admin@glassfish.java.net

Re: password policy since b55

From: Kedar Mhaswade <Kedar.Mhaswade_at_Sun.COM>
Date: Fri, 24 Jul 2009 06:39:33 -0700

Dave,

It should be AS_ADMIN_MASTERPASSWORD. AS_ADMIN_USERPASSWORD is
for (an entirely) different purpose.

If you don't really care about master password (:-0) you can just
have AS_ADMIN_MASTERPASSWORD=changeit added to this password.txt
file and I am pretty sure this will be fixed.

But I think we need to address this use case. My understanding was
that in this case, (i.e. the way your password.txt seems) we should
have defaulted the master password to "changeit". I am not sure if
this is due to recent changes to create-domain command as well. We'll
investigate.

For now, just add this one more line to password.txt to get unblocked.

-Kedar

David Ronge wrote:
> Hi Kedar,
>
> yes, we delete domain1 first to be sure the eventual setup change of
> default domain won't give us some obscure diffs and to keep setup stable.
>
> (delete-domain.1:
> [exec] Domain domain1 deleted.
> [exec] Command delete-domain executed successfully.
> No passwd used.)
> content of the password.txt is here:
> AS_ADMIN_PASSWORD=adminadmin
> AS_ADMIN_USERPASSWORD=changeit
>
> create-by-admin-command:
> [echo] exec: create-domain --user admin --passwordfile
> /space/test4u/cvswork/sunsw/tango/qe-tests/gf-setup/password.txt domain1
> [echo] With properties:
> [echo] http.ssl.port=8181:orb.listener.port=3007:imq.port=7676
> [exec] Deprecated syntax: create-domain, Options: [passwordfile, user]
> [exec] Using port 4848 for Admin.
> [exec] Using port 8080 for HTTP Instance.
> [exec] Using default port 7676 for JMS.
> [exec] Using port 3007 for IIOP.
> [exec] Using port 8181 for HTTP_SSL.
> [exec] Using default port 3820 for IIOP_SSL.
> [exec] Using default port 3920 for IIOP_MUTUALAUTH.
> [exec] Using default port 8686 for JMX_ADMIN.
> [exec] Distinguished Name of the self-signed X.509 Server
> Certificate is:
> [exec] [CN=eas-x2100-1.India.Sun.COM,OU=GlassFish,O=Sun
> Microsystems,L=Santa Clara,ST=California,C=US]
> [exec] Domain domain1 created.
> [exec] Command create-domain executed successfully.
>
> is the target used, more precisely, target corresponding to the above
> log is here:
> <target name="create-by-admin-command" depends="get-asadmin"
> if="create.by.admin.command">
> <!-- propertyset refid="full.domain.propertyset"/ -->
> <echo message="exec: create-domain --user admin --passwordfile
> ${basedir}/password.txt ${domain.name}"/>
> <property name="dmn.specif.1" value="http.ssl.port=${https.port}" />
> <property name="dmn.specif.2"
> value="${dmn.specif.1}:orb.listener.port=${orb.port}" />
> <property name="dmn.specif.0"
> value="${dmn.specif.2}:imq.port=${imq.port}" />
> <echo message="With properties:"/>
> <echo message="${dmn.specif.0}"/>
>
> <exec executable="${asadmin.executable}" dir="${basedir}"
> resultproperty="asadmin.result">
> <!-- in ${gf.install.home} or ${basedir} ? -->
> <arg value="create-domain"/>
> <arg value="--user"/>
> <arg value="admin"/>
> <arg value="--passwordfile"/>
> <arg value="password.txt"/><!-- ${basedir}/... -->
> <arg value="--instanceport"/>
> <arg value="${instance.port}"/>
> <arg value="--adminport"/>
> <arg value="${admin.port}"/>
> <arg value="--domaindir"/>
> <arg value="${gf.install.home}/domains"/>
> <arg value="--domainproperties"/>
> <arg value="${dmn.specif.0}"/>
> <!-- leave as last item value - (first that is not an option) -->
> <arg value="${domain.name}"/>
> </exec>
> </target>
>
> with --domainproperties echoed as visible.
> There's alternative setup target using setup.xml but that is used with
> V2 only for continuity.
> (The property set contains the original default ports mainly - i think
> these are exclusively defaults - you can see better.)
>
> The master password claimed is AS_ADMIN_PASSWORD - according to the
