
+
/**
* Given the name of an existing security domain that uses the SecureIdentity
authentication method,
* this returns the module options for that security domain authentication method.
This includes
@@ -231,49 +191,6 @@ public class SecurityDomainJBossASClient extends JBossASClient {
/**
* Create a new security domain using the database server authentication method.
* This is used when you want to directly authenticate against a db entry.
- *
- * @param securityDomainName the name of the new security domain
- * @param dsJndiName the jndi name for the datasource to query against
- * @param principalsQuery the SQL query for selecting password info for a principal
- * @param rolesQuery the SQL query for selecting role info for a principal
- * @param hashAlgorithm if null defaults to "MD5"
- * @param hashEncoding if null defaults to "base64"
- * @throws Exception if failed to create security domain
- */
- public void createNewDatabaseServerSecurityDomain71(String securityDomainName, String
dsJndiName,
- String principalsQuery, String
rolesQuery, String hashAlgorithm,
- String hashEncoding) throws
Exception {
-
- Address addr = Address.root().add(SUBSYSTEM, SUBSYSTEM_SECURITY, SECURITY_DOMAIN,
securityDomainName);
- ModelNode addTopNode = createRequest(ADD, addr);
- addTopNode.get(CACHE_TYPE).set("default");
-
- ModelNode addAuthNode = createRequest(ADD, addr.clone().add(AUTHENTICATION,
CLASSIC));
- ModelNode loginModulesNode = addAuthNode.get(LOGIN_MODULES);
- ModelNode loginModule = new ModelNode();
- loginModule.get(CODE).set("Database");
- loginModule.get(FLAG).set("required");
- ModelNode moduleOptions = loginModule.get(MODULE_OPTIONS);
- moduleOptions.setEmptyList();
- moduleOptions.add(DS_JNDI_NAME, dsJndiName);
- moduleOptions.add(PRINCIPALS_QUERY, principalsQuery);
- moduleOptions.add(ROLES_QUERY, rolesQuery);
- moduleOptions.add(HASH_ALGORITHM, (null == hashAlgorithm ? "MD5" :
hashAlgorithm));
- moduleOptions.add(HASH_ENCODING, (null == hashEncoding ? "base64" :
hashEncoding));
- loginModulesNode.add(loginModule);
-
- ModelNode batch = createBatchRequest(addTopNode, addAuthNode);
- ModelNode results = execute(batch);
- if (!isSuccess(results)) {
- throw new FailureException(results, "Failed to create security domain
[" + securityDomainName + "]");
- }
-
- return;
- }
-
- /**
- * Create a new security domain using the database server authentication method.
- * This is used when you want to directly authenticate against a db entry.
* This is for AS 7.2+ (e.g. EAP 6.1) and works around
https://issues.jboss.org/browse/AS7-6527
*
* @param securityDomainName the name of the new security domain
diff --git
a/modules/enterprise/server/appserver/src/main/dev-resources/bin/rhq-autoinstall.sh
b/modules/enterprise/server/appserver/src/main/dev-resources/bin/rhq-autoinstall.sh
index fbbc397..5369ab2 100755
--- a/modules/enterprise/server/appserver/src/main/dev-resources/bin/rhq-autoinstall.sh
+++ b/modules/enterprise/server/appserver/src/main/dev-resources/bin/rhq-autoinstall.sh
@@ -18,8 +18,6 @@ do
eval ${_INSTALLER_SCRIPT}
if [ "$?" -eq "0" ]; then
echo Installer finished
- # most times, the installation was already done, but see if changes to
rhq-server.properties requires a reconfiguration
- eval ${_INSTALLER_SCRIPT} --reconfig
break;
elif [ "$?" -eq "1" ]; then
echo The installer has been disabled - please fix rhq-server.properties
diff --git a/modules/enterprise/server/appserver/src/main/scripts/rhq-container.build.xml
b/modules/enterprise/server/appserver/src/main/scripts/rhq-container.build.xml
index 20ff84b..05619cb 100644
--- a/modules/enterprise/server/appserver/src/main/scripts/rhq-container.build.xml
+++ b/modules/enterprise/server/appserver/src/main/scripts/rhq-container.build.xml
@@ -495,16 +495,17 @@ rhq.communications.multicast-detector.port=16162
# Server-side SSL Security Configuration for HTTPS thru Tomcat
# These are used for browser https access and
# for incoming messages from agents over sslservlet transport.
-# Relative filenames are relative to jboss.server.config.dir.
