tg-init-pulsar-manager
Initializes Pulsar Manager with default superuser credentials for TrustGraph.
Synopsis
tg-init-pulsar-manager
Description
The tg-init-pulsar-manager command is a setup utility that creates a default superuser account in Pulsar Manager. This is typically run once during initial TrustGraph deployment to establish administrative access to the Pulsar message queue management interface.
The command configures a superuser with predefined credentials that can be used to access the Pulsar Manager web interface for monitoring and managing Pulsar topics, namespaces, and tenants.
Default Configuration
The command creates a superuser with these default credentials:
- Username:
admin - Password:
apachepulsar - Description:
test - Email:
username@test.org
Prerequisites
Pulsar Manager Service
Pulsar Manager must be running and accessible at http://localhost:7750 before running this command.
Network Connectivity
The command requires network access to the Pulsar Manager API endpoint.
Examples
Basic Initialization
tg-init-pulsar-manager
Verify Initialization
# Run the initialization
tg-init-pulsar-manager
# Check if Pulsar Manager is accessible
curl -s http://localhost:7750/pulsar-manager/ | grep -q "Pulsar Manager"
echo "Pulsar Manager status: $?"
Integration with Setup Scripts
#!/bin/bash
# setup-trustgraph.sh
echo "Setting up TrustGraph infrastructure..."
# Wait for Pulsar Manager to be ready
echo "Waiting for Pulsar Manager..."
while ! curl -s http://localhost:7750/pulsar-manager/ > /dev/null; do
echo " Waiting for Pulsar Manager to start..."
sleep 5
done
# Initialize Pulsar Manager
echo "Initializing Pulsar Manager..."
tg-init-pulsar-manager
if [ $? -eq 0 ]; then
echo "✓ Pulsar Manager initialized successfully"
echo " You can access it at: http://localhost:7750/pulsar-manager/"
echo " Username: admin"
echo " Password: apachepulsar"
else
echo "✗ Failed to initialize Pulsar Manager"
exit 1
fi
What It Does
The command performs the following operations:
- Retrieves CSRF Token: Gets a CSRF token from Pulsar Manager for secure API access
- Creates Superuser: Makes an authenticated API call to create the superuser account
- Sets Permissions: Configures the user with administrative privileges
HTTP Operations
# Equivalent manual operations:
CSRF_TOKEN=$(curl http://localhost:7750/pulsar-manager/csrf-token)
curl \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN;" \
-H 'Content-Type: application/json' \
-X PUT \
http://localhost:7750/pulsar-manager/users/superuser \
-d '{"name": "admin", "password": "apachepulsar", "description": "test", "email": "username@test.org"}'
Use Cases
Initial Deployment
# Part of TrustGraph deployment sequence
deploy_trustgraph() {
echo "Deploying TrustGraph..."
# Start services
docker-compose up -d pulsar pulsar-manager
# Wait for services
wait_for_service "http://localhost:7750/pulsar-manager/" "Pulsar Manager"
wait_for_service "http://localhost:8080/admin/v2/clusters" "Pulsar"
# Initialize Pulsar Manager
echo "Initializing Pulsar Manager..."
tg-init-pulsar-manager
# Initialize TrustGraph
echo "Initializing TrustGraph..."
tg-init-trustgraph
echo "Deployment complete!"
}
Development Environment Setup
# Development setup script
setup_dev_environment() {
echo "Setting up development environment..."
# Start local services
docker-compose -f docker-compose.dev.yml up -d
# Wait for readiness
echo "Waiting for services to start..."
sleep 30
# Initialize components
tg-init-pulsar-manager
tg-init-trustgraph
echo "Development environment ready!"
echo "Pulsar Manager: http://localhost:7750/pulsar-manager/"
echo "Credentials: admin / apachepulsar"
}
CI/CD Integration
# Integration testing setup
setup_test_environment() {
local timeout=300 # 5 minutes
local elapsed=0
echo "Setting up test environment..."
# Start services
docker-compose up -d --wait
# Wait for Pulsar Manager
while ! curl -s http://localhost:7750/pulsar-manager/ > /dev/null; do
if [ $elapsed -ge $timeout ]; then
echo "Timeout waiting for Pulsar Manager"
return 1
fi
sleep 5
elapsed=$((elapsed + 5))
done
# Initialize
if tg-init-pulsar-manager; then
echo "✓ Test environment ready"
else
echo "✗ Failed to initialize test environment"
return 1
fi
}
Docker Integration
Docker Compose Setup
# docker-compose.yml
version: '3.8'
services:
pulsar:
image: apachepulsar/pulsar:latest
ports:
- "6650:6650"
- "8080:8080"
command: bin/pulsar standalone
pulsar-manager:
image: apachepulsar/pulsar-manager:latest
ports:
- "7750:7750"
depends_on:
- pulsar
environment:
SPRING_CONFIGURATION_FILE: /pulsar-manager/pulsar-manager/application.properties
trustgraph-init:
image: trustgraph/cli:latest
depends_on:
- pulsar-manager
command: >
sh -c "
sleep 30 &&
tg-init-pulsar-manager &&
tg-init-trustgraph
"
Kubernetes Setup
# k8s-init-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: trustgraph-init
spec:
template:
spec:
containers:
- name: init
image: trustgraph/cli:latest
command:
- sh
- -c
- |
echo "Waiting for Pulsar Manager..."
while ! curl -s http://pulsar-manager:7750/pulsar-manager/; do
sleep 5
done
echo "Initializing Pulsar Manager..."
tg-init-pulsar-manager
echo "Initializing TrustGraph..."
tg-init-trustgraph
env:
- name: PULSAR_MANAGER_URL
value: "http://pulsar-manager:7750"
restartPolicy: Never
Error Handling
Connection Refused
curl: (7) Failed to connect to localhost port 7750: Connection refused
Solution: Ensure Pulsar Manager is running and accessible on port 7750.
