Please bear with me for a long answer. But please read till the very
end. If there are more questions, let me know.
Mark Hansen wrote:
> Is this the right mailing list for a question about asadmin utility? If
> not, please direct me elsewhere.
This is the right one. A better one is copied (admin_at_glassfish.dev.java.net).
>
> Does the --passwordfile file contain the admin password in encrypted
> form, something like this:
>
> AS_ADMIN_ADMINPASSWORD=YWRtaW5hZG1pbg==
>
> or cleartext like
>
> AS_ADMIN_ADMINPASSWORD=adminadmin
No, the passwordfile that you provide to --passwordfile option
on asadmin commands needs to have passwords in clear.
Thus,
1. have AS_ADMIN_PASSWORD=adminadmin in the passwordfile and then
provide the path to this file for asadmin "remote" commands (like
deploy, create-jdbc-resource etc.
2. have AS_ADMIN_ADMINPASSWORD=newdomainpassword (or something similar)
and provide this to the "create-domain" command which then makes this
password the admin password for the newly created domain. Thus,
AS_ADMIN_ADMINPASSWORD is used *only* by the create-domain command.
Now, what's the difference between AS_ADMIN_PASSWORD and AS_ADMIN_ADMINPASSWORD?
For a given domain, there is no difference. The issue comes when you want
to create a new domain. The create-domain command only accepts --adminuser
option and hence it pays attention only to AS_ADMIN_ADMINPASSWORD.
95% out of commands asadmin commands actually are remote commands that
communicate with an *existing* domain over HTTP (port 4848 -- admin port).
The create-domain discrepancy is *real* pain in the neck. We are going
to correct that. Please see:
http://wiki.java.net/bin/view/Projects/HighLevelAdminFeaturesForGlassFishV2#c4
After we do that create-domain will accept --user and --password which will
make AS_ADMIN_ADMINPASSWORD needless. This will make create-domain similar
to other asadmin commands with regards to "password".
Now coming to the encrypted part of it. I am pretty sure that
AS_ADMIN_ADMINPASSWORD=YWRtaW5hZG1pbg== is something that you picked from
a file ".asadminpass" in your home directory. I don't think you got it
right. If at all this entry is there, it should be something like:
asadmin://admin_at_localhost:4848 YWRtaW4xMjM=
(Actually it is good that you think this is encrypted :). The
fact is it is not. It is just encoded. But note that this
file is always protected on good platforms like Solaris/Linux
by GlassFish, it has 0600 permissions for your safety).
This is the outcome of one of the two things:
- you used asadmin login command, or
- you used asadmin create-domain --savelogin.
If this assumption is right, please read on:
"asadmin login" was designed on the same lines as that of "cvs login"
You basically "login" to a domain, and then will *never* have to provide
the passwordfile and user for that domain!
So look at it this way:
Suppose that you have a domain for which you selected the
default admin port (4848). Then, in order to script asadmin commands,
this is how your script would look like: (I am not bringing
any env vars into picture)
- asadmin deploy --user admin --passwordfile passfile ...
- asadmin configure-jdbc-connection-pool --user admin --passwordfile ...
- asadmin create-file-user --user admin --passwordfile ...
- asadmin list --user admin --passwordfile passfile --cluster ...
...
With asadmin login to this domain, or using asadmin create-domain --savelogin,
your life is without much typing:
- asadmin deploy ...
- asadmin configure-jdbc-connection-pool ...
- asadmin create-file-user ...
- asadmin list ...
If you don't use the default admin port (4848), you will need to specify
the port on these commands, but that is the same with commands before the
use of asadmin login.
Am I making it clear?
>
> Currently, it seems that I need to have it encrypted. But, it used to
> work with cleartext. Has there been a change since the release of the
> Java EE 5 SDK? I am running the asadmin from Java EE 5 SDK.
Now, you must have selected the installer option where it says "Don't
prompt for the user name and password". If yes, then it created the default
domain with --savelogin option.
This does not happen with GlassFish setup.xml, I guess.
Got it?
If you want to know more about this, please see:
https://glassfish.dev.java.net/javaee5/admin-infra/subprojects/asadminlogin/index.html
Kazem (copied) did bring this confusion to our notice, but
your confusion is mainly from the fact about AS_ADMIN_PASSWORD
and AS_ADMIN_ADMINPASSWORD.
Regards,
Kedar