Auxiliary Storage - 8.0

Talend ESB Infrastructure Services Configuration Guide

Version
8.0
Language
English
Product
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Module
Talend ESB
Talend Runtime
Content
Design and Development
Installation and Upgrade
Auxiliary storage is created as a lightweight persistent storage for Request\Callback context or other small objects.

The Auxiliary storage service is an OSGi service which is a part of Talend ESB distribution, for both Community and subscription versions.

After starting the Talend Runtime Container, to start the Auxiliary Storage service, enter the following commands at the console prompt:

tesb:start-aux-store to start the Auxiliary Storage Service,

tesb:stop-aux-store to stop the Auxiliary Storage Service.

From Talend Runtime 8.0 onwards, usernames and passwords in OSGi configurations are resolved as references to environment variables. For the username and password, first the OS environment is queried. If the parameter is not set as an OS environment variable, the Java system variables set in etc/custom.properties are queried. For the username, but not for the password, there is finally a literal default value.

When using OS environment variables for credentials, it is recommended not to have them as cleartext passwords in the startup script, but to retrieve them by calls to the credentials vault (keyrings, wallet, etc.) as it is sketched in comments in the Linux startup script in bin/setsecenv:
#export TESB_AMQ_GUI_USER_PASSWORD=`secret-tool lookup trun-user $TESB_AMQ_GUI_USER_NAME`
#export TESB_AUXSTORE_AUTHENTICATION_PASSWORD=`secret-tool lookup trun-user $TESB_AUXSTORE_AUTHENTICATION_USERNAME`
#export TESB_AUXSTORE_SAML_PASSWORD=`secret-tool lookup trun-user $TESB_AUXSTORE_SAML_USERNAME`
#export TESB_EVENTLOGGING_JMS_PASSWORD=`secret-tool lookup trun-user $TESB_EVENTLOGGING_JMS_USERNAME`
#export TESB_EVENTLOGGING_REST_PASSWORD=`secret-tool lookup trun-user $TESB_EVENTLOGGING_REST_USERNAME`
#export TESB_LOCATOR_AUTHENTICATION_PASSWORD=`secret-tool lookup trun-user $TESB_LOCATOR_AUTHENTICATION_USERNAME`
#export TESB_REGISTRY_AUTHENTICATION_PASSWORD=`secret-tool lookup trun-user $TESB_REGISTRY_AUTHENTICATION_USERNAME`
#export TESB_REGISTRY_SAML_PASSWORD=`secret-tool lookup trun-user $TESB_REGISTRY_SAML_USERNAME`
#export TESB_SAML_SECURITY_PASSWORD=`secret-tool lookup trun-user $TESB_SAML_SECURITY_USERNAME`
#export TESB_SAM_SERVICE_SECURITY_PASSWORD=`secret-tool lookup trun-user $TESB_SAM_SERVICE_SECURITY_USERNAME`
#export TESB_TIDM_PASSWORD=`secret-tool lookup tidm-user $TESB_TIDM_USERNAME`

#export TESB_TLS_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd tls`
#export TESB_TLS_KEY_PASSWORD=`secret-tool lookup keystore-pwd tlskey`
#export TESB_STS_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd sts`
#export TESB_CLIENT_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd client`
#export TESB_CLIENT_KEY_PASSWORD=`secret-tool lookup keystore-pwd clientkey`
#export TESB_SERVICE_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd service`
#export TESB_SERVICE_KEY_PASSWORD=`secret-tool lookup keystore-pwd servicekey`
#export TESB_EVENTLOGGING_AGENT_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd el`
#export TESB_EVENTLOGGING_AGENT_KEY_PASSWORD=`secret-tool lookup keystore-pwd elkey`

The keystore property files in etc/keystores are replaced by OSGi configurations using references to environment variables. While the keystore property files are still fully valid and evaluated, values from these properties files are overridden if also set in the OSGi configuration files.

For Auxiliary storage, the OSGi configuration files are:
  • org.talend.esb.auxiliary.storage.client.enc.keystore.cfg - Encryption of SAML assertion requests at the token service
  • org.talend.esb.auxiliary.storage.client.keystore.cfg - Signing of SAML assertion requests at the token service
  • org.talend.esb.auxiliary.storage.service.sig.keystore.cfg - Signing of auxiliary storage server responses