Hi Duncan,
Agree this is not intuitive, and doesn't work for you "out of the box".
What you can do is supply the contents of brooklyn.properties, to set up
the authentication you require. For example:
services:
- type: org.apache.brooklyn.entity.brooklynnode.BrooklynNode
brooklyn.config:
brooklynnode.brooklynproperties.local.contents:
$brooklyn:formatString:
- |
brooklyn.webconsole.security.users=admin
brooklyn.webconsole.security.user.admin.salt=CSp6
brooklyn.webconsole.security.user.admin.sha256=587ea88d36d663e47d9cbee8d96c83f55652e3021d8f57ebbf9a6a54d976684c
brooklynnode.managementUser: admin
brooklynnode.managementPassword: pa55w0rd
You can generate the required lines for the brooklyn.properties by running:
./bin/brooklyn generate-password --user admin
---
If you don't include anything in brooklyn.properties, then it will use
the default behaviour: only allows unauthenticated access from 127.0.0.1.
---
Making this work securely out-of-the-box is hard. It depends if there is
a brooklyn.properties. If there is, then it could already configure a
password, or might configure it to use LDAP. If there is not a
brooklyn.properties configured, then we could auto-generate one (which
would assume there is not already one on the target machine, or in an
overridden download artifact).
---
The implementation of BrooklynNode is also going to change soon
hopefully, to make use of the newly available RPM when 0.9.0 is released.
Aled
On 15/03/2016 11:32, Duncan Godwin wrote:
Hi All,
I've been trying to use
org.apache.brooklyn.entity.brooklynnode.BrooklynNode and running into a few
problems.
1) If I launch a basic BrooklynNode with a template such as:
name: Test-1
services:
- type: org.apache.brooklyn.entity.brooklynnode.BrooklynNode
The Brooklyn node starts with a random password which is not picked up by
the launching brooklyn and so it fails to connect to the REST API and goes
on fire at the detect service up stage.
2) If I launch with a specified password:
name: Test-new
services:
- type: org.apache.brooklyn.entity.brooklynnode.BrooklynNode
brooklyn.config:
brooklynnode.managementPassword: password1
brooklynnode.managementUser: admin
This appears not to be set in the new Brooklyn instance and so a random
password is still generated.
Also it seems that if there's already an instance running the new instance
gets another port but this is also not picked up by the launching Brooklyn.
I've tested this with several versions of Brooklyn and tried specifying a
download.url for the BrooklynNode but it doesn't seem to make much
difference. Am I doing something stupid here?
Many thanks
Duncan
