CUSTCOM-12 Fixed node configuration in admin UI

[dmatej]

Description

This is a bug fix for incorrect GUI behavior when configuring Nodes, especially SSH.

• fixed logging of errors (did not log anything in some types of failures)

• fixed distribution of error messages to the user (I still don't like it's formatting, but that's not a thing of this issue)

• fixed updating SSH Node connector when moving from password to keyfile and vice-versa

• validation before the update ends with verification that the keyfile exists. It does not test it's content. Originally it merged defaults, existing configuration and new configuration, so finally it ended with several kinds of exceptions (some of them were swallowed, so GUI showed only "See server.log", but there was nothing).

Important Info

Testing

New tests

• no new automatic tests

Testing Performed

Manual

• manual testing GUI, looking on changes in server.log and domain.xml
• create SSH Node, update SSH configuration, ping
• create DCOM node, update it's configuration, ping

asadmin create-node-dcom --force=true --nodehost=nodehost123 --passwordfile=./passwordfile-windows.txt  cmd-dcom001
Warning: some parameters appear to be invalid.
Unknown host nodehost123
Continuing with node creation due to use of --force.
Command create-node-dcom executed successfully.

asadmin create-node-ssh --force=true --nodehost=localhost1 cmd-ssh001
Warning: some parameters appear to be invalid.
Unknown host localhost1
Continuing with node creation due to use of --force.
Command create-node-ssh executed successfully.

asadmin create-node-ssh --force=true --nodehost=localhost --sshkeyfile=./sss cmd-ssh002
Warning: some parameters appear to be invalid.
Key file path ./sss must be an absolute path.
Continuing with node creation due to use of --force.
Command create-node-ssh executed successfully.

asadmin create-node-ssh --force=true --nodehost=localhost --sshkeyfile=/app/appservers/passwords/payara-test-id_rsa cmd-ssh002
remote failure: Configuration not added. A Node instance with a "cmd-ssh002" name already exists in the configuration
Command create-node-ssh failed.

asadmin create-node-ssh --force=true --nodehost=localhost --sshkeyfile=/app/appservers/passwords/payara-test-id_rsa cmd-ssh003
Command create-node-ssh executed successfully.

asadmin update-node-ssh --force=true --nodehost=localhost --sshport=32000 cmd-ssh003
Command update-node-ssh executed successfully.

asadmin update-node-ssh --force=true --nodehost=localhost --sshport=22 --sshkeyfile=/app/appservers/passwords/payara-test-id_rsad cmd-ssh003
Warning: some parameters appear to be invalid.
Key file /app/appservers/passwords/payara-test-id_rsad not found. The key file path must be reachable by the DAS.
Continuing with node update due to use of --force.
Command update-node-ssh executed successfully.

asadmin update-node-ssh --force=true --nodehost=localhost --sshport=22 --sshkeyfile=/app/appservers/passwords/payara-test-id_rsa cmd-ssh003
Command update-node-ssh executed successfully.

sadmin update-node-ssh --force=true --nodehost=localhost --sshport=22 --sshkeyfile=/app/appservers/passwords/payara-test-id_rsa --sshuser=payara-test cmd-ssh003
Command update-node-ssh executed successfully.

Test suites executed

• Quicklook - NO
• Payara Samples - OK
• Java EE7 Samples - NO
• Java EE8 Samples - NO
• Payara Private Tests - NO
• Payara Microprofile TCKs Runner - NO
• Jakarta TCKs - NO
• Mojarra - NO
• Cargo Tracker - NO

[dmatej]

Jenkins test please

[Pandrex247]

fixed updating SSH Node connector when moving from password to keyfile and vice-versa

I'm not finding this to be true.
If I enter a password and then try to change it to key file and hit save, when I next go back to the node config it's still showing password.

[dmatej]

I deleted my last comment, because when I was testing now, I forgot to press Save button :D
On the seccond attempt, both in this and second branch where these commits are, it works.
Can you record a video to see what you did? Or try it again, at least?
Btw I tested it even with existing but invalid file (public key)

[dmatej]

But I was able to break it again with know exception with unknown cause ... I think it should be in separate issue and at this moment I don't understand what exactly causes it. (unresolved log message is targeted under CUSTCOM-55).
It broke when I changed user from payara-test to dmatej and keyfile from to ${user.home}/.ssh/id_rsa . Restart helped. It seems any error while saving breaks the domain. Why?

