Release Automation

Expand all | Collapse all

Disable ROC access port 8080

Jump to Best Answer
  • 1.  Disable ROC access port 8080

    Posted 11-30-2016 12:34 PM

    Hi,  we need to disable ROC access on port 8080 due to security reason.  We have already performed ROC and ASAP configurations to be listening on port 8443. 

     

    We tried to disable port on server.xml as Jacky Mahadab recommend on this post:  https://communities.ca.com/thread/241767337  But we faced some connections problem with the repository (it resides in our nac server). We also found that NAC agent down on dashboard, but the agent was up and running.  We enabled the port 8080 on sever.xml again and the infrastructure  returns  to it's normal  behavior.   Our infrastructure have:

     

     

    1 - Nac server (repository resides on same server as default)
    2- two executions server
    3- Database Server

    Is it possible to disable ROC access on port 8080 and leave the port open, or should I reconfigure every component to work on other port?

    I tried to change nolio-repo.properties

     

    [x000933@plrelautoapp4 conf]$ cat nolio-repo.properties

    # If you intend to use encrypted repository password, Please use the encrypt_password.bat/sh utility to encrypt the password.

    type=nexus

    scheme=https

    hostname=

    port=8443

     

     

    But when trying to publish a process I get this error:

     

    Unexpected error on server [The process was published without schema manifest. For more details refer to server logs.]. Please refer to server logs with timestamp [2016-11-30 13:12:37].

     



  • 2.  Re: Disable ROC access port 8080

    Posted 12-01-2016 01:34 AM

    After changing repository config for https and restart the NAC check nolio_dm_all.log for the startup sequence and look for errors related to repository connection.

    If the errors related to missing certification you might need to add the RA certificate to cacert file (<Root dir\jre\lib\security>



  • 3.  Re: Disable ROC access port 8080

    Posted 12-01-2016 08:28 AM

    Jacky_Mahadab

    Jacky: I changed the configuration to HTTPS, and the following error appeared in nolio_dm_all.log. It seems that is a certificate issue, what did you mean about "RA certificate"?

     

    2016-12-02 17:43:02,879 [ActionsSyncTimer] DEBUG (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:72) - Verifying nexus repository existence at [https://plrelautoapp4:8443/nexus/content/repositories/nolio]

    2016-12-02 17:43:02,880 [ActionsSyncTimer] INFO  (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:513) - executing artifact upload request GET https://10.75.248.64:8443/nexus/service/local/repositories/nolio/status HTTP/1.1

    2016-12-02 17:43:02,929 [ActionsSyncTimer] ERROR (com.nolio.platform.shared.communication.services.artifacts.repositoryplugins.ArtifactRepositoryPlugin:521) - Failed to execute HttpGet for artifact  [/nexus/service/local/repositories/nolio/status] from default repository [https://plrelautoapp4:8443/nexus/content/repositories/nolio].

    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target



  • 4.  Re: Disable ROC access port 8080

    Posted 12-06-2016 01:36 AM

    Are you using default Release Automation certificate files (nolio.jks) or do you use your own certificates?

    What version is your Release Automation system?



  • 5.  Re: Disable ROC access port 8080

    Posted 12-06-2016 02:16 PM

    We have an internal CA that signs the certificates. We have already configure ROC and ASAP successfully.

     

    RA version is 6.2.0.3029

     

     

     

    Thanks.



  • 6.  Re: Disable ROC access port 8080

    Posted 12-07-2016 12:41 AM

    As I remember you need to add your certificate also to cacert file of the NAC (Locate in <Install root>\jre\lib\security , default password is Changeit) 

    Jacky 



  • 7.  Re: Disable ROC access port 8080
    Best Answer

    Posted 12-15-2016 10:49 AM

    Jacky: I opened a case (00614222) for this. Now it's working properly.

     

    Thanks Jacky and Jeremy Nelson for your support on this.