Jboss

 

HP-UX Open Source Reference Architecture (OSRA) 2.1 for Web Services Configuration Guide HP-UX HP-U X 11i v1 v1,, HP-UX HP-UX 11i v2

HP Part Number: N umber: 5991-7 -7640 640 Published: March 2007 2007

 

© Copyright 2007 Hewlett-Packard Development Company, Company, L.P. L.P. Confide Con fidenti ntial al computersoftwa computersoftware. re. Valid alid license license fromHP requiredfor requiredfor possessi possession, on, use or copying copying.. Consist Consistent ent withFAR12.211and 12.212, 12.212, Commerci Commercial al Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendo vendor'sstand r'sstandardcomme ardcommerci rcial al lic licens ense. e. Theinformati Theinformation on contai containedherei nedherein n is subjec subjectt to changewitho changewithout ut notice notice.. Theonly wa warra rranti nties es for HP produc products ts and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. UNIX is a registered trademark of The Open Group.  Java™ is a US trademark of Sun Microsystems, Inc This product includes software developed by the Apache Software Foundation. This documentation is based on information from the Apache SoftwareFoundation SoftwareFoundati on (http://www.apache.org ) This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit ( http://www.openssl.org ).

 

Table of Contents  About This Document............ ......................... .......................... ........................... ........................... .......................... .......................... ......................... ............11 1 Overview............. .......................... .......................... .......................... .......................... .......................... ........................... ........................... .......................... ...............15 Benefits............................... Benefits....... ................................................ ................................................ ................................................ ................................................ ...........................................1 ...................155 Architecture..................... Architectur e............................................. ................................................ ................................................ ................................................ .............................................1 .....................155 Comp Componen onents.......... ts.................................. ................................................ ................................................ ................................16 ........16 HP-UX 11i Web................................................ Server Suite ................................................ ...........................................................................................................16 Secure Web Server Platform............................................................................................................17  Java and Scripting Languages...... Languages.......... ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ .......17 ...17  JBoss Enterprise Middleware...... Middleware.......... ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ....17 17 Databa Dat abase se Ser Server ver...................... .............................................. ................................................ ................................................ ................................................ .................................18 .........18 Directo Dir ectory ry Ser Server ver...................... .............................................. ................................................ ................................................ ................................................ .................................18 .........18 Security....................... Security ............................................... ................................................ ................................................ ................................................ .............................................1 .....................188

2 Configuration and Integration............. .......................... .......................... .......................... .......................... .......................... ................... ......19 Install Paths and Disk Space.................................................................................................................19 Install Ins talling ing JBo JBoss ss AS... AS........................... ................................................ ................................................ ................................................ ................................................ .............................20 .....20 Installing From the zip File..............................................................................................................20 Installing From the GUI Installer....................................................................................................21 Verifying JBoss AS Installation........................................................................................................21 Removing JBoss AS Components....................................................................................................22 General Configuration Information......................................................................................................23  JBoss AS Basic Configuration...... Configuration......... ....... ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ......26 ..26  JBoss AS Startup Configuration Files... Files....... ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ .......26 ...26 Running JBoss AS With a Different User Name..............................................................................26 Setting the Java Memory Allocation Pool Size................................................................................27 Configure the Oracle Data Source for JBoss....................................................................................27 MySQL Integration with JBoss AS..................................................................................................28 Red Hat Directory Server Setup............................................................................................................30 Verify Directory Operation..............................................................................................................37 Add and Verify Directory Entries...................................................................................................37 Integrating JBoss AS and LDAP...........................................................................................................40 Configuring JBoss to Use LDAP......................................................................................................40 Create or Update Users and Roles in the LDAP Directory.............................................................40 Configure the Application Security Characteristics........................................................................42 Integrating the Web Server to Use LDAP.............................................................................................45 Running Multiple JBoss AS Instances on the Same Server...................................................................46

3 Load Balancing and Cluster Configuration........... ......................... ........................... .......................... ......................... ............49 Web Ser Service vicess Ses Sessio sions.. ns.......................... ................................................ ................................................ ................................................ ................................................ .........................49 .49 Sessio Ses sion n Sta State te Rep Replic licati ation.... on............................ ................................................ ................................................ ................................................ .....................................49 .............49 Session Replication in Tomcat.........................................................................................................50  JBoss AS Clustering..... Clustering......... ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ........ ....50 50 Integrating the Web Server and JBoss AS.............................................................................................50 Content Directed Directed Content Integration...........................................................................................................51 Apache Integration.............................................................................................52 Horizontal Scaling of Web and Application Servers............................................................................52 Hardware Load Balancing...............................................................................................................53 Tab able le of Co Cont nten ents ts

3

 

Domain Name System (DNS) Round-Robin Load Balancing.........................................................53 Load Balancing With Apache mod_jk.............................................................................................55 DNS Load Balancing Configuration Example................................................................................55 Configure named With the Virtual Server Hostname...............................................................56 Configure the DNS Cache TTL Value........................................................................................58 Disable the Java DNS Cache.......................................................................................................59 Using DNS Round Robin With JBoss AS...................................................................................59 Apache mod_jk Configuration Example.........................................................................................59 Configuring the Web Server and mod_jk...................................................................................59 Configuring JBoss AS and mod_jk.............................................................................................60

4

Tab able le of Co Cont nten ents ts

 

List of Figures 1-1 2-1 2-2 2-3 2-4 2-5 2-6

HPHP-UX UX OSR OSRA A for Web Ser Servic vices: es: Arc Archit hitect ectura urall Ove Overvi rview.... ew............................ ................................................ .................................15 .........15 Welc elcome ome Scr Screen een........................ ................................................ ................................................ ................................................ ................................................ .............................30 .....30 Lic Licens ensee Scr Screen een....................... ............................................... ................................................ ................................................ ................................................ .................................31 .........31 Ins Instal tallat lation ion Type ype....................... ............................................... ................................................ ................................................ ................................................ .............................31 .....31 Dom Domain ain Nam Name............... e....................................... ................................................ ................................................ ................................................ .........................................3 .................322 Use Userr and Gro Group.... up............................ ................................................ ................................................ ................................................ ................................................ .........................32 .32 Sta Standa ndalon lonee Ser Server ver..................... ............................................. ................................................ ................................................ ................................................ .............................33 .....33

2-7 2-8 2-9 2-100 2-1 2-111 2-1 2-122 2-1 2-133 2-1 2-144 2-1 2-155 2-1 2-166 2-1 3-1 3-2 3-3

Dir Direct ectory ory Ser Server ver Dat Dataa Sto Store...... re.............................. ................................................ ................................................ ................................................ .............................33 .....33 Net Netwo work rk Port Nu Numbe mber.............. r...................................... ................................................ ................................................ ................................................ .............................34 .....34 Uni Unique que Ide Identi ntifie fier.............. r...................................... ................................................ ................................................ ................................................ .....................................34 .............34 Adm Adminis inistra trator tor Nam Namee and Pa Passw ssword ord...................... .............................................. ................................................ .............................................3 .....................344 Dir Direct ectory ory Suf Suffix fix...................... .............................................. ................................................ ................................................ ................................................ .............................35 .....35 Dir Direct ectory ory Man Manage ager............. r..................................... ................................................ ................................................ ................................................ .................................35 .........35 Adm Adminis inistra tratio tion n Dom Domain ain..................... ............................................. ................................................ ................................................ .........................................3 .................355 Adm Adminis inistra tratio tion n Ser Server ver Net Netwo work rk Po Port......... rt................................. ................................................ ................................................ .................................36 .........36 Adm Adminis inistra tratio tion n Ser Server ver Use User............... r....................................... ................................................ ................................................ .........................................3 .................366 Red Hat Dir Direct ectory ory Ser Serve verr Sta Startu rtup.............. p...................................... ................................................ ................................................ .................................37 .........37 Co Conte ntent nt Dir Direct ected ed Int Integr egrati ation.... on............................ ................................................ ................................................ ................................................ .............................51 .....51 Apa Apache che Dir Direct ected ed Int Integr egrati ation.... on............................ ................................................ ................................................ ................................................ .............................52 .....52 Har Hardw dware are Loa Load d Bal Balanc ancing ing........................ ................................................ ................................................ ................................................ .....................................53 .............53

