You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

4.2. Remote Console

The remote console feature allows to connect to a running ServiceMix instance from a remote computer and perform all the operations that are usually accessible from the local console.

Security warning

The remote console is currently enabled by default, but there is the default security in place is very low. The username and password that are prompted are by default not validated, so any combination will work. In production environment, we recommend disabling the server (by using the client mode) or deploying a JAAS realm to perform some real authentication. See the security documentation. To secure the channel, it is possible to use SSL encryption by changing the url as shown in the #Configuration section.

Launch options

The ServiceMix Kernel shell scripts supports a number of options to control the remote console:

  • console: launch ServiceMix Kernel in the default mode (both local and remote console activated). This is the default mode
  • server: launch ServiceMix Kernel in with a remote console but no local console
  • client: launch ServiceMix Kernel in with a local console only

These options affect two system properties that can be set if you don't use the standard shell scripts:

  • servicemix.startLocalConsole
  • servicemix.startRemoteShell

Connecting to a remote Kernel

First, open a terminal and launch a Kernel in server mode (you could use a Kernel in console mode too):

bin/servicemix server

On another terminal, start a Kernel in client mode:

bin/servicemix client

Once the console appears, you can run the remote rsh command to connect to the other Kernel:

remote rsh tcp://localhost:8101/ -u smx -p smx

You can also do that in a single command line from the prompt by appending the previous ServiceMix command to the shell command:

bin/servicemix client remote rsh tcp://localhost:8101/ -u smx -p smx

To verify that your are connected to the remote Kernel, run the following command:

info

and check the system informations.

Configuration

The TCP port is configured at the following location:

[KERNEL]/etc/org.apache.servicemix.shell.cfg

The defaut configuration is as below:

startLocalConsole=${servicemix.startLocalConsole}
startRemoteShell=${servicemix.startRemoteShell}
remoteShellLocation=tcp://0.0.0.0:8101/

The port used can easily be changed by changing the default port 8101 in the remoteShellLocation property.

To switch to a secured channel using SSL encryption, edit the above file and change the remoteShellLocation property to use SSL as below:

remoteShellLocation=tcp://0.0.0.0:8101/

The realm used by the console when authenticating remote users is named RshServer, so you should override this realm as explained in the 4.5. Security framework. If you want to use your own keystore and truststore when enabling SSL, you can add the following properties to the configuration file:

clientKeyAlias=servicemix
clientKeystore=RshKeystore
clientTruststore=RshTruststore
serverKeyAlias=servicemix
serverKeystore=RshKeystore
serverTruststore=RshTruststore

You can either deploy another set of keystores that use the above names or change the named used and deploy new keystores. The key aliases must be set to a valid key in the store that will be used to secure the communication.

#top

  • No labels