Yes, it works well, i added the entry as you suggested and our tests run
properly.
For our part, it is now no issue at all, once the masterpassword is
added, since it is (i assume from what was just said)
backward-compatible (so i only commited changed passwordfile to test
sources, all branches). We use the full syntax
globally for creating as well as starting/stopping domains whenever
possible.
(Another similar change was since some early build of preview V3 - i
think it was preview - when stop-domain required
passwd whereas it wasn't even accepted with this cmd by older builds or
V2. That's being handled in our scripts
and doesn't require modification.)
Is there any comprehensive web page listing changes like this? I mean
enforcing something originally optional.
Some brief summary of changes. I do not demand anything new be created,
still if it exists please give me a pointer.
I realize it is development so features are supposed to change.
Thank you much once more for quick assistance.
Regards,
David
Kedar Mhaswade wrote:
> Sankar just confirmed that this works and he's filed a bug against
> create-domain (8876) to track.
>
> -Kedar
>
>
> Kedar Mhaswade wrote:
>>
>>
>> Sankar Neelakandan wrote:
>>>
>>>
>>> Kedar Mhaswade wrote:
>>>> That's because master password was NEVER enforced for v3. I
>>>> implemented it
>>>> for the first time for v3. If you ran the commands like you did for
>>>> V2,
>>>> this would always work. Remember, for V2, a domain startup would
>>>> always
>>>> require to open the stores otherwise the server startup fails.
>>> Yes but in V2 when the masterpassword is not provided for the
>>> create-domain command the password is assumed to be "changeit".
>>> The start-domain command never prompted for masterpassword in this
>>> default case.
>>
>> And it never does. Like I said, there was some create-domain related
>> change that Bill made after I was done and I am not sure if this is
>> the fallout of that.
>>
>> e.g. try this out:
>>
>> passwords:
>> AS_ADMIN_MASTERPASSWORD=changeit
>> AS_ADMIN_PASSWORD=adminadmin
>> AS_ADMIN_ADMINPASSWORD=adminadmin
>>
>> asadmin --passwordfile passwords create-domain --portbase 5000 d2
>>
>> asadmin start-domain d2 (note: no passwordfile given)
>>
>> and it *does* start without prompting.
>>
>> Again, I don't know why it does not work when passwords does NOT contain
>> AS_ADMIN_MASTERPASSWORD. It's a separate issue.
>>
>>>>
>>>> Since the master password was enforced only since b55, the
>>>> start-domain
>>>> needs this to be provided while doing the startup.
>>>>
>>>> Now, in most cases, this is not a problem. In the "default" case, i.e.
>>>> when the domain is *created* with default master password, startup
>>>> would
>>>> have it.
>>> Does this mean the masterpassword has to be explicitly provided as
>>> "changeit" ?.
>>
>> No.
>>
>>> When the masterpassword is not provided the create-domain command
>>> still goes ahead and creates a domain. What is the masterpassword
>>> used in this case ?.
>>
>> Investigating. Not related to my changes ...
>>
>>> If it is "changeit" why does the start-domain command still prompts
>>> for masterpassword ?.
>>
>> Correct, it should not and it does not.
>>
>>>
>>>> In another case, where you choose the do --savemasterpassword during
>>>> create-domain, start-domain would have that password read
>>>> automatically for
>>>> you, so that you don't have to provide it during startup.
>>>
>>>>
>>>> -Kedar
>>>>
>>>>
>>>> Sankar Neelakandan wrote:
>>>>> Kedar,
>>>>> The exact problem is,
>>>>> In B55 when the domain is created without MASTERPASSWORD in
>>>>> passwordfile the start-domain works without prompting for
>>>>> masterpassword.
>>>>> But in B56 when the domain is created without MASTERPASSWORD in
>>>>> passwordfile the start-domain doesn't work without providing the
>>>>> master password. (If the domain is started without a console there
>>>>> is no prompting for masterpassword and fails with the noconsole
>>>>> message)
>>>>>
>>>>> Please see the following logs.
>>>>>
>>>>>
>>>>> bash-3.00# cat /password.txt
>>>>> AS_ADMIN_PASSWORD=adminadmin
>>>>>
>>>>>
>>>>> bash-3.00# glassfishv3/glassfish/bin/asadmin create-domain
>>>>> --adminport 4848 --user admin --passwordfile /password.txt domain1
>>>>> Deprecated syntax: create-domain, Options: [passwordfile, user]
>>>>> Using port 4848 for Admin.
>>>>> Using default port 8080 for HTTP Instance.
