Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


In the Xconf RDK community instance , the data service and Admin UI is added standalone jetty services and both are deployed in the same VM. This documentation explains the steps that were followed to achieve it.

Table of Contents


KeyPoints

  • According to this tutorial, Cassandra DB and the two xconf applications are deployed in the same server
  • The xconf applications – data service and admin ui are deployed in two separate jetty instancesBoth the applications are deployed as separate processes
  • In usual cases the applications will be deployed in seperate nodes, Eventhough the document is based on our experience in setting up both the services in a single server, this document can be referred for  how the application can be deployed in jetty as a system service and also how ssl can be enabled in a jetty server with CA provided certificates


Prerequisites 


  • Required: Xconf dataservice and Xconf admin ui war files
  • Environment: Ubuntu 18.04
  • OpenSSL (Open SSL has to be installed and added to PATH)
  • Jetty 9.4.37
  • Install Java
  • Setup Cassandra DB

Deploy Xconf-data-service war

  • Create folder ‘jetty’ and install jetty in it by downloading jetty 9.4.37 version using ‘wget’ command. In this case, JETTY_HOME directory is /opt/jetty

...

  • If jetty run is not successful, then run this command
    update-rc.d <service> defaults (update-rc.d jetty defaults)


Deploy Xconf Admin Service

  • Create folder ‘jetty2’ and install jetty in it 
      cd /opt
mkdir jetty2
cd jetty2
wget https://repo1.maven.org/maven2/org/eclipse/jetty/jetty-distribution/9.4.37.v20210219/jetty-distribution-9.4.37.v20210219.tar.gz /copy the tarball file from /opt/jetty
gzip –d jetty-distribution-9.4.37.v20210219.tar.gz
tar -xf  jetty-distribution-9.4.37.v20210219.tar.gz--strip=1

(Or copy the jetty tar ball file from data service setup)

  • Copy war file to webapps folder and rename it to admin.war
                mv xconfAdminService2.war admin.war
  • Copy the service.properties file to jetty home (/opt/jetty2) folder.
  • Edit start.ini with the following contents. (If we want to enable both http and https)
        --module=https
jetty.http.port=9093
etc/jetty-ssl.xml
-DappConfig=service.properties
  • Follow the steps mentioned in the session 'Https using CA certificate in jetty for enabling SSL' for this jetty instance
  • Copy jetty.sh to init.d
    cp bin/jetty.sh /etc/init.d/jetty2
  • Create the file /etc/default/jetty2 with the following data

    vim /etc/default/jetty2
    JETTY_HOME=/opt/jetty2             

    Before starting jetty as a service we can verify if the app is running by stepping opt/jetty2 and run the command java –jar start.jar –DappConfig=service.properties

  • To run jetty as service
    sudo service jetty2 start
  • To check the status 
    sudo service jetty2 status

    • If jetty run is not successful, then run this command
      update-rc.d <service> defaults (update-rc.d jetty2 defaults)


Https using CA certificate in jetty 

After obtaining the certificate file from the CA follow the below steps for configuration:


1.Converting certificate and private key to pfx or PKCS12 format

We need to convert the crt file  that is obtained from the CA to PKCS12 format. This can be done with the following steps:

...

After the above commands  pfx or pkcs12 file will be generated.


2.Importing the PKCS12 file in your Jetty keystore

We need to import the PKCS12 file in the keystore of Jetty.

...

Now we have created a new keystore and imported our PKCS12 file.


3.Enabling SSL and HTTPS for Jetty

Jetty 9 has a modular architecture, which means that you can enable different modules through the configuration files.

...

  •  Navigate to the JETTY_HOME/lib folder.
  • Run following Java command (the lib version depends on your Jetty version):
     java -cp jetty-util-9.4.37.v20210219.jar org.eclipse.jetty.util.security.Password <your password>
  • Copy the generated password, which is the line starting with OBF to your clipboard (a sample output is OBF:1wty1th11wgg1saj11v2h1sov1v1x1t371sar1wfi1thl1wug).

     4. XML files configuration


Jetty modules are configured through the XML files under JETTY_HOME/etc folder. By enabling these modules, we are activating jetty-ssl.xml and jetty-https.xml files.The following             changes need to be done in the below files:

  1. jetty-ssl-context.xml

The obfuscated password generated in step 3 and the path for the keystore generated in JETTY_HOME/etc is updated  in the jetty-context.xml  :


<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
<Set name="KeyStorePath">
<Property name="jetty.sslContext.keyStoreAbsolutePath">
<Default>
<Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/>
</Default>
</Property>
</Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="secret"/></Set>
<Set name="KeyStorePassword"> OBF:1wty1th11wgg1saj1t2z1v2h1sov1v1x1t371sar1wfi1thl1wug </Set>
<Set name="KeyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
<Set name="KeyStoreProvider"><Property name="jetty.sslContext.keyStoreProvider"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" deprecated="jetty.keymanager.password" default="secret"/></Set>
<Set name="KeyManagerPassword"> OBF:1wty1th11wgg1saj1t2z1v2h1sov1v1x1t371sar1wfi1thl1wug </Set>
<Set name="TrustStorePath">
<Property name="jetty.sslContext.trustStoreAbsolutePath">
<Default>
<Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/>
</Default>
</Property>
</Set>
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" deprecated="secret"/></Set>
<Set name="TrustStorePassword"> OBF:1wty1th11wgg1saj1t2z1v2h1sov1v1x1t371sar1wfi1thl1wug </Set>
<Set name="TrustStoreType"><Property name="jetty.sslContext.trustStoreType"/></Set>
<Set name="TrustStoreProvider"><Property name="jetty.sslContext.trustStoreProvider"/></Set>


2. jetty-ssl.xml


The port number for https connection need to be updated in this file. The following example has selected the port 9092 for xconf data service. For admin service, we have set it as 9093.

...