Ok, is anybody else frustrated that between JRun 3 and JRun4, the ability to let users log into the JMC and see only their own JVMs was lost ? Back in the good ole' days, you could assign a JCM to a JMC user and all was happy...
Anyway, i sought an answer to this for quite a while and never found a solution out there and Macromedia seems to be skirting the issue, so i said screw it, and came up with my own solution. Note: This solution is for LINUX, not windows. Sorry windows folks, you will have to try to adapt this solution. Hope it works out.
Requirements:
- Some experience with ColdFusion and JRun (4 preferably)
- ColdFusion (any version, including CFMX running on JRun4)
- JRun 4 - remember this is a tool for letting people restart JVMs on JRun
- sudo installed on your Linux server (if you don't know what sudo is, leave right now -- im serious)
For the smart people using Linux, here is the general concept:
-
Provide some place for your users to log in (this is your responsibility). This is where you will provide the links for these users to restart their JVMs.
-
Provide them with ColdFusion (cfml) pages that do a <cfexecute> to stop/start the specified JVMs
-
Configure sudo on your server to allow the coldfusion user to run Jrun commands as root
-
When a user chooses to stop/restart a server, sudo makes sure it is run with the proper permissions
NOTE: This is not an exercise in security. Use this technique as you want, but this comes with no warranty expressed or implied. If you get burned, I don't want to know about it. Use with care, as this is what worked on OUR servers, not YOURS.
Step 1: Configure sudo on your Linux Server
Ok, this step will allow the request to "restart" a JVM to run from somebody's web browser. First, find out what user the ColdFusion server is running as. If you have access to telnet or ssh for the server (you better, if you are doing this), then do a ps -ef and you should be able to easily figure out what user the ColdFusion server is running as:
nobody 3853 2484 0 15:17 ? 00:00:00 /opt/coldfusionmx/bin/cfusion -start default
^^^^^^^^
In this case, it is the user "nobody."
Ok, now edit the /etc/sudoers file and allow user "nobody" to execute the jrun admin program:
Cmnd_Alias JRUN=/opt/jrun4/bin/jrun
nobody ALL = NOPASSWD: JRUNNote: This is not a lesson in how to use sudo or configure the sudoers file. If you want that, go here.
Ok, now the user "nobody" can run the command /opt/jrun4/bin/jrun as root without being asked for a pssword. yum.
Obviously if your jrun4 is installed somewhere else, don't be silly, change the path to where yours is installed.
Step 2: Write some nifty CFML Code
Here are several code segments. Use them as you see fit. This isn't a complete application -- it will require you to figure out how to assemble them to meet your needs. The variable #servername# is the name of the JVM you want to start/stop/etc.
Check to see if a JVM is running or not:
<cfset servername = "jvm_server">
<cfexecute
name="/usr/bin/sudo"
arguments="-u root /opt/jrun4/bin/jrun -status #servername#"
variable="status_info"
timeout="20">
</cfexecute>Stop the JVM:
<cfset servername = "jvm_server">
<cfexecute
name="/usr/bin/sudo"
arguments="-u root /opt/jrun4/bin/jrun -stop #servername#"
variable="status_info"
timeout="20">
</cfexecute>Start the JVM:
<cfset servername = "jvm_server">
<cfexecute
name="/usr/bin/sudo"
arguments="-u root /opt/jrun4/bin/jrun -nohup -start #servername#">
</cfexecute>Notice: When starting a JVM, we use the "-nohup" argument - this makes it not keep open a shell connection. It also means we can't get back useful info about the JVM starting up. The others have something useful returned in the "status_info" variable.
Well thats about it. Have fun. I have to run off and fix somebody else's universe now.
ciao
There are no comments for this entry.
[Add Comment]