Return-Path: X-Original-To: apmail-geronimo-dev-archive@www.apache.org Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2EE298F2F for ; Tue, 30 Aug 2011 20:48:26 +0000 (UTC) Received: (qmail 78461 invoked by uid 500); 30 Aug 2011 20:48:25 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 78358 invoked by uid 500); 30 Aug 2011 20:48:25 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 78351 invoked by uid 99); 30 Aug 2011 20:48:24 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Aug 2011 20:48:24 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [209.174.123.75] (HELO samarium-v1.sys.ma.cait.org) (209.174.123.75) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Aug 2011 20:48:17 +0000 Received: from vanadium.cait.org ([209.174.123.67] helo=vanadium.sys.ma.cait.org) by samarium-v1.sys.ma.cait.org with esmtp (Exim 4.63) (envelope-from ) id 1QyVDv-0000Lg-Ro for dev@geronimo.apache.org; Tue, 30 Aug 2011 15:47:56 -0500 Received: from localhost (localhost.localdomain [127.0.0.1]) by vanadium.sys.ma.cait.org (Postfix) with ESMTP id CE0558694002 for ; Tue, 30 Aug 2011 15:47:55 -0500 (CDT) X-Virus-Scanned: amavisd-new at vanadium.sys.ma.cait.org Received: from vanadium.sys.ma.cait.org ([127.0.0.1]) by localhost (vanadium.sys.ma.cait.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KB+3iJq8LPK4 for ; Tue, 30 Aug 2011 15:47:55 -0500 (CDT) Received: from russ-linux.cait.org (unknown [10.0.0.18]) by vanadium.sys.ma.cait.org (Postfix) with ESMTPSA id AF89B8694001 for ; Tue, 30 Aug 2011 15:47:55 -0500 (CDT) Message-ID: <4E5D4C7B.5060709@cait.org> Date: Tue, 30 Aug 2011 15:47:55 -0500 From: Russell E Glaue User-Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20110812 Thunderbird/6.0 MIME-Version: 1.0 To: dev@geronimo.apache.org Subject: Re: PortOffset for o.a.karaf.shell.ssh References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.6 (--) How about this idea. Have the ability to turn the karaf SSH service on and off. And have it off by default. Then we do not have to worry about telling novice users what to do, and more expert users will figure it out only when they want that extra service. In the configuration file: /etc/org.apache.karaf.shell.cfg Keep the "sshPort" attribute as it is. Add another attribute (e.g. "serviceStart") that has a true/false value. By default the "serviceStart" would be false. If a user wanted the SSH service, they would have to set the attribute to true. And if they wanted more than one instance, they would have to set the sshPort for each instance - as you discussed. Then, put in a JIRA issue to have the karaf "sshPort" attribute integrated into the "var/config-substitutions.properties". Which can happen way down the road. And with this, this extra service can be used by more expert users who do not mind editing the configuration in multiple places. Novice users don't have to worry about it - so it won't be in the way to cause extra confusion. Also, having the SSH service off (false) should decrease the memory footprint (as opposed to when true) as that service should not start up. Having the SSH service on means the admin user additionally needs to secure that port on the server. So having that turned off by default also makes Geronimo more secure out of the box. -RG On 08/30/2011 11:28 AM, David Jencks wrote: > Hi Rex, > > I don't have a good idea how to do something like this in karaf. It would have > to work through config admin since any service opening a socket should get the > port from config admin (the shell does). So I think we would need some kind of > config admin administration tool that would shift all the port values by some > constant. I haven't looked into anything about how to implement something like > this. > > thanks > david jencks > > On Aug 30, 2011, at 2:29 AM, Rex Wang wrote: > >> Hi Devs >> >> I send this mail to only Geronimo mailing list because I hope we could discuss >> it first before we request this ability in karaf. >> >> Currently, in Geronimo 3.0, all the port/portoffset settings have been unified >> in config-substitutions.properties like before, except the settings for >> o.a.karaf.shell.ssh. >> karaf.shell.ssh can help user access our shell from remote through the port >> 8101. In Geronimo startup script, by setting >> CONSOLE_OPTS=-Dkaraf.startLocalConsole=true *-Dkaraf.startRemoteShell=true*, >> we can enable this feature. It retrieves the settings in >> /etc/org.apache.karaf.shell.cfg from config admin service. >> However, it did not define the port offset value. If user wanna start 2 server >> instances in one machine, he has to manually set the portoffset in >> config-substitutions and also modify the "sshPort" in the >> /etc/org.apache.karaf.shell.cfg. Otherwise, the port 8101 will only work for >> the server instance that start later. >> >> The question is, if we want karaf add the ability to set the port offset, how >> do we hope them implement it? They indeed can simply add a setting in >> org.apache.karaf.shell.cfg named "sshPortoffset" to do this. But our user >> still need change 2 places if they want to change the portoffset. Shall we >> persuade them to add the ability to load the settings from a location(i.e. >> var/config-substitutions.properties for us) or there are better practices? >> >> David, IIRC, you ever mentioned you hope get rid of the config-substitutions >> in future geronimo. Then how to unify the portoffset settings, that is, >> changing in one place will make all components take the effect? >> >> Any insights? >> >> thanks, >> -- >> Lei Wang (Rex) >> rwonly AT apache.org >