Versions Compared

Old Version 6

changes.mady.by.user Guillaume Nodet

Saved on

compared with

New Version Current

changes.mady.by.user Guillaume Nodet

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

Anchortoptop

4.2. Remote Console

The remote console feature allows to connect to a running ServiceMix Karaf instance from a remote computer and perform all the operations that are usually accessible from the local console.

...

...

The remote console is currently enabled by default, but there is the default security in place is very low. The username and password that are prompted are by default not validated, so any combination will work. In production environment, we recommend disabling the server (by using the client mode) or deploying a JAAS realm to perform some real authentication. See the security documentation. To secure the channel, it is possible to use SSL encryption by changing the url as shown in the #Configuration section.

Launch options

The ServiceMix Kernel Karaf shell scripts supports a number of options to control the remote console:

  • console: launch ServiceMix Kernel Karaf in the default mode (both local and remote console activated). This is the default mode
  • server: launch ServiceMix Kernel Karaf in with a remote console but no local console
  • client: launch ServiceMix Kernel Karaf in with a local console only

These options affect two system properties that can be set if you don't use the standard shell scripts:

  • servicemixkaraf.startLocalConsole
  • servicemixkaraf.startRemoteShell

...

Using the client jar

It is also possible to use a more lightweight way to connect to a Karaf instance using the following command line:

...

There are a few parameters that can be set on the command line to change the URL used to connect to Karaf, the user or the password.
All these parameters are detailed in the help screen:

...

For example, to shut down Karaf from the command line, you can run the following command:

...

The client jar also supports passing command line arguments to the remote Karaf.

...

#top

Using an SSH client

You can use any standard SSH client to connect to a Karaf instance. The default port is 8101.

...

#top

Using another Karaf instance

First, open a terminal and launch a Kernel Karaf in server mode (you could use a Kernel Karaf instance in console mode too):

...

On another terminal, start a Kernel another Karaf instance in client mode:

...

...

At this point in time, you can not use the same

...

Karaf installation to start both the server and the client, so you need to create a new instance using the 'admin create xxx' command and use that one to start the client. If you are on a different host or already use another copy of

...

Karaf, this requirement does not hold.

Once the console appears, you can run the remote rsh command to connect to the other Kernel:

Code Block

remote rsh tcp://localhost:8101/ -u smx -p smx

You can also do that in a single command line from the prompt by appending the previous ServiceMix command to the shell command:

...

To verify that your are connected to the remote Kernelinstance, run the following command:

...

...

and check the system informations.

Configuration

The TCP port is configured at the following location:

...

...

The defaut configuration is as below:

...

The port used can easily be changed by changing the default port 8101 in the remoteShellLocation property.

To switch to a secured channel using SSL encryption, edit the above file and change the remoteShellLocation property to use SSL as below:

Code Block

remoteShellLocation=tcp://0.0.0.0:8101/

sshPort property.

The security The realm used by the console when authenticating remote users is named RshServer karaf, so you should can override this realm as explained in the 4.5. Security framework. If you want to use your own keystore and truststore when enabling SSL, you can add the following properties to the configuration file:

Code Block

clientKeyAlias=servicemix
clientKeystore=RshKeystore
clientTruststore=RshTruststore
serverKeyAlias=servicemix
serverKeystore=RshKeystore
serverTruststore=RshTruststore

You can either deploy another set of keystores that use the above names or change the named used and deploy new keystores. The key aliases must be set to a valid key in the store that will be used to secure the communication.

#top

Using the client jar

From Apache ServiceMix Kernel 1.1.0 and posterior versions, it is possible to use a more lightweight way to connect to a ServiceMix Kernel instance using the following command line:

Code Block

java -jar lib/servicemix-client.jar

There are a few parameters that can be set on the command line to change the URL used to connect to the Kernel, the user or the password.
All these parameters are detailed in the help screen:

Panel
bgColor#000000

No Format
nopaneltrue

> java -jar lib/servicemix-client.jar --help
Apache ServiceMix Kernel client
  -a [address]  specify the URL to connect to
  -u [user]     specify the user name
  -p [password] specify the password
  --help        shows this help message
  [commands]    commands to run
If no commands are specified, the client will be put in an interactive mode

For example, to shut down the Kernel from the command line, you can run the following command:

Panel
bgColor#000000

No Format
nopaneltrue

> java -jar lib/servicemix-client.jar osgi shutdown
Connected
>

#top

Programmatically connect to the Kernel

A connection to the kernel can also be done programmatically.
You can find a code example from the client library mentionned in the previous section.

Code Block
langjava

import org.apache.geronimo.gshell.remote.crypto.CryptoContext;
import org.apache.geronimo.gshell.remote.client.RshClient;
import org.apache.geronimo.gshell.remote.client.RemoteExecuteException;
import org.apache.geronimo.gshell.remote.client.handler.EchoHandler;
import org.apache.geronimo.gshell.remote.client.handler.ClientMessageHandler;
import org.apache.geronimo.gshell.whisper.transport.TransportException;
import org.apache.geronimo.gshell.whisper.transport.TransportFactory;
import org.apache.geronimo.gshell.whisper.transport.TransportFactoryLocator;
import org.apache.geronimo.gshell.whisper.transport.tcp.SpringTcpTransportFactory;
import org.apache.geronimo.gshell.whisper.stream.StreamFeeder;
import org.apache.geronimo.gshell.layout.NotFoundException;
import org.apache.geronimo.gshell.ExitNotification;

public class Main {

    public static void main(String[] args) throws Exception {
        RshClient client = null;
        try {
            CryptoContext context = new CryptoContext("RSA", null);
            List<ClientMessageHandler> handlers = new LinkedList<ClientMessageHandler>();
            handlers.add(new EchoHandler());
            client = new RshClient(context, new Locator(), handlers);

            client.initialize();
            client.connect(address, new URI("tcp://0.0.0.0:0"));
            client.login(user, password);
            StreamFeeder outputFeeder = new StreamFeeder(client.getInputStream(), System.out);
            outputFeeder.createThread().start();
            client.openShell();
            System.out.println("Connected");

            client.execute(args[0]);
        } catch (ExitNotification e) {
            System.exit(0);
        } catch (Throwable t) {
            t.printStackTrace();
            System.exit(1);
        } finally {
            try {
                client.closeShell();
                client.close();
            } catch (Throwable t) { }
        }
        System.exit(0);
    }

    private static class Locator implements TransportFactoryLocator {
        SpringTcpTransportFactory factory = new SpringTcpTransportFactory();

        public TransportFactory locate(URI arg0) throws TransportException {
            return factory;
        }

    }
}

You can find a more complete example at the following location.

#top

Wiki Markup
{scrollbar}

security section.

#top

...