Disable WildFly 13 management console - wildfly

What is the proper way to disable the management console in WildFly 13? I set the console-enabled="false" attribute on the http-interface, but after running WildFly 13 I still see the management interface being deployed.

That is correct way to disable admin console.
Management interface is different thing, it is a backbone of the server that allows the management/administrator/monitoring etc.
For example interface so for CLI can connect to server (+ many other things)
by default it is locked down and exposed only on local host so it cannot be accessed from remote machine.

You can enable and disable the management console by two ways:
Setting management port to zero in the configuration(Standalone) file
<socket-binding name="management-http" interface="management" port="${jboss.management.http.port:0}"/>
Connect to CLI utility using $JBOSS_HOME/bin/jboss-cli.sh script and execute these commands
Enable:
/core-service=management/management-interface=http-interface:writeattribute(name=console-enabled,value=true)
Disable:
/core-service=management/management-interface=http-interface:writeattribute(name=console-enabled,value=false

Related

Cannot open Jenkins from Fedora 22 Host, using Puppet Learning VM

After successful installation of Jenkins, using instructions from https://forge.puppetlabs.com/rtyler/jenkins , now I am stuck on getting jenkins gui from actually showing up in host OS ( Fedora 22 ).
VBoxed Network adapter has bridged connection.
I have tried:
setting up port 8081 ;
setting up firewall opening with parameter 'configure_firewall' to
true ..
inspecting Chrome data and changing various URL parts like protocols, etc.
When I try to access jenkins instance from Chrome 43, all I get is this:
No data received
ERR_EMPTY_RESPONSE
Unable to load the webpage because the server sent no data.
Afaik jenkins should be available once its service is started in VBoxed CentOS, but seems like there is something more tricky. What am I missing?
I wouldn't recommend using the learning VM for sandbox puppet work. It's been specially customised to run the Learning VM tasks.
I'd use a standard Fedora Vagrant box avaliable somewhere like here:
https://getfedora.org/en/cloud/download/index.html

MongoDB - Prevent unauthorized user from opening console

Trying to set up authorization in my development cluster, I couldn't prevent users from opening a console to my mongods.
I have enabled authorization in the config file:
secutiry:
authorization: enabled
And have created an admin user with the userAdminAnyDatabase role.
Yet, when connecting unauthorized to this server from another machine, I can enter the console.
I do get permission error when trying to issue commands, but I would like to know if there's any way of preventing the console from opening - getting the permission error earlier.
If you only need to access your MongoDB deployment from applications running on the same server you can use the bind_ip configuration option to control the network interface(s) that MongoDB processes listen to. By default this should already be set to '127.0.0.1' (localhost) in packaged versions of MongoDB 2.6+.
If you want to have the server listening to a more public network interface (eg. local LAN) and want to prevent remote connections entirely, you can limit source IP access via your firewall configuration.
The Network Security Tutorials in the MongoDB manual include examples that should be useful as a starting point:
Configure Linux iptables Firewall for MongoDB
Configure Windows netsh Firewall for MongoDB
If users/applications might authenticate from those remote IPs, you can't prevent them from opening a console connection (with no permissions). This is similar to how other services (sshd, apache, etc) work with authentication: step 1 is to establish a connection and step 2 authenticates.
For more information on MongoDB best practices, please refer to the Security section in the manual.

