Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

java-management (2) Versions 1.0.3

Java Management Cookbook

Policyfile
Berkshelf
Knife
cookbook 'java-management', '~> 1.0.3', :supermarket
cookbook 'java-management', '~> 1.0.3'
knife supermarket install java-management
knife supermarket download java-management
README
Dependencies
Changelog
Quality 17%

chef-java-management Build Status

Description

Cookbook for Java Management and Monitoring (JMX, trusted certificates, SNMP, etc.)

Requirements

Platforms

  • CentOS 6
  • RedHat 6

Cookbooks

Required Opscode Cookbooks

Attributes

These attributes are under the node['java-management'] namespace.

Attribute Description Type Default
enableThreadContentionMonitoring Enables thread contention monitoring Boolean false
group Group for file permissions String bin
owner Owner for file permissions String nobody

JMX Attributes

These attributes are under the node['java-management']['jmxremote'] namespace.

Attribute Description Type Default
access_file Custom JMX access file location String nil
authenticate Require authentication to access JMX Boolean true
local_only Allow local management agent to accept only local connection requests Boolean true
login_config Custom JMX login configuration String nil
password_file Custom JMX password configuration file location String nil
port Port for JMX, required for enabling JMX Fixnum nil
ssl RMI monitoring SSL Boolean true
ssl_config_file RMI monitoring SSL configuration file location String nil
ssl_enabled_cipher_suites Comma-separated list of SSL/TLS cipher suites to enable String nil
ssl_enabled_protocols Comma-separated list of SSL/TLS protocol versions to enable String nil
ssl_need_client_auth Require client authentication for SSL/TLS RMI Server Socket Factory Boolean false
registry_ssl SSL/TLS protected RMI registry Boolean false

SNMP Attributes

These attributes are under the node['java-management']['snmp'] namespace.

Attribute Description Type Default
acl Require ACL for SNMP access Boolean true
acl_file Custom SNMP ACL file location String nil
interface Interface where SNMP agent will bind String "localhost"
port Port for SNMP, required for enabling SNMP Fixnum nil
trap Port for SNMP traps Fixnum 162

Truststore Attributes

These attributes are under the node['java-management']['truststore'] namespace.

Attribute Description Type Default
certificate_files Trusted certificates files Array of Hashes []
data_bag Trusted certificate data bag name String "java_truststore"
storepass Java truststore password String "changeit"

Data Bags

JMX/SNMP Management Encrypted Data Bag

java/management encrypted data bag:

  • ['roles'] - required if you enable default JMX configuration
    • ['name'] - JMX role name
    • ['access'] - "readonly"/"readwrite"
    • ['password'] - password for role
  • ['acls'] - required if you enable default SNMP configuration
    • ['communities'] - array of SNMP community names
    • ['access'] - "read-only"/"read-write"
    • ['managers'] - array of hostnames/CIDR addresses with access
  • ['traps']
    • ['trap-community'] - SNMP trap community name
    • ['hosts'] - array of hostnames/CIDR addresses to send SNMP traps

Truststore Data Bag

node['java-management']['truststore']['data_bag'] data bag (defaults to java_truststore), with data bag items:
* ['id'] - Trusted certificate alias
* ['certificate'] - Trusted certificate contents
* Other options as accepted by truststore_certificate LWRP

Recipes

  • recipe[java-management] Empty recipe for LWRPs
  • recipe[java-management::management] Configures Java JMX and SNMP
  • recipe[java-management::truststore] Configures Java truststore

LWRPs

java_management_truststore_certificate

Import trusted certificate into Java truststore

Attribute Description Type Default
file required Certificate path String N/A
keystore Keystore path String #{node['java']['java_home']}/jre/lib/security/cacerts
keytool keytool path String #{node['java']['java_home']}/jre/bin/keytool
storepass Keystore password String #{node['java-management']['truststore']['storepass']}

Example:

java_management_truststore_certificate "alias" do
  file "/path/to/certificate"
end

Usage

Add Trusted Certificates

If the certificate files are already on the filesystem:

  • Add {certalias => options} to node['java-management']['truststore']['certificate_files']
    • options (as a String) certificate file location
    • options (as a Hash)
    • file required certificate file location
    • Other options accepted by truststore_certificate LWRP

If you'd like to use data bag items (data bag defined by node['java-management']['truststore']['data_bag']):

  • knife data bag create java_truststore my_cert
  • Create at least certificate attribute with certificate contents and save

If you'd like to use the LWRP directly:

java_management_truststore_certificate "alias" do
  file "/path/to/certificate"
end

