Configuration Types for Command Central and Platform Manager OSGI ENGINE
The OSGI-CCE-ENGINE and OSGI-SPM-ENGINE run-time components support creating configuration instances of different configuration types. The following table describes the configuration types that the OSGI-CCE-ENGINE and OSGI-SPM-ENGINE run-time components support and what you can configure with each configuration type.
Configuration type | Supported on | Use to configure... |
COMMON-CREDENTIALS | OSGI-CCE-ENGINE | The user credentials to add and store for a specific alias. You create a configuration instance with the specified alias and then retrieve the stored credentials with the
sagcc get configuration data command to use when connecting to a repository or a remote machine. See also
COMMON-CREDENTIALS Usage Notes. |
COMMON-JAAS | OSGI-CCE-ENGINE, OSGI-SPM-ENGINE | The JAAS login modules to use for authentication and authorization, for example to allow authentication against external user stores. See also
COMMON-JAAS Usage Notes. |
COMMON-JAAS-REALMS | OSGI-CCE-ENGINE, OSGI-SPM-ENGINE | Configuration settings to use for JAAS realms authentication and authorization, for example to allow authentication against external user stores or Kerberos. See also
COMMON-JAAS-REALMS Usage Notes. |
CCE-LAYER-TYPES | OSGI-CCE-ENGINE | Layer definition configuration type. |
COMMON-LICENSE | OSGI-CCE-ENGINE | The Command Central license file. |
COMMON-LICLOC | OSGI-CCE-ENGINE | Retrieve the location of the Command Central license file. |
COMMON-SYSPROPS | OSGI-CCE-ENGINE, OSGI-SPM-ENGINE | The monitoring or inventory parameters, for example the polling interval at which to monitor products for run-time status. |
SIN-INTERNAL-GROUPS | OSGI-CCE-ENGINE, OSGI-SPM-ENGINE | The groups in the internal user stores. |
SIN-INTERNAL-ROLES | OSGI-CCE-ENGINE, OSGI-SPM-ENGINE | The user roles in the internal user stores. |
SPM-NODEID | OSGI-SPM-ENGINE | The internal unique ID of Platform Manager. Command Central manages unique IDs automatically. Before you customize the unique ID of a Platform Manager, run cc list landscape nodes to view the list of IDs already registered with Command Central. Each Platform Manager must have a unique ID in the Command Central landscape. |
COMMON-CREDENTIALS Usage Notes
Following is an example of adding user-defined credentials:
The alias and the credentials details required to create a new instance of the COMMON-CREDENTIALS configuration type is in the custom_cred.xml file. To create the new configuration instance for the run-time component with the ID “OSGI-CCE-ENGINE” that is installed in the installation with name “local”:
sagcc create configuration data local OSGI-CCE-ENGINE COMMON-CREDENTIALS
-i custom_cred.xml
To retrieve the configuration details for the configuration instance with ID "COMMON-CREDENTIALS-myalias" for the run-time component with the ID “OSGI-CCE-ENGINE” that is installed in the installation with name “local”, use the following command:
sagcc get configuration data local OSGI-CCE-ENGINE COMMON-CREDENTIALS-myalias
The COMMON-CREDENTIALS configuration type has the following default configuration instances that you can retrieve using the
sagcc list configuration instances command, but you cannot delete or edit:
COMMON-CREDENTIALS-DEFAULT_ADMINISTRATOR - used when a product or repository with version 10.7 and lower requires basic authentication and includes default username and password for the administrator user.
COMMON-CREDENTIALS-ADMINISTRATOR - used when a product or repository with version 10.11 and higher requires basic authentication. Note that this credentials alias does not include default user password for the administrator user. You must specify a strong administrator password by navigating to
Environments >
ALL >
Instances >
CCE >
Command Central Server >
Configuration >
Credentials in the
Command Central web user interface and editing the ADMINISTRATOR credentials.
COMMON-CREDENTIALS-NONE - used when no authentication is required, for example to connect to a public github repository.
COMMON-CREDENTIALS-TRUSTED - used for trusted authentication with Software AG products or mirror repositories hosted by Platform Manager version 10.0 or higher.
COMMON-JAAS Usage Notes
To modify the JAAS configuration file, use either the Command Central web user interface or
sagcc update configuration data. The JAAS configuration files for Command Central and Platform Manager are located here:
For Command Central
Software AG_directory\profiles\CCE\configuration\security \jaas.config
For Platform Manager
Software AG_directory\profiles\SPM\configuration\security \jaas.config
You can configure a domain parameter for the InternalLoginModule and the LDAPLoginModule. Command Central uses the value of the domain parameter to determine whether to verify the user against the internal user repository or against an LDAP user store. For example, when you specify the following domain values:
com.softwareag.security.jaas.login.internal.InternalLoginModule required
domain="int"
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required
domain="sag"
If a user logs on with int\Administrator, Command Central logs on the user through the Internal login module. If a user logs on with sag\Administrator, Command Central logs on the user using the LDAP login module. If you do not configure a domain for the InternalLoginModule or the LDAPLoginModule, the login module without a domain parameter logs on all users.
COMMON-JAAS-REALMS Usage Notes
To create, update, or delete JAAS realms configuration types, use either the Command Central web user interface, or the CLI
Configuration Commands.
You must create a separate configuration instance for each JAAS realm, with a unique configuration instance ID in the following format: COMMON-JAAS-REALMS-realmName, where realmName is the name of the JAAS realm.
The default JAAS realms configuration instance for Command Central and Platform Manager is COMMON-JAAS-REALMS-Default.
You can also configure JAAS realms configuration types using a composite template.
The following composite template snippet is an example of how to use the COMMON-JAAS-REALMS configuration type to configure JAAS realms for Integration Server:
templates:
is-jaas-config:
products:
integrationServer:
default:
configuration:
COMMON-JAAS-REALMS:
COMMON-JAAS-REALMS-BmKerberos: |
BmKerberos {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
doNotPrompt=false
debug=true
useKeyTab=false;
};
COMMON-JAAS-REALMS-BmKerberosKeytab: |
BmKerberosKeytab {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false
doNotPrompt=false
debug=true
useKeyTab=true
keyTab="config/keytabs/sys21cng.keytab";
};
CCE-LAYER-TYPES Usage Notes
Creates a configuration instance of a layer definition that you use when defining a layer in a product stack.
Use the sagcc configuration commands or the Command Central web user interface to create, list, or update configuration instances of the layer definitions.
The default layer definitions are:
CCE-LAYER-TYPES-INFRA-EXISTING
Defines an infrastructure layer to use when creating a stack from existing environments.
CCE-LAYER-TYPES-RUNTIME-EXISTING
Defines a run-time layer to use when you want to include existing run-time instances of the products in a stack.
CCE-LAYER-TYPES-DATABASE-EXISTING
Defines a database layer to use when you want to connect to an existing database.
You cannot change the name and type of the default layer definitions.