570 likes | 895 Views
Administering Apache Geronimo 2.x. Vamsavardhana Reddy Chillakuru a.k.a. Vamsi vamsic007@apache.org vamsic007@in.ibm.com. Who am I?. Committer and Member of Apache Geronimo PMC Involved with ASF since 2005 Over 11 years experience in software development Advisory Software Engineer at IBM
E N D
Administering Apache Geronimo 2.x Vamsavardhana Reddy Chillakuru a.k.a. Vamsi vamsic007@apache.org vamsic007@in.ibm.com
Who am I? • Committer and Member of Apache Geronimo PMC • Involved with ASF since 2005 • Over 11 years experience in software development • Advisory Software Engineer at IBM • Employed with IBM India since 1996 Administering Apache Geronimo 2.x
Geronimo in the making That’s my son Susanth helping me with Geronimo Administering Apache Geronimo 2.x
Agenda • Introduction to Geronimo • Securing Geronimo • Administration Tasks • Multiple Server Instances • Summary • Q & A Administering Apache Geronimo 2.x
Agenda • Introduction to Geronimo • Securing Geronimo • Administration Tasks • Multiple Server Instances • Summary • Q & A Administering Apache Geronimo 2.x
Introduction to Geronimo • J2EE/Java EE Application Server from Apache Software Foundation • Brings together the best-of-breed technologies from open source to support J2EE/Java EE • Small foot print/Highly customizable • Ease of use is – foremost guiding principle • V2.1 Java EE 5 Certified – Feb/2008 Administering Apache Geronimo 2.x
Geronimo History and Progress • Apache Geronimo Project formed • V1.0-M5 released, J2EE 1.4 certification • V2.2 Release • V1.0 Released • V1.1 Released • V2.1 Released • V2.0-M6 released, Java EE 5 certification • V1.1.1 Released • V2.0.1 Released • V2.0.2 Released August2003 Oct2005 Jan2006 June2006 Sep 2006 Jun 2007 Aug 2007 Oct 2007 Feb 2008 In Plan Administering Apache Geronimo 2.x
Geronimo Architecture • GBeans are the building blocks • E.g. Containers, Connectors, Servlets… • Geronimo Kernel • A container for GBeans • Based on Inversion-of-Control/Dependency Injection • Provides Life Cycle management for GBeans • Loosely coupled system • Start/stop/remove components on the fly • Integrate new components on the fly • Plugins • Directory Server, Roller and many other Administering Apache Geronimo 2.x
Geronimo Architecture *Ref: http://www.ibm.com/developerworks/library/os-ag-deploy/ Administering Apache Geronimo 2.x
Apache Tomcat Jetty (Mort Bay) Apache Derby Apache OpenEJB Apache ActiveMQ Apache OpenJPA Apache Axis Apache Axis2 Apache CXF Apache Yoko Apache Commons Apache jUDDI Apache Log4J HOWL TRANQL Castor WADI CGLIB And many more… What it contains? Administering Apache Geronimo 2.x
What’s new in 2.1? • Servers assembled out of plugins • Custom server assemblies • Assemble a server feature • Flexible admin console • Monitoring Console • GShell • WADI Clustering Support for Tomcat Administering Apache Geronimo 2.x
How to get involved? • Geronimo project web site • http://geronimo.apache.org/ • Mailing lists • user@geronimo.apache.org • dev@geronimo.apache.org • Wiki • http://cwiki.apache.org/geronimo/ Administering Apache Geronimo 2.x
Geronimo Installation • http://geronimo.apache.org/downloads.html • Geronimo Tomcat or Geronimo Jetty distributions • Extract the archive to any directory • On windows, use a short directory name (for e.g. C:\ or C:\g) to avoid long-path problems. Administering Apache Geronimo 2.x
Geronimo Startup/Shutdown • Requires Sun J2SE 5.0 JDK/JRE • Environment variables • JAVA_HOME/JRE_HOME • GERONIMO_OPTS • JAVA_OPTS • Run the server • <g_home>/bin/geronimo start • <g_home>/bin/geronimo jpda run • Stop the server • Control+C in server console • <g_home>/bin/shutdown Administering Apache Geronimo 2.x
Administration Console • Web-based, Convenient, user-friendly • Based on Apache Pluto (JSR-168) • Access at http://localhost:8080/console • Portlets for administration • Web Server, JMS Server, JMS Resources, DB Manager, Database Pools • Application portlets – Deploy New, Web App WARs, Plan Creator etc.. • Security Realms, Keystores • Portlets for monitoring server status • Information, Java System Info, Server Logs, Monitoring, etc. • Don’t forget the Help view in the portlets Administering Apache Geronimo 2.x
Agenda • Introduction to Geronimo • Geronimo Console • Securing Geronimo • Administration Tasks • Multiple Server Instances • Do’s & Don’ts • Q & A Administering Apache Geronimo 2.x