-# [you cannot use ${x} variables in these rhq.server.tomcat settings]
+# [Due to issue
https://issues.jboss.org/browse/WFLY-1177, you cannot change
+# rhq.server.tomcat.security.keystore.file or rhq.server.tomcat.security.truststore.file
+# after you install RHQ. If you need to change those again, you must manually do so in
standalone-full.xml.]
rhq.server.tomcat.security.client-auth-mode=false
rhq.server.tomcat.security.secure-socket-protocol=TLS
rhq.server.tomcat.security.algorithm=SunX509
rhq.server.tomcat.security.keystore.alias=RHQ
-rhq.server.tomcat.security.keystore.file=rhq.keystore
+rhq.server.tomcat.security.keystore.file=${jboss.server.config.dir}/rhq.keystore
rhq.server.tomcat.security.keystore.password=RHQManagement
rhq.server.tomcat.security.keystore.type=JKS
-rhq.server.tomcat.security.truststore.file=rhq.truststore
+rhq.server.tomcat.security.truststore.file=${jboss.server.config.dir}/rhq.truststore
rhq.server.tomcat.security.truststore.password=RHQManagement
rhq.server.tomcat.security.truststore.type=JKS
@@ -637,32 +638,11 @@ rhq.sync.endpoint-address=false
</replace>
</target>
- <!-- This is so we can work around all the issues due to
https://issues.jboss.org/browse/AS7-6120
- so once that is fixed, we don't have to run the installer
"reconfig" automatically on startup of the server.
- Note that if we predeploy (i.e. are doing a dev build), rather than jump through
more hoops for this,
- just assume the developer knows that if they change rhq-server.properties, they
have to reconfig the server.
- We don't do anything in this target if we are building a dev build. -->
- <target name="add-auto-reconfig" unless="predeploy">
- <echo>Add auto-reconfig to rhq-server scripts so users don't have to
when changing rhq-server.properties</echo>
- <replace
file="${project.build.outputDirectory}/bin/rhq-server.sh">
- <replacefilter>
- <replacetoken># START SERVER</replacetoken>
- <replacevalue><![CDATA[export RHQ_SERVER_HOME;
${RHQ_SERVER_HOME}/bin/rhq-installer.sh --reconfig &]]></replacevalue>
- </replacefilter>
- </replace>
- <replace
file="${project.build.outputDirectory}/bin/rhq-server.bat">
- <replacefilter>
- <replacetoken>rem START SERVER</replacetoken>
- <replacevalue><![CDATA[start /B
%RHQ_SERVER_HOME%\bin\rhq-installer.bat --reconfig < nul >
nul]]></replacevalue>
- </replacefilter>
- </replace>
- </target>
<target name="prepare-release"
description="If this is a release build, make sure it is properly
prepared."
depends="initialize,
developer-release-message,
copy-dev-resources,
- add-auto-reconfig,
fix-perms,
deploy-postgres-ds,
deploy-oracle-ds">
diff --git
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/Installer.java
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/Installer.java
index 26bc2f6..36da859 100644
---
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/Installer.java
+++
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/Installer.java
@@ -47,7 +47,7 @@ public class Installer {
private InstallerConfiguration installerConfig;
private enum WhatToDo {
- DISPLAY_USAGE, DO_NOTHING, RECONFIGURE, TEST, SETUPDB, LIST_SERVERS, INSTALL
+ DISPLAY_USAGE, DO_NOTHING, TEST, SETUPDB, LIST_SERVERS, INSTALL
}
public static void main(String[] args) {
@@ -108,20 +108,6 @@ public class Installer {
}
continue;
}
- case RECONFIGURE: {
- try {
- final InstallerService installerService = new
InstallerServiceImpl(installerConfig);
- final HashMap<String, String> serverProperties =
installerService.getServerProperties();
- final boolean reconfigured =
installerService.reconfigure(serverProperties);
- if (reconfigured) {
- LOG.info("Reconfiguration is complete.");
- }
- } catch (Exception e) {
- LOG.error(ThrowableUtil.getAllMessages(e));
- System.exit(EXIT_CODE_INSTALLATION_ERROR);
- }
- continue;
- }
case INSTALL: {
try {
final InstallerService installerService = new
InstallerServiceImpl(installerConfig);
@@ -159,28 +145,25 @@ public class Installer {
usage.append("\t--force, -f: force the installer to try to install
everything").append("\n");
usage.append("\t--listservers, -l: show list of known installed servers
(install not performed)").append("\n");
usage.append("\t--setupdb, -b: only perform database schema creation or
update").append("\n");
