4.2. Remote Console
The remote console feature allows to connect to a running ServiceMix instance from a remote computer and perform all the operations that are usually accessible from the local console.
Security warning
The remote console is currently enabled by default, but there is the default security in place is very low. The username and password that are prompted are by default not validated, so any combination will work. In production environment, we recommend disabling the server (by using the client mode) or deploying a JAAS realm to perform some real authentication. See the security documentation. To secure the channel, it is possible to use SSL encryption by changing the url as shown in the #Configuration section.
Launch options
The ServiceMix Kernel shell scripts supports a number of options to control the remote console:
console
: launch ServiceMix Kernel in the default mode (both local and remote console activated). This is the default modeserver
: launch ServiceMix Kernel in with a remote console but no local consoleclient
: launch ServiceMix Kernel in with a local console only
These options affect two system properties that can be set if you don't use the standard shell scripts:
servicemix.startLocalConsole
servicemix.startRemoteShell
Connecting to a remote Kernel
First, open a terminal and launch a Kernel in server mode (you could use a Kernel in console mode too):
bin/servicemix server
On another terminal, start a Kernel in client mode:
bin/servicemix client
Once the console appears, you can run the remote rsh
command to connect to the other Kernel:
remote rsh tcp://localhost:8101/ -u smx -p smx
You can also do that in a single command line from the prompt by appending the previous ServiceMix command to the shell command:
bin/servicemix client remote rsh tcp://localhost:8101/ -u smx -p smx
To verify that your are connected to the remote Kernel, run the following command:
info
and check the system informations.
Configuration
The TCP port is configured at the following location:
[KERNEL]/etc/org.apache.servicemix.shell.cfg
The defaut configuration is as below:
startLocalConsole=${servicemix.startLocalConsole} startRemoteShell=${servicemix.startRemoteShell} remoteShellLocation=tcp://0.0.0.0:8101/
The port used can easily be changed by changing the default port 8101
in the remoteShellLocation
property.
To switch to a secured channel using SSL encryption, edit the above file and change the remoteShellLocation
property to use SSL as below:
remoteShellLocation=tcp://0.0.0.0:8101/
The realm used by the console when authenticating remote users is named RshServer
, so you should override this realm as explained in the 4.5. Security framework. If you want to use your own keystore and truststore when enabling SSL, you can add the following properties to the configuration file:
clientKeyAlias=servicemix clientKeystore=RshKeystore clientTruststore=RshTruststore serverKeyAlias=servicemix serverKeystore=RshKeystore serverTruststore=RshTruststore
You can either deploy another set of keystores that use the above names or change the named used and deploy new keystores. The key aliases must be set to a valid key in the store that will be used to secure the communication.