I don't have access to my setup at the moment. I can later.
but, I think it's based on carbon sr3. I do have a recent (2/27) snapshot distro from Fluorine though, and that actually doesn't even need creds to access that jolokia diagstatus endpoint. restconf still behaves like I expect, but the diagstatus endpoint takes any (or no) username/password combo. JamO On 4/5/18 12:06 PM, Ryan Goulding wrote:
Jamo, can you comment on code version? Thanks! Regards, Ryan Goulding On Thu, Apr 5, 2018 at 7:10 AM, Ryan Goulding <[email protected] <mailto:[email protected]>> wrote: What version of code? This wasn’t tied to AAA until oxygen. Prior it was controlled by etc/or.jolokia.osgi.cfg. Thanks, Ryan Sent from my iPhone On Apr 5, 2018, at 12:32 AM, Michael Vorburger <[email protected] <mailto:[email protected]>> wrote:JamO, +aaa-dev and +controller-dev and Stephen FYI: On Wed, Apr 4, 2018 at 10:24 PM, Jamo Luhrsen <[email protected] <mailto:[email protected]>>wrote: Hi Utility folks, I noticed in a local setup I have where I've changed the default username and password for RESTCONF, that I still need to use the admin:admin creds to hit the diagstatus endpoint. I'm guessing that's just because this is not tied in to the magic of AAA and/or RESTCONF creds. Gotta just live with it, or would it be an easy thing to add, just to keep things more intuitive? This seems like a bug (bad one, security wise), but it's not for infrautils-dev - we don't actually do anything re. Jolokia in project infrautils, the diagstatus sub-module simply exposes a JMX bean... the code related to the Jolokia integration in ODL which then make makes this available via HTTP, and secures it with the AAA creds (also used by RESTCONF; there are no creds in RESTCONF itself FYI), is actually in controller and/or aaa (I'm not 100% sure myself what is where)... see https://jira.opendaylight.org/browse/AAA-147 <https://jira.opendaylight.org/browse/AAA-147> and https://jira.opendaylight.org/browse/CONTROLLER-1324 <https://jira.opendaylight.org/browse/CONTROLLER-1324>. If you are right, we have this problem (that when changing the default username and password you can still use the previous one) on *ALL* /jolokia/ URLs, I'm guessing. Would you like to open a (Critical?) bug in JIRA against AAA about this? Tx, M. -- Michael Vorburger, Red Hat [email protected] <mailto:[email protected]>| IRC: vorburger @freenode | ~ = http://vorburger.ch <http://vorburger.ch/> example curl: curl -u "admin:admin" http://192.168.24.11:8081/jolokia/exec/org.opendaylight.infrautils.diagstatus:type=SvcStatus/acquireServiceStatus <http://192.168.24.11:8081/jolokia/exec/org.opendaylight.infrautils.diagstatus:type=SvcStatus/acquireServiceStatus> Thanks, JamO _______________________________________________ infrautils-dev mailing list [email protected] <mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/infrautils-dev <https://lists.opendaylight.org/mailman/listinfo/infrautils-dev> _______________________________________________ controller-dev mailing list [email protected] <mailto:[email protected]> https://lists.opendaylight.org/mailman/listinfo/controller-dev <https://lists.opendaylight.org/mailman/listinfo/controller-dev>
_______________________________________________ controller-dev mailing list [email protected] https://lists.opendaylight.org/mailman/listinfo/controller-dev
