This is an automated email from the ASF dual-hosted git repository. duncangrant pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git
The following commit(s) were added to refs/heads/master by this push: new 27fb712 Make a bunch of lettercase fixups new edc13bd Merge pull request #289 from infrastation/master 27fb712 is described below commit 27fb7123182b15722c64974aee2d90edc88ad549 Author: Denis Ovsienko <de...@ovsienko.info> AuthorDate: Wed Aug 7 12:11:50 2019 +0100 Make a bunch of lettercase fixups Spell API, CLI, GUI, HTTP, HTTPS, JSON, Linux, Mac OS X, PowerShell, REST, SSL, Ubuntu, URL, WAR, Windows and WinRM. --- guide/blueprints/advanced-example.md | 2 +- guide/blueprints/creating-yaml.md | 2 +- guide/blueprints/custom-entities.md | 8 +-- guide/blueprints/effectors.md | 4 +- guide/blueprints/entity-configuration.md | 4 +- guide/blueprints/java/defining-and-deploying.md | 4 +- guide/blueprints/java/entities.md | 4 +- guide/blueprints/java/feeds.md | 6 +- guide/blueprints/policies.md | 2 +- guide/blueprints/test/usage-examples.md | 4 +- guide/blueprints/winrm/client.md | 26 +++---- guide/blueprints/winrm/index.md | 82 +++++++++++----------- guide/blueprints/yaml-reference.md | 2 +- guide/dev/code/structure.md | 2 +- guide/locations/_azure-ARM.md | 4 +- guide/locations/_azure-classic.md | 4 +- guide/locations/_byon.md | 2 +- guide/locations/_clouds.md | 2 +- guide/locations/_cloudstack.md | 4 +- guide/locations/index.md | 2 +- .../locations/provisioned-machine-requirements.md | 2 +- guide/misc/download.md | 12 ++-- guide/ops/cli/cli-ref-guide.md | 2 +- guide/ops/configuration/brooklyn_cfg.md | 2 +- guide/ops/high-availability/index.md | 2 +- guide/ops/persistence/index.md | 2 +- guide/ops/production-installation.md | 2 +- guide/ops/requirements.md | 8 +-- guide/ops/security-guidelines.md | 4 +- guide/ops/server-cli-reference.md | 4 +- guide/ops/troubleshooting/connectivity.md | 2 +- guide/ops/troubleshooting/deployment.md | 2 +- guide/ops/troubleshooting/overview.md | 2 +- guide/ops/troubleshooting/slow-unresponsive.md | 2 +- 34 files changed, 109 insertions(+), 109 deletions(-) diff --git a/guide/blueprints/advanced-example.md b/guide/blueprints/advanced-example.md index 696e8ff..e67cfdf 100644 --- a/guide/blueprints/advanced-example.md +++ b/guide/blueprints/advanced-example.md @@ -77,7 +77,7 @@ When composing a YAML blueprint, the VanillaSoftwareProcess is a very useful ent A VanillaSoftwareProcess will instruct Brooklyn to provision an instance, and run a series of shell commands to setup, run, monitor and teardown your program. The commands are specified as configuration on the VanillaSoftwareProcess and there are several available. We will spotlight a few now. To simplify - this blueprint, we have specified ubuntu only installs so that our commands can be tailored to this + this blueprint, we have specified Ubuntu only installs so that our commands can be tailored to this system (e.g. use apt-get rather than yum). ##### Customize Command diff --git a/guide/blueprints/creating-yaml.md b/guide/blueprints/creating-yaml.md index d6de14b..fe3d5a7 100644 --- a/guide/blueprints/creating-yaml.md +++ b/guide/blueprints/creating-yaml.md @@ -31,7 +31,7 @@ simply [download and launch]({{book.path.docs}}/start/running.md) Brooklyn, open Click on the tile "Blueprint Composer", then on the double-arrow located on the top right of the screen (to switch to the YAML mode), paste the copied YAML into the editor and press "Deploy". There are several other ways to deploy, including `curl` and via the command-line, -and you can configure users, https, persistence, and more, +and you can configure users, HTTPS, persistence, and more, as described [in the ops guide]({{book.path.docs}}/ops/index.md). [![Web Console](web-console-yaml-700.png "YAML via Web Console")](web-console-yaml.png) diff --git a/guide/blueprints/custom-entities.md b/guide/blueprints/custom-entities.md index dfd3d94..1d3cb6a 100644 --- a/guide/blueprints/custom-entities.md +++ b/guide/blueprints/custom-entities.md @@ -240,7 +240,7 @@ so that the `$message` we passed above gets logged and reported back: #### Windows Command Sensor Like the blueprint above, the following example also uses `brooklyn.initializers` to define sensors on the entity, -this time however it is a windows VM and uses `WinRmCommandSensor`. +this time however it is a Windows VM and uses `WinRmCommandSensor`. - type: org.apache.brooklyn.entity.software.base.VanillaWindowsProcess brooklyn.config: @@ -264,7 +264,7 @@ health-check. See documentation on the [Entity's error status]({{book.path.docs}}/ops/troubleshooting/overview.md#entitys-error-status) for how Brooklyn models an entity's health. -In the snippet below, we'll define a new health-check sensor (via http polling), and will automatically add this +In the snippet below, we'll define a new health-check sensor (via HTTP polling), and will automatically add this to the `service.notUp.indicators`. If that map is non-empty, then the entity's `service.isUp` will be set automatically to `false`: @@ -303,10 +303,10 @@ automatically to `false`: - "no value" The `HttpRequestSensor` configures the entity to poll every 5 seconds on the given URI, -taking the json result as the sensor value. +taking the JSON result as the sensor value. The `UpdatingMap` enricher uses that sensor to populate an entry in the `service.notUp.indicators`. -It transforms the `http.healthy` sensor value using the given function: if the http poll returned +It transforms the `http.healthy` sensor value using the given function: if the HTTP poll returned `true`, then it is mapped to `null` (so is removed from the `service.noUp.indicators`); if the poll returned `false`, then `"false"` is added to the indicators map; otherwise `"no value"` is added to the indicators map. diff --git a/guide/blueprints/effectors.md b/guide/blueprints/effectors.md index a7f28eb..1c0df25 100644 --- a/guide/blueprints/effectors.md +++ b/guide/blueprints/effectors.md @@ -66,8 +66,8 @@ There are a number of additional configuration keys available for the `HTTPComma | httpUsername | | user name for the authentication | | httpPassword | | password for the authentication | | headers | application/json | It explicitly supports `application/x-www-form-urlencoded` | -| httpPayload | | The body of the http request | -| jsonPath | | A jsonPath expression to extract values from a json object | +| httpPayload | | The body of the HTTP request | +| jsonPath | | A jsonPath expression to extract values from a JSON object | | jsonPathAndSensors | | A map where keys are jsonPath expressions and values the name of the sensor where to publish extracted values | diff --git a/guide/blueprints/entity-configuration.md b/guide/blueprints/entity-configuration.md index e3b4434..c70be3a 100644 --- a/guide/blueprints/entity-configuration.md +++ b/guide/blueprints/entity-configuration.md @@ -186,7 +186,7 @@ services: _However, the web-console also shows other misleading (incorrect!) config values for the child entity. It shows the inherited config value of `exampleConfig` as "childValue" (because