>>>>> Using default port 7676 for JMS.
>>>>> Using default port 3700 for IIOP.
>>>>> Using default port 8181 for HTTP_SSL.
>>>>> Using default port 3820 for IIOP_SSL.
>>>>> Using default port 3920 for IIOP_MUTUALAUTH.
>>>>> Using default port 8686 for JMX_ADMIN.
>>>>> Distinguished Name of the self-signed X.509 Server Certificate is:
>>>>> [CN=easqesf4,OU=GlassFish,O=Sun Microsystems,L=Santa
>>>>> Clara,ST=California,C=US]
>>>>> Domain domain2 created.
>>>>> Command create-domain executed successfully.
>>>>>
>>>>> bash-3.00# glassfishv3/glassfish/bin/asadmin start-domain domain2
>>>>> No valid master password found
>>>>> Enter master password (3 attempt(s) remain)> Sorry, incorrect
>>>>> master password, retry
>>>>> Enter master password (2 attempt(s) remain)> Sorry, incorrect
>>>>> master password, retry
>>>>> Enter master password (1 attempt(s) remain)> Sorry, incorrect
>>>>> master password, retry
>>>>> Number of attempts (3) exhausted, giving up
>>>>> Command start-domain failed.
>>>>>
>>>>> When started without console it fails with the following error
>>>>> message
>>>>>
>>>>>
>>>>> bash-3.00# glassfishv3/glassfish/bin/asadmin start-domain domain1
>>>>> Deprecated syntax: start-domain, Options: [passwordfile, user]
>>>>> No valid master password found
>>>>> Command start-domain failed.
>>>>> No console, no prompting possible
>>>>>
>>>>>
>>>>>
>>>>> Kedar Mhaswade wrote:
>>>>>> Dave,
>>>>>>
>>>>>> It should be AS_ADMIN_MASTERPASSWORD. AS_ADMIN_USERPASSWORD is
>>>>>> for (an entirely) different purpose.
>>>>>>
>>>>>> If you don't really care about master password (:-0) you can just
>>>>>> have AS_ADMIN_MASTERPASSWORD=changeit added to this password.txt
>>>>>> file and I am pretty sure this will be fixed.
>>>>>>
>>>>>> But I think we need to address this use case. My understanding was
>>>>>> that in this case, (i.e. the way your password.txt seems) we should
>>>>>> have defaulted the master password to "changeit". I am not sure if
>>>>>> this is due to recent changes to create-domain command as well.
>>>>>> We'll
>>>>>> investigate.
>>>>>>
>>>>>> For now, just add this one more line to password.txt to get
>>>>>> unblocked.
>>>>>>
>>>>>> -Kedar
>>>>>>
>>>>>> David Ronge wrote:
>>>>>>> Hi Kedar,
>>>>>>>
>>>>>>> yes, we delete domain1 first to be sure the eventual setup
>>>>>>> change of default domain won't give us some obscure diffs and to
>>>>>>> keep setup stable.
>>>>>>>
>>>>>>> (delete-domain.1:
>>>>>>> [exec] Domain domain1 deleted.
>>>>>>> [exec] Command delete-domain executed successfully.
>>>>>>> No passwd used.)
>>>>>>> content of the password.txt is here:
>>>>>>> AS_ADMIN_PASSWORD=adminadmin
>>>>>>> AS_ADMIN_USERPASSWORD=changeit
>>>>>>>
>>>>>>> create-by-admin-command:
>>>>>>> [echo] exec: create-domain --user admin --passwordfile
>>>>>>> /space/test4u/cvswork/sunsw/tango/qe-tests/gf-setup/password.txt
>>>>>>> domain1
>>>>>>> [echo] With properties:
>>>>>>> [echo] http.ssl.port=8181:orb.listener.port=3007:imq.port=7676
>>>>>>> [exec] Deprecated syntax: create-domain, Options:
>>>>>>> [passwordfile, user]
>>>>>>> [exec] Using port 4848 for Admin.
>>>>>>> [exec] Using port 8080 for HTTP Instance.
>>>>>>> [exec] Using default port 7676 for JMS.
>>>>>>> [exec] Using port 3007 for IIOP.
>>>>>>> [exec] Using port 8181 for HTTP_SSL.
>>>>>>> [exec] Using default port 3820 for IIOP_SSL.
>>>>>>> [exec] Using default port 3920 for IIOP_MUTUALAUTH.
>>>>>>> [exec] Using default port 8686 for JMX_ADMIN.
