Administering Apache Geronimo 2.x
Download
Report
Transcript Administering Apache Geronimo 2.x
Administering Apache
Geronimo 2.x
Vamsavardhana Reddy Chillakuru
a.k.a. Vamsi
[email protected]
[email protected]
Who am I?
• Committer and Member of Apache
Geronimo PMC
• Involved with ASF since 2005
• Over 11 years experience in software
development
• Advisory Software Engineer at IBM
• Employed with IBM India since 1996
11-Apr-2008
Administering Apache Geronimo
2.x
2
Geronimo in the making
That’s my son Susanth helping me with Geronimo
11-Apr-2008
Administering Apache Geronimo
2.x
3
Agenda
•
•
•
•
•
•
Introduction to Geronimo
Securing Geronimo
Administration Tasks
Multiple Server Instances
Summary
Q&A
11-Apr-2008
Administering Apache Geronimo
2.x
4
Agenda
•
•
•
•
•
•
Introduction to Geronimo
Securing Geronimo
Administration Tasks
Multiple Server Instances
Summary
Q&A
11-Apr-2008
Administering Apache Geronimo
2.x
5
Introduction to Geronimo
• J2EE/Java EE Application Server from
Apache Software Foundation
• Brings together the best-of-breed
technologies from open source to support
J2EE/Java EE
• Small foot print/Highly customizable
• Ease of use is – foremost guiding principle
• V2.1 Java EE 5 Certified – Feb/2008
11-Apr-2008
Administering Apache Geronimo
2.x
6
Geronimo History and
Progress
August
2003
Oct
2005
Jan June Sep
2006 2006 2006
11-Apr-2008
Jun Aug Oct Feb In Plan
2007 2007 2007 2008
Administering Apache Geronimo
2.x
7
Geronimo Architecture
• GBeans are the building blocks
– E.g. Containers, Connectors, Servlets…
• Geronimo Kernel
– A container for GBeans
– Based on Inversion-of-Control/Dependency Injection
– Provides Life Cycle management for GBeans
• Loosely coupled system
– Start/stop/remove components on the fly
– Integrate new components on the fly
• Plugins
– Directory Server, Roller and many other
11-Apr-2008
Administering Apache Geronimo
2.x
8
Geronimo Architecture
*Ref: http://www.ibm.com/developerworks/library/os-ag-deploy/
11-Apr-2008
Administering Apache Geronimo
2.x
9
What it contains?
•
•
•
•
•
•
•
•
•
•
Apache Tomcat
Jetty (Mort Bay)
Apache Derby
Apache OpenEJB
Apache ActiveMQ
Apache OpenJPA
Apache Axis
Apache Axis2
Apache CXF
Apache Yoko
11-Apr-2008
• Apache Commons
• Apache jUDDI
• Apache Log4J
• HOWL
• TRANQL
• Castor
• WADI
• CGLIB
And many more…
Administering Apache Geronimo
2.x
10
What’s new in 2.1?
• Servers assembled out of plugins
• Custom server assemblies
– Assemble a server feature
•
•
•
•
Flexible admin console
Monitoring Console
GShell
WADI Clustering Support for Tomcat
11-Apr-2008
Administering Apache Geronimo
2.x
11
How to get involved?
• Geronimo project web site
– http://geronimo.apache.org/
• Mailing lists
– [email protected]
– [email protected]
• Wiki
– http://cwiki.apache.org/geronimo/
11-Apr-2008
Administering Apache Geronimo
2.x
12
Geronimo Installation
• http://geronimo.apache.org/downloads.html
• Geronimo Tomcat or Geronimo Jetty
distributions
• Extract the archive to any directory
– On windows, use a short directory name
(for e.g. C:\ or C:\g) to avoid long-path
problems.
11-Apr-2008
Administering Apache Geronimo
2.x
13
Geronimo Startup/Shutdown
• Requires Sun J2SE 5.0 JDK/JRE
• Environment variables
– JAVA_HOME/JRE_HOME
– GERONIMO_OPTS
– JAVA_OPTS
• Run the server
– <g_home>/bin/geronimo start
– <g_home>/bin/geronimo jpda run
• Stop the server
– Control+C in server console
– <g_home>/bin/shutdown
11-Apr-2008
Administering Apache Geronimo
2.x
14
11-Apr-2008
Administering Apache Geronimo
2.x
15
Administration Console
•
•
•
•
Web-based, Convenient, user-friendly
Based on Apache Pluto (JSR-168)
Access at http://localhost:8080/console
Portlets for administration
– Web Server, JMS Server, JMS Resources, DB Manager,
Database Pools
– Application portlets – Deploy New, Web App WARs, Plan
Creator etc..
– Security Realms, Keystores
• Portlets for monitoring server status
– Information, Java System Info, Server Logs, Monitoring,
etc.
• Don’t forget the Help view in the portlets
11-Apr-2008
Administering Apache Geronimo
2.x
16
11-Apr-2008
Administering Apache Geronimo
2.x
17
Agenda
•
•
•
•
•
•
•
Introduction to Geronimo
Geronimo Console
Securing Geronimo
Administration Tasks
Multiple Server Instances
Do’s & Don’ts
Q&A
11-Apr-2008
Administering Apache Geronimo
2.x
18
Geronimo directory structure
+-bin
|-deploy
|-etc
|-lib
|-repository
|-schema
|-var
+-config
|-derby
|-security
|-shared
11-Apr-2008
+-i1=instance-name
+-deploy
+-var
+-config
|-derby
|-security
| +-keystores
|-shared
+-classes
|-lib
Administering Apache Geronimo
2.x
19
Important configuration files
• Located in <g_home>/var/config
• config.xml
– Overridden GBean attributes
– New GBeans and configurations
• config-substitutions.properties
– Properties used in confg.xml
• artifact_aliases.properties
– Substitute one artifact for another
11-Apr-2008
Administering Apache Geronimo
2.x
20
Replace Default Realm
• Default security realm - geronimo-admin
– Used by JMX server, Admin Console, Online-deployer,
MEJB application
• Change default credentials
– Edit var/security/users.properties
– Users and Groups portlet
• Replace default realm
– Deploy desired realm with name geronimo-admin
• Database or LDAP Realm recommended for production
– Delete the realm gbean in server-security-config
11-Apr-2008
Administering Apache Geronimo
2.x
21
Protecting passwords
• Pluggable Encryption Mechanism
<gbean name="org.apache.geronimo.configs/rminaming/2.1/car?name=ConfiguredEncryption,
j2eeType=GBean"
gbeanInfo="o.a.g.system.util.ConfiguredEncryption">
<attribute name="path">
var/security/ConfiguredSecretKey.ser
</attribute>
<reference name="ServerInfo">
<pattern><name>ServerInfo</name></pattern>
</reference>
</gbean>
11-Apr-2008
Administering Apache Geronimo
2.x
22
Securing Derby
• <g_home>/var/derby/derby.properties
derby.connection.requireAuthentication=true
derby.authentication.provider=BUILTIN
derby.user.userName1=password1
derby.user.userName2=password2
• Other authentication methods
– LDAP, application-defined
– o.a.d.authentication.UserAuthenticator
• Users at database level too
• http://db.apache.org/derby/binaries/jtaWE15.pdf
11-Apr-2008
Administering Apache Geronimo
2.x
23
Update database pools
• Update credentials used by database pools
– Using Admin Console
• Update before enabling Derby security. Otherwise
Geronimo server will not start.