the -REST api did not evaluate the DSL in the correct context, when retrieving the value! +REST API did not evaluate the DSL in the correct context, when retrieving the value! See https://issues.apache.org/jira/browse/BROOKLYN-455._ @@ -293,7 +293,7 @@ Some common config keys that will not re-inherited include: * `launch.command` (and the ``pre.launch.command` and `post.launch.command`) * `checkRunning.command` * `stop.command` -* The similar commands for `VanillaWindowsProcess` powershell. +* The similar commands for `VanillaWindowsProcess` PowerShell. * The file and template install config keys (e.g. `files.preinstall`, `templates.preinstall`, etc) An example is shown below. Here, the "logstash-child" is a sub-type of `VanillaSoftwareProcess`, diff --git a/guide/blueprints/java/defining-and-deploying.md b/guide/blueprints/java/defining-and-deploying.md index 29578eb..1290d03 100644 --- a/guide/blueprints/java/defining-and-deploying.md +++ b/guide/blueprints/java/defining-and-deploying.md @@ -52,7 +52,7 @@ To describe each part of this: and tracked as such. Execution of the effector is intercepted, to track it as a task and show its execution in the Activity view. * The `@EffectorParam` annotations give metadata about the effector's parameters. This metadata, - such as the parameter description, is available to those using the client CLI, rest API and + such as the parameter description, is available to those using the client CLI, REST API and web-console. Note there is an alternative way of defining effectors - adding them to the entity dynamically, @@ -162,4 +162,4 @@ The YAML blueprint below shows an example usage of this blueprint: Note the type name matches the id defined in the `.bom` file. You can now call the effector by any of the standard means - [web console]({{book.path.docs}}/ops/gui/index.md), -[REST api]({{book.path.docs}}/ops/rest.md), or [Client CLI]({{book.path.docs}}/ops/cli/index.md). +[REST API]({{book.path.docs}}/ops/rest.md), or [Client CLI]({{book.path.docs}}/ops/cli/index.md). diff --git a/guide/blueprints/java/entities.md b/guide/blueprints/java/entities.md index 0c3edc7..eea5aa1 100644 --- a/guide/blueprints/java/entities.md +++ b/guide/blueprints/java/entities.md @@ -96,8 +96,8 @@ protected void disconnectSensors() { } ``` -In this example (a simplified version of ``JBoss7Server``), the url returns metrics in JSON. -We report the entity as up if we get back an http response code of 200, or down if any other response code or exception. +In this example (a simplified version of ``JBoss7Server``), the URL returns metrics in JSON. +We report the entity as up if we get back an HTTP response code of 200, or down if any other response code or exception. We retrieve the request count from the response body, and convert it to an integer. Note the first line (``super.connectSensors()``); as one descends into specific convenience subclasses (such as for Java web-apps), the work done by the parent class's overridden methods may be relevant, and will want to be invoked or even added to a resulting list. diff --git a/guide/blueprints/java/feeds.md b/guide/blueprints/java/feeds.md index 9dc8243..52c1edc 100644 --- a/guide/blueprints/java/feeds.md +++ b/guide/blueprints/java/feeds.md @@ -34,7 +34,7 @@ important that the entity's `rebind()` method recreates the feed. ##### HTTP Feed -An `HttpFeed` polls over http(s). An example is shown below: +An `HttpFeed` polls over HTTP(S). An example is shown below: ```java private HttpFeed feed; @@ -94,7 +94,7 @@ protected void disconnectSensors() { ##### WinRm CMD Feed -A WinRM feed executes a windows command over winrm periodically. An example is shown below: +A WinRM feed executes a Windows command over WinRM periodically. An example is shown below: ```java private AbstractCommandFeed feed; @@ -126,7 +126,7 @@ This type of feed retrieves performance counters from a Windows host, and posts One must supply a collection of mappings between Windows performance counter names and Brooklyn attribute sensors. -This feed uses WinRM to invoke the windows utility <tt>typeperf</tt> to query for a specific set +This feed uses WinRM to invoke the Windows utility <tt>typeperf</tt> to query for a specific set of performance counters, by name. The values are extracted from the response, and published to the entity's sensors. An example is shown below: diff --git a/guide/blueprints/policies.md b/guide/blueprints/policies.md index eb75e0f..c4427bb 100644 --- a/guide/blueprints/policies.md +++ b/guide/blueprints/policies.md @@ -104,7 +104,7 @@ The SshMachineFailureDetector is an HA policy for monitoring an SshMachine, emit - org.apache.brooklyn.policy.ha.ConnectionFailureDetector -The ConnectionFailureDetector is an HA policy for monitoring an http connection, emitting an event if the connection is lost/restored. +The ConnectionFailureDetector is an HA policy for monitoring an HTTP connection, emitting an event if the connection is lost/restored. ### Primary Election / Failover Policies diff --git a/guide/blueprints/test/usage-examples.md b/guide/blueprints/test/usage-examples.md index 91951a0..63bb1bb 100644 --- a/guide/blueprints/test/usage-examples.md +++ b/guide/blueprints/test/usage-examples.md @@ -25,8 +25,8 @@ This `TestEffector` example demonstrates the use of the `TestCase` and `TestSens - `TestCase` entity starts its children sequentially - asserts that the `webappcluster` entity `service.isUp` sensor is `true` within 10 minutes of the parent `TestCase` entity starting. Blocks start of the next child until it obtains a result (or times out). - - `deploy` effector invoked to deploy war to a `newcontext` with a 5 minute timeout to allow completion of the deploy task. - - asserts `/newcontext` url returns a HTTP status code 200 within 5 minutes of the effector being invoked (Note that this timeout is relative to the preceding test entity as they are being sequentially run as children of a `TestCase` entity). + - `deploy` effector invoked to deploy WAR to a `newcontext` with a 5 minute timeout to allow completion of the deploy task. + - asserts `/newcontext` URL returns a HTTP status code 200 within 5 minutes of the effector being invoked (Note that this timeout is relative to the preceding test entity as they are being sequentially run as children of a `TestCase` entity). !CODEFILE "example_yaml/testcases/effector-test-snippet.yaml" diff --git a/guide/blueprints/winrm/client.md b/guide/blueprints/winrm/client.md index 408d1ca..2d4dee3 100644 --- a/guide/blueprints/winrm/client.md +++ b/guide/blueprints/winrm/client.md @@ -10,11 +10,11 @@ parameters available for WinRM. * host <String>: Host to connect to (required).Default value `null` * port <Integer>: WinRM port to use when connecting to the remote machine.<br> If no port is specified then it defaults to a port depending on the `winrm.useHttps` flag. -* winrm.useHttps <Boolean>: The parameter tells the machine sensors whether the winrm port is over https. If the parameter is true then 5986 will be used as a winrm port.<br> +* winrm.useHttps <Boolean>: The parameter tells the machine sensors whether the WinRM port is over HTTPS. If the parameter is true then 5986 will be used as a WinRM port.<br> Default value: `false` * retriesOfNetworkFailures <Integer>: The parameter sets the number of retries for connection failures. If you use high value, consider taking care for the machine's network.<br> Default value: `4` -* winrm.useNtlm <Boolean>: The parameter configures tells the machine sensors whether the winrm port is over https. If the parameter is true then 5986 will be used as a winrm port.<br> +* winrm.useNtlm <Boolean>: The parameter configures tells the machine sensors whether the WinRM port is over HTTPS. If the parameter is true then 5986 will be used as a WinRM port.<br> Default value: `true` * winrm.computerName <String>: Windows Computer Name to use for authentication.<br> Default value: `null` @@ -33,17 +33,17 @@ and it will be used to instantiate a `org.apache.brooklyn.util.core.internal.win ## WinRM Connectivity Diagnostics -If you are experiencing problems with a windows blueprint against a jclouds location +If you are experiencing problems with a Windows blueprint against a jclouds location where Apache Brooklyn complains about failing to connect to the IP you should check those things. 1. Apache Brooklyn is using correct username and password 1. Apache Brooklyn can reach the IP of the provisioned machine. WinRM port 5985 or 5986 is also reachable from Apache Brooklyn. 1. Check whether `WinRmMachineLocation#getDefaultUserMetadataString(ConfigurationSupportInternal)` is applied on the VM. This script should be passed to the cloud and executed in order to configure WinRM according to Apache Brooklyn requirements for authentication. - So far windows startup script are known to be supported on AWS EC2 and VCloud Director. + So far Windows startup script are known to be supported on AWS EC2 and VCloud Director. If your cloud doesn't use this script then tune WinRM parameters accordingly. -1. Check whether you use winrm over http or over https. - 1. If you are using WinRM over http then make sure WinRM service on target VM has `AllowUnencrypted = true` +1. Check whether you use WinRM over HTTP or over HTTPS. + 1. If you are using WinRM over HTTP then make sure WinRM service on target VM has `AllowUnencrypted = true` If the quick list above doesn't help then follow the steps bellow. @@ -54,12 +54,12 @@ After you determined what is the username and the password you can proceed with *(Notice that for cloud providers which use Auto Generated password will not be logged. For these cases use Java Debug to retrieve ot or provision a VM manually with the same parameters when using Apache Brooklyn to provision a jclouds location.)* -The first step is to find what is the winrm service configuration on the target host. +The first step is to find what is the WinRM service configuration on the target host. -1. If you have RDP access or KVM like access to the VM then check the winrm service status with the command bellow. +1. If you have RDP access or KVM like access to the VM then check the WinRM service status with the command bellow. `winrm get winrm/config/service` - If you are using http you should have AllowUnencrypted to false. - Encryption is supported only over https. + If you are using HTTP you should have AllowUnencrypted to false. + Encryption is supported only over HTTPS. Sample output: MaxConcurrentOperations = 4294967295 @@ -102,7 +102,7 @@ Use an Apache Brooklyn BYON blueprint to try easily other connection options. 1. Check IP is reachable from Apache Brooklyn instance Check whether `telnet 10.0.0.1 5985` makes successfully a socket. -1. If AllowUnencrypted is false and you are using winrm over http then apply `winrm set winrm/config/service @{AllowUnencrypted="true"}` +1. If AllowUnencrypted is false and you are using WinRM over HTTP then apply `winrm set winrm/config/service @{AllowUnencrypted="true"}` *If jclouds or the cloud provider doesn't support passing `sysprep-specialize-script-cmd` then consider modifying Windows VM Image.* 1. Check your username and password. Notice in Windows passwords are case sensitive. Here is how it looks log from a wrong password: @@ -115,8 +115,8 @@ Use an Apache Brooklyn BYON blueprint to try easily other connection options. 1. When having wrong password you may want to try logging on a different domain This is possible from `brooklyn.winrm.config.winrm.computerName` location config. -1. If you want to configure Windows target host with https then check the article [Configuring WINRM for HTTPS](https://support.microsoft.com/en-us/kb/2019527) -1. If you are still seeing authorization errors then try connecting via winrm with the embedded winrs client. +1. If you want to configure Windows target host with HTTPS then check the article [Configuring WINRM for HTTPS](https://support.microsoft.com/en-us/kb/2019527) +1. If you are still seeing authorization errors then try connecting via WinRM with the embedded winrs client. First make sure you have the server in trusted hosts. Then execute a simple command like diff --git a/guide/blueprints/winrm/index.md b/guide/blueprints/winrm/index.md index 9a85d0b..5451bf1 100644 --- a/guide/blueprints/winrm/index.md +++ b/guide/blueprints/winrm/index.md @@ -3,7 +3,7 @@ title: Windows Blueprints --- Brooklyn can deploy to Windows servers using WinRM to run commands. These deployments can be -expressed in pure YAML, and utilise Powershell to install and manage the software process. +expressed in pure YAML, and utilise PowerShell to install and manage the software process. This approach is similar to the use of SSH for UNIX-like servers. @@ -72,7 +72,7 @@ to `VanillaSoftwareProcess`, but adapted to work for Windows and WinRM instead o [documentation for VanillaSoftwareProcess]({{book.path.docs}}/blueprints/custom-entities.md#vanilla-software-using-bash) to find out what you can do with this entity. -Entity authors are strongly encouraged to write Windows Powershell or Batch scripts as separate +Entity authors are strongly encouraged to write Windows PowerShell or Batch scripts as separate files, to configure these to be uploaded, and then to configure the appropriate command as a single line that executes given script. @@ -117,7 +117,7 @@ The installation script - referred to as `/Users/richard/install7zip.ps1` in the Where security-related operation are to be executed, it may require the use of `CredSSP` to obtain the correct Administrator privileges: you may otherwise get an access denied error. See the sub-section -[How and Why to re-authenticate within a powershell script](#how-and-why-to-re-authenticate-within-a-powershell-script) for more details. +[How and Why to re-authenticate within a PowerShell script](#how-and-why-to-re-authenticate-within-a-powershell-script) for more details. This is only a very simple example. A more complex example can be found in the [Microsoft SQL Server blueprint in the Brooklyn source code]({{book.url.brooklyn_library_git}}/{{"master" if 'SNAPSHOT' in book.brooklyn_version else book.brooklyn_version}}/software/database/src/main/resources/org/apache/brooklyn/entity/database/mssql). @@ -135,23 +135,23 @@ Blueprint authors are strongly encouraged to provide an implementation for insta and checkRunning. These are vital for the generic effectors such as stopping and restarting the process. -### Powershell +### PowerShell -Powershell commands can be supplied using config options such as `launch.powershell.command`. +PowerShell commands can be supplied using config options such as `launch.powershell.command`. This is an alternative to supplying a standard batch command using config such as `launch.command`. -For a given phase, only one of the commands (Powershell or Batch) should be supplied. +For a given phase, only one of the commands (PowerShell or Batch) should be supplied. ### Getting the Right Exit Codes WinRM (or at least the chosen WinRM client!) can return a zero exit code even on error in certain circumstances. It is therefore advisable to follow the guidelines below. -*For a given command, write the Powershell or Batch script as a separate multi-command file. +*For a given command, write the PowerShell or Batch script as a separate multi-command file. Upload this (e.g. by including it in the `files.preinstall` configuration). For the configuration of the given command, execute the file.* -When you have a command inside the powershell script which want to report its non zero exiting, +When you have a command inside the PowerShell script which want to report its non zero exiting, please consider adding a check for its exit code after it. Example: @@ -160,7 +160,7 @@ Example: exit $lastexitcode } -For Powershell files, consider including +For PowerShell files, consider including $ErrorActionPreference = "Stop" @@ -175,7 +175,7 @@ See [Incorrect Exit Codes](#incorrect-exit-codes) under Known Limitations below. ### Executing Scripts From Batch Commands -In a batch command, you can execute a batch file or Powershell file. For example: +In a batch command, you can execute a batch file or PowerShell file. For example: install.command: powershell -NonInteractive -NoProfile -Command "C:\\install7zip.ps1" @@ -183,10 +183,10 @@ Or alternatively: install.command: C:\\install7zip.bat -### Executing Scripts From Powershell +### Executing Scripts From PowerShell -In a Powershell command, you can execute a batch file or Powershell file. There are many ways -to do this (see official Powershell docs). For example: +In a PowerShell command, you can execute a batch file or PowerShell file. There are many ways +to do this (see official PowerShell docs). For example: install.powershell.command: "& C:\\install7zip.ps1" @@ -198,12 +198,12 @@ Note the quotes around the command. This is because the "&" has special meaning ### Parameterised Scripts -Calling parameterised Batch and Powershell scripts is done in the normal Windows way - see +Calling parameterised Batch and PowerShell scripts is done in the normal Windows way - see offical Microsoft docs. For example: install.command: "c:\\myscript.bat myarg1 myarg2" -Or as a Powershell example: +Or as a PowerShell example: install.powershell.command: "& c:\\myscript.ps1 -key1 myarg1 -key2 myarg2" @@ -212,13 +212,13 @@ other entities using the standard `attributeWhenReady` mechanism. For example: install.command: $brooklyn:formatString("c:\\myscript.bat %s", component("db").attributeWhenReady("datastore.url")) -### Powershell - Using Start-Process +### PowerShell - Using Start-Process -When you are invoking a command from a powershell script with `Start-Process` cmdlet, +When you are invoking a command from a PowerShell script with `Start-Process` cmdlet, please use the `-Wait` and the `-PassThru` arguments. Example `Start-Process C:\mycommand -Wait -PassThru` -Using `-Wait` guarantees that the script process and its children and thus the winrm session won't be terminated until it is finished. +Using `-Wait` guarantees that the script process and its children and thus the WinRM session won't be terminated until it is finished. `-PassThru` Returns a process object for each process that the cmdlet started. By default, this cmdlet does not generate any output. See https://technet.microsoft.com/en-us/library/hh849848.aspx @@ -229,15 +229,15 @@ config like `pre.install.reboot.required` and `install.reboot.required`. If requ installation commands can be split between the pre-install, install and post-install phases in order to do a reboot at the appropriate point of the VM setup. -We Strongly recommend to **write blueprints in a way that they do NOT restart automatically windows** and +We Strongly recommend to **write blueprints in a way that they do NOT restart automatically Windows** and use one of the `pre.install.reboot.required` or `install.reboot.required` parameters to perform restart. ### Install Location Blueprint authors are encouraged to explicitly specify the full path for file uploads, and -for paths in their Powershell scripts (e.g. for installation, configuration files, log files, etc). +for paths in their PowerShell scripts (e.g. for installation, configuration files, log files, etc). -### How and Why to re-authenticate within a powershell script +### How and Why to re-authenticate within a PowerShell script Some installation scripts require the use of security-related operations. In some environments, these fail by default when executed over WinRM, even though the script may succeed when run locally @@ -251,15 +251,15 @@ solution is to obtain a new set of credentials within the script and use those c required commands. The WinRM client uses Negotiate+NTLM to authenticate against the machine. -This mechanism applies certain restrictions to executing commands on the windows host. +This mechanism applies certain restrictions to executing commands on the Windows host. -For this reason you should enable CredSSP on the windows host which grants all privileges available to the user. +For this reason you should enable CredSSP on the Windows host which grants all privileges available to the user. https://technet.microsoft.com/en-us/library/hh849719.aspx#sectionSection4 To use `Invoke-Command -Authentication CredSSP` the Windows Machine has to have: -- Up and running WinRM over http. The custom-enable-credssp.ps1 script enables winrm over http because `Invoke-Command` use winrm over http by default. - Invoke-Command can be used with -UseSSL option but this will lead to modifying powershell scripts. - With always enabling winrm over http on the host, blueprint's powershell scripts remain consistent and not depend on the winrm https/http environments. +- Up and running WinRM over HTTP. The custom-enable-credssp.ps1 script enables WinRM over HTTP because `Invoke-Command` use WinRM over HTTP by default. + Invoke-Command can be used with -UseSSL option but this will lead to modifying PowerShell scripts. + With always enabling WinRM over HTTP on the host, blueprint's PowerShell scripts remain consistent and not depend on the WinRM HTTPS/HTTP environments. We hope future versions of winrm4j will support CredSSP out of the box and wrapping commands in Invoke-Command will not be needed. - Added trusted host entries which will use