- usage.append("\t--reconfig, -r: resets some configuration settings in an
installed server").append("\n");
usage.append("\t--dbpassword, -d: encodes a DB password for
rhq-server.properties (install not performed)")
.append("\n");
LOG.info(usage);
}
private WhatToDo[] processArguments(String[] args) throws Exception {
- String sopts = "-:HD:h:p:d:bflrt";
+ String sopts = "-:HD:h:p:d:bflt";
LongOpt[] lopts = { new LongOpt("help", LongOpt.NO_ARGUMENT, null,
'H'),
new LongOpt("host", LongOpt.REQUIRED_ARGUMENT, null, 'h'),
new LongOpt("port", LongOpt.REQUIRED_ARGUMENT, null, 'p'),
new LongOpt("dbpassword", LongOpt.REQUIRED_ARGUMENT, null,
'd'),
new LongOpt("setupdb", LongOpt.NO_ARGUMENT, null, 'b'),
new LongOpt("listservers", LongOpt.NO_ARGUMENT, null,
'l'),
- new LongOpt("reconfig", LongOpt.NO_ARGUMENT, null, 'r'),
new LongOpt("force", LongOpt.NO_ARGUMENT, null, 'f'),
new LongOpt("test", LongOpt.NO_ARGUMENT, null, 't') };
boolean test = false;
boolean listservers = false;
boolean setupdb = false;
- boolean reconfig = false;
String dbpassword = null;
Getopt getopt = new Getopt("installer", args, sopts, lopts);
@@ -267,11 +250,6 @@ public class Installer {
break; // don't return, we need to allow more args to be processed,
like -p or -h
}
- case 'r': {
- reconfig = true;
- break; // don't return, we need to allow more args to be processed,
like -p or -h
- }
-
case 't': {
test = true;
break; // don't return, we need to allow more args to be processed,
like -p or -h
@@ -286,10 +264,6 @@ public class Installer {
return new WhatToDo[] { WhatToDo.DO_NOTHING };
}
- if (reconfig) {
- return new WhatToDo[] { WhatToDo.RECONFIGURE };
- }
-
if (test || setupdb || listservers) {
ArrayList<WhatToDo> whatToDo = new ArrayList<WhatToDo>();
if (test) {
diff --git
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerService.java
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerService.java
index c1ffa48..6eff4b7 100644
---
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerService.java
+++
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerService.java
@@ -121,23 +121,6 @@ public interface InstallerService {
String existingSchemaOption) throws Exception;
/**
- * This will take server properties and reconfigure an already-installed server
- * with those values if the settings were previously hardcoded to old values (as
opposed to being
- * set to expressions that allow them to be overridden with system property
settings).
- * Note that is function is here only to workaround various bugs in AS7
- * that force us to not be able to use expressions in certain app server subsystem
attribute
- * settings - see
https://issues.jboss.org/browse/AS7-6120. Once this issues are
fixed, this
- * method will go away.
- *
- * @param serverProperties the new server properties
- * @return true if the reconfigure was at least attempted; false if the server
isn't ready to be reconfigured
- * such as when it hasn't been fully installed yet
- * @throws Exception
- */
- @Deprecated
- boolean reconfigure(HashMap<String, String> serverProperties) throws
Exception;
-
- /**
* Returns a list of all registered servers in the database.
*
* @param connectionUrl
diff --git
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerServiceImpl.java
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerServiceImpl.java
index 95b4bc3..8173e68 100644
---
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerServiceImpl.java
+++
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/InstallerServiceImpl.java
@@ -563,81 +563,6 @@ public class InstallerServiceImpl implements InstallerService {
return map;
}
- // This is here only to help users workaround
https://issues.jboss.org/browse/AS7-6120.
- // It will go away once all the issues with expression support in AS7 are fixed.
- // Notice in this method we only reconfigure some things - only the
subsystems/services
- // that didn't support expressions in their attributes are reconfigured here
since it
- // is those whose values are hardcoded and we must alter to pick up changes to
- // rhq-server.properties. All other services can pick up the property value changes
- // make to rhq-server.properties on restart (since rhq-server.properties are system
- // properties set in the AS7 instance via -P option to AS7).
