[prev in list] [next in list] [prev in thread] [next in thread]
List: geronimo-user
Subject: Re: Automatically updating a DB pool
From: David Jencks <david_jencks () yahoo ! com>
Date: 2009-08-22 8:01:11
Message-ID: F0E577F7-42D9-4DBC-BB0B-DDA7BE2E9824 () yahoo ! com
[Download RAW message or body]
On Aug 21, 2009, at 2:18 PM, David Jencks wrote:
>
> On Aug 21, 2009, at 10:59 AM, ericp56 wrote:
>
> >
> > I have some DB Pools I need to change the password every two months.
> >
> > 18 pools * 10 servers = the need for automation.
> >
> > On a Geronimo 2.1.3 server:
> >
> > for server in server1 server2 server3 server4 etc
> > do
> > echo "Updating $server "
> > $JAVA_HOME/bin/java -jar bin/deployer.jar -host $server -u
> > $GER_USER
> > -p $GER_PWD redeploy $DEPLOYMENT
> > _PLAN
> > repository/org/tranql/tranql-connector-ra/1.4/tranql-connector-
> > ra-1.4.rar
> > done
> >
> > When I run this, the applications that have dependencies on these
> > pools
> > stop.
> >
> > What's the best way to go from here?
> >
> > I'll eventually be using gsh instead of deployer.jar, if that
> > matters.
> >
> > Should I just add steps to start all the apps that stop?
>
> no :-)
>
> There are a couple of ways to proceed here.
>
> 1. direct configuration (probably simpler). For each pool, get a
> bit into var/config/config.xml that overrides the password from the
> deployed connector. I would actually recommend using a substitution
> variable and keeping the value in var/config/config-
> substitutions.properties. In 2.2 and trunk these passwords will get
> obscured with encryption at least in the config.xml file: I'm not so
> sure about config-substitutions.properties or 2.1.x.
I left something out here.... you then need to restart the connector
plugin(s). Unlike redeploy, this keeps track of what got stopped and
restarts it again.
>
> 2. configuration from your security realm. It's also possible to
> have your securiy relam add PasswordCredentials to each logged in
> Subject that are named for the managed connection factory and supply
> the credentials for the MCF (ie your pool connections). You could
> set this up to read the passwords from wherever you want, possibly a
> server-independent location, maybe ldap.
>
This way would probably also involve restarting the connector plugins.
thanks
david jencks
> this is only a sketch of what is possible... feel free to ask for
> more details if you like.
>
> thanks
> david jencks
>
> >
> > Should I report it to JIRA? I would have expected all the
> > dependent apps to
> > reload, too.
> >
> >
> > --
> > View this message in context: \
> > http://www.nabble.com/Automatically-updating-a-DB-pool-tp25084631s134p25084631.html
> > Sent from the Apache Geronimo - Users mailing list archive at
> > Nabble.com.
> >
>
[Attachment #3 (text/html)]
<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space; "><br><div><div>On Aug 21, 2009, at 2:18 PM, \
David Jencks wrote:</div><br class="Apple-interchange-newline"><blockquote \
type="cite"><div><br>On Aug 21, 2009, at 10:59 AM, ericp56 wrote:<br><br><blockquote \
type="cite"><br></blockquote><blockquote type="cite">I have some DB Pools I need to \
change the password every two months.<br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite">18 pools * 10 servers = the need \
for automation.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite">On a Geronimo 2.1.3 server:<br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite">for server in server1 server2 \
server3 server4 etc<br></blockquote><blockquote \
type="cite">do<br></blockquote><blockquote type="cite"> \
echo "Updating $server \
"<br></blockquote><blockquote type="cite"> \
$JAVA_HOME/bin/java -jar bin/deployer.jar -host \
$server -u $GER_USER<br></blockquote><blockquote type="cite">-p $GER_PWD redeploy \
$DEPLOYMENT<br></blockquote><blockquote type="cite">_PLAN<br></blockquote><blockquote \
type="cite">repository/org/tranql/tranql-connector-ra/1.4/tranql-connector-ra-1.4.rar<br></blockquote><blockquote \
type="cite">done<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite">When I run this, the applications that have dependencies on these \
pools<br></blockquote><blockquote type="cite">stop.<br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite">What's the best way to go from \
here?<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite">I'll eventually be using gsh instead of deployer.jar, if that \
matters.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite">Should I just add steps to start all the apps that \
stop?<br></blockquote><br>no :-)<br><br>There are a couple of ways to proceed \
here.<br><br>1. direct configuration (probably simpler). For each pool, get a \
bit into var/config/config.xml that overrides the password from the deployed \
connector. I would actually recommend using a substitution variable and keeping \
the value in var/config/config-substitutions.properties. In 2.2 and trunk these \
passwords will get obscured with encryption at least in the config.xml file: I'm not \
so sure about config-substitutions.properties or \
2.1.x.<br></div></blockquote><div><br></div>I left something out here.... you then \
need to restart the connector plugin(s). Unlike redeploy, this keeps track of \
what got stopped and restarts it \
again.</div><div><br></div><div><br></div><div><blockquote type="cite"><div><font \
class="Apple-style-span" color="#000000"><br></font>2. configuration from your \
security realm. It's also possible to have your securiy relam add \
PasswordCredentials to each logged in Subject that are named for the managed \
connection factory and supply the credentials for the MCF (ie your pool connections). \
You could set this up to read the passwords from wherever you want, possibly a \
server-independent location, maybe ldap.<br><br></div></blockquote><div>This way \
would probably also involve restarting the connector \
plugins.</div><div><br></div><div>thanks</div><div>david jencks</div><br><blockquote \
type="cite"><div>this is only a sketch of what is possible... feel free to ask for \
more details if you like.<br><br>thanks<br>david jencks<br><br><blockquote \
type="cite"><br></blockquote><blockquote type="cite">Should I report it to JIRA? \
I would have expected all the dependent apps to<br></blockquote><blockquote \
type="cite">reload, too.<br></blockquote><blockquote \
type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote \
type="cite">-- <br></blockquote><blockquote type="cite">View this message in context: \
<a href="http://www.nabble.com/Automatically-updating-a-DB-pool-tp25084631s134p2508463 \
1.html">http://www.nabble.com/Automatically-updating-a-DB-pool-tp25084631s134p25084631.html</a><br></blockquote><blockquote \
type="cite">Sent from the Apache Geronimo - Users mailing list archive at \
Nabble.com.<br></blockquote><blockquote \
type="cite"><br></blockquote><br></div></blockquote></div><br></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic