Omaha #4161 fixed keystoreUtil script, Fixed goessounding race condition at startup, Fixed max-web server threags Jetty 8.1.15 bug
Former-commit-id: d734262db63974de8bb846df63942596d06b24c1
This commit is contained in:
Dave Hladky
parent
d104afe0c7
commit
63322de483
3 changed files with 33 additions and 8 deletions
|
|
@ -14,6 +14,7 @@ truststore=truststore.jks
|
|||
|
||||
keystorePw=
|
||||
keyPw=
|
||||
cn=
|
||||
encryptionKey=encrypt
|
||||
truststorePw=password
|
||||
|
||||
|
|
@ -96,21 +97,36 @@ do
|
|||
fi
|
||||
done
|
||||
|
||||
cn=$(hostname)
|
||||
while [ -z $cn ];
|
||||
do
|
||||
echo -n "Enter canonical name/IP or blank for default [$(hostname)]: "
|
||||
read cn
|
||||
if [ -z $cn ];
|
||||
then
|
||||
echo "Canonical Name defaulting to [$(hostname)];"
|
||||
cn=$(hostname)
|
||||
fi
|
||||
done
|
||||
|
||||
echo "Generating keystore..."
|
||||
keytool -genkeypair -alias $keyAlias -keypass $keyPw -keystore $keystore -storepass $keystorePw -validity 360 -dname "CN=$cn, OU=AWIPS, O=Raytheon, L=Omaha, ST=NE, C=US" -keyalg RSA
|
||||
# get rid of an existing key with same name
|
||||
echo "Check to see if a key with this alias exists.....[$keyAlias]!"
|
||||
keytool -delete -alias $keyAlias -keystore $securityDir/$keystore
|
||||
# create and add key
|
||||
keytool -genkeypair -alias $keyAlias -keypass $keyPw -keystore $keystore -storepass $keystorePw -validity 360 -dname "CN=$cn, OU=AWIPS, O=Raytheon, L=Silver Spring, ST=MD, C=US" -keyalg RSA
|
||||
echo -n "Exporting public key..."
|
||||
exportOutput=`keytool -exportcert -alias $keyAlias -keystore $keystore -file $keyAlias$publicKeyFile -storepass $keystorePw 2>&1`
|
||||
echo "Done!"
|
||||
obfuscatedKeystorePassword=`$JAVA_BIN -cp /awips2/edex/lib/dependencies/org.apache.commons.codec/commons-codec-1.4.jar:/awips2/edex/lib/plugins/com.raytheon.uf.common.security.jar com.raytheon.uf.common.security.encryption.AESEncryptor encrypt $encryptionKey $keystorePw 2>&1`
|
||||
echo "Generating trust store..."
|
||||
|
||||
echo "Check to see if a trusted CA with this alias exists.....[$keyAlias]!"
|
||||
keytool -delete -alias $keyAlias -keystore $securityDir/$truststore
|
||||
keytool -genkey -alias tmp -keypass tempPass -dname CN=foo -keystore $truststore -storepass $truststorePw
|
||||
keytool -delete -alias tmp -keystore $truststore -storepass $truststorePw
|
||||
keytool -import -trustcacerts -file $keyAlias$publicKeyFile -alias $keyAlias -keystore $truststore -storepass $truststorePw
|
||||
|
||||
jettyObscuredPassword=`$JAVA_BIN -cp /awips2/edex/lib/dependencies/org.eclipse.jetty/jetty-http-7.6.14.v20131031.jar:/awips2/edex/lib/dependencies/org.eclipse.jetty/jetty-util-7.6.14.v20131031.jar org.eclipse.jetty.util.security.Password $keystorePw 2>&1 | grep OBF`
|
||||
jettyObscuredPassword=`$JAVA_BIN -cp /awips2/edex/lib/dependencies/org.eclipse.jetty/jetty-http-8.1.15.v20140411.jar:/awips2/edex/lib/dependencies/org.eclipse.jetty/jetty-util-8.1.15.v20140411.jar org.eclipse.jetty.util.security.Password $keystorePw 2>&1 | grep OBF`
|
||||
|
||||
obfuscatedTruststorePassword=`$JAVA_BIN -cp /awips2/edex/lib/dependencies/org.apache.commons.codec/commons-codec-1.4.jar:/awips2/edex/lib/plugins/com.raytheon.uf.common.security.jar com.raytheon.uf.common.security.encryption.AESEncryptor encrypt $encryptionKey $truststorePw 2>&1`
|
||||
|
||||
|
|
@ -167,6 +183,11 @@ do
|
|||
echo "Alias cannot be empty!"
|
||||
fi
|
||||
done
|
||||
|
||||
# delete any existing cert in the truststore for this alias
|
||||
echo "Check to see if a certificate with this alias exists.....[$userAlias]!"
|
||||
keytool -delete -alias $userAlias -keystore $securityDir/$truststore
|
||||
# add the cert as a Self Signed CA to truststore
|
||||
keytool -import -trustcacerts -file $keyfile -alias $userAlias -keystore $securityDir/$truststore
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
<property name="record" value="com.raytheon.uf.common.dataplugin.goessounding.GOESSounding" />
|
||||
</bean>
|
||||
|
||||
<bean factory-bean="pluginRegistry" factory-method="register">
|
||||
<bean id="goessoundingRegistered" factory-bean="pluginRegistry" factory-method="register">
|
||||
<constructor-arg value="goessounding"/>
|
||||
<constructor-arg ref="goessoundingProperties"/>
|
||||
</bean>
|
||||
|
|
|
|||
|
|
@ -9,11 +9,15 @@ ebxml-federation-sync-threads=3
|
|||
ebxml-email.enabled=false
|
||||
# The maximum number of events that will be batched and send
|
||||
# in a registry replication notification
|
||||
ebxml-notification-batch-size=200
|
||||
ebxml-notification-batch-size=50
|
||||
# The maximum number of threads that the ebxml registry will use for processing web requests
|
||||
# This number must be >=5. As a general rule, the maximum number of connections should be:
|
||||
# 5+{registries this registry is replicating to/from}=max-threads
|
||||
ebxml-webserver-max-threads=8
|
||||
# There is a bug in Jetty 8.1.15 that causes this to throw SSL_NOT_HANDSHAKE exceptions constantly
|
||||
# This effectively freezes the webservices portion of the registry app if you do not give it enough connections.
|
||||
# A suggestions from the Jetty community was to set this param using the following math.
|
||||
# This number must be > number of CPU cores. As a general rule, the maximum number of connections should be:
|
||||
# CPU's+{registries this registry is replicating to/from}=max-threads
|
||||
# 20 is a pretty good starting point for a default.
|
||||
ebxml-webserver-max-threads=20
|
||||
# EBXML thrift service port
|
||||
ebxml.thrift.service.port=9588
|
||||
# EBXML webserver port
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue