Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Architecture
1
e.g. jboss-as-7.1.1.Final or jboss-eap-6.0 *
<jboss> means this install location in the course
Server install includes these subfolders:
appclient: For client container files (7.1+)
bin: Startup scripts / config files
bundles: OSGI bundles
docs/schema: XML schema definitions
domain: Config files / folders for domains
modules: Server modules
standalone: Config files / folders for single
standalone server
welcome-content: Default Welcome Content
2
The <jboss>/bin Folder and Files
bin folder: scripts to start, stop and work with JBoss AS
Scripts include (in Windows - .bat, and Unix - .sh versions)
add-user: Add a user to security domain
domain: Starts a domain
domain.conf.bat (Win) / domain.conf (Unix): Configuration
properties used by the domain script
jboss-cli: The Command line interface (CLI) program
Named jboss-admin in AS 7.0
standalone: Starts a standalone server
standalone.conf.bat (Win) / standalone.conf (Unix):
Configuration properties used by the standalone script
wsconsume, wsprovide - Scripts for working with Web services
3
*nix: bin/standalone.conf
Values - AS 7.1.1: -Xms64m -Xmx512m
Values - EAP 6: -Xms1303m -Xmx1303m
To change these, modify JAVA_OPTS appropriately, e.g.
*nix: JAVA_OPTS="-Xms256m -Xmx256m "
Windows: set "JAVA_OPTS=-Xms256m -Xmx256m "
You can also set your own JAVA_OPTS environment variable, but
this will override ALL settings in the config files
Note:
4
Consist of XML files and associated folders
To create a new configuration, create a new XML file
Flexible - server core is very small
Each configuration can have different services deployed
Easy to copy / modify existing configuration file to your needs
It's a good idea to save the original JBoss configurations
5
as ${testDB.userName}:
./standalone.sh -DtestDB.userName=EFCodd
6
own classloader
Can access parent's classes,
but not sibling's classes
So classes in myear_1 and
myear_2 are isolated from
each other
Classes in the parents can
be accessed by both apps
Application Dependencies
Applications usually have dependencies
e.g., a Web app (store.war) depending on an EJB (jtunes.jar)
Modules can be used for app dependencies as follows
7
Deploy the EJB jar as a module
Assume module name com.javatunes.services
Add a dependency in the Web app manifest file (see below)
Usually the easiest way to share jtunes.jar among multiple apps
Can also package the WAR and EJB jar in an EAR
If jtunes.jar in the EAR's lib folder, automatically found
If elsewhere, add it to the WAR manifest (see notes)
Useful if only the Web app is using the jar
8
It will register itself with the server runtime via this API
Most server capabilities added via extensions
They determine the capabilities available in a configuration
Below, is an sample of extension configurations
They are specified by their module name
Subsystems
Subsystem: Provides for configuration of an extension *
Also done in standalone.xml
Via <subsystem> elements within <profile>
Configures the exact capabilities added to the core server
Below - part of logging subsystem configuration
Declares handlers and logging categories
Requires org.jboss.as.logging extension
Profiles
Profile: A set of subsystems
Configured in a <profile> element as seen earlier
Along subsystem configurations in <subsystem>
A standalone configuration contains a single profile
It makes up the majority of a configuration
A domain can contain multiple profiles (covered later)
Paths
9
A path (in a server config file) is a logical name for an actual
filesystem path
Can be declared once, then referenced by its logical name
Some paths are automatically provided by the server
e.g. jboss.server.log.dir specifies the folder for log output
Paths are easy to use
At bottom: The logging subsystem uses the
jboss.server.log.dir path to configure the log file location
10
The root node has the following child types
extension: A list of extension modules
path: A list of named filesystem paths
system-property: A list of system properties to set on the server
core-service: Core services provided by the server
interface: List of named network interfaces on the server
socket-binding-group: List of socket bindings on the server
subsystem: List of subsystems on the server
deployment: List of deployments on the server
11
Web console enables monitoring of system
health, including:
JVM status (heaps, threads)
Transaction manager (commits, rollbacks,
)
Datasource usage (pool sizes, etc)
Web statistics (e.g. request/error statistics)
JMS metrics (topic/queue sizes, etc)
Persistence Units (cache usage, queries,
etc)
Accessible at
http://localhost:9990/console
12
Profile Information in the Console
The main Profile section divided into two
main sections
Profile and General Configuration in the
menu on the left of the console
Profile Section includes:
Core: Logging, Deployment Scanners,
Threads, JMX, Config Admin Service
Connector: JCA, Datasources, Resource
Apapters
Container: Naming, EJB3, EE,
Transactions, JPA
Security: Security Subsystem, Security
Domains
Web: Servlet/HTTP,
13
It is the open source version of JON (see notes)
Capabilities of RHQ include the following modules:
Inventory: Catalog IT assets across multiple platforms (Linux,Solaris, ),
servers (Apache, Tomcat,JBoss) and applications (Web apps, EJB, JMS, datasources, etc)
Monitoring: Collect and persist information, graph/chart data with trend analysis, define alerts,
initiate control actions on alerts, provide a complete audit trail, manage historical data
Administration: Provide single point for controlling diverse resources, including managing JBoss
applications (e.g. Web apps), providing access to and versioning of configuration files, scheduling
operations, and rolling back to previous versions
Content: Manages updates/patches to resources
RHQ Structure
RHQ consists of a few key components:
We will only give a very high level overview in this section
RHQ Server: The central server for managing resources
An application built on top of the JBoss application server
Provides a GUI console for managing resources
Agents: Distributed processes that communicate resource
information back to the RHQ server
Agents collect information on resources and send it to the server
Managed Resources: Resources managed by RHQ, including:
Platforms such as Windows, Linux, Java Platform
Servers that are present on a particular platform, such as JBoss
AS, Tomcat, Apache, IIS, etc.
Services for a server, e.g. Web app, or a JVM the server runs on
14
JBoss Logging Overview
AS 7 uses the JBoss Logging framework
Open source framework with fine-grained control of logging
Configuration / usage very similar to log4j
Currently not well documented
The log folder contains two logging files for AS 7
boot.log: Contains logging info from the core startup
server.log: Standard server logging file (multiple log files)
Server logging is configured in the logging subsystem
e.g. in standalone.xml
This configures logging output and destinations
The standard configuration logs to the console and server.log
Boot logging is configured by configuration/logging.properties
15
FATAL | ERROR | WARN | INFO | DEBUG | TRACE
A special level:
OFF | ALL
Handlers
Handlers are the destinations of logging messages
Configured using different handler elements in the XML config
Can be configured with a level (filters) and a formatter (formats messages)
Different handlers available that log to different destinationsv
<console-handler>: Logs to the console
<file-handler>: Writes to a file
<periodic-rotating-file-handler>: Writes to file, rotates the file periodically
<size-rotating-file-handler>: Writes to file, rotates the file when it's a given size
<custom-handler>: Custom handler using JBoss API
AS 7 Boot Logging
Logging during the kernel bootstrap (boot.log) is configured by the logging.properties file in the
configuration folder
Once the kernel is booted and the logging subsystem started,then the standard logging
configuration is used
You can change the boot logging behavior by modifying this file
Interface Specification
An interface configures a logical network connection
Declares a logical name, and criteria for selecting a physical interface
Centralizes network connection info in one place
Provides flexibility for configuration (especially for domains)
Usable by subsystems to specify their connection
Appears in server config file (e.g. standlone.xml)
Specify the physical interface in many ways, including
A specific IPv4/IPv6 address in standard dot notation
Any address
A particular network interface (e.g. a NIC)
Based on criteria, such as if the interface is up, whether it is a
loopback address, matching a range, etc.
16
Socket Bindings and Socket Binding Groups
A socket binding is a named socket and an associated port
Centralizes configuration of ports
Subsystems use the socket binding by name to bind to a port
Each socket binding can specify its name, interface, port, multicast address / port, and fixed port
Only name and port are required
A socket binding group is a named collection of socket bindings
Allows easy configuration, use, and reuse of the group of sockets
Each socket binding group can specify its name, default interface, and port offset
The port offset can be used to increment all the ports in the group by a given increment
Port Offsets
To change the port assignments as a block, set the port offset
Can be done in the server config file, as shown at bottom
Can be done using system properties, e.g.