Invoke-Command - Allowed CredSSP @@ -332,9 +332,9 @@ a similarly named AMI. For example: brooklyn.location.named.AWS\ Oregon\ Win.imageOwner = 801119661308 ... -## stdout and stderr in a Powershell script +## stdout and stderr in a PowerShell script -When calling an executable in a Powershell script, the stdout and stderr will usually be output to the console. +When calling an executable in a PowerShell script, the stdout and stderr will usually be output to the console. This is captured by Brooklyn, and shown in the activities view under the specific tasks. An alternative is to redirect stdout and stderr to a file on the VM, which can be helpful if one expects sys admins @@ -350,7 +350,7 @@ For example, instead of running the following: The `-ArgumentList` is simply the arguments that are to be passed to the executable, `-RedirectStandardOutput` and `RedirectStandardError` take file locations for the output (if the file already exists, it will be overwritten). The -`-PassThru` argument indicates that Powershell should write to the file *in addition* to the console, rather than +`-PassThru` argument indicates that PowerShell should write to the file *in addition* to the console, rather than *instead* of the console. The `-Wait` argument will cause the scriptlet to block until the process is complete. Further details can be found on the [Start-Process documentation page](https://technet.microsoft.com/en-us/library/hh849848.aspx) @@ -379,7 +379,7 @@ else then the setup will not be done and the VM may not not be accessible remote When a script is run over WinRM over HTTP, the credentials under which the script are run are marked as 'remote' credentials, which are prohibited from running certain security-related operations. This may prevent certain operations. The installer from Microsoft SQL Server is known to fail in this case, for example. For a workaround, please -refer to [How and Why to re-authenticate withing a powershell script](#how-and-why-to-re-authenticate-within-a-powershell-script) +refer to [How and Why to re-authenticate withing a PowerShell script](#how-and-why-to-re-authenticate-within-a-powershell-script) above. ### WebServiceException: Could not send Message @@ -411,7 +411,7 @@ Logging in the host and search for System event of type 1074 in Windows Event Vi The process C:\Windows\system32\winlogon.exe (W2K12-STD) has initiated the restart of computer WIN-XXXX on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Upgrade (Planned) Reason Code: 0x80020003 Shutdown Type: restart Comment: -Normally on other clouds only one restart event is registered and the first time winrm connection is made the Windows VM is ready for use. +Normally on other clouds only one restart event is registered and the first time WinRM connection is made the Windows VM is ready for use. For this particular case when you want this second restart to finish we made `waitWindowsToStart` location parameter which basically adds additional check assuring the Windows VM provisioning is done. @@ -419,7 +419,7 @@ which basically adds additional check assuring the Windows VM provisioning is do For example when using `waitWindowsToStart: 5m` location parameter, Apache Brooklyn will wait 5 minutes to see if a disconnect occurs. If it does, then it will again wait 5m for the machine to come back up. -The default behaviour in Apache Brooklyn is to consider provisioning done on the first successful winrm connection, without waiting for restart. +The default behaviour in Apache Brooklyn is to consider provisioning done on the first successful WinRM connection, without waiting for restart. To determine whether you should use this parameter you should carefully inspect how the image you choose to provision is behaving. @@ -506,9 +506,9 @@ Currently Apache Brooklyn will accept any certificate used in a HTTPS WinRM conn Some limitations with WinRM (or at least the chosen WinRM Client!) are listed below: -##### Single-line Powershell files +##### Single-line PowerShell files -When a Powershell file contains just a single command, the execution of that file over WinRM returns exit code 0 +When a PowerShell file contains just a single command, the execution of that file over WinRM returns exit code 0 even if the command fails! This is the case for even simple examples like `exit 1` or `thisFileDoesNotExist.exe`. A workaround is to add an initial command, for example: @@ -516,9 +516,9 @@ A workaround is to add an initial command, for example: Write-Host dummy line for workaround exit 1 -##### Direct Configuration of Powershell commands +##### Direct Configuration of PowerShell commands -If a command is directly configured with Powershell that includes `exit`, the return code over WinRM +If a command is directly configured with PowerShell that includes `exit`, the return code over WinRM is not respected. For example, the command below will receive an exit code of 0. launch.powershell.command: | @@ -534,10 +534,10 @@ is not respected. For example, the command below will receive an exit code of 0. ##### Non-zero Exit Code Returned as One -If a batch or Powershell file exits with an exit code greater than one (or negative), this will +If a batch or PowerShell file exits with an exit code greater than one (or negative), this will be reported as 1 over WinRM. -We advise you to use native commands (non-powershell ones) since executing it as a native command +We advise you to use native commands (non-PowerShell ones) since executing it as a native command will return the exact exit code rather than 1. For instance if you have installmssql.ps1 script use `install.command: powershell -command "C:\\installmssql.ps1"` rather than using `install.powershell.command: "C:\\installmssql.ps1"` @@ -590,18 +590,18 @@ of the exit code for the commands executed. ### Install location Work is required to better configure a default install location on the VM (e.g. so that -environment variables are set). The installation pattern for linux-based blueprints, +environment variables are set). The installation pattern for Linux-based blueprints, of using brooklyn-managed-processes/installs, is not used or recommended on Windows. Files will be uploaded to C:\ if no explicit directory is supplied, which is untidy, unnecessarily exposes the scripts to the user, and could cause conflicts if multiple entities are installed. Blueprint authors are strongly encourages to explicitly specific directories for file -uploads and in their Powershell scripts. +uploads and in their PowerShell scripts. ### Windows template settings for an Unattended Installation -Windows template needs certain configuration to be applied to prevent windows setup UI from being displayed. +Windows template needs certain configuration to be applied to prevent Windows setup UI from being displayed. The default behavior is to display it if there are incorrect or empty settings. Showing Setup UI will prevent the proper deployment, because it will expect interaction by the user such as agreeing on the license agreement or some of the setup dialogs. diff --git a/guide/blueprints/yaml-reference.md b/guide/blueprints/yaml-reference.md index 50caa21..20304a8 100644 --- a/guide/blueprints/yaml-reference.md +++ b/guide/blueprints/yaml-reference.md @@ -59,7 +59,7 @@ the entity being defined, with these being the most common: * `org.apache.brooklyn.core.sensor.windows.WinRmCommandSensor`: For a command supplied via WinRm. Takes a `name`, `command`, and optionally a `period` and `executionDir`, to create a sensor feed which populates the sensor with - the given name by running the given command (on an entity which as an winrm-able machine).<br/> + the given name by running the given command (on an entity which as an WinRM-able machine).<br/> _`"~"` will use the default execution directory for the WinRm session which is usually `%USERPROFILE%`_ * `brooklyn.parameters`: documents a list of typed parameters the entity accepts. diff --git a/guide/dev/code/structure.md b/guide/dev/code/structure.md index 0e44f81..a1aad56 100644 --- a/guide/dev/code/structure.md +++ b/guide/dev/code/structure.md @@ -9,7 +9,7 @@ Brooklyn is split into the following subprojects: * **camp**: the components for a server which speaks with the CAMP REST API and understands the CAMP YAML plan language * **core**: the base class implementations for entities and applications, entity traits, locations, policies, sensor and effector support, tasks, and more * **karaf**: OSGi support - * **launcher**: for launching brooklyn, either using a main method or invoked from the cli project + * **launcher**: for launching brooklyn, either using a main method or invoked from the CLI project * **locations**: specific location integrations * **jclouds**: integration with many cloud APIs and providers via Apache jclouds * **logging**: how we enable configurable logging diff --git a/guide/locations/_azure-ARM.md b/guide/locations/_azure-ARM.md index 739e5e4..9134c96 100644 --- a/guide/locations/_azure-ARM.md +++ b/guide/locations/_azure-ARM.md @@ -181,7 +181,7 @@ You can add these options into the `templateOptions` element inside the `brookly This section contains material how to create a Windows location on Azure ARM. Some of the used parameters are explained in the section above. Windows on Azure ARM requires manually created [Azure KeyVault](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-get-started) -Azure KeyVaults can be created [via Azure cli](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-manage-with-cli2#create-a-key-vault) +Azure KeyVaults can be created [via Azure CLI](https://docs.microsoft.com/en-us/azure/key-vault/key-vault-manage-with-cli2#create-a-key-vault) or [Azure portal UI](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-keyvault-parameter). KeyVault's secret is a key stored in protected .PFX file. It needs to be prepared upfront or created with the [Add-AzureKeyVaultKey](https://docs.microsoft.com/en-us/powershell/module/azurerm.keyvault/add-azurekeyvaultkey?view=azurermps-4.0.0) cmdlet. @@ -209,7 +209,7 @@ stored in protected .PFX file. It needs to be prepared upfront or created with t * `additionalUnattendContent` Additional content. Normally it can be defined as `null` -* `enableAutomaticUpdates` whether to enable the automatic windows updates. It can be set to `false`, if automatic updates are not desired +* `enableAutomaticUpdates` whether to enable the automatic Windows updates. It can be set to `false`, if automatic updates are not desired ##### Sample Windows Blueprint diff --git a/guide/locations/_azure-classic.md b/guide/locations/_azure-classic.md index 038da26..b853998 100644 --- a/guide/locations/_azure-classic.md +++ b/guide/locations/_azure-classic.md @@ -183,7 +183,7 @@ placeholder values for the identity, credential and password. ```properties brooklyn.location.named.myazure=jclouds:azurecompute:West Europe -brooklyn.location.named.myazure.displayName=Azure West Europe (windows) +brooklyn.location.named.myazure.displayName=Azure West Europe (Windows) brooklyn.location.named.myazure.identity=$HOME/.brooklyn/azure.p12 brooklyn.location.named.myazure.credential=<P12_EXPORT_PASSWORD> brooklyn.location.named.myazure.endpoint=https://management.core.windows.net/<YOUR_SUBSCRIPTION_ID> @@ -217,7 +217,7 @@ by the cloud provider and is then retrieved via the cloud provider's API after p ##### WinRM Configuration The WinRM initialization in Azure is achieved through configuration options in the VM provisioning request. -The required configuration is to enabled HTTPS (if Azure is told to use http, the VM comes pre-configured +The required configuration is to enabled HTTPS (if Azure is told to use HTTP, the VM comes pre-configured with WinRM encrypted over HTTP). The default is then to support NTLM protocol. The setup of Windows VMs on Azure differs from that on other clouds, such as AWS. In contrast, on AWS an diff --git a/guide/locations/_byon.md b/guide/locations/_byon.md index 43820d6..6ff66e8 100644 --- a/guide/locations/_byon.md +++ b/guide/locations/_byon.md @@ -46,7 +46,7 @@ This location will be saved as a [catalog entry]({{book.path.docs}}/blueprints/c For more complex host configuration, one can define custom config values per machine. In the example below, there will be two machines. The first will be a machine reachable on -`ssh -i ~/.ssh/brooklyn.pem -p 8022 myuser@50.51.52.53`. The second is a windows machine, reachable +`ssh -i ~/.ssh/brooklyn.pem -p 8022 myuser@50.51.52.53`. The second is a Windows machine, reachable over WinRM. Each machine has also has a private address (e.g. for within a private network). ```yaml diff --git a/guide/locations/_clouds.md b/guide/locations/_clouds.md index bdc62ce..629c795 100644 --- a/guide/locations/_clouds.md +++ b/guide/locations/_clouds.md @@ -178,7 +178,7 @@ For more keys and more detail on the keys below, see `sudo yum-config-manager --disable reponame` - Base64 encoding can be done with a with a tool such as [this](https://www.base64encode.org/) or a linux command such as: + Base64 encoding can be done with a with a tool such as [this](https://www.base64encode.org/) or a Linux command such as: `echo "sudo yum-config-manager --disable reponame" | base64` diff --git a/guide/locations/_cloudstack.md b/guide/locations/_cloudstack.md index 1a2e8f9..7ddf46c 100644 --- a/guide/locations/_cloudstack.md +++ b/guide/locations/_cloudstack.md @@ -4,8 +4,8 @@ The endpoint URI will normally have the suffix `/client/api/`. -The identity is the "api key" and the credential is the "secret key". These can be generated in -the CloudStack gui: under accounts, select "view users", then "generate key". +The identity is the "API key" and the credential is the "secret key". These can be generated in +the CloudStack GUI: under accounts, select "view users", then "generate key". location: jclouds:cloudstack: diff --git a/guide/locations/index.md b/guide/locations/index.md index 79810c5..e7f199f 100644 --- a/guide/locations/index.md +++ b/guide/locations/index.md @@ -132,7 +132,7 @@ try connecting to a specific TCP port using `telnet <address> <port>`. ### Firewalls What firewall(s) are running on the machine, and are the required ports open? -On linux, check