cookbook 'java-management', '~> 1.0.3'
java-management (2) Versions 1.0.3 Follow1
Java Management Cookbook
cookbook 'java-management', '~> 1.0.3', :supermarket
knife supermarket install java-management
knife supermarket download java-management
chef-java-management
Description
Cookbook for Java Management and Monitoring (JMX, trusted certificates, SNMP, etc.)
Requirements
Platforms
- CentOS 6
- RedHat 6
Cookbooks
Required Opscode Cookbooks
Attributes
These attributes are under the node['java-management']
namespace.
Attribute | Description | Type | Default |
---|---|---|---|
enableThreadContentionMonitoring | Enables thread contention monitoring | Boolean | false |
group | Group for file permissions | String | bin |
owner | Owner for file permissions | String | nobody |
JMX Attributes
These attributes are under the node['java-management']['jmxremote']
namespace.
Attribute | Description | Type | Default |
---|---|---|---|
access_file | Custom JMX access file location | String | nil |
authenticate | Require authentication to access JMX | Boolean | true |
local_only | Allow local management agent to accept only local connection requests | Boolean | true |
login_config | Custom JMX login configuration | String | nil |
password_file | Custom JMX password configuration file location | String | nil |
port | Port for JMX, required for enabling JMX | Fixnum | nil |
ssl | RMI monitoring SSL | Boolean | true |
ssl_config_file | RMI monitoring SSL configuration file location | String | nil |
ssl_enabled_cipher_suites | Comma-separated list of SSL/TLS cipher suites to enable | String | nil |
ssl_enabled_protocols | Comma-separated list of SSL/TLS protocol versions to enable | String | nil |
ssl_need_client_auth | Require client authentication for SSL/TLS RMI Server Socket Factory | Boolean | false |
registry_ssl | SSL/TLS protected RMI registry | Boolean | false |
SNMP Attributes
These attributes are under the node['java-management']['snmp']
namespace.
Attribute | Description | Type | Default |
---|---|---|---|
acl | Require ACL for SNMP access | Boolean | true |
acl_file | Custom SNMP ACL file location | String | nil |
interface | Interface where SNMP agent will bind | String | "localhost" |
port | Port for SNMP, required for enabling SNMP | Fixnum | nil |
trap | Port for SNMP traps | Fixnum | 162 |
Truststore Attributes
These attributes are under the node['java-management']['truststore']
namespace.
Attribute | Description | Type | Default |
---|---|---|---|
certificate_files | Trusted certificates files | Array of Hashes | [] |
data_bag | Trusted certificate data bag name | String | "java_truststore" |
storepass | Java truststore password | String | "changeit" |
Data Bags
JMX/SNMP Management Encrypted Data Bag
java/management
encrypted data bag:
-
['roles']
- required if you enable default JMX configuration-
['name']
- JMX role name -
['access']
- "readonly"/"readwrite" -
['password']
- password for role
-
-
['acls']
- required if you enable default SNMP configuration-
['communities']
- array of SNMP community names -
['access']
- "read-only"/"read-write" -
['managers']
- array of hostnames/CIDR addresses with access
-
-
['traps']
-
['trap-community']
- SNMP trap community name -
['hosts']
- array of hostnames/CIDR addresses to send SNMP traps
-
Truststore Data Bag
node['java-management']['truststore']['data_bag']
data bag (defaults to java_truststore
), with data bag items:
* ['id']
- Trusted certificate alias
* ['certificate']
- Trusted certificate contents
* Other options as accepted by truststore_certificate LWRP
Recipes
-
recipe[java-management]
Empty recipe for LWRPs -
recipe[java-management::management]
Configures Java JMX and SNMP -
recipe[java-management::truststore]
Configures Java truststore
LWRPs
java_management_truststore_certificate
Import trusted certificate into Java truststore
Attribute | Description | Type | Default |
---|---|---|---|
file | required Certificate path | String | N/A |
keystore | Keystore path | String | #{node['java']['java_home']}/jre/lib/security/cacerts |
keytool | keytool path | String | #{node['java']['java_home']}/jre/bin/keytool |
storepass | Keystore password | String | #{node['java-management']['truststore']['storepass']} |
Example:
java_management_truststore_certificate "alias" do
file "/path/to/certificate"
end
Usage
Add Trusted Certificates
If the certificate files are already on the filesystem:
- Add
{certalias => options}
tonode['java-management']['truststore']['certificate_files']
-
options
(as a String) certificate file location -
options
(as a Hash) -
file
required certificate file location - Other options accepted by truststore_certificate LWRP
-
If you'd like to use data bag items (data bag defined by node['java-management']['truststore']['data_bag']
):
knife data bag create java_truststore my_cert
- Create at least
certificate
attribute with certificate contents and save
If you'd like to use the LWRP directly:
java_management_truststore_certificate "alias" do
file "/path/to/certificate"
end
Password secured remote JMX setup without SSL
knife data bag create java
knife data bag edit java management --secret-file=path/to/secret
- Set
['roles']
with at least one role in encrypted data bag - Set
node['java-management']['local_only']
attribute to false - Set
node['java-management']['port']
attribute - Set
node['java-management']['ssl']
attribute to false - Add
recipe[java-management::management]
to run_list - Configure JAVA_OPTS to include one of the following:
-
recommended
-Dcom.sun.management.config.file
(example:=$JAVA_HOME/jre/lib/management/management.properties
) -Dcom.sun.management.jmxremote.port
-
recommended
- Restart Java service and watch for configuration errors
ACL secured remote SNMP
knife data bag create java
knife data bag edit java management --secret-file=path/to/secret
- Set
['acls']
with at least one ACL in encrypted data bag - Set
node['java-management']['interface']
attribute to "0.0.0.0" - Set
node['java-management']['port']
attribute - Add
recipe[java-management::management]
to run_list - Configure JAVA_OPTS to include one of the following:
-
recommended
-Dcom.sun.management.config.file
(example:=$JAVA_HOME/jre/lib/management/management.properties
) -Dcom.sun.management.snmp.port
-
recommended
- Restart Java service and watch for configuration errors
Testing and Development
Here's how you can quickly get testing or developing against the cookbook thanks to Vagrant and Berkshelf.