./standalone.sh -Djboss.socket.binding.port-offset=100
The port offset value is added to each socket binding
Removing conflicts with the default values
Useful for running multiple server instances on one host
Where you'll likely use a different server config folder
So there are different log, data, etc. folders
17
Deploying and Enabling an App
Below, we show the console after deploying an app
Note it is disabled
At bottom, we show the same app after enabling it
Failed Deployments
If enabling an application fails due to errors, you can view the
error in the Web console messages
Accessible in the upper right of the console window
18
Deploying new content, and redeploying modified content
Similar to previous JBoss AS versions
Additional capability (and complexity) using marker files
The default for archive files (war file, ear file, etc)
Manual Deploy: Deployment does not depend on app files
Marker files are used to control deploy/undeploy/redeploy of apps
Action is only taken when a marker file changes
The default for exploded content (content in an actual folder, not in
an archive)
Deployment Options
Archive Deployment: Adding an archive into a deploy folder
will deploy it
Exploded deployments let you add an actual folder into the
deploy folder (rather than an archive of the files)
Folder should have the same name/structure as the archive
e.g., you can have a Modules-With-Dependency.war folder with
the structure shown at bottom
Convenient for modifying an app in place
XML File deployment is supported for some deployments
Mostly for backward compatibility
For example, *-ds.xml files for datasource deployment
Marker Files (1 of 2)
The marker files consist of the name of the content (e.g.
MyApp.war) with one of the added suffixes below
.dodeploy: Placed by user to trigger deploy/redploy
For example, a file named MyApp.war.dodeploy
.skipdeploy: Disables auto-deploy content as long as present
.isdeploying: Placed by scanner to indicate it's in process of
deploying. Deleted when the deployment completes
.deployed: Placed by scanner to indicate that the content was
deployed. If deleted by user, the content will be undeployed
.failed: Placed by scanner to indicate that the content failed to
deploy into the runtime. File contents include reason for failure
19
touch <jboss-deploy>/example.war.dodeploy
Undeploy currently deployed content
rm <jboss-deploy>/example.war.deployed
Replace currently deployed archive and deploy
cp example.war/ <jboss-deploy>
touch <jboss-deploy>/example.war.dodeploy
Replace currently deployed folder and deploy
rm <jboss-deploy>/example.war.deployed
wait for <jboss-deploy>/example.war.undeployed to appear
cp -r example.war/ <jboss-deploy>
touch <jboss-deploy>/example.war.dodeploy
20
For tasks to be run periodically, or with delays
Connector Configuration
Configures incoming connections to Web container
Many configuration attributes, including:
name: Name of the connector
protocol: Protocol for this connector (e.g. HTTP/1.1 or AJP/1.3)
We'll review AJP connector in clustering session
socket-binding: Socket binding reference (for address/port)
executor: Custom thread pool reference for execution *
Standard connector attributes:
21
Server
Datasource Advantages
Reduced dependencies - client has no DB connection info
You can change the DB without modifying application code
Authentication: The server can authenticate to the database
Authentication not needed in client
Connection pooling: Reuse of DB connections
Improves efficiency - Establishing a connection is expensive
The server keeps a pool of open connections available
Clients get one when needed, returns to pool when done
Rather than creating/destroying connections
Transparent to the client - Clients just use datasources, and app
server uses pooling behind the scenes
Pool configuration usually part of datasource configuration
Virtually all application servers support connection pooling, and
typically provide for pooling in datasource configuration
EJB3 Overview
EJB: Framework for creating server-side components:
Transactional, Distributed, Portable, Reliable, Secure, Scalable
Session Beans provide a business service
Distributed, transactional
Stateless Session Beans (SLSB) save no client-specific state
Stateful Session Beans (SFSB) save client-specific state
Message Driven Beans (MDB) integrate EJB with
messaging (JMS) systems
An MDB is an asynchronous message consumer
It consumes messages from a queue or topic
Bean instance lifecycle managed by the EJB container, as are distributed access, transactions,
instance pooling, threading, etc.
22
What Is JMS - Java Message Service?
