brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aleds...@apache.org
Subject [1/2] brooklyn-docs git commit: Default is no credentials required
Date Wed, 04 Jan 2017 10:51:27 GMT
Repository: brooklyn-docs
Updated Branches:
  refs/heads/master 84f1fe282 -> ff161c61f


Default is no credentials required


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/commit/9f971052
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/tree/9f971052
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-docs/diff/9f971052

Branch: refs/heads/master
Commit: 9f9710526a0029295e0e4b7849c14f21ee3aeb5b
Parents: 84f1fe2
Author: Aled Sage <aled.sage@gmail.com>
Authored: Tue Dec 27 14:25:00 2016 +0000
Committer: Aled Sage <aled.sage@gmail.com>
Committed: Wed Jan 4 10:23:56 2017 +0000

----------------------------------------------------------------------
 guide/ops/brooklyn_properties.md          | 12 ++++++------
 guide/ops/gui/running.md                  |  9 +++++----
 guide/ops/server-cli-reference.md         |  8 +++++---
 guide/ops/starting-stopping-monitoring.md |  6 +++---
 guide/start/running.md                    |  8 +++++---
 5 files changed, 24 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/9f971052/guide/ops/brooklyn_properties.md
----------------------------------------------------------------------
diff --git a/guide/ops/brooklyn_properties.md b/guide/ops/brooklyn_properties.md
index e9f032a..87ce641 100644
--- a/guide/ops/brooklyn_properties.md
+++ b/guide/ops/brooklyn_properties.md
@@ -21,10 +21,11 @@ with abundant comments.
 
 ## Quick Setup
 
-The most common properties set in this file are for access control.
-Without this, Brooklyn will bind only to localhost or will create a random
-password written to the log for use on other networks.
-The simplest way to specify users and passwords is:
+The most common properties set in this file are for access control. Without this, Brooklyn's

+web-console and REST api will require no authentication.
+
+The simplest way to specify users and passwords is shown below (but see the 
+[Authentication](#authentication) section for how to avoid storing passwords in plain text):
  
 {% highlight properties %}
 brooklyn.webconsole.security.users=admin,bob
@@ -36,8 +37,7 @@ The properties file *must* have permissions 600
 (i.e. readable and writable only by the file's owner),
 for some security.
 
-In many cases, it is preferable instead to use an external credentials store such as LDAP
-or at least to have passwords in this file.
+In many cases, it is preferable instead to use an external credentials store such as LDAP.
 Information on configuring these is [below](#authentication). 
 
 If coming over a network it is highly recommended additionally to use `https`.

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/9f971052/guide/ops/gui/running.md
----------------------------------------------------------------------
diff --git a/guide/ops/gui/running.md b/guide/ops/gui/running.md
index f73ffb2..05ed0fa 100644
--- a/guide/ops/gui/running.md
+++ b/guide/ops/gui/running.md
@@ -32,10 +32,11 @@ Please refer to the [Server CLI Reference](../server-cli-reference.html)
for det
 Brooklyn will output the address of the management interface:
 
 <pre>
-INFO  No security provider options specified. ...
-INFO  Starting Brooklyn web-console with passwordless access on localhost ...
-INFO  Starting brooklyn web-console on loopback interface because no security config is set
-INFO  Started Brooklyn console at http://127.0.0.1:8081/, running classpath://brooklyn.war
+INFO  Starting Brooklyn web-console with no security options (defaulting to no authentication),
on bind address <any>
+INFO  Started Brooklyn console at http://127.0.0.1:8081/, running classpath://brooklyn.war@
+INFO  Persistence disabled
+INFO  High availability disabled
+INFO  Launched Brooklyn; will now block until shutdown command received via GUI/API (recommended)
or process interrupt.
 </pre>
 
 _Notice! Before launching Apache Brooklyn, please check the `date` on the local machine.

