Configuration of Apache Brooklyn when running under Karaf is largely done through standard Karaf mechanisms. The Karaf “Configuration Admin” subsystem is used to manage configuration values loaded at first boot from the .cfg
files in the etc
directory of the distribution. In the Karaf command line these can then be viewed and manipulated by the config:
commands, see the Karaf documentation for full details.
To configure the Brooklyn runtime create an etc/brooklyn.cfg
file, following the standard brooklyn.properties
file format. Values can be viewed and managed dynamically via the OSGI configuration admin commands in Karaf, e.g. config:property-set
. The global ~/.brooklyn/brooklyn.properties
is still supported and has higher priority for duplicate keys, but it‘s values can’t be manipulated with the Karaf commands, so its use is discouraged.
You can use the standard ~/.brooklyn/brooklyn.properties
file to configure Brooklyn. Alternatively create etc/brooklyn.cfg
inside the distribution folder (same file format). The keys in the former override those in the latter.
Web console related configuration is done through the corresponding Karaf mechanisms:
etc/org.ops4j.pax.web.cfg
, key org.osgi.service.http.port
.jetty.xml
file in brooklyn-server/karaf/jetty-config/src/main/resources
and override it by creating a custom one in etc
folder. Point the “webconsole” login service to the JAAS realm you would like to use.See HTTPS Configuration for general information on configuring HTTPS.
In etc/org.ops4j.pax.web.cfg
in the Brooklyn Karaf distribution root, un-comment the settings:
{% highlight properties %} org.osgi.service.http.port.secure=8443 org.osgi.service.http.secure.enabled=true org.ops4j.pax.web.ssl.keystore=${karaf.home}/etc/keystores/keystore.jks org.ops4j.pax.web.ssl.password=password org.ops4j.pax.web.ssl.keypassword=password org.ops4j.pax.web.ssl.clientauthwanted=false org.ops4j.pax.web.ssl.clientauthneeded=false {% endhighlight %}
replacing the passwords with appropriate values, and restart the server. Note the keystore location is relative to the installation root, but a fully qualified path can also be given, if it is desired to use some separate pre-existing store.