A Java API used for interacting with a message service
The software implementing this API is the message provider
JMS is a standard Java EE API
Two parallel APIs that support the two messaging models
Pub/Sub and P2P
Very similar, and all are in the javax.jms package
Some JMS objects are administered objects
ConnectionFactory: Used to connect to server
Topics / Queues (Destinations): A messaging "address"
Configured in JMS provider and bound into JNDI
Looked up by clients in JNDI
This is standard for JMS
HornetQ and AS 7
HornetQ is the standard AS 7
messaging implementation
Present in *-full configurations
Open Source, very high
performance, reliability, and
scalability
HornetQ provides a JCA
adapter for integration with
JEE app servers
Makes integration easy
Apps may consume
messages (e.g. via an MDB)
Apps may produce messages
(e.g. an EJB or servlet)
All interaction done via the
JCA adaptor
AS 7 HornetQ/Messaging Configuration
Configuration is in messaging subsystem under a
<hornetq-server> sub-element, including:
General HornetQ configuration: Journaling/Persistence
<connectors>: Outbound channels (Connections this server
23
makes)
<acceptors>: Inbound channels (That a client can connect to)
<security-settings>: Default security settings
<jms-destinations>: Topics and Queues
<jms-connection-factories>: Configures JNDI objects for JMS
Many of these elements based on standard HornetQ config
Socket bindings are used by many of the above
HornetQ has a lot of capability and configuration options
24
May also be used by other subsystems / user apps
25
LDAP server
Used if your user/role information is stored in an LDAP server
The LDAP server is accessed via a JNDI LDAP provider
There are a number of configuration options for connecting to the
LDAP server, including:
java.naming.factory.initial: InitialContext factory to use
java.naming.provider.url: URL for LDAP server
java.naming.security.protocol: Protocol for secure access (e.g.
SSL)
java.naming.security.authentication: Security level to use
java.naming.security.credentials: Login credential (e.g.
password)
Authentication of a user is done by connecting to the LDAP server
using the configuration options above
26
chain for the corresponding public key
Trusted certificate entries: Contains a single public key certificate
belonging to another party
To support TLS/SSL/HTTPS on JBoss AS, you must set up a keystore with a public/private key pair
The -keystore and -storepass options can be used with most commands
Below are the defaults for various option values
-alias "mykey"
-keyalg "DSA"
-keysize 1024
-validity 90
-keystore the file named .keystore in the user's home directory
The RSA algorithm should be preferred as a secure algorithm, and this also ensures general
compatibility with other servers and components.
27
Partition a cluster by configuring different address (shown
later)
Only nodes with same address will cluster together
Default multicast address is 230.0.0.4
Multiple instances per machine (Sample cluster config)
Specify multicast address to partition (and port offset as
required)
JGroups
JBoss AS clustering is layered on top of JGroups
JGroups: Toolkit for reliable multicast communication
Provides channels for tracking cluster members and reliable messaging between members - the
basis of JBoss AS clustering
Clustering configuration includes JGroups configuration
Complex you generally don't modify it
Multicast address for partitioning can be done with system properties when starting the server
Usually the multicast configuration of your network is at the root of clustering problems
./standalone.sh-Djboss.default.multicast.address=230.0.0.41-c=standalone-ha.xml
JGroups Troubleshooting
For clustering problems, first test your IP multicast behavior
Network configuration is main cause of clustering problems
JGroups provides simple testing programs (not in EAP-see notes)
McastReceiverTest and McastSenderTest
To run, open two terminal windows in the folder:
<jboss>/modules/org/jgroups/main
Execute the following (one in each window)
java -cp jgroups-nnn.jar org.jgroups.tests.McastReceiverTest -mcast_addr
224.10.10.10 -port 5555
java -cp jgroups-nnn.jar org.jgroups.tests.McastSenderTest -mcast_addr
224.10.10.10 -port 5555
Use the actual jar name e.g. jgroups-3.0.6.Final.jar
mod_cluster Overview
mod_cluster lets the cluster dynamically send current configuration to the load balancer
Load balancer forwards requests to the appropriate server based on the current configuration
mod_cluster Advantages
Dynamic Configuration: No explicit (static) configuration of worker nodes, proxies, or apps
required
Workers communicate their state, deploy/undeploy of apps, etc.