Wildfly 8 Final - jconsole can't connect remotely

Good day, people,
I am trying to use jconsole to connect to remote Wildfly 8 Final servers. That did not work: Connection failed. After multiple tries and failures I attempted to make it connect at least to my 'localhost' jboss, but even that is not working. No errors, it simply doesn't connect and says "Connection failed".
Details:
Wildfly 8 Final server
Using jconsole from wildfly_installation/bin/jconsole.bat
Management users created. Tried with and without the username/password.
The standalone.xml is the original one, shipped with Wildfly 8 Final without changes
The url that I plug in jconsole to connect to is: service:jmx:remoting-jmx://localhost:9999
The Wildfly/jboss doesn't have anything deployed in it, no WARs/EARs.
Java version is 1.7 release 51. The latest on the moment of writing.
JAVA_HOME points to the only java 1.7 installed on the system.
JConsole can connect to local java process and works, but not remote connection.
Basically it's a brand new installation of Wildfly 8 Final with management user created and jconsole doesn't connect remotely to it.
What else I've tried: I've read many posts on people having troubles with jconsole and Jboss AS 7.x. I have tried the suggestions from those threads, but none worked. Also it seems Wildfly 8 has different JMX version (1.3 vs 1.1 in Jboss 7.x), so I assume that's why standalone.xml suggestions from Jboss 7.x didn't work for Wildfly 8 Final.
Java Mission Control JMX console and Flight Recorder profiler work on WildFly as well.
As already noted the proper JMX connection string is:
service:jmx:http-remoting-jmx://{insert server ip here}:9990
It requires a management user (details on the bottom).
As for the Flight Recorder, these should be added to the server runtime configuration in standalone.conf(.bat):
JAVA_OPTS=%JAVA_OPTS% -XX:+UnlockCommercialFeatures -XX:+FlightRecorder -XX:FlightRecorderOptions=defaultrecording=true
On a workstation where you want to run Java Mission Control you need to adjust the classpath in jmc.ini (located in bin directory of your JDK):
-Xbootclasspath/a:c:\Program Files\Java\jdk1.7.0_67\lib\jconsole.jar;c:\Program Files\Java\jdk1.7.0_67\lib\tools.jar;c:\wildfly-8.1.0.Final\bin\client\jboss-cli-client.jar`
Prerequisites (you most likely already configured this):
this assumes that you have installed JDK on workstation in c:\Program Files\Java\jdk1.7.0_67\
this assumes that you have installed WildFly on workstation in c:\wildfly-8.1.0.Final
on the server you need to have proper bind.address configurations (or <any-address>) in standalone.xml:
<interfaces>
<interface name="management">
<any-address/>
</interface>
<interface name="public">
<any-address/>
</interface>
<interface name="unsecure">
<any-address/>
</interface>
</interfaces>
You need to have a management user on the server, which you can add by using \bin\add-user.bat(.sh).
To test this connect to http://{insert server ip here}:9990 with a web browser which will open the server's web UI console.
Best regards!
Alright, got it figured out. The native management port (9999) was removed in the Final version of Wildfly 8. Now there's only 1 management port (9990) and it has multiple previous ports multiplexed over it, including the JMX. It was still available in the release candidate of Wildfly 8, hence all the confusion about the online instructions and configs available elsewhere online.
So the key is to specify the proper protocol, which is not the remoting-jmx now, but http-remoting-jmx. The URL to connect to the server must be like this:
service:jmx:http-remoting-jmx://<server_host_or_ip>:9990
(this is versus service:jmx:remoting-jmx://:9999 in previous jboss/wildfly servers)
Finally, no need to mess with standalone.xml config. All config tweaks to make it work on Jboss 7.x won't work for it. It all works out of the box with proper protocol and port number. Just make sure to create a jboss user in ManagementRealm.
This was a bug in WildFly that was recently fixed and will be part of 8.0.1 release.
See jira for more details.
You have to include jboss-cli-client.jar in the jconsole classpath:
jconsole -J-Djava.class.path=$JAVA_HOME/lib/jconsole.jar:$WILDFLY_HOME/bin/client/jboss-cli-client.jar
Replace $JAVA_HOME to something like /usr/lib/jvm/java-8-oracle/ and $WILDFLY_HOME to /opt/wildfly/ or wherever you have it unpacked.
And then the url is in the following format:
service:jmx:remote+http://${host}:9990
Also fill in the username and password with the credentials configured using add-user.sh
Below is how to enable the old native JMX interface, removed from WildFly 8 default configuration, which is backwards compatible with JMX tools.
This is required when the new HTTP interface is not an option, e.g. to integrate with legacy tools like Bamboo's JBoss 7 add-on.
Tested with WildFly 10, it should work with WildFly 8 and WildFly 9 as well.
Since the plug in does not support the HTTP management interface, to make it work, we need to enable the native JMX interface, which used to run on port 9999.
This can be done by adding the native-interface element under the management-interfaces section:
<management-interfaces>
<native-interface security-realm="ManagementRealm">
<socket-binding native="management-native"/>
</native-interface>
<http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
And defining the corresponding socket-binding
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="management-native" interface="management"
port="${jboss.management.native.port:9999}"/>
...
If in domain mode, to use the remote endpoint, you set use-management-endpoint to false.
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model/>
<expose-expression-model/>
<remoting-connector use-management-endpoint="false"/>
</subsystem>
Hope it may help anyone...
Reference:
https://docs.jboss.org/author/display/WFLY8/Admin+Guide#AdminGuide-NativeManagementEndpoint

jboss 7 as- unable to see jboss sample site or admin interface even after jboss has started

I am a newbie to working with jboss 7 as- I recently set it up on my server, and am able to start it as well.
However after starting it, when I access
http://IP_ADDRESS:8080
or
http://IP_ADDRESS:9990
Google Chrome gives an error that the page is unavailable.
How can such access be enabled? Also, I am using the startup-shutdown script for /etc/init.d as provided with jboss, do I have to modify the startup and shutdown commands in it, for enabling remote web access to the server interface?
Have you tried http://localhost:8080? If you're using the IP address of your PC it's probably the firewall that is blocking the access to it.

Powershell: Is it possible to have a service depend on remote services

I'm using Win32 Service object and there's Change which could be used to set Dependencies. Is it possible to set the service to depend on services running on a different machine? Currently, all the services run on the same machine but it's possible to run them each on a separate machine.
Nothing like that exists today, AFAIK. It is a good ask. Check this MS connect item: http://connect.microsoft.com/WindowsServerFeedback/feedback/details/293384/remote-machine-service-dependency
That said, you can create a script or another service to poll remote machines for dependent service startup and then start the local service.