+-bin |-deploy |-etc |-lib |-repository |-schema |-var +-config |-derby |-security |-shared +-i1=instance-name +-deploy +-var +-config |-derby |-security | +-keystores |-shared +-classes |-lib Geronimo directory structure Administering Apache Geronimo 2.x
Important configuration files • Located in <g_home>/var/config • config.xml • Overridden GBean attributes • New GBeans and configurations • config-substitutions.properties • Properties used in confg.xml • artifact_aliases.properties • Substitute one artifact for another Administering Apache Geronimo 2.x
Replace Default Realm • Default security realm - geronimo-admin • Used by JMX server, Admin Console, Online-deployer, MEJB application • Change default credentials • Edit var/security/users.properties • Users and Groups portlet • Replace default realm • Deploy desired realm with name geronimo-admin • Database or LDAP Realm recommended for production • Delete the realm gbean in server-security-config Administering Apache Geronimo 2.x
Protecting passwords • Pluggable Encryption Mechanism <gbean name="org.apache.geronimo.configs/rmi-naming/2.1/car?name=ConfiguredEncryption,j2eeType=GBean" gbeanInfo="o.a.g.system.util.ConfiguredEncryption"> <attribute name="path"> var/security/ConfiguredSecretKey.ser </attribute> <reference name="ServerInfo"> <pattern><name>ServerInfo</name></pattern> </reference></gbean> Administering Apache Geronimo 2.x
Securing Derby • <g_home>/var/derby/derby.properties derby.connection.requireAuthentication=true derby.authentication.provider=BUILTIN derby.user.userName1=password1 derby.user.userName2=password2 • Other authentication methods • LDAP, application-defined • o.a.d.authentication.UserAuthenticator • Users at database level too • http://db.apache.org/derby/binaries/jta-WE15.pdf Administering Apache Geronimo 2.x
Update database pools • Update credentials used by database pools • Using Admin Console • Update before enabling Derby security. Otherwise Geronimo server will not start. • By editing config.xml (xml shown next) • Database pools to update • MonitoringClientDS • NoTxDatasource • SystemDatasource • jdbc/ActiveDS • jdbc/ArchiveDS • jdbc/juddiDB • Any other database pools that use Embedded Derby Administering Apache Geronimo 2.x
Update DB pools - config.xml <module name="org.apache.geronimo.configs/system-database/2.1/car"> <gbean name="o.a.g.c/system- database/2.1/car?...,name=SystemDatasource"> <attribute name="UserName">userName1</attribute> <attribute name="Password">password1</attribute> </gbean> <gbean name="o.a.g.c/system-database/2.1/car?..., name=NoTxDatasource"> <attribute name="UserName">userName1</attribute> <attribute name="Password">password1</attribute> </gbean> </module> Administering Apache Geronimo 2.x
Agenda • Introduction to Geronimo • Securing Geronimo • Administration Tasks • Multiple Server Instances • Summary • Q & A Administering Apache Geronimo 2.x
A typical scenario • Setup the web server • Create user database and DB Pools • Create Security Realms • Create JMS Factories and Queues • Deploy Applications • Manage Applications • Server Logs • Monitoring Administering Apache Geronimo 2.x
Administering Tomcat • WebServers portlet for connectors • Connector protocol: HTTP, HTTPS, AJP • BIO/NIO/APR • add/delete/edit/stop/start/restart • Configuring HTTPS • Server Authentication only • ClientAuth Administering Apache Geronimo 2.x
Virtual hosts • Add HostGBeans to Tomcat config • Specify virtual host in deployment plan <container-config> <tomcat> <host>virtualhost1.com</host> </tomcat> </container-config> Administering Apache Geronimo 2.x
Single Sign-On • Login to one application maintains login across all applications on the server • Create a SingleSignOn valve and connect to the valve chain • Edit config.xml Administering Apache Geronimo 2.x
Managing Keystores • Add keystores • Lock/unlock keystores • Create/delete private keys • Change keystore/key passwords • Add/delete trust certificates • Manage private keys/certificates • Support for all keystore types in v2.1 Administering Apache Geronimo 2.x
Administering Derby • DB Info portlet • DB Manager portlet • Create/delete databases • View tables, table content • Run SQL • Derby Log Viewer portlet Administering Apache Geronimo 2.x
Database Pools • Database pools portlet • Create/edit database pool • J2EE Connectors portlet • Stop/start/delete connector configurations Administering Apache Geronimo 2.x