httpd proxies advertise their presence to workers (see notes)
Can also configure httpd proxies statically
Server-Side Load Balance Calculations: Worker nodes provide load balance info and factors
More robust and accurate view than static configuration
28
Fine grained web-app lifecycle control: Worker nodes forward app lifecycle events to balancer
Allows much better handling of undeployments
AJP is optional: HTTP, HTTPS, or AJP are all supported
Can use any of these for httpd/node traffic - For SSL use see:
http://docs.jboss.org/mod_cluster/1.2.0/html/UsingSSL.html
<IfModule manager_module>
Listen 127.0.0.1:6666
ManagerBalancerName mycluster
<VirtualHost 127.0.0.1:6666>
<Location />
Order deny,allow
Deny from all
Allow from 127.0.0
</Location>
KeepAliveTimeout 300
MaxKeepAliveRequests 0
AdvertiseFrequency 5
EnableMCPMReceive
<Location /mod_cluster_manager>
SetHandler mod_cluster-manager
Order deny,allow
Deny from all
Allow from 127.0.0
</Location>
</VirtualHost>
</IfModule>
29
Domain Mode Overview
A managed domain lets you run / manage multiple servers
Coordinates management of a set of servers
Provides single, centralized management point
Addresses complexities of multi-server installations
Individual configuration inefficient
Individual management complex and error-prone
Adds additional management layer to handle configuration and lifecycle of server instances
Builds on capabilities/configuration we've already seen
Individual server configuration similar to standalone mode
Can be used for clusters or non-clustered servers
Not dependent on clustering - useful for any group of servers
30
<deployments>: Configures deployments to the server group
Tasks to Perform
To start using the domain-controller folder, you will use the
jboss.domain.base.dir system property as follows
Open a terminal/command window in <jboss>/bin
Use domain to start the DC (will use domain.xml and host.xml)
We show *nix (below) and Windows (at bottom) examples (AS 7.1)
Type these all on one line (they are broken up for space reasons)
The server should start up as the DC
Look at the console window for logging output - you'll see the
[HostController] logging output
Lab
domain -Djboss.domain.base.dir=C:\jboss-as-7.1.1.Final\domain-controller
./domain.sh
-Djboss.domain.base.dir=/usr/local/jboss-as-7.1.1.Final/domain-controller
Tuning Overview
JBoss can use significant resources in a number of areas
You should be aware of what resources are used, and their
optimizations to get the best response time / throughput
JBoss uses significant resources in the following areas:
CPU: A limited resource - once you reach 100% CPU utilization,
you can't do anything more
Memory: A limited resource. Though operating systems extend
physical memory with virtual memory, paging can cause
performance issues and should be minimized
Threads: A limited resource. Each thread uses memory for its
stack, and has overhead due to management by the OS
Network/Serialization: Network latency and overhead from
31
serialization can be significant
Locking: Shared resources may be locked, causing contention
32
You may need to tune GC if it becomes a bottleneck
Don't tune until you have some evidence that it's needed
Modern JVMs use generational garbage collection
Because objects have a high infant mortality - newly allocated objects much more likely to be
reclaimed than older ones
Newly allocated objects are stored in a separate space (called Eden) than older objects (called
Tenured)
33
generation objects in parallel - it maximizes
throughput
Used when -XX:+UseParallelOldGC is
passed on command line
Uses parallel version of "Stop-theworld"
young generation serial
collector (shown at right)
Uses compacting three-phase
parallel collection on old generation
Designed to improve on and replace previous
parallel collectors
Other GC choices
Concurrent low pause collector collects the tenured generation
concurrently with application execution
Minimize pauses rather than maximizing throughput - for apps more
sensitive to pauses than dependent on high throughput
Used when -XX:+UseConcMarkSweepGC passed on command line
The Garbage-First (G1) collector - targeted at multi-processor
machines with large memories - high throughput, low pause times
Datasource Tuning
Datasources in JBoss provide elements for tuning the connection pool, including:
min-pool-size: the minimum number of connections in the pool
max-pool-size: the strict maximum size of the pool
blocking-timeout-wait-millis: maximum time to block while waiting for connection before throwing
exception
idle-timout-minutes: the length of time an idle connection will remain in the pool before it is
removed
You can tune these as appropriate for your system (see notes)
You can also configure a transaction isolation for a datasource
All connections will have the configured isolation level
Don't use XA datasources unless you really need them
They are considerably slower than non-XA versions
34
Thread pool of same name (http-executor) is used (see bottom)
Most important values: core-threads and max-threads
Too low a value means requests will idle waiting for thread
Too high a value will use extra resources
Need to understand how the executor threads are being used
Can monitor threads with a tool like JConsole
Make sure they're not blocked waiting for another resource (DB)
Logging
Logging, especially to the console, can slow things down
Can remove the console logging in the <root-logger> element in the logging subsystem, as
shown below
Can also modify the logging levels that are used
AS 7 comes configured to log at INFO level
Can change this to a higher level (e.g. WARN) - see below
Remember, you can always switch to another level at runtime
Developers should use logging, not print to the console
35