Skip to content
This repository has been archived by the owner on Jul 11, 2022. It is now read-only.

Commit

Permalink
Bug 1236631 - Add a way to setup SSL settings in jboss-cli.xml
Browse files Browse the repository at this point in the history 
Added operation called "Setup CLI" which can change jboss-cli.xml according
to pluginConfiguration properties. It can configure SSL stuff + default
controller host + port. Operation is present for Standalone and Host
Controllers. When setting up jboss-cli.xml security, truststore
path+password can be either taken from plugin config and written as
plaintext (default) or if using vault, it can be copied from server's
standalone.xml. Supports all known scheme versions of jboss-cli.xml (earlier
may fail to store trustore passwords using vault)
  • Loading branch information
Libor Zoubek committed Jul 28, 2015
1 parent c9cfec0 commit ac7640c
Show file tree
Hide file tree
Showing 12 changed files with 846 additions and 3 deletions.
45 changes: 45 additions & 0 deletions ...lugins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/BaseServerComponent.java
View file
Expand Up @@ -69,6 +69,7 @@
import org.rhq.core.util.file.FileUtil;
import org.rhq.modules.plugins.jbossas7.helper.HostConfiguration;
import org.rhq.modules.plugins.jbossas7.helper.HostPort;
import org.rhq.modules.plugins.jbossas7.helper.JBossCliConfiguration;
import org.rhq.modules.plugins.jbossas7.helper.ServerPluginConfiguration;
import org.rhq.modules.plugins.jbossas7.json.Address;
import org.rhq.modules.plugins.jbossas7.json.ComplexResult;
Expand Down Expand Up @@ -449,6 +450,50 @@ protected OperationResult startServer() throws InterruptedException {
return operationResult;
}

protected OperationResult setupCli(Configuration parameters) {
OperationResult result = new OperationResult();
ServerPluginConfiguration serverConfig = getServerPluginConfiguration();
File jbossCliXml = new File(new File(serverConfig.getHomeDir(), "bin"), "jboss-cli.xml");
try {
JBossCliConfiguration config = new JBossCliConfiguration(jbossCliXml, serverConfig);
StringBuilder response = new StringBuilder();
boolean madeChanges = false;
if (Boolean.parseBoolean(parameters.getSimpleValue("defaultController", "false"))) {
String m = config.configureDefaultController();
madeChanges |= m == null;
response.append(m == null ? "Setting up Default Controller" : "Default Controller skipped : " + m);
response.append("\n");
}
if (Boolean.parseBoolean(parameters.getSimpleValue("security", "false"))) {
String storeMethod = parameters.getSimpleValue("storePasswordMethod", "PLAIN");
String m = null;
String message = "Setting up Security";
if ("PLAIN".equals(storeMethod)) {
message += " (using plain text)";
m = config.configureSecurity();
} else {
message += " (using vault)";
m = config.configureSecurityUsingVault(getHostConfig());
}
madeChanges |= m == null;
response.append(m == null ? message : "Security skipped: " + m);
response.append("\n");
}

if (madeChanges) {
config.writeToFile();
response.append("Wrote changes to " + jbossCliXml);
result.setSimpleResult(response.toString());
} else {
result.setSimpleResult(jbossCliXml + " was not updated");
}
} catch (Exception e) {
getLog().error("Failed to setup CLI", e);
result.setErrorMessage("Failed to setup CLI : " + e.getMessage());
}
return result;
}

