| In order to support:
We need to store passwords in domain.xml using password aliases. This is how it looks in domain.xml: <node node-host="adc2101159" name="n2" install-dir="/export/glassfishv3">
<ssh-connector ssh-port="22">
<ssh-auth user-name="${user.name}" password="${ALIAS=ssh-password}" />
</ssh-connector>
</node>
Before creating the ssh node the user first creates a password alias like this: asadmin create-password-alias ssh-password Enter the alias password> Enter the alias password again> Basically you give an alias name (ssh-password) and then enter the password. This stores the password in the domain's keystore using the alias name as the key. The keystore is encrypted via the masterpassword so all is good. The question is: how does the user specify the password using the CLI? Answer: they do it using the asadmin password file. It looks like this: $ asadmin create-password-alias ssh-password
Enter the alias password>
Enter the alias password again>
$ echo "AS_ADMIN_SSHPASSWORD=\${ALIAS=ssh-password}" > /tmp/p
$ asadmin --passwordfile /tmp/p create-node-ssh
--nodehost adc2101159 --installdir /export/glassfishv3
$ rm /tmp/p
If you want to set the keyfile encryption password you would use this name for the entry in the password file: $ echo "AS_ADMIN_SSHKEYPASSPHRASE=\${ALIAS=ssh-password}" > /tmp/p
Another capability which would add some ease-of-use would be to support prompting for a password. To do this we would need to write a local version of create-node-ssh that that ships the settings off to the remote version of create-node-ssh. The DAS verifies the parameters, and if authentication fails returns the status to the local create-node-ssh command which would then prompt the user for the SSH password or keypassphrase depending on the type of authentication failure. |