- @Override
- public boolean reconfigure(HashMap<String, String> serverProperties) throws
Exception {
-
- // make sure we can connect using our configuration
- testModelControllerClient(serverProperties, 30);
-
- if (null == getInstallationResults()) {
- log("Run the installer on this server.");
- return false;
- }
-
- String appServerConfigDir = getAppServerConfigDir();
- ModelControllerClient mcc = null;
-
- try {
- mcc = getModelControllerClient();
-
- // Before we do anything, let's first make sure we really do need to
reconfigure something.
- // Check to see if everything that didn't use expressions is still the
same. If so,
- // just skip everything else and return immediate since there is nothing to
do. We don't
- // even need to reload/restart the server in this case.
- try {
- if (ServerInstallUtil.isSameDatasourceSecurityDomainExisting(mcc,
serverProperties)) {
- if (ServerInstallUtil.isSameMailServiceExisting(mcc,
serverProperties)) {
- if (ServerInstallUtil.isSameWebConnectorsExisting(mcc,
appServerConfigDir, serverProperties)) {
- if (ServerInstallUtil.isSameLoggingExisting(mcc,
serverProperties)) {
- log("Nothing in the configuration changed that
requires a reconfig - everything looks OK");
- return true; // nothing to do, return immediately
- }
- }
- }
- }
- } catch (Exception e) {
- log("Cannot determine if the config is the same, will reconfigure
just in case", e);
- }
-
- // first, put the server in admin-only mode so we can start changing things
around
- CoreJBossASClient coreClient = new CoreJBossASClient(mcc);
- coreClient.reload(true);
-
- // not sure if we have to, but see if we need to wait for the reload to
finish
- testModelControllerClient(30);
-
- mcc = getModelControllerClient(); // get a new controller
-
- // create the security domain needed by the datasources
- ServerInstallUtil.createDatasourceSecurityDomain(mcc, serverProperties);
-
- // setup the email service
- ServerInstallUtil.setupMailService(mcc, serverProperties);
-
- // setup the secure Tomcat web connectors
- ServerInstallUtil.setupWebConnectors(mcc, appServerConfigDir,
serverProperties);
-
- // setup the logging level
- ServerInstallUtil.configureLogging(mcc, serverProperties);
-
- // now restart - don't just reload, some of our stuff won't restart
properly if we just reload
- coreClient = new CoreJBossASClient(mcc);
- coreClient.restart();
- } finally {
- safeClose(mcc);
- }
-
- return true;
- }
-
/**
* Makes sure the data is at least in the correct format (booleans are true/false,
integers are valid numbers).
*
diff --git
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/ServerInstallUtil.java
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/ServerInstallUtil.java
index 687e496..d6e0d10 100644
---
a/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/ServerInstallUtil.java
+++
b/modules/enterprise/server/installer/src/main/java/org/rhq/enterprise/server/installer/ServerInstallUtil.java
@@ -167,7 +167,7 @@ public class ServerInstallUtil {
LoggingJBossASClient client = new LoggingJBossASClient(mcc);
// we want to create our own category
- String val = buildExpression(ServerProperties.PROP_LOG_LEVEL, serverProperties,
false); // enable when AS7-5321 is fixed
+ String val = buildExpression(ServerProperties.PROP_LOG_LEVEL, serverProperties,
true);
client.setLoggerLevel("org.rhq", val);
LOG.info("Logging category org.rhq set to [" + val + "]");
}
@@ -209,7 +209,7 @@ public class ServerInstallUtil {
throws Exception {
String fromAddressExpr =
buildExpression(ServerProperties.PROP_EMAIL_FROM_ADDRESS, serverProperties, true);
- String smtpHostExpr = buildExpression(ServerProperties.PROP_EMAIL_SMTP_HOST,
serverProperties, false); // enable when AS7-5321 is fixed
+ String smtpHostExpr = buildExpression(ServerProperties.PROP_EMAIL_SMTP_HOST,
serverProperties, true);
String smtpPortExpr = buildExpression(ServerProperties.PROP_EMAIL_SMTP_PORT,
serverProperties, true);
// Tweek the mail configuration that comes out of box. Setup a batch request to
write the proper attributes.