things like `iptables`, `firewalld`, `ufw` or other commercial +On Linux, check things like `iptables`, `firewalld`, `ufw` or other commercial firewalls. On Windows, check the settings of the [Windows Firewall](https://en.wikipedia.org/wiki/Windows_Firewall). diff --git a/guide/locations/provisioned-machine-requirements.md b/guide/locations/provisioned-machine-requirements.md index 6ddfb4f..1bc315f 100644 --- a/guide/locations/provisioned-machine-requirements.md +++ b/guide/locations/provisioned-machine-requirements.md @@ -130,7 +130,7 @@ try connecting to a specific TCP port using `telnet <address> <port>`. ### Firewalls What firewall(s) are running on the machine, and are the required ports open? -On linux, check things like `iptables`, `firewalld`, `ufw` or other commercial +On Linux, check things like `iptables`, `firewalld`, `ufw` or other commercial firewalls. On Windows, check the settings of the [Windows Firewall](https://en.wikipedia.org/wiki/Windows_Firewall). diff --git a/guide/misc/download.md b/guide/misc/download.md index df5e4c4..ce72b23 100644 --- a/guide/misc/download.md +++ b/guide/misc/download.md @@ -54,37 +54,37 @@ The latest stable release can be accessed on the [main download page]({{ book.ur </tr> <tr> <td style='text-align:left;vertical-align:top' rowspan='6'>Client CLI only</td> - <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-linux.tar.gz' title='Download client CLI linux TGZ archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-linux.tar.gz</a></td> + <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-linux.tar.gz' title='Download client CLI Linux TGZ archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-linux.tar.gz</a></td> <td ><small> {% if not isSnapshot %}<a href='{{downloadHashPrefix}}-client-cli-linux.tar.gz.asc'>PGP</a>, {% endif %} <a href='{{downloadHashPrefix}}-client-cli-linux.tar.gz.sha1'>SHA1</a></small></td> </tr> <tr> - <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-linux.zip' title='Download client CLI linux ZIP archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-linux.zip</a></td> + <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-linux.zip' title='Download client CLI Linux ZIP archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-linux.zip</a></td> <td><small> {% if not isSnapshot %}<a href='{{downloadHashPrefix}}-client-cli-linux.zip.asc'>PGP</a>, {% endif %} <a href='{{downloadHashPrefix}}-client-cli-linux.zip.sha1'>SHA1</a></small></td> </tr> <tr> - <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-macosx.tar.gz' title='Download client CLI macosx TGZ archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-macosx.tar.gz</a></td> + <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-macosx.tar.gz' title='Download client CLI Mac OS X TGZ archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-macosx.tar.gz</a></td> <td ><small> {% if not isSnapshot %}<a href='{{downloadHashPrefix}}-client-cli-macosx.tar.gz.asc'>PGP</a>, {% endif %} <a href='{{downloadHashPrefix}}-client-cli-macosx.tar.gz.sha1'>SHA1</a></small></td> </tr> <tr> - <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-macosx.zip' title='Download client CLI macosx ZIP archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-macosx.zip</a></td> + <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-macosx.zip' title='Download client CLI Mac OS X ZIP archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-macosx.zip</a></td> <td><small> {% if not isSnapshot %}<a href='{{downloadHashPrefix}}-client-cli-macosx.zip.asc'>PGP</a>, {% endif %} <a href='{{downloadHashPrefix}}-client-cli-macosx.zip.sha1'>SHA1</a></small></td> </tr> <tr> - <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-windows.tar.gz' title='Download client CLI windows TGZ archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-windows.tar.gz</a></td> + <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-windows.tar.gz' title='Download client CLI Windows TGZ archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-windows.tar.gz</a></td> <td ><small> {% if not isSnapshot %}<a href='{{downloadHashPrefix}}-client-cli-windows.tar.gz.asc'>PGP</a>, {% endif %} <a href='{{downloadHashPrefix}}-client-cli-windows.tar.gz.sha1'>SHA1</a></small></td> </tr> <tr> - <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-windows.zip' title='Download client CLI windows ZIP archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-windows.zip</a></td> + <td style='text-align:left'><a href='{{downloadPrefix}}-client-cli-windows.zip' title='Download client CLI Windows ZIP archive'>apache-brooklyn-{{ book.brooklyn_version }}-client-cli-windows.zip</a></td> <td><small> {% if not isSnapshot %}<a href='{{downloadHashPrefix}}-client-cli-windows.zip.asc'>PGP</a>, {% endif %} <a href='{{downloadHashPrefix}}-client-cli-windows.zip.sha1'>SHA1</a></small></td> diff --git a/guide/ops/cli/cli-ref-guide.md b/guide/ops/cli/cli-ref-guide.md index 7dc3720..1276cd0 100644 --- a/guide/ops/cli/cli-ref-guide.md +++ b/guide/ops/cli/cli-ref-guide.md @@ -24,7 +24,7 @@ COMMANDS: access Show access control activity Show the activity for an application / entity - add-catalog (deprecated, use catalog add) Add a new catalog item from the supplied YAML (a file or http URL) + add-catalog (deprecated, use catalog add) Add a new catalog item from the supplied YAML (a file or HTTP URL) add-children * Add a child or children to this entity from the supplied YAML application Show the status and location of running applications catalog Catalog operations diff --git a/guide/ops/configuration/brooklyn_cfg.md b/guide/ops/configuration/brooklyn_cfg.md index 7051a02..8edb91f 100644 --- a/guide/ops/configuration/brooklyn_cfg.md +++ b/guide/ops/configuration/brooklyn_cfg.md @@ -7,7 +7,7 @@ The file `brooklyn.cfg` is read when Apache Brooklyn starts in order to load any ## Quick Setup The most common properties set in this file are for access control. Without this, Brooklyn's -web-console and REST api will require no authentication. +web-console and REST API will require no authentication. The simplest way to specify users and passwords is shown below (but see the [Authentication](#authentication) section for how to avoid storing passwords in plain text): diff --git a/guide/ops/high-availability/index.md b/guide/ops/high-availability/index.md index 1c3036d..f15e049 100644 --- a/guide/ops/high-availability/index.md +++ b/guide/ops/high-availability/index.md @@ -61,7 +61,7 @@ in behaviour: a new node-id each time it restarts). This list will get longer and longer if you keep restarting Brooklyn, while pointing at the same persisted state, until you clear out terminated instances from the list (via the - UI or the REST api). + UI or the REST API). * The logging at startup can be quite different (e.g. in HA mode, "Brooklyn initialisation (part two) complete" can mean that the server has finished becoming the 'standby'. Care should be taken if searching or parsing the logs. diff --git a/guide/ops/persistence/index.md b/guide/ops/persistence/index.md index b7c961b..d69877a 100644 --- a/guide/ops/persistence/index.md +++ b/guide/ops/persistence/index.md @@ -122,7 +122,7 @@ could be fixed to remove the problem. 