– By editing config.xml (xml shown next)
– Database pools to update
•
•
•
•
•
•
•
MonitoringClientDS
NoTxDatasource
SystemDatasource
jdbc/ActiveDS
jdbc/ArchiveDS
jdbc/juddiDB
Any other database pools that use Embedded Derby
11-Apr-2008
Administering Apache Geronimo
2.x
24
Update DB pools - config.xml
<module name="org.apache.geronimo.configs/systemdatabase/2.1/car">
<gbean name="o.a.g.c/systemdatabase/2.1/car?...,name=SystemDatasource">
<attribute name="UserName">userName1</attribute>
<attribute name="Password">password1</attribute>
</gbean>
<gbean name="o.a.g.c/system-database/2.1/car?...,
name=NoTxDatasource">
<attribute name="UserName">userName1</attribute>
<attribute name="Password">password1</attribute>
</gbean>
</module>
11-Apr-2008
Administering Apache Geronimo
2.x
25
Agenda
•
•
•
•
•
•
Introduction to Geronimo
Securing Geronimo
Administration Tasks
Multiple Server Instances
Summary
Q&A
11-Apr-2008
Administering Apache Geronimo
2.x
26
A typical scenario
•
•
•
•
•
•
•
•
Setup the web server
Create user database and DB Pools
Create Security Realms
Create JMS Factories and Queues
Deploy Applications
Manage Applications
Server Logs
Monitoring
11-Apr-2008
Administering Apache Geronimo
2.x
27
Administering Tomcat
• WebServers portlet for connectors
– Connector protocol: HTTP, HTTPS, AJP
– BIO/NIO/APR
– add/delete/edit/stop/start/restart
• Configuring HTTPS
– Server Authentication only
– ClientAuth
11-Apr-2008
Administering Apache Geronimo
2.x
28
Virtual hosts
• Add HostGBeans to Tomcat config
• Specify virtual host in deployment
plan
<container-config>
<tomcat>
<host>virtualhost1.com</host>
</tomcat>
</container-config>
11-Apr-2008
Administering Apache Geronimo
2.x
29
Single Sign-On
• Login to one application maintains
login across all applications on the
server
• Create a SingleSignOn valve and
connect to the valve chain
– Edit config.xml
11-Apr-2008
Administering Apache Geronimo
2.x
30
Managing Keystores
•
•
•
•
•
•
•
Add keystores
Lock/unlock keystores
Create/delete private keys
Change keystore/key passwords
Add/delete trust certificates
Manage private keys/certificates
Support for all keystore types in v2.1
11-Apr-2008
Administering Apache Geronimo
2.x
31
Administering Derby
• DB Info portlet
• DB Manager portlet
– Create/delete databases
– View tables, table content
– Run SQL
• Derby Log Viewer portlet
11-Apr-2008
Administering Apache Geronimo
2.x
32
Database Pools
• Database pools portlet
– Create/edit database pool
• J2EE Connectors portlet
– Stop/start/delete connector
configurations
11-Apr-2008
Administering Apache Geronimo
2.x
33
Security Realms
• Add security realms
– Properties File Realm
– Database (SQL) Realm
– LDAP Realm
– Custom Realm
• Edit security realms
• Configure Auditing, Lockout
11-Apr-2008
Administering Apache Geronimo
2.x
34
Administering ActiveMQ
• JMS Server portlet
– Add/delete/start/stop connectors
– Stopped connectors started at next run
• JMS Resources portlet
– Add connection factories, queues, topics
for ActiveMQ or any other JMS provider
• J2EE Connectors portlet
– Stop/start/delete connector configs
11-Apr-2008
Administering Apache Geronimo
2.x
35
Deploy Applications
• Command Line Deployer
– bin\deploy
– Offline deployment: bin\deploy -o
– inPlace deployment
– Deploy to different target stores
– Start/stop/restart/deploy/undeploy …
• Deploy New portlet
– Deploy and redeploy operations only
11-Apr-2008
Administering Apache Geronimo
2.x
36
Deploy Applications (contd.)
• Hot deployer
– Copy to <g_home>/deploy directory
– Plan should be part of archive
• Plan Creator
– Lets you create a deployment plan in a
series of steps.
– Web Apps only as of v2.1
– EJB, EAR etc under development
11-Apr-2008
Administering Apache Geronimo
2.x
37
Manage Applications
•
•
•
•
•
•
System Modules portlet
Web App WARs portlet
EJB Jars portlet
Application EARs portlet
App Clients
J2EE Connectors
11-Apr-2008
Administering Apache Geronimo
2.x
38
Logging
• var/log/server-log4j.properties
– org.apache.geronimo.log.ConsoleLogLe
vel system property to change console
log level
– org.apache.geronimo.log4jservice.config
uration to change the default config file
• ServerLogs portlet
– Update config file temporarily
11-Apr-2008
Administering Apache Geronimo
2.x
39
Web Access logs
• Server Logs–Web Access Log Viewer
• Log rotation – rotated daily
– NOTE: Logs not deleted by Geronimo
• Changing log configuration
<gbean name="AccessLogValve">
<attribute
name="initParams">prefix=${ServerHostname}_access_log.
suffix=.txt
pattern=common
fileDateFormat=yyyy-MM</attribute>
</gbean>
11-Apr-2008
Administering Apache Geronimo
2.x
40
Monitoring
• Servers - Local and remote servers
– EJB and JMX protocols
• Graphs
– Select MBean and statistic
– Based on two statistics from the MBean
• Views
– Compose multiple graphs into views
11-Apr-2008
Administering Apache Geronimo
2.x
41
Debug Views
•
•
•
•
•
JMX Viewer
LDAP Viewer
ClassLoader Viewer
JNDI Viewer
Dependency Viewer
11-Apr-2008
Administering Apache Geronimo
2.x
42
Plugins
• Plugins portlet
– Add plugin repositories
– Search for plugins
– Install plugins
– Export config as plugin
– Assemble a server
• Command Line Deployer
– Search-plugins
11-Apr-2008
Administering Apache Geronimo
2.x
43
Agenda
•
•
•
•
•
•
Introduction to Geronimo
Securing Geronimo
Administration Tasks
Multiple Server Instances
Summary
Q&A
11-Apr-2008
Administering Apache Geronimo
2.x
44
Running multiple instances
• Shared directories
– bin, lib, repository
• Instance home <inst_home> directory
– Create <g_home>/<inst_name> dir
– Copy <g_home>/var to <inst_home>/var
• Change PortOffset to resolve port conflicts
– <inst_home>/var/config/configsubstitutions.properties
• Set org.apache.geronimo.server.name
system property.
– Use GERONIMO_OPTS
11-Apr-2008
Administering Apache Geronimo
2.x
45
Geronimo directory structure
+-bin
|-deploy
|-etc
|-lib
|-repository
|-schema
|-var
+-config
|-derby
|-security
|-shared
11-Apr-2008
+-i1=instance-name
+-deploy
+-var
+-config
|-derby
|-security
| +-keystores
|-shared
+-classes
|-lib
Administering Apache Geronimo
2.x
46
Deploying to an instance
• Offline Deployment
– org.apache.geronimo.server.name property
with GERONIMO_OPTS
• Online deployment
– Host and port deployer options
– Deploy New portlet
• Deploy to specific target config stores
– target deployer option
– bin/deploy list-targets
11-Apr-2008
Administering Apache Geronimo
2.x
47
Individual Repositories
•
•
•
•
Maven2Repository GBean
RepositoryConfigurationStore GBean
Deploy to the specific instance
Use target option to deploy to the new
store.
11-Apr-2008
Administering Apache Geronimo
2.x
48
New Repository – plan.xml
<!--Repository-->
<gbean name="newRepo"
class="org.apache.geronimo.system.repository.Maven
2Repository">
<attribute name="resolveToServer">true</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
</gbean>
<!--Configuration Store service-->
<gbean name="Local2"
class="org.apache.geronimo.system.configuration.
RepositoryConfigurationStore">
<reference name="Repository"><name>newRepo</name>
</reference>
</gbean>
11-Apr-2008
Administering Apache Geronimo
2.x
49
Agenda
•
•
•
•
•
•
Introduction to Geronimo
Securing Geronimo
Administration Tasks
Multiple Server Instances
Summary
Q&A
11-Apr-2008
Administering Apache Geronimo
2.x
50
Summary
•
•
•
•
•
•
•
•
Introduction to Geronimo
Replace default-realm
Protect passwords
Enable Derby security
Secure default keystore
Administration Console for most tasks
config.xml to add new GBeans
Running multiple server instances
11-Apr-2008
Administering Apache Geronimo
2.x
51
Do’s
•
•
•
•
Secure <g_home>
Use Database/LDAP realm
Use digested passwords
Use schema names with table names
– E.g. AUTH.USERTABLE
• Use config-substitutions.properties for
attribute values in config.xml
11-Apr-2008
Administering Apache Geronimo
2.x
52
Don’ts
• Do not enable logging to console
when running in background in Linux
• Do not direct console output to file
• Do not use passwords in the
command line with
– bin\deploy
– bin\shutdown
11-Apr-2008
Administering Apache Geronimo
2.x
53
Agenda
•
•
•
•
•
•
Introduction to Geronimo
Securing Geronimo
Administration Tasks
Multiple Server Instances
Summary
Q&A
11-Apr-2008
Administering Apache Geronimo
2.x
54
Administering Apache
Geronimo 2.x
Q&A
Question/Comments?
Vamsi
[email protected]
[email protected]
11-Apr-2008
Administering Apache Geronimo
2.x
55
Resources
• http://geronimo.apache.org
• http://cwiki.apache.org/geronimo/
• Geronimo Mailing lists
– [email protected]
– [email protected]
• IBM developerWorks
– http://www.ibm.com/developerworks/ope
nsource/top-projects/geronimo.html
11-Apr-2008
Administering Apache Geronimo
2.x
56
Thank you
11-Apr-2008
Administering Apache Geronimo
2.x
57