@@ -283,19 +283,13 @@ public class ServerInstallUtil {
public static void createDatasourceSecurityDomain(ModelControllerClient mcc,
HashMap<String, String> serverProperties) throws Exception {
- final String dbUsername =
serverProperties.get(ServerProperties.PROP_DATABASE_USERNAME);
- final String obfuscatedPassword =
serverProperties.get(ServerProperties.PROP_DATABASE_PASSWORD);
+ final String dbUsername =
buildExpression(ServerProperties.PROP_DATABASE_USERNAME, serverProperties, true);
+ final String obfuscatedPassword =
buildExpression(ServerProperties.PROP_DATABASE_PASSWORD, serverProperties,
+ true);
final SecurityDomainJBossASClient client = new SecurityDomainJBossASClient(mcc);
- final CoreJBossASClient coreClient = new CoreJBossASClient(mcc);
- String asVersion = coreClient.getAppServerVersion();
final String securityDomain = RHQ_DS_SECURITY_DOMAIN;
if (!client.isSecurityDomain(securityDomain)) {
- if (asVersion.startsWith("7.2")) {
- client.createNewSecureIdentitySecurityDomain72(securityDomain,
dbUsername, obfuscatedPassword);
- }
- else {
- client.createNewSecureIdentitySecurityDomain71(securityDomain,
dbUsername, obfuscatedPassword);
- }
+ client.createNewSecureIdentitySecurityDomain72(securityDomain, dbUsername,
obfuscatedPassword);
LOG.info("Security domain [" + securityDomain + "]
created");
} else {
LOG.info("Security domain [" + securityDomain + "] already
exists, skipping the creation request");
@@ -384,21 +378,12 @@ public class ServerInstallUtil {
throws Exception {
final SecurityDomainJBossASClient client = new SecurityDomainJBossASClient(mcc);
- final CoreJBossASClient coreClient = new CoreJBossASClient(mcc);
- String asRelase = coreClient.getAppServerVersion();
final String securityDomain = RHQ_REST_SECURITY_DOMAIN;
if (!client.isSecurityDomain(securityDomain)) {
String dsJndiName = "java:jboss/datasources/" +
RHQ_DATASOURCE_NAME_XA;
- if (asRelase.startsWith("7.2")) {
- client.createNewDatabaseServerSecurityDomain72(securityDomain,
dsJndiName,
- "SELECT PASSWORD FROM RHQ_PRINCIPAL WHERE principal=?",
- "SELECT 'all', 'Roles' FROM RHQ_PRINCIPAL WHERE
principal=?", null, null);
- }
- else {
- client.createNewDatabaseServerSecurityDomain71(securityDomain,
dsJndiName,
- "SELECT PASSWORD FROM RHQ_PRINCIPAL WHERE principal=?",
- "SELECT 'all', 'Roles' FROM RHQ_PRINCIPAL WHERE
principal=?", null, null);
- }
+ client.createNewDatabaseServerSecurityDomain72(securityDomain, dsJndiName,
+ "SELECT PASSWORD FROM RHQ_PRINCIPAL WHERE principal=?",
+ "SELECT 'all', 'Roles' FROM RHQ_PRINCIPAL WHERE
principal=?", null, null);
LOG.info("Security domain [" + securityDomain + "]
created");
} else {
LOG.info("Security domain [" + securityDomain + "] already
exists, skipping the creation request");
@@ -1256,15 +1241,24 @@ public class ServerInstallUtil {
LOG.info("Creating https connector...");
ConnectorConfiguration connector =
buildSecureConnectorConfiguration(configDirStr, serverProperties);
- // verify that we have a truststore file - if user is relying on our self-signed
certs, we'll have to create one for them
+ //
https://issues.jboss.org/browse/WFLY-1177 - we need to resolve the paths right
now. the user won't be able
+ // to change these again in the future unless they go directly into
standalone.xml and change it manually
String truststoreFileString =
connector.getSslConfiguration().getCaCertificateFile();
+ truststoreFileString = resolveExpression(mcc, truststoreFileString);
+ connector.getSslConfiguration().setCaCertificateFile(truststoreFileString);
+
+ String keystoreFileString =
connector.getSslConfiguration().getCertificateKeyFile();
+ keystoreFileString = resolveExpression(mcc, keystoreFileString);
+ connector.getSslConfiguration().setCertificateKeyFile(keystoreFileString);
+
+ // verify that we have a truststore file - if user is relying on our self-signed
certs, we'll have to create one for them
if (truststoreFileString == null) {
LOG.warn("Missing a valid truststore location - you must specify a valid
truststore location!");
} else {
File truststoreFile = new File(truststoreFileString);
if (!truststoreFile.exists()) {
// user didn't provide a truststore file, copy the keystore and use
it as the truststore; tell the user about this
- File keystoreFile = new
File(connector.getSslConfiguration().getCertificateKeyFile());
+ File keystoreFile = new File(keystoreFileString);
if (!keystoreFile.isFile()) {
LOG.warn("Missing both keystore [" + keystoreFile + "]
and truststore [" + truststoreFile + "]");
} else {