4) Fixing with Groovy Scripts The final (powerful and dangerous!) tool is to execute Groovy code on the running Brooklyn -instance. If authorized, the REST api allows arbitrary Groovy scripts to be passed in and +instance. If authorized, the REST API allows arbitrary Groovy scripts to be passed in and executed. This allows the state of entities to be modified (and thus fixed) at runtime. If used, it is strongly recommended that Groovy scripts are run against a disconnected Brooklyn diff --git a/guide/ops/production-installation.md b/guide/ops/production-installation.md index 33aa80e..77a6abe 100644 --- a/guide/ops/production-installation.md +++ b/guide/ops/production-installation.md @@ -29,7 +29,7 @@ Then configure the server as follows: * if the "localhost" location will be used, enable [passwordless ssh login]({{book.path.docs}}/locations/index.md#ssh-keys) * create a `~/.brooklyn` directory on the host with `$ mkdir ~/.brooklyn` * check your `iptables` or other firewall service, making sure that incoming connections on port 8443 is not blocked -* check that the [linux kernel entropy]({{book.path.docs}}/ops/troubleshooting/increase-entropy.md) is sufficient +* check that the [Linux kernel entropy]({{book.path.docs}}/ops/troubleshooting/increase-entropy.md) is sufficient * check that the [ulimit values]({{book.path.docs}}/ops/troubleshooting/increase-system-resource-limits.md) are sufficiently high * ensure external libraries are up-to-date, including `nss` for SSL. * ensure the time is continually accurate, ideally by running a service like the [ntp daemon](http://www.ntp.org/). diff --git a/guide/ops/requirements.md b/guide/ops/requirements.md index 08d6ca0..43968df 100644 --- a/guide/ops/requirements.md +++ b/guide/ops/requirements.md @@ -79,10 +79,10 @@ OpenJDK is recommended. Brooklyn has also been tested on the Oracle JVM and IBM The ports used by Brooklyn are: -* 8443 for https, to expose the web-console and REST api. -* 8081 for http, to expose the web-console and REST api. +* 8443 for HTTPS, to expose the web-console and REST API. +* 8081 for HTTP, to expose the web-console and REST API. -Whether to use https rather than http is configurable using the CLI option `--https`; +Whether to use HTTPS rather than HTTP is configurable using the CLI option `--https`; the port to use is configurable using the CLI option `--port <port>`. To enable remote Brooklyn access, ensure these ports are open in the firewall. @@ -108,7 +108,7 @@ It is normally recommended that Brooklyn run as a non-root user with keys instal ### Linux Kernel Entropy -Check that the [linux kernel entropy]({{book.path.docs}}/ops/troubleshooting/increase-entropy.md) is sufficient. +Check that the [Linux kernel entropy]({{book.path.docs}}/ops/troubleshooting/increase-entropy.md) is sufficient. ### System Resource Limits diff --git a/guide/ops/security-guidelines.md b/guide/ops/security-guidelines.md index b0622d2..04b10f3 100644 --- a/guide/ops/security-guidelines.md +++ b/guide/ops/security-guidelines.md @@ -4,13 +4,13 @@ title: Security Guidelines ## Brooklyn Server -### Web-console and REST api +### Web-console and REST API Users are strongly encouraged to use HTTPS, rather than HTTP. The use of LDAP is encouraged, rather than basic auth. -Configuration of "entitlements" is encouraged, to lock down access to the REST api for different +Configuration of "entitlements" is encouraged, to lock down access to the REST API for different users. diff --git a/guide/ops/server-cli-reference.md b/guide/ops/server-cli-reference.md index 9fe9dca..6e29b25 100644 --- a/guide/ops/server-cli-reference.md +++ b/guide/ops/server-cli-reference.md @@ -50,8 +50,8 @@ The Server CLI arguments for [persistence and HA]({{book.path.docs}}/ops/persist ### Path Setup -In order to have easy access to the server cli it is useful to configure the PATH environment -variable to also point to the cli's bin directory: +In order to have easy access to the server CLI it is useful to configure the PATH environment +variable to also point to the CLI's bin directory: ```bash BROOKLYN_HOME=/path/to/brooklyn/ diff --git a/guide/ops/troubleshooting/connectivity.md b/guide/ops/troubleshooting/connectivity.md index 82917c2..d49ad67 100644 --- a/guide/ops/troubleshooting/connectivity.md +++ b/guide/ops/troubleshooting/connectivity.md @@ -150,5 +150,5 @@ Normally your best bet is then to abandon the guest wifi (e.g. to tether to a mo There are some unconventional workarounds such as [configuring sshd to listen on port 80 so you can use an ssh tunnel](http://askubuntu.com/questions/107173/is-it-possible-to-ssh-through-port-80). -However, the firewall may well inspect traffic so sending non-http traffic over port 80 may still fail. +However, the firewall may well inspect traffic so sending non-HTTP traffic over port 80 may still fail. diff --git a/guide/ops/troubleshooting/deployment.md b/guide/ops/troubleshooting/deployment.md index 38121e2..19c5df0 100644 --- a/guide/ops/troubleshooting/deployment.md +++ b/guide/ops/troubleshooting/deployment.md @@ -94,7 +94,7 @@ be more easily investigated. The exception `java.security.KeyException` can be thrown when jclouds is attempting the SSL handshake, to make cloud API calls. This can happen if the version of nss is older than 3.16 - the nss package -includes the ssl library. +includes the SSL library. To fix this on CentOS, run: diff --git a/guide/ops/troubleshooting/overview.md b/guide/ops/troubleshooting/overview.md index 336bb1e..b555d7d 100644 --- a/guide/ops/troubleshooting/overview.md +++ b/guide/ops/troubleshooting/overview.md @@ -30,7 +30,7 @@ Many entities have some common sensors (i.e. attributes) that give details of th possible for some entities to set this attribute directly. * `service.notUp.indicators` is a map of errors. This often gives much more information than the single `service.isUp` attribute. For example, there may be many health-check indicators for a component: - is the root URL reachable, it the management api reporting healthy, is the process running, etc. + is the root URL reachable, it the management API reporting healthy, is the process running, etc. * `service.problems` is a map of namespaced indicators of problems with a service. * `service.state` is the actual state of the service - e.g. CREATED, STARTING, RUNNING, STOPPING, STOPPED, DESTROYED and ON_FIRE. diff --git a/guide/ops/troubleshooting/slow-unresponsive.md b/guide/ops/troubleshooting/slow-unresponsive.md index 42e0d6b..888549d 100644 --- a/guide/ops/troubleshooting/slow-unresponsive.md +++ b/guide/ops/troubleshooting/slow-unresponsive.md @@ -103,7 +103,7 @@ netstat -an | grep ESTABLISHED | wc -l A lack of entropy can cause random number generation to be extremely slow. This can cause tasks like ssh to also be extremely slow. See -[linux kernel entropy]({{book.path.docs}}/ops/troubleshooting/increase-entropy.md) +[Linux kernel entropy]({{book.path.docs}}/ops/troubleshooting/increase-entropy.md) for details of how to work around this.