vagrant plugin install vagrant-berkshelf
vagrant plugin install vagrant-cachier
vagrant plugin install vagrant-omnibus
git clone git://github.com/bflad/chef-java-management.git
cd chef-java-management
vagrant up BOX # BOX being centos5, centos6, debian7, fedora18, fedora19, fedora20, freebsd9, ubuntu1204, ubuntu1210, ubuntu1304, or ubuntu1310
You can then SSH into the running VM using the vagrant ssh BOX
command.
The VM can easily be stopped and deleted with the vagrant destroy
command. Please see the official Vagrant documentation for a more in depth explanation of available commands.
Contributing
Please use standard Github pull requests and if possible, in combination with testing on the Vagrant boxes.
License and Author
Author:: Brian Flad (bflad@wharton.upenn.edu)
Copyright:: 2012-2013
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
1.0.3
- #3: Fix typo with String truststore certifcate_files attribute
v1.0.2
- Fix for truststore_certificate provider attribute setting
v1.0.1
- Move truststore_certificate default attribute logic to provider since its not available during compilation phase
v1.0.0
- truststore_certificate LWRP per-resource attributes instead of cookbook specific node attributes
-
node['java-management']['truststore']['certificate_files']
hashes and truststore data bag items can now specify keystore, keytool, and storepass options - Removed attributes (to avoid multiple attribute changes when changing
node['java']['java_home']
):node['java-management']['keytool']
node['java-management']['management_dir']
node['java-management']['security_dir']
node['java-management']['truststore']
- Sample Vagrant setup for testing
v0.3.2
- Set JMX/SNMP default port attributes to nil instead of ""
v0.3.1
- Fix to use Ruby File.exists? again in truststore_certificate LWRP
v0.3.0
- Refactored management into its own recipe
- Refactored truststore into its own recipe
- New truststore_certificate LWRP
- Use optional unencrypted data bag items for truststore certificates
v0.2.2
- Fixed not_if for trusted CA certificate import to include full path to cacerts
- Refactored Java security directory and store password for trusted CA certificate import
v0.2.1
- Fix for missing certificates data bag
v0.2.0
- Initial trusted certificate handling
v0.1.3
- Use template variables instead of saving node attributes
v0.1.2
- Fixed minitest helpers module name
v0.1.1
- Added basic minitests
v0.1.0
- Initial beta release with Java SNMP and JMX management.
Collaborator Number Metric
1.0.3 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.3 failed this metric
FC064: Ensure issues_url is set in metadata: java-management/metadata.rb:1
FC065: Ensure source_url is set in metadata: java-management/metadata.rb:1
FC066: Ensure chef_version is set in metadata: java-management/metadata.rb:1
FC069: Ensure standardized license defined in metadata: java-management/metadata.rb:1
FC074: LWRP should use DSL to define resource's default action: java-management/resources/truststore_certificate.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: java-management/providers/truststore_certificate.rb:32
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.3 passed this metric
Testing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.3 failed this metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.3 failed this metric
FC064: Ensure issues_url is set in metadata: java-management/metadata.rb:1
FC065: Ensure source_url is set in metadata: java-management/metadata.rb:1
FC066: Ensure chef_version is set in metadata: java-management/metadata.rb:1
FC069: Ensure standardized license defined in metadata: java-management/metadata.rb:1
FC074: LWRP should use DSL to define resource's default action: java-management/resources/truststore_certificate.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: java-management/providers/truststore_certificate.rb:32
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.3 passed this metric
Testing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.3 failed this metric
FC065: Ensure source_url is set in metadata: java-management/metadata.rb:1
FC066: Ensure chef_version is set in metadata: java-management/metadata.rb:1
FC069: Ensure standardized license defined in metadata: java-management/metadata.rb:1
FC074: LWRP should use DSL to define resource's default action: java-management/resources/truststore_certificate.rb:1
FC085: Resource using new_resource.updated_by_last_action to converge resource: java-management/providers/truststore_certificate.rb:32
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
1.0.3 passed this metric
Testing File Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.3 failed this metric
1.0.3 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number