CSRF Token Issues
curl: (22) The requested URL returned error: 403 Forbidden
Solution: The CSRF token mechanism may have changed. Check Pulsar Manager API documentation.
User Already Exists
HTTP 409 Conflict - User already exists
Solution: This is expected on subsequent runs. The superuser is already created.
Network Issues
curl: (28) Operation timed out
Solution: Check network connectivity and firewall settings.
Security Considerations
Default Credentials
The command uses default credentials that should be changed in production:
# After initialization, change the password via Pulsar Manager UI
# Or use the API to update credentials
change_admin_password() {
local new_password="$1"
# Login to get session
session=$(curl -s -c cookies.txt \
-d "username=admin&password=apachepulsar" \
http://localhost:7750/pulsar-manager/login)
# Update password
curl -s -b cookies.txt \
-H "Content-Type: application/json" \
-X PUT \
-d "{\"password\": \"$new_password\"}" \
http://localhost:7750/pulsar-manager/users/admin
rm cookies.txt
}
Access Control
# Restrict access to Pulsar Manager in production
configure_security() {
echo "Configuring Pulsar Manager security..."
# Change default password
change_admin_password "$(openssl rand -base64 32)"
# Configure firewall rules (example)
# iptables -A INPUT -p tcp --dport 7750 -s 10.0.0.0/8 -j ACCEPT
# iptables -A INPUT -p tcp --dport 7750 -j DROP
echo "Security configuration complete"
}
Advanced Usage
Custom Configuration
# Create custom initialization script
create_custom_init() {
cat > custom-pulsar-manager-init.sh << 'EOF'
#!/bin/bash
PULSAR_MANAGER_URL=${PULSAR_MANAGER_URL:-http://localhost:7750}
ADMIN_USER=${ADMIN_USER:-admin}
ADMIN_PASS=${ADMIN_PASS:-$(openssl rand -base64 16)}
ADMIN_EMAIL=${ADMIN_EMAIL:-admin@example.com}
echo "Initializing Pulsar Manager at: $PULSAR_MANAGER_URL"
# Get CSRF token
CSRF_TOKEN=$(curl -s "$PULSAR_MANAGER_URL/pulsar-manager/csrf-token")
if [ -z "$CSRF_TOKEN" ]; then
echo "Failed to get CSRF token"
exit 1
fi
# Create superuser
response=$(curl -s -w "%{http_code}" \
-H "X-XSRF-TOKEN: $CSRF_TOKEN" \
-H "Cookie: XSRF-TOKEN=$CSRF_TOKEN;" \
-H 'Content-Type: application/json' \
-X PUT \
"$PULSAR_MANAGER_URL/pulsar-manager/users/superuser" \
-d "{\"name\": \"$ADMIN_USER\", \"password\": \"$ADMIN_PASS\", \"description\": \"Admin user\", \"email\": \"$ADMIN_EMAIL\"}")
http_code="${response: -3}"
if [ "$http_code" = "200" ] || [ "$http_code" = "409" ]; then
echo "Pulsar Manager initialized successfully"
echo "Username: $ADMIN_USER"
echo "Password: $ADMIN_PASS"
else
echo "Failed to initialize Pulsar Manager (HTTP $http_code)"
exit 1
fi
EOF
chmod +x custom-pulsar-manager-init.sh
}
Health Checks
# Health check script
check_pulsar_manager() {
local max_attempts=30
local attempt=1
echo "Checking Pulsar Manager health..."
while [ $attempt -le $max_attempts ]; do
if curl -s http://localhost:7750/pulsar-manager/ > /dev/null; then
echo "✓ Pulsar Manager is healthy"
return 0
fi
echo "Attempt $attempt/$max_attempts - Pulsar Manager not ready"
sleep 5
attempt=$((attempt + 1))
done
echo "✗ Pulsar Manager health check failed"
return 1
}
# Use in deployment scripts
if check_pulsar_manager; then
tg-init-pulsar-manager
else
echo "Cannot initialize Pulsar Manager - service not healthy"
exit 1
fi
Related Commands
tg-init-trustgraph- Initialize TrustGraph with Pulsar configurationtg-show-config- Display current TrustGraph configuration
Integration Points
Pulsar Manager UI
After initialization, access the web interface at:
- URL:
http://localhost:7750/pulsar-manager/ - Username:
admin - Password:
apachepulsar
TrustGraph Integration
This command is typically run before tg-init-trustgraph as part of the complete TrustGraph setup process.
Best Practices
- Run Once: Only run during initial setup - subsequent runs are harmless but unnecessary
- Change Defaults: Change default credentials in production environments
- Network Security: Restrict access to Pulsar Manager in production
- Health Checks: Always verify Pulsar Manager is running before initialization
- Automation: Include in deployment automation scripts
- Documentation: Document custom credentials for operations teams
Troubleshooting
Service Not Ready
# Check if Pulsar Manager is running
docker ps | grep pulsar-manager
netstat -tlnp | grep 7750
Port Conflicts
# Check if port 7750 is in use
lsof -i :7750
Docker Issues
# Check Pulsar Manager logs
docker logs pulsar-manager
# Restart if needed
docker restart pulsar-manager