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/9f971052/guide/ops/server-cli-reference.md
----------------------------------------------------------------------
diff --git a/guide/ops/server-cli-reference.md b/guide/ops/server-cli-reference.md
index 6ce34e6..102b6b0 100644
--- a/guide/ops/server-cli-reference.md
+++ b/guide/ops/server-cli-reference.md
@@ -14,9 +14,11 @@ To launch Brooklyn, from the directory where Brooklyn is unpacked, run:
 % nohup bin/brooklyn launch > /dev/null 2>&1 &
 {% endhighlight %}
 
-With no configuration, this will launch the Brooklyn web console and REST API on [`http://localhost:8081/`](http://localhost:8081/).
-No password is set, but the server is listening only on the loopback network interface for
security.
-Once [security is configured](brooklyn_properties.html), Brooklyn will listen on all network
interfaces by default.
+With no configuration, this will launch the Brooklyn web console and REST API on [`http://localhost:8081/`](http://localhost:8081/),
+listening on all network interfaces. No credentials are required by default. For a production

+system, or if Apache Brooklyn is publicly reachable, it is strongly recommended to 
+[configure security](brooklyn_properties.html).
+
 By default, Brooklyn will write log messages at the INFO level or above to `brooklyn.info.log`
and messgages at the
 DEBUG level or above to `brooklyn.debug.log`. Redirecting the output to `/dev/null` prevents
the default console output
 being written to `nohup.out`.

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/9f971052/guide/ops/starting-stopping-monitoring.md
----------------------------------------------------------------------
diff --git a/guide/ops/starting-stopping-monitoring.md b/guide/ops/starting-stopping-monitoring.md
index c931d94..e6196ea 100644
--- a/guide/ops/starting-stopping-monitoring.md
+++ b/guide/ops/starting-stopping-monitoring.md
@@ -29,9 +29,9 @@ To launch Brooklyn, from the directory where Brooklyn is unpacked, run:
 % bin/brooklyn launch > /dev/null 2>&1 & disown
 {% endhighlight %}
 
-With no configuration, this will launch the Brooklyn web console and REST API on [`http://localhost:8081/`](http://localhost:8081/).
-No password is set, but the server is listening only on the loopback network interface for
security.
-Once [security is configured](brooklyn_properties.html), Brooklyn will listen on all network
interfaces by default.
+With no configuration, this will launch the Brooklyn web console and REST API on [`http://localhost:8081/`](http://localhost:8081/),
+listening on all network interfaces. No credentials are required by default. It is strongly
+recommended to [configure security](brooklyn_properties.html).
 
 See the [Server CLI Reference](server-cli-reference.html) for more information
 about the Brooklyn server process.

http://git-wip-us.apache.org/repos/asf/brooklyn-docs/blob/9f971052/guide/start/running.md
----------------------------------------------------------------------
diff --git a/guide/start/running.md b/guide/start/running.md
index 025628d..9a421e4 100644
--- a/guide/start/running.md
+++ b/guide/start/running.md
@@ -134,13 +134,15 @@ Extract this zip file to a directory on your computer such as `c:\Program
Files\
 
 ---
 
-It is not necessary at this time, but depending on what you are going to do, 
-you may wish to set up other configuration options first:
+By default, no authentication is required and the web-console will listen on all network
interfaces.
+For a production system, or if Apache Brooklyn is publicly reachable, it is strongly recommended

+to configure security. Documentation of configuration options include:
  
 * [Security]({{ site.path.guide }}/ops/brooklyn_properties.html)
 * [Persistence]({{ site.path.guide }}/ops/persistence/)
 * [Cloud credentials]({{ site.path.guide }}/ops/locations/)
 
+
 ## Launch Apache Brooklyn
 
 <ul class="nav nav-tabs">
@@ -187,7 +189,7 @@ The application should then output its logs to `/var/log/brooklyn/apache-brookly
 
 <strong class="hidden started-pdf-include">c) Ubuntu / Debian</strong>
 
-Apache Brooklyn should now have been installed and be running as a system service. It can
stopped and started with the standard service commands:
+Apache Brooklyn should now have been installed and be running as a system service. It can
be stopped and started with the standard service commands:
 
 {% highlight bash %}
 $ sudo service brooklyn start|stop|restart|status


Mime
View raw message