3-4 3-5

DNS Load d Bal Balanc ancing ing..................... ................................................ ................................................ ................................................ .........................54 .54 Loa Load d Loa Bal Balanc ancing ing Wi With th............................................. mod mod_jk _jk....................... ............................................... ................................................ ................................................ .................................55 .........55

5

 

6

 

List of Tables 1-1 2-1

HPHP-UX UX OSR OSRA A 2.1 Com Compon ponent ent Inf Inform ormati ation.. on.......................... ................................................ ................................................ .................................16 .........16 Ins Instal talll P Path ath and Dis Disk kS Spac pacee Us Used ed b by yH HP-U P-UX XO OSRA SRA 2.1 Com Compon ponent ents......... s................................. .................................19 .........19

7

 

8

 

List of Examples 2-1 /etc/rc.config.d/jboss File......................................................................................................................26

9

 

10

 

 About This Document This doc This docume ument nt des descri cribes bes the fea featur tures es pro provide vided d by the HPHP-UX UX Open OpenSou Source rce Refere Reference nce Arc Archite hitectu cture re (OSRA) 2.1 for Web Services on HP-UX 11i v1 and v2 platforms. In addition, the document identifies components that are commonly integrated and provides useful examples on how to integrate them. You can find the latest version of this document at the HP Technical Documentation website, at: http://docs.hp.com/en/internet.html#OSRA/Web%20Services

Intended Audience This doc This docume ument nt is int intend ended ed for sys system tem adm admini inistr strato ators rs res respon ponsib sible le for instal installin ling, g, con config figuri uring ng,, and managi man aging ng the HP HP-UX -UX OSR OSRA A for Web Ser Servic vices es com compon ponent ent pro produc ducts. ts. Adm Admini inistr strato ators rs are expe expecte cted d to have knowledge of operating system concepts, commands, and configuration. It is helpful to have knowledge of the Open Source products defined by HP-UX OSRA. This do This docu cume ment nt is no nott a tu tuto toria rial, l, bu butt it is in inte tend nded ed to provid providee th thee rea reader der wi with th a bet bette terr un unde ders rsta tand ndin ing g of how the HP-UX OSRA components integrate with each other and with the HP-UX operating system.

New and Changed Information in This Edition This guide has been updated to include HP-UX OSRA 2.1 information. This update includes the addition of the HP-UX 11i Protected Systems Web Server product, reflects a name change to the MySQL Enterprise Database server component (formerly called MySQL Pro Certified Database Server). and other minor improvements.  only components NOTE:   Starting with the HP-UX OSRA 2.0 release, HP-UX OSRA contains contains only  components that are delivered and supported by HP– either bundled with HP-UX or available with HP subscriptions. HP-UX OSRA 2.0, and later, does not include community supported components. Community supported components continue to be available in the HP-UX Internet Express Open Source  bundles.  bundle s. The HP-UX Intern Internet et Expres Expresss bundle bundless are located under the “Secu “Security rity and Manage Manageability ability”” heading at  at  http://www.software.hp.com http://www.software.hp.com..

HP-UX Release Name and Release Identifier Each HP-UX 11i release has an associated release name and release identifier. The uname -r comman com mand d ret return urnss the rel releas easee ide identi ntifie fierr. The fol follow lowing ing tab table le lis lists ts the rel releas eases es av avail ailable able for HP-UX HP-UX 11i: Release Identifier 

Release Name

Supported System

B.11.11

HP-UX 11i Version 1

HP 9000

B.11.23

HP-UX 11i Version 2

HP 9000 and HP Integrity

B.11.31

HP-UX 11i Version 3

HP 9000 and HP Integrity

11

 

Document Organization This document is organized in the following chapters: Chapter 

Description

Chapter 1 (page 15)

This chapter provides summary information about the features and components of HP-UX OSRA 2.1.