[#|2020-03-18T13:49:34.717+0100|WARNING|Payara 5.202|javax.enterprise.system.core|_ThreadID=185;_ThreadName=admin-thread-pool::admin-listener(2);_TimeMillis=1584535774717;_LevelValue=900;|
  failed.to.update.node ssh003
org.jvnet.hk2.config.TransactionFailure: This service has been unbound: SystemDescriptor(
        implementation=org.glassfish.config.support.GlassFishConfigBean
        name=com.sun.enterprise.config.serverbeans.SshAuth
        contracts={com.sun.enterprise.config.serverbeans.SshAuth,org.jvnet.hk2.config.ConfigBean,org.jvnet.hk2.config.ConfigBeanProxy}
        scope=javax.inject.Singleton
        qualifiers={javax.inject.Named}
        descriptorType=CLASS
        descriptorVisibility=NORMAL
        metadata=
        rank=0
        loader=org.jvnet.hk2.config.ConfigModel$SafeHk2Loader@2d658712
        proxiable=null
        proxyForSameScope=null
        analysisName=null
        id=1700
        locatorId=0
        identityHashCode=1554410178
        reified=true)
        at org.jvnet.hk2.config.WriteableView.commit(WriteableView.java:408)
        at org.jvnet.hk2.config.Transaction.commit(Transaction.java:114)
        at org.jvnet.hk2.config.ConfigSupport._apply(ConfigSupport.java:182)
        at org.jvnet.hk2.config.ConfigSupport.apply(ConfigSupport.java:139)
        at org.jvnet.hk2.config.ConfigSupport.apply(ConfigSupport.java:118)
        at com.sun.enterprise.v3.admin.cluster.UpdateNodeCommand.updateNodeElement(UpdateNodeCommand.java:222)

[dmatej]

I cannot reproduce it any more after the rebase to current master

[dmatej]

Jenkins test please

[dmatej]

Jenkins test please

[Pandrex247]

Seems to build now, but I'm still finding that changing from using password to key file doesn't seem to take effect?

Moment I hit save it switches back to password. I'm unfortunately not in a position to test if that's just a visual thing or not atm.

From a clean domain:

• Open admin console
• New node:
  • name = Noddy1
  • host = localhost
  • auth = Password
  • password = passy
• Save
• Edit Noddy1
  • auth = Key File
• Save

[dmatej]

Aha, that's because you did not provide the key file. The problem is that empty value cannot be replaced by default, because it would go against asadmin command which does not change what is not set (reason why it originally did not work at all).
Maybe if it would be resolved in UI layer somehow ...

[dmatej]

Jenkins test please

[Pandrex247]

Admin GUI seems to work nicely now.

It might be worth hiding the new --sshauthtype parameter for the asadmin commands, since it's not really usable from the command line - you aren't allowed to specify a password or alias from the command line so essentially all the parameter does is wipe your config 😂

Speaking of which, I see that it clears the key and password config when you switch between them.
Just double-checking - this isn't going to trip anyone up is it? To me it makes sense but I don't know if there's any sort of "fallback" behaviour typically expected from SSH.

[dmatej]

Admin GUI seems to work nicely now.

It might be worth hiding the new --sshauthtype parameter for the asadmin commands, since it's not really usable from the command line - you aren't allowed to specify a password or alias from the command line so essentially all the parameter does is wipe your config joy

I experimented with it, and I even found one use case where it was useful - again - to reconfigure authentication to use defaults keyfile. Otherwise you cannot send null via command line, it is an empty string and it will be saved to domain.xml (and the behavior is same then).
So it might be useful.

Same with password, you can set password, but you have to provide passwordfile. If not, it will use user's private key as a default.

Seems it would be possible to use even passphrase again, but that goes behind borders of this issue.

Speaking of which, I see that it clears the key and password config when you switch between them.
Just double-checking - this isn't going to trip anyone up is it? To me it makes sense but I don't know if there's any sort of "fallback" behaviour typically expected from SSH.

By default those values are clean => it uses system defaults (or trilead defaults? I'm not sure, but it tried to use my private key and in domain.xml was nothing).

Example (created node in description of this PR, I updated only the hostname):

    <node name="cmd-ssh001" install-dir="${com.sun.aas.productRoot}" type="SSH" node-host="localhost">
      <ssh-connector>
        <ssh-auth></ssh-auth>
      </ssh-connector>
    </node>

And "ping" result:
Failed to validate SSH connection to node cmd-ssh001 (localhost) Could not connect to host localhost using SSH. Could not authenticate. SSH authentication with key file /home/dmatej/.ssh/id_rsa failed: PEM problem: it is of unknown type

• the reason is that as expected, my private key has passphrase, so Trilead cannot detect even type of the key.

[dmatej]

Jenkins test please

[Pandrex247]

So it might be useful.
Ok, but we could still probably do with some improvements here - it provides no command-line help on what the acceptable values are and they're case-sensitive.

Param.acceptableValues should help with the former if you didn't know about it.

[dmatej]

Jenkins test please

[dmatej]

Jenkins test please

[Pandrex247]

👌🥳