@@ -1283,41 +1277,64 @@ public class ServerInstallUtil {
LOG.info("https connector created.");
if (client.isConnector(connectorName)) {
+ client.changeConnector(connectorName, "max-connections",
+ buildExpression("rhq.server.startup.web.max-connections",
serverProperties, true));
client.changeConnector(connectorName, "redirect-port",
- buildExpression("rhq.server.socket.binding.port.https",
serverProperties, false));
+ buildExpression("rhq.server.socket.binding.port.https",
serverProperties, true));
} else {
LOG.warn("There doesn't appear to be a http connector configured
already - this is strange.");
}
}
+ private static String resolveExpression(ModelControllerClient mcc, String expression)
{
+ if (expression == null) {
+ return null;
+ }
+
+ CoreJBossASClient client = new CoreJBossASClient(mcc);
+ String resolvedExpression;
+ try {
+ resolvedExpression = client.resolveExpression(expression);
+
+ //
https://issues.jboss.org/browse/WFLY-1177 - app server doesn't do
recursive resolving, we have to do it here
+ while (resolvedExpression != null &&
resolvedExpression.contains("${")
+ && !resolvedExpression.equals(expression)) {
+ expression = resolvedExpression;
+ resolvedExpression = client.resolveExpression(expression);
+ }
+ } catch (Exception e) {
+ LOG.warn("Cannot resolve expression [" + expression + "]; will
use it as-is but errors may occur later.");
+ resolvedExpression = expression;
+ }
+ return resolvedExpression;
+ }
+
private static ConnectorConfiguration buildSecureConnectorConfiguration(String
configDirStr,
HashMap<String, String> serverProperties) {
SSLConfiguration ssl = new SSLConfiguration();
// truststore
-
ssl.setCaCertificateFile(getAbsoluteFileLocation("rhq.server.tomcat.security.truststore.file",
- serverProperties, configDirStr)); // this cannot be an expression - AS7
doesn't support that now
+
ssl.setCaCertificateFile(buildExpression("rhq.server.tomcat.security.truststore.file",
serverProperties, true));
ssl.setCaCertificationPassword(buildExpression("rhq.server.tomcat.security.truststore.password",
- serverProperties, false));
-
ssl.setTruststoreType(buildExpression("rhq.server.tomcat.security.truststore.type",
serverProperties, false));
+ serverProperties, true));
+
ssl.setTruststoreType(buildExpression("rhq.server.tomcat.security.truststore.type",
serverProperties, true));
// keystore
-
ssl.setCertificateKeyFile(getAbsoluteFileLocation("rhq.server.tomcat.security.keystore.file",
serverProperties,
- configDirStr)); // this cannot be an expression - AS7 doesn't support
that now
-
ssl.setPassword(buildExpression("rhq.server.tomcat.security.keystore.password",
serverProperties, false));
-
ssl.setKeyAlias(buildExpression("rhq.server.tomcat.security.keystore.alias",
serverProperties, false));
-
ssl.setKeystoreType(buildExpression("rhq.server.tomcat.security.keystore.type",
serverProperties, false));
+
ssl.setCertificateKeyFile(buildExpression("rhq.server.tomcat.security.keystore.file",
serverProperties, true));
+
ssl.setPassword(buildExpression("rhq.server.tomcat.security.keystore.password",
serverProperties, true));
+
ssl.setKeyAlias(buildExpression("rhq.server.tomcat.security.keystore.alias",
serverProperties, true));
+
ssl.setKeystoreType(buildExpression("rhq.server.tomcat.security.keystore.type",
serverProperties, true));
// SSL protocol config
-
ssl.setProtocol(buildExpression("rhq.server.tomcat.security.secure-socket-protocol",
serverProperties, false));
-
ssl.setVerifyClient(buildExpression("rhq.server.tomcat.security.client-auth-mode",
serverProperties, false));
+
ssl.setProtocol(buildExpression("rhq.server.tomcat.security.secure-socket-protocol",
serverProperties, true));
+
ssl.setVerifyClient(buildExpression("rhq.server.tomcat.security.client-auth-mode",
serverProperties, true));
// note: there doesn't appear to be a way for AS7 to support algorithm, like
SunX509 or IbmX509
// so I think it just uses the JVM's default. This means
"rhq.server.tomcat.security.algorithm" is unused
ConnectorConfiguration connector = new ConnectorConfiguration();
-
connector.setMaxConnections(buildExpression("rhq.server.startup.web.max-connections",
serverProperties, false));
+
connector.setMaxConnections(buildExpression("rhq.server.startup.web.max-connections",
serverProperties, true));
connector.setScheme("https");
connector.setSocketBinding("https");
connector.setSslConfiguration(ssl);
@@ -1502,159 +1519,4 @@ public class ServerInstallUtil {
}
}
}
-
- /**
- * This checks to see if the logging settings have the same values as those found in
the given properties.
