OSGi Configuration
Configuration of Apache Brooklyn when running under Karaf is largely done through standard Karaf mechanisms.
The Karaf “Configuration Admin” subsystem is used to manage configuration values loaded at first boot from the
.cfg files in the etc directory of the distribution. In the Karaf command line these can then be viewed
and manipulated by the config: commands, see the Karaf documentation for full details.
Configuring Brooklyn Properties
To configure the Brooklyn runtime create an etc/brooklyn.cfg file, following the standard brooklyn.properties
file format. Values can be viewed and managed dynamically via the OSGI configuration admin commands in Karaf,
e.g. config:property-set. The global ~/.brooklyn/brooklyn.properties is still supported and has higher
priority for duplicate keys, but it’s values can’t be manipulated with the Karaf commands, so its use is
discouraged.
You can use the standard ~/.brooklyn/brooklyn.properties file to configure Brooklyn. Alternatively
create etc/brooklyn.cfg inside the distribution folder (same file format). The keys in the former override
those in the latter.
Web console related configuration is done through the corresponding Karaf mechanisms:
- The port is set in
etc/org.ops4j.pax.web.cfg, keyorg.osgi.service.http.port. - For authentication the JAAS realm “webconsole” is used; by default it will use any
SecurityProvider implementations configured in Brooklyn falling back to auto generating
the password. To configure a custom JAAS realm see the
jetty.xmlfile inbrooklyn-server/karaf/jetty-config/src/main/resourcesand override it by creating a custom one inetcfolder. Point the “webconsole” login service to the JAAS realm you would like to use. - For other Jetty related configuration consult the Karaf and pax-web docs.
HTTPS Configuration
See HTTPS Configuration for general information on configuring HTTPS.
In etc/org.ops4j.pax.web.cfg in the Brooklyn Karaf distribution root, un-comment the settings:
org.osgi.service.http.port.secure=8443
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=${karaf.home}/etc/keystores/keystore.jks
org.ops4j.pax.web.ssl.password=password
org.ops4j.pax.web.ssl.keypassword=password
org.ops4j.pax.web.ssl.clientauthwanted=false
org.ops4j.pax.web.ssl.clientauthneeded=falsereplacing the passwords with appropriate values, and restart the server. Note the keystore location is relative to the installation root, but a fully qualified path can also be given, if it is desired to use some separate pre-existing store.