Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
Difference between revisions of "Gyrex/Administrator Guide/Console"
m (added links) |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | == Web Console == | ||
| + | A web based administration console is available in Gyrex. By default it is started using a separate, embedded Jetty engine on an internal port. This allows for maximum flexibility and is independent of the main Jetty web server in Gyrex. | ||
| + | |||
| + | To open the web console please open a browser and enter the URL <code>http://localhost:3110/</code>. | ||
| + | |||
| + | === Protecting Access to the Web Console === | ||
| + | Access to the web console is not protected by default in development mode. The console runs on a different port which should have protected access by firewalls already. In addition it's also possible to secure access to the web console using a pluggable authentication scheme. Out of the box, BASIC authentication with encryption using SSL is possible. | ||
| + | |||
| + | In order to enable secure encryption and basic authentication the following two system properties must be set (either in config.ini or using command line arguments when launching the server. | ||
| + | <pre> | ||
| + | -Dgyrex.admin.secure=true | ||
| + | -Dgyrex.admin.auth=BASIC/username/passwordhash | ||
| + | </pre> | ||
| + | |||
| + | Please have a look at [[Jetty/Howto/Secure_Passwords|Secure Passwords]] for instructions on how to produce the password hash. | ||
| + | |||
== OSGi Console == | == OSGi Console == | ||
Gyrex integrates the Equinox Console which is based on the Apache GoGo Shell. Countless console commands are provided in order to simplify administration of a Gyrex cloud. The Equinox Console is extensible and Gyrex also includes ARGS4J which allows developing additional commands using annotations. | Gyrex integrates the Equinox Console which is based on the Apache GoGo Shell. Countless console commands are provided in order to simplify administration of a Gyrex cloud. The Equinox Console is extensible and Gyrex also includes ARGS4J which allows developing additional commands using annotations. | ||
| Line 7: | Line 23: | ||
=== SSH === | === SSH === | ||
The OSGi Console is also available via SSH. This is the recommended way of connecting to production systems. However, please [https://bugs.eclipse.org/bugs/show_bug.cgi?id=378969 be careful with the close/exit commands]. The SSH console listens on port '''3122'''. | The OSGi Console is also available via SSH. This is the recommended way of connecting to production systems. However, please [https://bugs.eclipse.org/bugs/show_bug.cgi?id=378969 be careful with the close/exit commands]. The SSH console listens on port '''3122'''. | ||
| + | |||
| + | ==== Authorization ==== | ||
| + | Currently only key-based authorization is supported in the Gyrex bundled SSH console. Also, the OSGi SSH console does not support different roles/permissions. Thus, every logged in user can execute all commands. In order to be able to login an <code>authorized_keys</code> file need to be created in the instance data location at <code><runtime-workspace>/etc/.ssh/authorized_keys</code>. That's a regular <code>authorized_keys</code> file as typically found on Linux systems ([http://www.eng.cam.ac.uk/help/jpmg/ssh/authorized_keys_howto.html 1], [http://man.he.net/man5/authorized_keys 2]). When connecting to the SSH console using a key any username is sufficient. | ||
Latest revision as of 09:51, 23 April 2013
Contents
Web Console
A web based administration console is available in Gyrex. By default it is started using a separate, embedded Jetty engine on an internal port. This allows for maximum flexibility and is independent of the main Jetty web server in Gyrex.
To open the web console please open a browser and enter the URL http://localhost:3110/.
Protecting Access to the Web Console
Access to the web console is not protected by default in development mode. The console runs on a different port which should have protected access by firewalls already. In addition it's also possible to secure access to the web console using a pluggable authentication scheme. Out of the box, BASIC authentication with encryption using SSL is possible.
In order to enable secure encryption and basic authentication the following two system properties must be set (either in config.ini or using command line arguments when launching the server.
-Dgyrex.admin.secure=true -Dgyrex.admin.auth=BASIC/username/passwordhash
Please have a look at Secure Passwords for instructions on how to produce the password hash.
OSGi Console
Gyrex integrates the Equinox Console which is based on the Apache GoGo Shell. Countless console commands are provided in order to simplify administration of a Gyrex cloud. The Equinox Console is extensible and Gyrex also includes ARGS4J which allows developing additional commands using annotations.
Terminal
In order to activate the OSGi Console one simply needs to pass the "-console" command line argument when starting Gyrex using the gyrex executable. This is the default in all Gyrex server packages.
SSH
The OSGi Console is also available via SSH. This is the recommended way of connecting to production systems. However, please be careful with the close/exit commands. The SSH console listens on port 3122.
Authorization
Currently only key-based authorization is supported in the Gyrex bundled SSH console. Also, the OSGi SSH console does not support different roles/permissions. Thus, every logged in user can execute all commands. In order to be able to login an authorized_keys file need to be created in the instance data location at <runtime-workspace>/etc/.ssh/authorized_keys. That's a regular authorized_keys file as typically found on Linux systems (1, 2). When connecting to the SSH console using a key any username is sufficient.