JBoss minimal configuration with Tomcat (Servlet Contrainer)

June 3rd, 2008 Radim Marek

For proof of concept I needed to deploy large number of servlet containers. Because I’m lazy and most of the code for main application has already been written for JBoss AS (including Login modules and set of custom services) I really didn’t want to use standalone Jetty or Tomcat. To use different solution for one part of deployment would create significant duplication of some functionality and unnecessary increased administration.Instead of cleaning-up default configuration, I decided to use for first time minimal configuration and add JBossWeb (manually). This is an overview of what has been required to achieve it.

First copy the configuration and create new profile.

    cd server/
    cp -R minimal webserver

Obviously you need to copy original JBoss Web deployer.

    cp -R ./default/deploy/jboss-web.deployer ./webserver/deploy/

And that’s where fun begins. By default JBoss Web relies on several JEE service that needs to be disabled. Edit file

    webserver/deploy/jboss-web.deployer/META-INF/jboss-service.xml

and comment out (delete) following dependencies on unnecessary services:

    <depends>jboss:service=TransactionManager</depends>
    <depends>jboss.jca:service=CachedConnectionManager</depends>

This is based on assumption you don’t need them. Once CachedConnectionManager is gone, you need to delete CachedConnectionValve from

    webserver/deploy/jboss-web.deployer/server.xml

Right now, your new webserver profile is stripped to it’s minimum and you have to add something. First necessary addsecurity related services into

<!– ==================================================================== –>
<!– Security                                                             –>
<!– ==================================================================== –>

<mbean code=”org.jboss.security.plugins.SecurityConfig”
   name=”jboss.security:service=SecurityConfig”>
   <attribute name=”LoginConfig”>jboss.security:service=XMLLoginConfig</attribute>
</mbean>
<mbean code=”org.jboss.security.auth.login.XMLLoginConfig”
   name=”jboss.security:service=XMLLoginConfig”>
   <attribute name=”ConfigResource”>login-config.xml</attribute>
</mbean>

<!– JAAS security manager and realm mapping –>
<mbean code=”org.jboss.security.plugins.JaasSecurityManagerService”
   name=”jboss.security:service=JaasSecurityManager”>
   <attribute name=”ServerMode”>true</attribute>
   <attribute name=”SecurityManagerClassName”>org.jboss.security.plugins.JaasSecurityManager</attribute>
   <attribute name=”DefaultUnauthenticatedPrincipal”>anonymous</attribute>
   <attribute name=”DefaultCacheTimeout”>1800</attribute>
   <attribute name=”DefaultCacheResolution”>60</attribute>
   <attribute name=”DeepCopySubjectMode”>false</attribute>
</mbean>

Last remaining task is to copy additional JAR files and that’s it!

    cd default/lib/
    cp jboss.jar jboss-j2ee.jar jbosssx.jar servlet-api.jar jsp-api.jar jbossws* el-api.jar jboss-ejb3x.jar ../../webserver/lib

Back in bin folder you can test new configuration profile

    run -c webserver

Don’t expect miracles, you’ll get only what you configure. In this case is basic application server, with full support for customer services and webserver. To perform more tests you need to deploy some WAR file to deploy/ folder in order to get any output, as there are no context by default.This guide has been tested on JBoss AS 4.2.2

Posted in Administration, jboss | 1 Comment »

AJP13 made easy with mod_proxy

March 18th, 2008 Radim Marek

For a long time mod_jk has been preferred Apache HTTPD plug-in that allowed integration with Tomcat’s JK connectors. It’s certainly perfect solution and still the recommended one for mission critical and highly loaded scenarios.

In case your setup is more relaxed and you looking to do first setup with AJP, there is another solution – mod_proxy. More precisely mod_proxy_ajp that provides ability of handling AJP 1.3 protocol. These modules are enjoying comeback since they have been rewritten for Apache HTTPD 2.2.

Main benefit behind using mod_proxy is the fact that most of the Apache HTTPD installations already come with this module precompiled. Very often not only with HTTP support, but AJP as well. In such a situation administrators feel more tempted to experiment with HTTP based load-balancing scenarios, and therefore more likely to experiment with different protocol.

Let’s have a look how sample configuration would look like:

# Enable Reverse Proxy
ProxyRequests Off

<Proxy balancer://mycluster>
        Order deny,allow
        Allow from all

        # loadfactor = worker load factor
        # route = jvmRoute appended to SESSIONID, reflecting setting in server.xml
        # min = minimum number of connections to backend server
        # max = maximum number of connections to backend server
        BalancerMember ajp://192.168.10.33:8009/ loadfactor=10 route=33 min=10 max=50 keepalive=On
        BalancerMember ajp://192.168.10.34:8009/ loadfactor=2 route=34 min=10 max=50 keepalive=On
</Proxy>

ProxyPass /proxy balancer://mycluster STICKYSESSION=JSESSIONID|jsessionid nofailover=On
ProxyPassReverse /proxy balancer://mycluster
ProxyPassReverseCookieDomain backend.server public.server

In this case two nodes are created to participate in load-balancer using AJP as connector to backend Tomcat; session affinity enabled with STICKSESSION configuration.

Overall the configuration corresponds with the one you would normally create using mod_jk. Now you’re probably asking what’s the catch. And answer is simple – you loosing dynamic options (periodic reload of mapping), only simplified balancing features and generally the performance is slightly behind mod_jk. My tests during last few months (both with experimental and production grade setups) show difference approximately about 6 – 7% drop down. Something not really worrying if you’re running medium sized intranet solution and you already need clustered solution, or if you just discovering world of load balancing.