Security Realms • Add security realms • Properties File Realm • Database (SQL) Realm • LDAP Realm • Custom Realm • Edit security realms • Configure Auditing, Lockout Administering Apache Geronimo 2.x
Administering ActiveMQ • JMS Server portlet • Add/delete/start/stop connectors • Stopped connectors started at next run • JMS Resources portlet • Add connection factories, queues, topics for ActiveMQ or any other JMS provider • J2EE Connectors portlet • Stop/start/delete connector configs Administering Apache Geronimo 2.x
Deploy Applications • Command Line Deployer • bin\deploy • Offline deployment: bin\deploy -o • inPlace deployment • Deploy to different target stores • Start/stop/restart/deploy/undeploy … • Deploy New portlet • Deploy and redeploy operations only Administering Apache Geronimo 2.x
Deploy Applications (contd.) • Hot deployer • Copy to <g_home>/deploy directory • Plan should be part of archive • Plan Creator • Lets you create a deployment plan in a series of steps. • Web Apps only as of v2.1 • EJB, EAR etc under development Administering Apache Geronimo 2.x
Manage Applications • System Modules portlet • Web App WARs portlet • EJB Jars portlet • Application EARs portlet • App Clients • J2EE Connectors Administering Apache Geronimo 2.x
Logging • var/log/server-log4j.properties • org.apache.geronimo.log.ConsoleLogLevel system property to change console log level • org.apache.geronimo.log4jservice.configuration to change the default config file • ServerLogs portlet • Update config file temporarily Administering Apache Geronimo 2.x
Web Access logs • Server Logs–Web Access Log Viewer • Log rotation – rotated daily • NOTE: Logs not deleted by Geronimo • Changing log configuration <gbean name="AccessLogValve"> <attribute name="initParams">prefix=${ServerHostname}_access_log. suffix=.txt pattern=common fileDateFormat=yyyy-MM</attribute> </gbean> Administering Apache Geronimo 2.x
Monitoring • Servers - Local and remote servers • EJB and JMX protocols • Graphs • Select MBean and statistic • Based on two statistics from the MBean • Views • Compose multiple graphs into views Administering Apache Geronimo 2.x
Debug Views • JMX Viewer • LDAP Viewer • ClassLoader Viewer • JNDI Viewer • Dependency Viewer Administering Apache Geronimo 2.x
Plugins • Plugins portlet • Add plugin repositories • Search for plugins • Install plugins • Export config as plugin • Assemble a server • Command Line Deployer • Search-plugins Administering Apache Geronimo 2.x
Agenda • Introduction to Geronimo • Securing Geronimo • Administration Tasks • Multiple Server Instances • Summary • Q & A Administering Apache Geronimo 2.x
Running multiple instances • Shared directories • bin, lib, repository • Instance home <inst_home> directory • Create <g_home>/<inst_name> dir • Copy <g_home>/var to <inst_home>/var • Change PortOffset to resolve port conflicts • <inst_home>/var/config/config-substitutions.properties • Set org.apache.geronimo.server.name system property. • Use GERONIMO_OPTS Administering Apache Geronimo 2.x
+-bin |-deploy |-etc |-lib |-repository |-schema |-var +-config |-derby |-security |-shared +-i1=instance-name +-deploy +-var +-config |-derby |-security | +-keystores |-shared +-classes |-lib Geronimo directory structure Administering Apache Geronimo 2.x
Deploying to an instance • Offline Deployment • org.apache.geronimo.server.name property with GERONIMO_OPTS • Online deployment • Host and port deployer options • Deploy New portlet • Deploy to specific target config stores • target deployer option • bin/deploy list-targets Administering Apache Geronimo 2.x
Individual Repositories • Maven2Repository GBean • RepositoryConfigurationStore GBean • Deploy to the specific instance • Use target option to deploy to the new store. Administering Apache Geronimo 2.x
New Repository – plan.xml <!--Repository--> <gbean name="newRepo" class="org.apache.geronimo.system.repository.Maven2Repository"> <attribute name="resolveToServer">true</attribute> <reference name="ServerInfo"> <name>ServerInfo</name> </reference> </gbean> <!--Configuration Store service--> <gbean name="Local2" class="org.apache.geronimo.system.configuration. RepositoryConfigurationStore"> <reference name="Repository"><name>newRepo</name> </reference> </gbean> Administering Apache Geronimo 2.x
Agenda • Introduction to Geronimo • Securing Geronimo • Administration Tasks • Multiple Server Instances • Summary • Q & A Administering Apache Geronimo 2.x