- *
- * THIS IS ONLY HERE TO SUPPORT INSTALLER --reconfig OPTION WHICH SHOULD
- * GO AWAY ONCE AS7 SUPPORTS EXPRESSIONS WHERE WE NEED THEM - JIRA AS7-5321.
- * ONCE AS7 DOES THIS, THIS METHOD CAN GO AWAY.
- *
- * @param mcc the JBossAS management client
- * @param serverProperties contains the logging settings
- * @return true if the logging settings have the same values
- * @throws Exception
- */
- public static boolean isSameLoggingExisting(ModelControllerClient mcc,
HashMap<String, String> serverProperties) {
- try {
- LoggingJBossASClient client = new LoggingJBossASClient(mcc);
- String currentLevel = client.getLoggerLevel("org.rhq");
- String newLevel = serverProperties.get(ServerProperties.PROP_LOG_LEVEL);
- return !isEmpty(currentLevel) &&
currentLevel.equalsIgnoreCase(newLevel);
- } catch (Exception e) {
- return false; // assume they aren't the same - this may be due to the
category org.rhq just missing
- }
- }
-
- /**
- * This checks to see if the mail service already exists
- * and has the same settings as those found in the given properties.
- *
- * THIS IS ONLY HERE TO SUPPORT INSTALLER --reconfig OPTION WHICH SHOULD
- * GO AWAY ONCE AS7 SUPPORTS EXPRESSIONS WHERE WE NEED THEM - JIRA AS7-5321.
- * ONCE AS7 DOES THIS, THIS METHOD CAN GO AWAY.
- *
- * @param mcc the JBossAS management client
- * @param serverProperties contains the mail service settings
- * @return true if the mail service exists with the same settings
- * @throws Exception
- */
- public static boolean isSameMailServiceExisting(ModelControllerClient mcc,
HashMap<String, String> serverProperties)
- throws Exception {
- // we know the only problem attribute we care about is the smtp host - that's
the only
- // one we use that doesn't support expressions. So we only need to check this
one
- Address addr = Address.root().add("socket-binding-group",
"standard-sockets",
- "remote-destination-outbound-socket-binding",
"mail-smtp");
- JBossASClient client = new JBossASClient(mcc);
- String currentHost = client.getStringAttribute("host", addr);
- String host = serverProperties.get(ServerProperties.PROP_EMAIL_SMTP_HOST);
- return !isEmpty(currentHost) && currentHost.equals(host);
- }
-
- /**
- * This checks to see if the security domain for the datasources already exists
- * and has the same username/password as those found in the given properties
- *
- * THIS IS ONLY HERE TO SUPPORT INSTALLER --reconfig OPTION WHICH SHOULD
- * GO AWAY ONCE AS7 SUPPORTS EXPRESSIONS WHERE WE NEED THEM - JIRA AS7-5321.
- * ONCE AS7 DOES THIS, THIS METHOD CAN GO AWAY.
