How to enable/disable JMX console in CA Release Automation?
search cancel

How to enable/disable JMX console in CA Release Automation?

book

Article ID: 29126

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio) CA Release Automation - DataManagement Server (Nolio)

Issue/Introduction

By default, the JMX (mx4j) console is exposed on all installations (all components) of CA Release Automation via HTTP with only basic authentication, for ease of debugging purpose.

Default login/password for the console is nolio/nolio respectively.  You can access either of them via:

Server:
http://hostname:20203
Agent:
http://hostname:8282

This may not be acceptable in some environments due to security policies within the organization.
How to enable/disable JMX console in CA Release Automation? 



Environment

CA Release Automation 5.5.1 onwards

Resolution

Management Server



The JMX console on the Management Server can be disabled by removing the httpAdaptorMgr management bean from wrapperContext.xml:



1. Edit:



%RA_MANAGEMENT_SERVER_HOME%/webapps/datamanagement/WEB-INF/wrapperContext.xml




===================================================




<beans>




    <bean name="httpAdaptorMgr" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr"



          autowire="constructor"/>



</beans>



===================================================

2. Remove the bean definitions that are marked in bold in the above snippets.

3. Restart the NolioServer service on the Management Server for the change to take effect.
    Windows - In Services.msc restart the 'Nolio Release Automation Server' service
     Linux - Go to the RA Home directory and run ./nolio_server.sh restart




 



Execution Server



The JMX console on the Management Server can be disabled by removing the exporter management bean from execution-servlet.xml :



1. Edit:



%RA_EXECUTION_SERVER_HOME%/webapps/execution/WEB-INF/execution-servlet.xml



===================================================



<beans>



<bean id="exporter" class="com.nolio.platform.server.dataservices.services.jmx.HttpAdaptorMgr" depends-on="propertyConfigurer"/>



</beans>



===================================================



2. Remove the bean definitions that are marked in bold in the above snippets.

3. Restart the NolioServer service on the Execution Server for the change to take effect.
    Windows - In Services.msc restart the 'Nolio Release Automation Server' service
     Linux - Go to the RA Home directory and run ./nolio_server.sh restart



       
Agent



Use one of the following methods to disable the JMX console on the agent.



1. Modify $AGENT_HOME/conf/nolio.jmx.properties, set the following properties and restart the agent service. (preferred)
DeployerJmxPort=0
DeployerJmxEnabled=false


2. Remove the HttpAdaptor MBean via WS GET call to JMX console, Ex:




GET http://nolio:nolio@host:8282/delete?objectname=HtmlAdaptor%3Atype%3Dhtmladapter%2Cport%3D8282



It is suggested to insert the above call into the agent startup script. 

‚Äč3. Add a simple FW rule on either windows(Windows firewall, etc)  or Linux(iptables, etc) to filter incoming TCP traffic dst port 8282.