...
- Common commands
- Other commands
- Geronimo Plugins
...
Encrypt
Use the encrypt command to encrypt a generate an encrypted string. The encrypt command This command takes use of org.apache.geronimo.util.EncryptionManager and has the following syntax:
...
<geronimo_home>/bin/deploy <general_options>
...
encrypt
...
<string>
Where <String> specifies the <general_options> are common options that apply to all commands, <string> specifies a string to get encrypted.
Examples:
No Format |
---|
deploy -h localhost -p 1099 encrypt passw0rd
|
That command will encrypt the passw0rd string when the server is running.
No Format |
---|
deploy -o encrypt passw0rd
|
That command will encrypt the passw0rd string when the server is not running.
Install-library
Use the install-library command to install a library into server's repository. The install-library command has the following syntax:
No Format |
---|
deploy <general_options> install-library --groupId groupName <libraryFile>
|
Use the --groupId option to specify a non-default group id for the library. Otherwise, the library file will be installed with the group id named default.
Examples:
No Format |
---|
deploy -u system -p manager install-library mylib-1.0.jar
|
That command will install the mylib-1.0.jar at <geronimo_home>/repository/default/mylib/1.0/mylib-1.0.jar
No Format |
---|
deploy -u system -p manager install-library --groupId mygroup mylib-1.0.jar
|
That command will install the mylib-1.0.jar at <geronimo_home>/repository/mygroup/mylib/1.0/mylib-1.0.jar
List-modules
Use the list-modules command to list all available modules on the server, note that for running this command the server must be running. The list-modules command has the following syntax:
No Format |
---|
deploy <general_options> list-modules [--all|--started|--stopped]
|
- --all : is used by default when no other option is specified. It will list all the available modules.
- --started : this option will list only the modules that are running.
- --stopped : this option will list only the modules that are not running.
List-targets
Use the list-targets command to lists the targets known to the server you have connected to. The list-targets command has the following syntax:
No Format |
---|
deploy <general_options> list-targets
|
...
Currently password strings are plain text in deployment plans, such as datasource or JMS deployment plans within an EAR. It might pose a security problem to store password strings as plain text even though the deployment plans are only used during the deployment process, and not at runtime. Starting from Geronimo 2.1.5, users can encrypt passwords using the encrypt command and paste the encrypted strings into deployment plans as password.
Examples:
Use this syntax to encrypt string passw0rd
on an active server so that the encryption settings of that server will be used
Code Block |
---|
deploy --user myadmin --password mypassword encrypt passw0rd
|
Online encryption result:
Code Block |
---|
......
String to encrypt: passw0rd
Online encryption result:
{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNv
ZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9s
YW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEG2NoqXONCcU
GqfK0reVCpVwdAADQUVT
|
Use this syntax to encrypt string passw0rd offline
Code Block |
---|
deploy --offline encrypt passw0rd
|
Offline encryption result:
Code Block |
---|
......
String to encrypt: passw0rd
Offline encryption result:
{Simple}rO0ABXNyABlqYXZheC5jcnlwdG8uU2VhbGVkT2JqZWN0PjY9psO3VHACAARbAA1lbmNv
ZGVkUGFyYW1zdAACW0JbABBlbmNyeXB0ZWRDb250ZW50cQB+AAFMAAlwYXJhbXNBbGd0ABJMamF2YS9s
YW5nL1N0cmluZztMAAdzZWFsQWxncQB+AAJ4cHB1cgACW0Ks8xf4BghU4AIAAHhwAAAAEG2NoqXONCcU
GqfK0reVCpVwdAADQUVT
|
Note: Online encryption needs a running server to connect to and will use the encryption settings of that server, such as an encryption key, to do the encryption. As a result, the encrypted password usually can only be used for that particular server. Offline encryption uses the default encryption settings, and the encrypted password can be used by all servers. Offline encryption is thus less secure than online encryption.
Install-library
Use the install-library command to install a library into server's repository. The install-library command has the following syntax:
No Format |
---|
deploy <general_options> install-library --groupId groupName <libraryFile>
|
Use the --groupId option to specify a non-default group id for the library. Otherwise, the library file will be installed with the group id named default.
Examples:
No Format |
---|
deploy -u system -p manager install-library mylib-1.0.jar
|
That command will install the mylib-1.0.jar at <geronimo_home>/repository/default/mylib/1.0/mylib-1.0.jar
No Format |
---|
deploy -u system -p manager install-library --groupId mygroup mylib-1.0.jar
|
That command will install the mylib-1.0.jar at <geronimo_home>/repository/mygroup/mylib/1.0/mylib-1.0.jar
List-modules
Use the list-modules command to list all available modules on the server, note that for running this command the server must be running. The list-modules command has the following syntax:
No Format |
---|
deploy <general_options> list-modules [--all|--started|--stopped]
|
- --all : is used by default when no other option is specified. It will list all the available modules.
- --started : this option will list only the modules that are running.
- --stopped : this option will list only the modules that are not running.
List-targets
Use the list-targets command to lists the targets known to the server you have connected to. The list-targets command has the following syntax:
No Format |
---|
deploy <general_options> list-targets
|
In the case of Geronimo, each configuration store is a separate target. Geronimo does not yet support clusters as targets.
UnlockKeystore
Use the unlockKeystore command to unlock a keystore and private keys. The unlockKeystore command has the following syntax:
<geronimo_home>/bin/deploy <general_options> unlockKeystore <keyStoreName> <keyAlias1> <keyAlias2>
Where <keyStoreName> specifies a locked keystore to get unlocked, <keyAlias1> and <keyAlias2> are optionally used to specify one or more locked private keys in the keystore to get unlocked.
Note that before you can use the unlockKeystore command, you need to ensure that the following lines are added to <geronimo_home>/var/config/config-substitutions.properties:
Code Block |
---|
<keyStoreName>=<keyStoreEncryptedPassword>
<keyAlias1>=<keyAlias1EncryptedPassword>
<keyAlias2>=<keyAlias1EncryptedPassword>
...
|
Where
- <keyStoreName> is the name of the keystore.
- <keyStoreEncryptedPassword> is the encrypted password for the keystore, which can be generated by using the encrypt command. When you copy and paste the generated encrypted password to <geronimo_home>/var/config/config-substitutions.properties, there should be no space in the encrypted password string.
- <keyAlias1>, <keyAlias2> are the names of the private keys in the keystore.
- <keyAlias1EncryptedPassword>, <keyAlias2EncryptedPassword> are the encrypted passwords for the private keys, which can also be generated by using the encrypt command.
Examples:
Use this syntax to unlock the keystore whose name is mykeystore
Code Block |
---|
deploy --user myadmin --password mypassword unlockKeystore mykeystore
|
Use this syntax to unlock the keystore whose name is mykeystore and the private key whose alias is key1
Code Block |
---|
deploy --user myadmin --password mypassword unlockKeystore mykeystore key1
|
Install-plugin
...