>>>>>>> [exec] Distinguished Name of the self-signed X.509 Server
>>>>>>> Certificate is:
>>>>>>> [exec] [CN=eas-x2100-1.India.Sun.COM,OU=GlassFish,O=Sun
>>>>>>> Microsystems,L=Santa Clara,ST=California,C=US]
>>>>>>> [exec] Domain domain1 created.
>>>>>>> [exec] Command create-domain executed successfully.
>>>>>>>
>>>>>>> is the target used, more precisely, target corresponding to the
>>>>>>> above log is here:
>>>>>>> <target name="create-by-admin-command" depends="get-asadmin"
>>>>>>> if="create.by.admin.command">
>>>>>>> <!-- propertyset refid="full.domain.propertyset"/ -->
>>>>>>> <echo message="exec: create-domain --user admin
>>>>>>> --passwordfile ${basedir}/password.txt ${domain.name}"/>
>>>>>>> <property name="dmn.specif.1"
>>>>>>> value="http.ssl.port=${https.port}" />
>>>>>>> <property name="dmn.specif.2"
>>>>>>> value="${dmn.specif.1}:orb.listener.port=${orb.port}" />
>>>>>>> <property name="dmn.specif.0"
>>>>>>> value="${dmn.specif.2}:imq.port=${imq.port}" />
>>>>>>> <echo message="With properties:"/>
>>>>>>> <echo message="${dmn.specif.0}"/>
>>>>>>>
>>>>>>> <exec executable="${asadmin.executable}" dir="${basedir}"
>>>>>>> resultproperty="asadmin.result">
>>>>>>> <!-- in ${gf.install.home} or ${basedir} ? -->
>>>>>>> <arg value="create-domain"/>
>>>>>>> <arg value="--user"/>
>>>>>>> <arg value="admin"/>
>>>>>>> <arg value="--passwordfile"/>
>>>>>>> <arg value="password.txt"/><!-- ${basedir}/... -->
>>>>>>> <arg value="--instanceport"/>
>>>>>>> <arg value="${instance.port}"/>
>>>>>>> <arg value="--adminport"/>
>>>>>>> <arg value="${admin.port}"/>
>>>>>>> <arg value="--domaindir"/>
>>>>>>> <arg value="${gf.install.home}/domains"/>
>>>>>>> <arg value="--domainproperties"/>
>>>>>>> <arg value="${dmn.specif.0}"/>
>>>>>>> <!-- leave as last item value - (first that is not an
>>>>>>> option) -->
>>>>>>> <arg value="${domain.name}"/>
>>>>>>> </exec>
>>>>>>> </target>
>>>>>>>
>>>>>>> with --domainproperties echoed as visible.
>>>>>>> There's alternative setup target using setup.xml but that is
>>>>>>> used with V2 only for continuity.
>>>>>>> (The property set contains the original default ports mainly -
>>>>>>> i think these are exclusively defaults - you can see better.)
>>>>>>>
>>>>>>> The master password claimed is AS_ADMIN_PASSWORD - according to
>>>>>>> the password.txt? Or the other entry?
>>>>>>>
>>>>>>> ~dave
>>>>>>>
>>>>>>> Kedar Mhaswade wrote:
>>>>>>>> Hi David,
>>>>>>>>
>>>>>>>> VB Kumar told me that you guys were seeing some issues here.
>>>>>>>>
>>>>>>>> Yes, I made some changes to the master password handling in
>>>>>>>> b55. It was
>>>>>>>> not a big deal as far as users are concerned. I am sorry that
>>>>>>>> it seems to
>>>>>>>> affect you. But I do think that you guys are creating domain
>>>>>>>> differently.
>>>>>>>> As you can see the console output of start-domain, it contains:
>>>>>>>>
>>>>>>>> >>> [exec] No valid master password found
>>>>>>>> >>> [exec] No console, no prompting possible
>>>>>>>> >>> [exec] Command start-domain failed.
>>>>>>>> >>> [exec] Result: 1
>>>>>>>>
>>>>>>>> So, it's not failing for deprecated syntax, but for something
>>>>>>>> else.
>>>>>>>> Can I get the entire sequence of commands you run? For example,
>>>>>>>> is the
>>>>>>>> same password.txt provided to both create-domain and
>>>>>>>> start-domain commands?
>>>>>>>> I somehow think that the master password for this domain is not
>>>>>>>> the default
>>>>>>>> ("changeit") or there is a bug in what I recently did ...