Chapter 2 (page 19)

This chapter explains how to plan for and execute the integration and basic configuration of the HP-UX OSRA 2.1 components.

Chapter 3 (page 49)

This chapter provides information balancing and cluster configuration of the HP-UX OSRA on 2.1 load components.

Typographic Conventions This document uses the following typographical conventions: % , $ , or #

 

audit((5) audit   Command Computer output

 

A percent sign represents the C shell system prompt. A dollar sign represents the system prompt for the Bourne, Korn, and POSIX shells. A number sign represents the superuser prompt. A manpage. The manpage name is audit  audit , , and it is located in Section 5. A command name or qualified command phrase. Text displayed by the computer computer..

A keyhold sequence. sequence such as  Ctrl+x you must down A the key labeled  while  indicates you press that another  Ctrl key or mouse button. ENVI EN VIRO RONME NMENT NT VA VARI RIAB ABLE LE   The name of an environment variable, for example, PATH PATH.. [ERROR NAME]   The name of an error, usually returned in the errno  variable. errno variable. Key   The name of a keyboard key key.. Return and Enter  both  both refer to the same key. Term   The defined use of an important word or phrase.   Commands and other text that you type. User input   The name of a placeholder in a command, function, or other Variable syntax display that you replace with an actual value. [] The contents are optional in syntax. If the contents are a list separated by |, you must choose one of the items. {} The contents are required in syntax. If the contents are a list separated by |, you must choose one of the items. ... The preceding element can be repeated an arbitrary number of times.  Indicates the continuation of a code example. | Separates items in a list of choices. WARNING A warning calls atte ten ntio ion n to important informati tio on that if not understood or followed will result in personal injury or nonrecoverable system problems. CAUTION A caution calls attention to importa tan nt informatio ion n th thaat if not understood or followed will result in data loss, data corruption, or damage to hardware or software. Ctrl+x

IMPO IM PORT RTAN ANT T NOTE

12

About About Thi Thiss Doc Docum ument ent

 

Th This is aler alertt pr pro ovi vide dess ess essen enti tial al info inform rmat atio ion n to expl explai ain n a co conc ncep eptt or to complete a task A note contains additional information to emphasize or supplement important points of the main text.

 

Related Inform Information ation Documentation for HP-UX OSRA “bundled” components is available, by component, from http://www.docs.hp.com.. For HP-UX OSRA “subscription” components work with your HP http://www.docs.hp.com Suppor Sup portt rep repres resent entativ ativee or ref refer er to the res respec pectiv tivee Ope Open n Sou Source rce ven vendor dors' s' doc docume umenta ntatio tion n we web b sit sites. es.

Publishing Pu blishing History The following table lists the publication history of this document. You can find the latest version of this document on line at: http://docs.hp.com/en/internet.html#OSRA/Web%20Services. http://docs.hp.com/en/internet.html#OSRA/Web%20Services. Manufacturing Part Number  Title

Supported Operating Systems

Publication Date

5991–7640

HP-UX Open Source HP-UX 11i v1 Reference Architecture HP-UX 11i v2 (OSRA) (OS RA) 2.1 for forW Web Serv Service icess Configuration Guide

 March 2007

5991–5939

HP-UX Open Source HP-UX 11i v1 Reference Architecture HP-UX 11i v2 (OSRA) (OS RA) 2.0 for forW Web Serv Service icess Configuration Guide

 August 2006

5991–2681

HP-UX 11i v1 HP-UX Open Source Reference Architecture for HP-UX 11i v2 Web Service Servicess Configu Configuration ration Guide

 April 2006

HP Encourages Your Comments HP encourages your comments concerning this document. We are committed to providing documentation that meets your needs. Send comments to: [email protected] Include the document title, manufacturing part number, and any comment, error found, or suggestion for improvement you have concerning this document.