- *
- * @param mcc the JBossAS management client
- * @param serverProperties contains the obfuscated password and username to compare
- * @return true if the domain exists with the same username and password
- * @throws Exception
- */
- public static boolean isSameDatasourceSecurityDomainExisting(ModelControllerClient
mcc,
- HashMap<String, String> serverProperties) throws Exception {
-
- final String dbUsername =
serverProperties.get(ServerProperties.PROP_DATABASE_USERNAME);
- final String obfuscatedPassword =
serverProperties.get(ServerProperties.PROP_DATABASE_PASSWORD);
- final SecurityDomainJBossASClient client = new SecurityDomainJBossASClient(mcc);
- final String securityDomain = RHQ_DS_SECURITY_DOMAIN;
- boolean sameUsernamePassword = false;
- if (client.isSecurityDomain(securityDomain)) {
- boolean sameUsername = false;
- boolean samePassword = false;
- ModelNode opts;
- opts = client.getSecureIdentitySecurityDomainModuleOptions(securityDomain);
- if (opts != null) {
- List<ModelNode> optsList = opts.asList();
- for (ModelNode opt : optsList) {
- if (opt.has(SecurityDomainJBossASClient.USERNAME)) {
- sameUsername =
dbUsername.equals(opt.get(SecurityDomainJBossASClient.USERNAME).asString());
- }
- if (opt.has(SecurityDomainJBossASClient.PASSWORD)) {
- samePassword =
obfuscatedPassword.equals(opt.get(SecurityDomainJBossASClient.PASSWORD)
- .asString());
- }
- }
- }
- sameUsernamePassword = sameUsername & samePassword;
- }
- return sameUsernamePassword;
- }
-
- /**
- * This checks to see if the web connectors already exist
- * and have the same settings as those found in the given properties
- *
- * THIS IS ONLY HERE TO SUPPORT INSTALLER --reconfig OPTION WHICH SHOULD
- * GO AWAY ONCE AS7 SUPPORTS EXPRESSIONS WHERE WE NEED THEM - JIRA AS7-5321.
- * ONCE AS7 DOES THIS, THIS METHOD CAN GO AWAY.
- *
- * @param mcc the JBossAS management client
- * @param configDirStr location of a configuration directory where the keystore is to
be stored
- * @param serverProperties contains the obfuscated password and username to compare
- * @return true if the domain exists with the same username and password
- * @throws Exception
- */
- public static boolean isSameWebConnectorsExisting(ModelControllerClient mcc, String
appServerConfigDir,
- HashMap<String, String> serverProperties) throws Exception {
-
- HashMap<String, String> settingsToCheck = new HashMap<String,
String>();
- WebJBossASClient client = new WebJBossASClient(mcc);
-
- // FIRST check the https connector
- ModelNode httpsNode = client.getConnector("https");
-
- ConnectorConfiguration connectorConfig =
buildSecureConnectorConfiguration(appServerConfigDir, serverProperties);
- SSLConfiguration sslConfig = connectorConfig.getSslConfiguration();
-
- // check the https connector's main config
- settingsToCheck.clear();
- settingsToCheck.put("max-connections",
connectorConfig.getMaxConnections());
- for (Map.Entry<String, String> propToCheck : settingsToCheck.entrySet()) {
- if
(!httpsNode.get(propToCheck.getKey()).asString().equals(propToCheck.getValue())) {
- return false; // something is different, no need to check further, return
false to say we are different
- }
- }
-
- // now check the https connector's ssl config
- ModelNode sslNode =
httpsNode.get("ssl").get("configuration");
- settingsToCheck.clear();
- settingsToCheck.put("ca-certificate-file",
sslConfig.getCaCertificateFile());
- settingsToCheck.put("ca-certificate-password",
sslConfig.getCaCertificatePassword());
- settingsToCheck.put("certificate-key-file",
sslConfig.getCertificateKeyFile());
- settingsToCheck.put("key-alias", sslConfig.getKeyAlias());
- settingsToCheck.put("keystore-type", sslConfig.getKeystoreType());
- settingsToCheck.put("password", sslConfig.getPassword());
- settingsToCheck.put("protocol", sslConfig.getProtocol());
- settingsToCheck.put("truststore-type", sslConfig.getTruststoreType());
- settingsToCheck.put("verify-client", sslConfig.getVerifyClient());
- for (Map.Entry<String, String> propToCheck : settingsToCheck.entrySet()) {
- if
(!sslNode.get(propToCheck.getKey()).asString().equals(propToCheck.getValue())) {
- return false; // something is different, no need to check further, return
false to say we are different
- }
- }
-
- // SECOND check the http connector
- ModelNode httpNode = client.getConnector("http");
- String nodeString = httpNode.get("redirect-port").asString();
- String propString =
serverProperties.get("rhq.server.socket.binding.port.https");
- if (!nodeString.equals(propString)) {
- return false; // something is different, no need to check further, return
false to say we are different
- }
-
- return true;
- }
}