>>>>>>>>
>>>>>>>> Let me know either way. My commit log is here:
>>>>>>>> http://fisheye4.atlassian.com/changelog/glassfish-svn/trunk/v3/admin/cli/src/main/java/com/sun/enterprise/admin/cli/commands?cs=29406
>>>>>>>>
>>>>>>>>
>>>>>>>> -Kedar
>>>>>>>>
>>>>>>>>
>>>>>>>> David Ronge wrote:
>>>>>>>>> This way:
>>>>>>>>>
>>>>>>>>> <target name="start-a-domain" if="a.domain.exists"
>>>>>>>>> unless="skip.domain" depends="check.domain.exists">
>>>>>>>>> <property name="a.domain.name"
>>>>>>>>> value="${default.domain}"/><!-- convenience default -->
>>>>>>>>> <echo message="STARTING domain ${a.domain.name}..." />
>>>>>>>>> <echo message="stuff.dir ${stuff.dir}..." />
>>>>>>>>> <exec executable="${gf.install.home}/bin/asadmin.bat"
>>>>>>>>> os="Windows XP,Windows 2000,Windows 2003"
>>>>>>>>> dir="${stuff.dir}" spawn="true" failonerror="false">
>>>>>>>>> <arg value="start-domain"/>
>>>>>>>>> <arg value="--user"/>
>>>>>>>>> <arg value="admin"/>
>>>>>>>>> <arg value="--passwordfile"/>
>>>>>>>>> <arg value="password.txt"/>
>>>>>>>>> <arg value="${a.domain.name}"/>
>>>>>>>>> </exec>
>>>>>>>>> <exec executable="${gf.install.home}/bin/asadmin"
>>>>>>>>> dir="${stuff.dir}" os="SunOS,Linux,AIX,Mac OS X">
>>>>>>>>> <arg line="start-domain --user admin --passwordfile
>>>>>>>>> password.txt ${a.domain.name}"/>
>>>>>>>>> </exec>
>>>>>>>>> <echo message="STARTED domain ${a.domain.name}..." />
>>>>>>>>> </target>
>>>>>>>>>
>>>>>>>>> (start-domain command seemed not to be obligatory with user
>>>>>>>>> and passwd data but stop-domain did when file-user was added etc.
>>>>>>>>> So we include it for start too.)
>>>>>>>>> This worked reliably unless some integration fault prevented
>>>>>>>>> proper start due to bundling error or start failure of some
>>>>>>>>> essential service.
>>>>>>>>>
>>>>>>>>> ~dave
>>>>>>>>>
>>>>>>>>> Jane Young wrote:
>>>>>>>>>> Can you provide the syntax used to start the domain?
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> Jane
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> David Ronge wrote:
>>>>>>>>>>> Hi, is there any instruction to handle starting/stopping
>>>>>>>>>>> domain differently now?
>>>>>>>>>>> The behavior has changed ~ with build b55 as now i can see >
>>>>>>>>>>>
>>>>>>>>>>> start-a-domain:
>>>>>>>>>>> [echo] STARTING domain domain1...
>>>>>>>>>>> [echo] stuff.dir
>>>>>>>>>>> /space/test4u/cvswork/sunsw/tango/qe-tests/gf-setup...
>>>>>>>>>>> [exec] Deprecated syntax: start-domain, Options:
>>>>>>>>>>> [passwordfile, user]
>>>>>>>>>>> [exec] No valid master password found
>>>>>>>>>>> [exec] No console, no prompting possible
>>>>>>>>>>> [exec] Command start-domain failed.
>>>>>>>>>>> [exec] Result: 1
>>>>>>>>>>> [echo] STARTED domain domain1...
>>>>>>>>>>>
>>>>>>>>>>> it says "deprecated" but the coming syntax simply doesn't
>>>>>>>>>>> work without change.
>>>>>>>>>>> Can someone please give me a clue?
>>>>>>>>>>> Our team tests Metro/jaxws webservices on V2/V3/Tomcat... so
>>>>>>>>>>> managing GF administration is sort of routine for us.
>>>>>>>>>>> (Still, if there's page to look at when something stops
>>>>>>>>>>> working the old way it would be nice.)
>>>>>>>>>>>
>>>>>>>>>>> Thank you much in advance.
>>>>>>>>>>>
>>>>>>>>>>> Regards,
>>>>>>>>>>> David
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>
>>>>>>>>>>> To unsubscribe, e-mail:
>>>>>>>>>>> admin-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>>>> For additional commands, e-mail:
>>>>>>>>>>> admin-help_at_glassfish.dev.java.net
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>
>>>>>>>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>>>>>>>> For additional commands, e-mail:
>>>>>>>>> admin-help_at_glassfish.dev.java.net
>>>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>>>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>
>