Thursday, April 10, 2008

Controlling an EJBCA cluster node

Just a little glimpse on what is possible to easily achieve.

Some people have clustered high security environments, where you need multiple people to access a shell or console the EJBCA machine. In such an environment it is convenient if you can do some stuff without logging in...NodeControl is born. Nodecontrol runns in a separate Tomcat instance so is independent of JBoss/EJBCA.
With NodeControl you can:
  1. Check HealthCheck on EJBCA
  2. Start/stop JBoss
  3. Add/remove the node in the cluster by turning on/off the maintenance file in HealthCheck (if maintenance is on, healthcheck returns an error with your message in it)
  4. Tail and grep in logfiles from pre-configured directories. Also 'tail -f' a logfile through openssl (or nc) to your machine.
Naturally the NodeControl needs certificate authentication where you drop allowed certificates in a directory. Everything highly configurable of course, and presented in a slick looking ajax gui :)

Some of these functions should probably be available in a future re-make of the EJBCA admin-GUI.

No comments: