What's new in Apache Karaf runtime 4.3.2 ?
Apache Karaf runtime 4.3.2 has been released and available on https://karaf.apache.org.
You can have take a look on the Release Notes.
Let's take a quick tour on this new Karaf release.
Support R7 configutation factory and fix on json check
Karaf 4.3.x introduced both suppport of OSGi Spec R7 and json configuration support (in addition of the "regular" cfg/properties format). We identify an issue in the configuration json format: when the json contains an array, then it was always considered as updated. For instance, the following configuration:
{
"foo": [ "bar" ]
}
was considered as always updated. We can see in the log:
2021-05-07T23:01:45,924 | INFO | fileinstall-/[...]/karaf/etc | JsonConfigInstaller | 25 - org.apache.karaf.config.core - 4.3.1 | Updating configuration from my.config.json
2021-05-07T23:03:45,924 | INFO | fileinstall-/[...]/karaf/etc | JsonConfigInstaller | 25 - org.apache.karaf.config.core - 4.3.1 | Updating configuration from my.config.json
The root cause of the problem is that we compared "old" configuration (as a map) with the "new" one. To do that, we use Map.equals()
. Map.equals()
doesn't work when the value type is array, as an array's equals()
method compares identity and not the contents of the array.
So, equals directly on array compare "instance", not values. In our case, we want to check the array values are the same. So, we change the comparison method using deep compare on map values. It's what I fixed in Karaf 4.3.2.
Regarding configuration (both cfg or json), we also added support of R7 factory style. In OSGi R7, a new factory PID has been introduced using the ~
char.
It means you can now use configuration factory with both -
or ~
.
Before Karaf 4.3.1, only configuration factory format was R6 like, meaning factoryPid-pid
, so, a corresponding configuration file looks like etc/my.factory-pid.cfg
.
Now, you can use the R7 "format", meaning etc/my.factory~pid.cfg
.
Karaf 4.3.2 supports both.
Security improvements
We did two improvements about security. First, we decided to comment the defaultkaraf
user in etc/users.properties
. The purpose is to "force" user to enable the karaf
user (and probably change the password).
So, basically, etc/users.properties
now looks like:
#karaf = karaf,_g_:admingroup
#_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
If you want to enable the karaf
user (as before) (with karaf
as password), you just have to uncomment these two lines. I recommend to change the default password:
karaf = mypassword,_g_:admingroup
_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
Another security improvement is about the Karaf SSHd server. By default, when you connect to the SSHd server for the first time, Karaf generates etc/host.key
file. This file was generated to read and write permissions for everyone.
In order to be more secure, Karaf 4.3.2 generated this file with read and write permissions only for the owner (basically the user launching the karaf process).
JMX, shell and other minor fixes
Since Karaf 4.3.1, Karaf doesn't set JVMcom.sun.management.jmxremote
. The problem is that this property is mandatory for the RMI stub, and prevent "direct" use of clients like jconsole or jvisualvm.
Karaf 4.3.2 fixes that by reading rmiServerHost
from etc/org.apache.karaf.management.cfg
configuration file, and set the property then.
We also did some fixes and improvements in the shell and more:
- shell tables have now a clean rendering on Windows and Unix when using
--no-format
option maven:*
commands don't throwNullPointerException
if~/.m2/settings.xml
doesn't exist- JDK16 support thanks (with required
eecap
) - improvement on the scheduler to support scheduler properties containing array
- use of
~/.karaf/karaf.history
instead of~/.karaf/karaf41.history
- fix on the logging default pattern layout (to avoid encoded character rendering)
- thanks to xbean 4.19, we fixed issue about WAR file support (in Pax Web) built with JDK 11+
Dependency upgrades
Like any Karaf release, Karaf 4.3.2 brings bunch of dependency updates:- Pax Web 7.3.5 with Jetty 9.4.40.v20210413
- Pax Logging 2.0.9 fixing "bad" OSGi headers
- xbean 4.19 for the reason explained before
- updated Spring versions (5.3.6, spring security 5.4.5, ...)
- Aries proxy 1.1.10 supporting JDK 16
- and much more ...
Comments
Post a Comment