Jump to: navigation, search

Difference between revisions of "Gyrex/Administrator Guide/Console"

(Authorization)
(added description about SSL/BASIC authentication support)
Line 1: Line 1:
 +
== Web Console ==
 +
A web based administration console is available in Gyrex. By default it is started using a separate, embedded Jetty engine on an internal port. This allows for maximum flexibility and is independent of the main Jetty web server in Gyrex.
 +
 +
To open the web console please open a browser and enter the URL <code>http://localhost:3110/</code>.
 +
 +
=== Protecting Access to the Web Console ===
 +
Access to the web console is not protected by default in development mode. The console runs on a different port which should have protected access by firewalls already. In addition it's also possible to secure access to the web console using a pluggable authentication scheme. Out of the box, BASIC authentication with encryption using SSL is possible.
 +
 +
In order to enable secure encryption and basic authentication the following two system properties must be set (either in config.ini or using command line arguments when launching the server.
 +
<pre>
 +
  -Dgyrex.admin.secure=true
 +
  -Dgyrex.admin.auth=BASIC/username/passwordhash
 +
</pre>
 +
 +
Please have a look at [[Jetty/Howto/Secure_Passwords|Secure Passwords]] for instructions on how to produce the password hash.
 +
 
== OSGi Console ==
 
== OSGi Console ==
 
Gyrex integrates the Equinox Console which is based on the Apache GoGo Shell. Countless console commands are provided in order to simplify administration of a Gyrex cloud. The Equinox Console is extensible and Gyrex also includes ARGS4J which allows developing additional commands using annotations.
 
Gyrex integrates the Equinox Console which is based on the Apache GoGo Shell. Countless console commands are provided in order to simplify administration of a Gyrex cloud. The Equinox Console is extensible and Gyrex also includes ARGS4J which allows developing additional commands using annotations.

Revision as of 05:52, 4 March 2013

Web Console

A web based administration console is available in Gyrex. By default it is started using a separate, embedded Jetty engine on an internal port. This allows for maximum flexibility and is independent of the main Jetty web server in Gyrex.

To open the web console please open a browser and enter the URL http://localhost:3110/.

Protecting Access to the Web Console

Access to the web console is not protected by default in development mode. The console runs on a different port which should have protected access by firewalls already. In addition it's also possible to secure access to the web console using a pluggable authentication scheme. Out of the box, BASIC authentication with encryption using SSL is possible.

In order to enable secure encryption and basic authentication the following two system properties must be set (either in config.ini or using command line arguments when launching the server.

  -Dgyrex.admin.secure=true
  -Dgyrex.admin.auth=BASIC/username/passwordhash

Please have a look at Secure Passwords for instructions on how to produce the password hash.

OSGi Console

Gyrex integrates the Equinox Console which is based on the Apache GoGo Shell. Countless console commands are provided in order to simplify administration of a Gyrex cloud. The Equinox Console is extensible and Gyrex also includes ARGS4J which allows developing additional commands using annotations.

Terminal

In order to activate the OSGi Console one simply needs to pass the "-console" command line argument when starting Gyrex using the gyrex executable. This is the default in all Gyrex server packages.

SSH

The OSGi Console is also available via SSH. This is the recommended way of connecting to production systems. However, please be careful with the close/exit commands. The SSH console listens on port 3122.

Authorization

Currently only key-based authorization is supported in the Gyrex bundled SSH console. Also, the OSGi SSH console does not support different roles/permissions. Thus, every logged in user can execute all commands. In order to be able to login an authorized_keys file need to be created in the instance data location at <runtime-workspace>/etc/.ssh/authorized_keys. That's a regular authorized_keys file as typically found on Linux systems. When connecting to the SSH console using a key any username is sufficient.