For more information, please, check following resources:

• Mod_proxy documentation
• Mod_proxy_ajp documentation
• Apache Tomcat Connector

Posted in Administration, jboss | 1 Comment »

JBoss for Administrators

March 16th, 2008 Radim Marek

Training designed to help System Engineers to acquire necessary knowledge to understand requirements, master installation, deployment and management of JBoss Application server. Throughout the course delegates are getting exposed to the terminology used in Java EE development, understand architecture of application server and learn how to change configuration to suite particular needs – and most importantly delivery stable and secure instance for production environment.

It’s a 3-day course with following agenda:

Day 1

• Installing and deployment of JBoss Application Server
• JBoss Services configuration

Day 2

• JBoss production configuration
• Connector Tuning
• Securing JBoss Application Server

Day 3

• Clustering on JBoss Application Server
• Best Practices in JBoss Performance Tuning
• JBoss Operation Network training

Requirements: no prior knowledge of Java EE development necessary, working knowledge of Windows or UNIX based systems; able to install and use Java to run applications.

Pre-course reading materials:

• Java installation
• What is XML
• XML Formed and Valid XML Documents
• Packaging programs in JAR files
• What is J2EE

Post-course reading materials:

• JVM Internals
• Config Datasources
• Tomcat Connectors
• JBossWeb Native
• JBoss Messaging Installation

Course content

JBoss Application Server Architecture covers necessary basics what is an application server and it’s role in infrastructure. Basic Java EE terminology is covered and practically presented using Travel Reservation application example.

Core concepts is chapter covering basics of the technologies used in JBoss AS, including JMX (Java Management Extensions) – the way how it’s used in design of application server microkernel, interceptors, invokers and dynamic proxies.

JBoss installation will provide delegates first stand-alone JBoss instance with default or customized server configuration. Focus is targeted on how to choose right version of JBoss AS and Java Virtual Machine, what are the hardware and operating system requirements. Hands-on lab is focusing on installation and verification if it’s working properly.

Deploying applications will provide information about various packages provided by Java EE or JBoss and how to [re/un] deploy them both for application and services. Delegates will be introduced to concept of class files and class loader. Hands-on lab on deployment is there to verify newly acquired knowledge.

JBoss Service Configuration is comprehensive part of the course covering important services of JBoss AS like JBossWeb (Tomcat), Naming Service, EJB Invokers, JMS provider, scheduler, etc. The rationale behind it is to provide understand about multiple components that are forming together application server and how they’re significant from administrator’s point of view. By end of this part participants will have overview about numerous open ports they need to secure or configure. Cheat sheet with the list of opened ports is provided.

Hands-on session is available to practice scheduler service using real-life scenarios.

JBoss production deployment focuses on getting instances of the application server into production environment. Topics include understanding of JDBC, way how to configure datasources, deployment ordering to suite different needs, both if it’s standalone installation or part of the cluster. To help create easily separated environments, delegate will learn how to run multiple instances of JBoss on the same host.

Hands-on sessions include practice deployment ordering and setting up multiple nodes.

JBoss Tuning covers optimum configuration both of the front-end (JBossWeb) to handle incoming HTTP requests effectively and back-end, including datasources. Second of the lesson is dedicated to in-depth introduction of the garbage collection and how to configure it. Different methods how to monitor JVM, application server and services will be demonstrated.

Introduction to Java EE and JBoss Security describes differences between authentication, authorization and encryption, including the way in which the Java EE security model is configured inside JBoss. Close down instructions are included for the necessary services. Practical hands-on session focuses on securing JMX console both using username/password and SSL certificate.

JBoss Clustering introduces terminology, challenges and techniques required to achieve high available solutions. JGroups, as the clustering building block, is introduced and extensive troubleshooting methods are discussed. Consequent clustering configuration for services and components participating in high available environment is demonstrated using simply to use instructions.

Mod_jk as the load balancing solution for JBossWeb (Tomcat) is introduced, covering architecture and configuration options. Delegates should become confident using it during hands-on session.

JBoss Operation Network Training provides overview about the monitoring and administering JBoss middleware using the JON (JBoss Operation Network).

Recommendation

The JBoss for Administrator is focusing on information for System Engineers. It might be useful for developers - especially in small teams - but they might feel the training is not going to necessary details where related to development. If this training is part of private course or there is time during public course, the clustering part can be easily extended to provide necessary information to understand this topic in necessary depth. JBoss Clustering training might be on other side overwhelming for administrators as it’s been designed primary for senior developers and architects.

About

This blog post is part of my series focusing on the JBoss training as offered by RedHat.

For more information, please, visit the original post.

Link:

• JBoss Training

Posted in Administration, jboss, training | No Comments »

Running multiple instance of JBoss AS

September 25th, 2007 Radim Marek

Either setting up clustered environment for development/testing, need to isolate different application, or necessity of running different version of JBoss AS on the same machine. No matter what is the reason for running multiple instances of JBoss AS, for most users it’s quite a daunting task. Most common technique how to achieve it is complicated manual change of all ports numbers to be different. But what to do during upgrade? Do you really want to go through it all over again?

Read the rest of this entry »

Posted in Administration | No Comments »