geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Russell E Glaue <rgl...@cait.org>
Subject Re: PortOffset for o.a.karaf.shell.ssh
Date Tue, 30 Aug 2011 20:47:55 GMT
How about this idea.
Have the ability to turn the karaf SSH service on and off. And have it off by 
default. Then we do not have to worry about telling novice users what to do, and 
more expert users will figure it out only when they want that extra service.


In the configuration file: /etc/org.apache.karaf.shell.cfg
Keep the "sshPort" attribute as it is.
Add another attribute (e.g. "serviceStart") that has a true/false value.

By default the "serviceStart" would be false.
If a user wanted the SSH service, they would have to set the attribute to true. 
And if they wanted more than one instance, they would have to set the sshPort 
for each instance - as you discussed.

Then, put in a JIRA issue to have the karaf "sshPort" attribute integrated into 
the "var/config-substitutions.properties". Which can happen way down the road.


And with this, this extra service can be used by more expert users who do not 
mind editing the configuration in multiple places. Novice users don't have to 
worry about it - so it won't be in the way to cause extra confusion.

Also, having the SSH service off (false) should decrease the memory footprint 
(as opposed to when true) as that service should not start up.
Having the SSH service on means the admin user additionally needs to secure that 
port on the server. So having that turned off by default also makes Geronimo 
more secure out of the box.



-RG


On 08/30/2011 11:28 AM, David Jencks wrote:
> Hi Rex,
>
> I don't have a good idea how to do something like this in karaf. It would have
> to work through config admin since any service opening a socket should get the
> port from config admin (the shell does). So I think we would need some kind of
> config admin administration tool that would shift all the port values by some
> constant. I haven't looked into anything about how to implement something like
> this.
>
> thanks
> david jencks
>
> On Aug 30, 2011, at 2:29 AM, Rex Wang wrote:
>
>> Hi Devs
>>
>> I send this mail to only Geronimo mailing list because I hope we could discuss
>> it first before we request this ability in karaf.
>>
>> Currently, in Geronimo 3.0, all the port/portoffset settings have been unified
>> in config-substitutions.properties like before, except the settings for
>> o.a.karaf.shell.ssh.
>> karaf.shell.ssh can help user access our shell from remote through the port
>> 8101. In Geronimo startup script, by setting
>> CONSOLE_OPTS=-Dkaraf.startLocalConsole=true *-Dkaraf.startRemoteShell=true*,
>> we can enable this feature. It retrieves the settings in
>> /etc/org.apache.karaf.shell.cfg from config admin service.
>> However, it did not define the port offset value. If user wanna start 2 server
>> instances in one machine, he has to manually set the portoffset in
>> config-substitutions and also modify the "sshPort" in the
>> /etc/org.apache.karaf.shell.cfg. Otherwise, the port 8101 will only work for
>> the server instance that start later.
>>
>> The question is, if we want karaf add the ability to set the port offset, how
>> do we hope them implement it? They indeed can simply add a setting in
>> org.apache.karaf.shell.cfg named "sshPortoffset" to do this. But our user
>> still need change 2 places if they want to change the portoffset. Shall we
>> persuade them to add the ability to load the settings from a location(i.e.
>> var/config-substitutions.properties for us) or there are better practices?
>>
>> David, IIRC, you ever mentioned you hope get rid of the config-substitutions
>> in future geronimo. Then how to unify the portoffset settings, that is,
>> changing in one place will make all components take the effect?
>>
>> Any insights?
>>
>> thanks,
>> --
>> Lei Wang (Rex)
>> rwonly AT apache.org <http://apache.org/>
>

Mime
View raw message