Password secured remote JMX setup without SSL

  • knife data bag create java
  • knife data bag edit java management --secret-file=path/to/secret
  • Set ['roles'] with at least one role in encrypted data bag
  • Set node['java-management']['local_only'] attribute to false
  • Set node['java-management']['port'] attribute
  • Set node['java-management']['ssl'] attribute to false
  • Add recipe[java-management::management] to run_list
  • Configure JAVA_OPTS to include one of the following:
    • recommended -Dcom.sun.management.config.file (example: =$JAVA_HOME/jre/lib/management/management.properties)
    • -Dcom.sun.management.jmxremote.port
  • Restart Java service and watch for configuration errors

ACL secured remote SNMP

  • knife data bag create java
  • knife data bag edit java management --secret-file=path/to/secret
  • Set ['acls'] with at least one ACL in encrypted data bag
  • Set node['java-management']['interface'] attribute to "0.0.0.0"
  • Set node['java-management']['port'] attribute
  • Add recipe[java-management::management] to run_list
  • Configure JAVA_OPTS to include one of the following:
    • recommended -Dcom.sun.management.config.file (example: =$JAVA_HOME/jre/lib/management/management.properties)
    • -Dcom.sun.management.snmp.port
  • Restart Java service and watch for configuration errors

Testing and Development

Here's how you can quickly get testing or developing against the cookbook thanks to Vagrant and Berkshelf.

vagrant plugin install vagrant-berkshelf
vagrant plugin install vagrant-cachier
vagrant plugin install vagrant-omnibus
git clone git://github.com/bflad/chef-java-management.git
cd chef-java-management
vagrant up BOX # BOX being centos5, centos6, debian7, fedora18, fedora19, fedora20, freebsd9, ubuntu1204, ubuntu1210, ubuntu1304, or ubuntu1310

You can then SSH into the running VM using the vagrant ssh BOX command.

The VM can easily be stopped and deleted with the vagrant destroy command. Please see the official Vagrant documentation for a more in depth explanation of available commands.

Contributing

Please use standard Github pull requests and if possible, in combination with testing on the Vagrant boxes.

License and Author

Author:: Brian Flad (bflad@wharton.upenn.edu)

Copyright:: 2012-2013

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

1.0.3

  • #3: Fix typo with String truststore certifcate_files attribute

v1.0.2

  • Fix for truststore_certificate provider attribute setting

v1.0.1

  • Move truststore_certificate default attribute logic to provider since its not available during compilation phase

v1.0.0

  • truststore_certificate LWRP per-resource attributes instead of cookbook specific node attributes
  • node['java-management']['truststore']['certificate_files'] hashes and truststore data bag items can now specify keystore, keytool, and storepass options
  • Removed attributes (to avoid multiple attribute changes when changing node['java']['java_home']):
    • node['java-management']['keytool']
    • node['java-management']['management_dir']
    • node['java-management']['security_dir']
    • node['java-management']['truststore']
  • Sample Vagrant setup for testing

v0.3.2

  • Set JMX/SNMP default port attributes to nil instead of ""

v0.3.1

  • Fix to use Ruby File.exists? again in truststore_certificate LWRP

v0.3.0

  • Refactored management into its own recipe
  • Refactored truststore into its own recipe
  • New truststore_certificate LWRP
  • Use optional unencrypted data bag items for truststore certificates

v0.2.2

  • Fixed not_if for trusted CA certificate import to include full path to cacerts
  • Refactored Java security directory and store password for trusted CA certificate import

v0.2.1

  • Fix for missing certificates data bag

v0.2.0

  • Initial trusted certificate handling

v0.1.3

  • Use template variables instead of saving node attributes

v0.1.2

  • Fixed minitest helpers module name

v0.1.1

  • Added basic minitests

v0.1.0

  • Initial beta release with Java SNMP and JMX management.

Collaborator Number Metric
            

1.0.3 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

1.0.3 failed this metric

FC064: Ensure issues_url is set in metadata: java-management/metadata.rb:1
FC065: Ensure source_url is set in metadata: java-management/metadata.rb:1
FC066: Ensure chef_version is set in metadata: java-management/metadata.rb:1
FC069: Ensure standardized license defined in metadata: java-management/metadata.rb:1
FC074: LWRP should use DSL to define resource's default action: java-management/resources/truststore_certificate.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: java-management/providers/truststore_certificate.rb:32
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

1.0.3 passed this metric

Testing File Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

1.0.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number