/**
* runs jboss-cli executable and returns its output
* @param parameters input configuration (either commands or file sipmle-property is expected)
Expand Down
2 changes: 2 additions & 0 deletions ...ns/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/HostControllerComponent.java
View file
Expand Up @@ -126,6 +126,8 @@ public OperationResult invokeOperation(String name, Configuration parameters) th
operationResult = restartServer(parameters);
} else if (name.equals("executeCommands") || name.equals("executeScript")) {
return runCliCommand(parameters);
} else if (name.equals("setupCli")) {
return setupCli(parameters);
} else if (name.equals("shutdown")) {
// This is a bit trickier, as it needs to be executed on the level on /host=xx
String domainHost = getASHostName();
Expand Down
2 changes: 2 additions & 0 deletions ...gins/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/StandaloneASComponent.java
View file
Expand Up @@ -194,6 +194,8 @@ public OperationResult invokeOperation(String name, Configuration parameters) th
return installManagementUser(parameters, pluginConfiguration);
} else if (name.equals("executeCommands") || name.equals("executeScript")) {
return runCliCommand(parameters);
} else if (name.equals("setupCli")) {
return setupCli(parameters);
}

// reload, shutdown go to the remote server
Expand Down
58 changes: 56 additions & 2 deletions ...s/jboss-as-7/src/main/java/org/rhq/modules/plugins/jbossas7/helper/HostConfiguration.java
View file
Expand Up @@ -25,7 +25,10 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.util.LinkedHashMap;
import java.util.Map;

import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.xpath.XPath;
Expand Down Expand Up @@ -397,6 +400,54 @@ public String getManagementSecurityRealm() {
return realm;
}

/**
* read server SSL key-store information
* @return null if not present
*/
public TruststoreConfig getServerIdentityKeystore() {
String mgmtRealm = getManagementSecurityRealm();
if (mgmtRealm != null) {
Node keyStoreNode = (Node) xpathExpression("//management/security-realms/security-realm[@name='"
+ mgmtRealm + "']/server-identities/ssl/keystore", XPathConstants.NODE);
return TruststoreConfig.fromXmlNode(keyStoreNode);
}
return null;
}

/**
* read trust-store information for 2-way authentication
* @return null if not present
*/
public TruststoreConfig getClientAuthenticationTruststore() {
String mgmtRealm = getManagementSecurityRealm();
if (mgmtRealm != null) {
Node keyStoreNode = (Node) xpathExpression("//management/security-realms/security-realm[@name='"
+ mgmtRealm + "']/authentication/truststore", XPathConstants.NODE);
return TruststoreConfig.fromXmlNode(keyStoreNode);
}
return null;
}

/**
* read vault configuration
* @return vault configuration (key,value of vault-options) or null if vault is not present
*/
public Map<String, String> getVault() {

Node vaultNode = (Node) xpathExpression("//vault", XPathConstants.NODE);
if (vaultNode == null) {
return null;
}
Map<String, String> vault = new LinkedHashMap<String, String>();
NodeList vaultOptions = (NodeList) xpathExpression("//vault/vault-option", XPathConstants.NODESET);
for (int i=0; i< vaultOptions.getLength(); i++) {
Node option = vaultOptions.item(i);
vault.put(option.getAttributes().getNamedItem("name").getNodeValue(),
option.getAttributes().getNamedItem("value").getNodeValue());
}
return vault;
}

/**
* @Deprecated use {@link HostConfiguration#getSecurityPropertyFile(ServerPluginConfiguration, String)} instead
*/
Expand Down Expand Up @@ -462,11 +513,14 @@ public String getDomainApiVersion() {
* @throws IllegalArgumentException if hostXml is null
*/
public String obtainXmlPropertyViaXPath(String xpathExpression) {
return (String) xpathExpression(xpathExpression, XPathConstants.STRING);
}

private Object xpathExpression(String xpathExpression, QName returnType) {
XPath xpath = this.xpathFactory.newXPath();
try {
XPathExpression expr = xpath.compile(xpathExpression);
Object result = expr.evaluate(this.document, XPathConstants.STRING);
return result.toString();
return expr.evaluate(this.document, returnType);
} catch (XPathExpressionException e) {
log.error("Evaluation of XPath expression failed: " + e.getMessage());
return null;
Expand Down

0 comments on commit ac7640c

Please sign in to comment.