Twiddle support for interval and count parameters

JBoss 5 has a good command line monitoring tool, twiddle.sh, it can interact with JBoss jmx server to get attributes, invoke commands, etc.

The default behavior is to connect to JBoss, invoke the jmx command and exit. What if you setup a couple of monitoring attributes to read and saves to an external file ? User must create a bash script to loop the twiddle command into it, and creating a lot of connections during the monitoring.

I have modified twiddle source code to support an interval and count parameters, this allow the user to better control how much to interact with JBoss server, also it optimizes the connection behavior, where the twiddle gets one connection and works with it.

As I need only to read jmx attributes, I changed only the GetCommand.java, be aware that the way I changed the source code is not reusable between commands, as I didn’t want to spend too much time on this enhancement, this is enough for me.

You can grab my enhanced GetCommand.java, do a diff to see the modifications. Packaged is a custom build.sh script to compile and package the new GetCommand version. I didn’t use maven or build.xml scripts, as I do not want the full console or spend a lot of time downloading libraries, this simple build.sh is enough for me.

You can grab the twiddle source code (navigate the svn tree to find the correct AS version).

To run twiddle with the interval and count, use the jvm parameters as mentioned below, also you can use only the interval parameter to run continuously.

JAVA_OPTS="-Dtwiddle.interval=1 -Dtwiddle.count=5" ./twiddle.sh get <regular twiddle parameters>

 

Protect wildly management interface

Want to protect your wildfly administrative console with https only access ? See this tech tip. It will protect the web console and jboss-cli.

First step is to create the self-signed digital certificate with keytool. Open the terminal and go to conf directory (standalone or domain), add the certs directory and cd into it. Modify the parameters below to fit your needs.

keytool -genkey -alias wildfly_mgmt -keyalg RSA -keystore wildfly.jks -storepass admin123 -keypass admin123 --dname "CN=mgmt-connector,OU=jboss,O=jboss,L=Brasilia,S=DF,C=BR"

Now, lets configure wildfly.

Standalone mode

Edit standalone.xml and modify as the sample below, a server-identities section is added and the http-interface is modified.

<security-realm name="ManagementRealm">
    <server-identities>
        <ssl>
            <keystore path="${jboss.server.config.dir}/certs/wildfly.jks" keystore-password="admin123" />
        </ssl>
    </server-identities>

<management-interfaces>
    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket-binding https="management-https"/>
    </http-interface>
</management-interfaces>

Start Wildfly in standalone mode and point the browser navigator to https://localhost:9993. it will ask you to trust the self-signed certificate.

To use jboss-cli.sh, it should use the https protocol, see below how to modify jboss-cli.xml.

<default-protocol use-legacy-override="true">https-remoting</default-protocol>

<!-- The default controller to connect to when 'connect' command is executed w/o arguments -->
<default-controller>
    <protocol>https-remoting</protocol>
    <host>localhost</host>
    <port>9993</port>
</default-controller>

That way, jboss-cli.sh will connect to Wildfly with no additional parameter on command line, only ./jboss-cli.sh -c

 

Domain mode

Domain mode has a slightly different configuration, edit host.xml as below

<security-realm name="ManagementRealm">
    <server-identities>
        <ssl>
            <keystore path="${jboss.domain.config.dir}/certs/wildfly.jks" keystore-password="admin123" />
        </ssl>
    </server-identities>

<management-interfaces>
    <native-interface security-realm="ManagementRealm">
        <socket interface="management" port="${jboss.management.native.port:9999}"/>
    </native-interface>
    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket interface="management" secure-port="${jboss.management.http.port:9993}"/>
    </http-interface>
</management-interfaces>

jboss-cli.xml must be modified as show before.

Comment below if this was of some help for you.

Console administrativo do Wildfly em https

Quer deixar o console administrativo do seu Wildly (ou JBoss) seguro, por https, veja esta dica.

Isso irá proteger o acesso pela interface web e pelo jboss-cli.

No wildfly o acesso administrativo foi consolidado em uma porta apenas, 9990 ou na porta segura (ssl) em 9993 (por padrão).

Primeiro passo é criar o certificado digital auto-assinado com a ferramenta keytool. Vá no diretório conf de sua instância (standalone ou domínio), crie o diretório certs e depois o certificado. Altere os parâmetros abaixo, conforme sua necessidade.

keytool -genkey -alias wildfly_mgmt -keyalg RSA -keystore wildfly.jks -storepass admin123 -keypass admin123 --dname "CN=mgmt-connector,OU=jboss,O=jboss,L=Brasilia,S=DF,C=BR"

Agora vamos configurar o Wildfly

Modo Standalone

Editar standalone.xml e alterar de acordo com o exemplo abaixo, foi adicionado a seção server-identities e logo abaixo na seção http-interfaces.

<security-realm name="ManagementRealm">
    <server-identities>
        <ssl>
            <keystore path="${jboss.server.config.dir}/certs/wildfly.jks" keystore-password="admin123" />
        </ssl>
    </server-identities>

<management-interfaces>
    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket-binding https="management-https"/>
    </http-interface>
</management-interfaces>

Inicie o wildfly em modo standalone e acesse pela interface web em https://localhost:9993, será solicitado a confirmação para confiar no certificado e pronto.

Para acesso pelo jboss-cli é necessário alterar o jboss-cli.xml, conforme abaixo, para especificar o protocolo https como padrão e a porta.

<default-protocol use-legacy-override="true">https-remoting</default-protocol>

<!-- The default controller to connect to when 'connect' command is executed w/o arguments -->
<default-controller>
    <protocol>https-remoting</protocol>
    <host>localhost</host>
    <port>9993</port>
</default-controller>

Então será possível acessar pelo jboss-cli sem informar parâmetros adicionais, apenas um ./jboss-cli.sh -c

Modo Domínio

O modo domínio tem uma configuração diferente, edite o host.xml conforme mostrado abaixo:

<security-realm name="ManagementRealm">
    <server-identities>
        <ssl>
            <keystore path="${jboss.domain.config.dir}/certs/wildfly.jks" keystore-password="admin123" />
        </ssl>
    </server-identities>

<management-interfaces>
    <native-interface security-realm="ManagementRealm">
        <socket interface="management" port="${jboss.management.native.port:9999}"/>
    </native-interface>
    <http-interface security-realm="ManagementRealm" http-upgrade-enabled="true">
        <socket interface="management" secure-port="${jboss.management.http.port:9993}"/>
    </http-interface>
</management-interfaces>

O jboss-cli.xml deverá ser alterado conforme mostrado na seção anterior.

Avise se ocorreu algum erro ou se lhe ajudou.

 

Linuxmall – Engano e lesão ao consumidor

Fiz uma compra na linuxmall no início de Aril/2014, mas não recebi nada até agora, na 2a semana de Abril, vi que o site linuxmall.com.br já não mostrava a loja e redirecionava para uma página de manutenção da lojaintegrada.com.br.

linuxmall-1

Entrei em contato com o e-mail sac@linuxmall.com.br, não recebi nenhuma resposta, tentei o telefone, ninguém atende. Vi no whois o dono do domínio, mas o mesmo diz que vendeu a loja e não mantém nenhum relacionamento desde 2011.

Vejo pelo reclameaqui.com.br que outras pessoas tiveram o mesmo problema, compraram e não receberam o produto.

linuxmall-2

A minha compra foi pequena de R$ 30, mas é grana caramba. Que bosta que esses gestores foram encerrar a loja e que se danem o consumidor, bando de FDP.

Fica aqui registrado essa palhaçada.