> password.txt? Or the other entry?
>
> ~dave
>
> Kedar Mhaswade wrote:
>> Hi David,
>>
>> VB Kumar told me that you guys were seeing some issues here.
>>
>> Yes, I made some changes to the master password handling in b55. It was
>> not a big deal as far as users are concerned. I am sorry that it seems to
>> affect you. But I do think that you guys are creating domain differently.
>> As you can see the console output of start-domain, it contains:
>>
>> >>> [exec] No valid master password found
>> >>> [exec] No console, no prompting possible
>> >>> [exec] Command start-domain failed.
>> >>> [exec] Result: 1
>>
>> So, it's not failing for deprecated syntax, but for something else.
>> Can I get the entire sequence of commands you run? For example, is the
>> same password.txt provided to both create-domain and start-domain
>> commands?
>> I somehow think that the master password for this domain is not the
>> default
>> ("changeit") or there is a bug in what I recently did ...
>>
>> Let me know either way. My commit log is here:
>> http://fisheye4.atlassian.com/changelog/glassfish-svn/trunk/v3/admin/cli/src/main/java/com/sun/enterprise/admin/cli/commands?cs=29406
>>
>>
>> -Kedar
>>
>>
>> David Ronge wrote:
>>> This way:
>>>
>>> <target name="start-a-domain" if="a.domain.exists"
>>> unless="skip.domain" depends="check.domain.exists">
>>> <property name="a.domain.name" value="${default.domain}"/><!--
>>> convenience default -->
>>> <echo message="STARTING domain ${a.domain.name}..." />
>>> <echo message="stuff.dir ${stuff.dir}..." />
>>> <exec executable="${gf.install.home}/bin/asadmin.bat"
>>> os="Windows XP,Windows 2000,Windows 2003"
>>> dir="${stuff.dir}" spawn="true" failonerror="false">
>>> <arg value="start-domain"/>
>>> <arg value="--user"/>
>>> <arg value="admin"/>
>>> <arg value="--passwordfile"/>
>>> <arg value="password.txt"/>
>>> <arg value="${a.domain.name}"/>
>>> </exec>
>>> <exec executable="${gf.install.home}/bin/asadmin"
>>> dir="${stuff.dir}" os="SunOS,Linux,AIX,Mac OS X">
>>> <arg line="start-domain --user admin --passwordfile
>>> password.txt ${a.domain.name}"/>
>>> </exec>
>>> <echo message="STARTED domain ${a.domain.name}..." />
>>> </target>
>>>
>>> (start-domain command seemed not to be obligatory with user and
>>> passwd data but stop-domain did when file-user was added etc.
>>> So we include it for start too.)
>>> This worked reliably unless some integration fault prevented proper
>>> start due to bundling error or start failure of some essential service.
>>>
>>> ~dave
>>>
>>> Jane Young wrote:
>>>> Can you provide the syntax used to start the domain?
>>>>
>>>> Thanks,
>>>> Jane
>>>>
>>>>
>>>> David Ronge wrote:
>>>>> Hi, is there any instruction to handle starting/stopping domain
>>>>> differently now?
>>>>> The behavior has changed ~ with build b55 as now i can see >
>>>>>
>>>>> start-a-domain:
>>>>> [echo] STARTING domain domain1...
>>>>> [echo] stuff.dir
>>>>> /space/test4u/cvswork/sunsw/tango/qe-tests/gf-setup...
>>>>> [exec] Deprecated syntax: start-domain, Options: [passwordfile,
>>>>> user]
>>>>> [exec] No valid master password found
>>>>> [exec] No console, no prompting possible
>>>>> [exec] Command start-domain failed.
>>>>> [exec] Result: 1
>>>>> [echo] STARTED domain domain1...
>>>>>
>>>>> it says "deprecated" but the coming syntax simply doesn't work
>>>>> without change.
>>>>> Can someone please give me a clue?
>>>>> Our team tests Metro/jaxws webservices on V2/V3/Tomcat... so
>>>>> managing GF administration is sort of routine for us.
>>>>> (Still, if there's page to look at when something stops working the
>>>>> old way it would be nice.)
>>>>>
>>>>> Thank you much in advance.
>>>>>
>>>>> Regards,
>>>>> David
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: admin-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: admin-help_at_glassfish.dev.java.net
>>>