13

 

14

 

1 Overview HP-UX OSR HP-UX OSRA A def define iness the se sett of ope open n sour source ce mid middle dlew ware are,, net netwo worki rking ng,, and ma manag nageme ement nt so softw ftware are fo forr HP HP-UX -UX that that en enab ables les a succ succes essf sful ul we web b se servi rvice cess so solu lutio tion n dep deploy loyme ment. nt. All HP HP-U -UX X OS OSRA RA so softw ftwar aree is delivered and fully-supported by HP. HP-UX OSRA is part of the HP Open Source Integrated Portfolio which includes consulting, integration, and support services.This chapter provides an overview of HP-UX OSRA and describes the Open Source components that make up the architecture. This chapter addresses the following topics: • • •

Benefits Ar Arch chit itec ectu ture re Comp mpon onen ents ts

Benefits HP-UX OSRA helps you lower costs and reduce the risks associated with using open source software by providing: •   Support: HP offer offerss a sing single le sour source ce for for suppo support. rt. All HP HP-UX -UX OSR OSRA A so softw ftware are is fully fully suppo supporte rted. d. •   Flexibility: Use the com complet pletee set of OSR OSRA A com compon ponent ents, s, or ind indivi ividua duall com compon ponent ents. s. Int Integr egrate ate with commercial or other open source software. •   Proven Reliability: HP-UX is a proven, highly available base for deploying your solutions. •   Value-added alue-added Features: HP HP-UX -UX off offers ers man many y add additi ition onal al pro produ ducts cts in the are areas as of vir virtu tuali aliza zatio tion, n, manageability, and security, which can help lower your overall costs. •   Selection: HP-UX OSRA components have been pre-selected to provide an integrated set of complementary open source software needed to deploy web services on HP-UX.

 Architectur  Ar chitecturee The following figure provides an architectural overview of HP-UX OSRA.

Figure 1-1 HP-UX OSRA for for W Web eb Services: Architectural Overview  Application 1

 Application 2

 Additionall  Additiona  Web Service Service Products:

Internet Express:  Ant, Eclipse, Eclipse, Python, Struts, XDoclet, and more..

OpenView:  OpenView:  Smart Plug-in for JBoss AS

 JBoss: Subscription for full JEMS Suite

Application 3

Application 4

Related Products & Services: Services:

OSRA

 Web Server: Server:  Apache & Tomcat

Database: MySQL

Secure Web Services  Platform: HP-UX 11i Protected Systems  Web Server

Directory Server: Redhat Directory Server, OpenLDAP

 Application  Applica tion Server:  JBoss Application Server,  JBoss Cluster, Hibernate System &  Network Security: HP-UX Bastille, HP-UX IPFilter, HP-UX Secure Shell, OpenSSL, HP-UX 11i Security

 Java , Perl Perl,, PHP PHP

 Availability:  Availabilit y: HP Serviceguard

LDAP: LDAP-UX Integration

Consulting: HP Software Consulting

HP-UX 11.23 and 11.11 Hardware (Integrity and PA-RISC platforms)

Bene Benefi fits ts

15

 

The foundation for the HP-UX OSRA components is the HP-UX 11i Operating System on HP Integrity and PA-RISC servers. As shown in Figure in Figure 1-1 , HP also offers complimentary security products, management products and high availability products, that add additional value to the HP-UX OSRA architecture.

Components HP-UX OS HP-UX OSRA RA pro produ ducts cts en enabl ablee you you to bu build ild and dep deploy loy ope open n so sourc urcee bas based ed we web b servi services ces so solu lutio tions ns.. This guide describes how to integrate combinations of these open source products, which have  been selected and tested for interoperability interoperability.. The following table lists the components defined  by HP-UX OSRA 2.1. For the most current versions of the components refer to HP-UX to HP-UX OSRA for Web Services on Services  on HP's Software Depot.

Table 1-1 HP-UX O OSRA SRA 2.1 2.1 Component Information HP-UX OSRA 2.1 Components

Delivery/Support *

HP-UX 11i Web Server Suite Suite:: Tomcat Web Web Servlet Engine

Bundled

Suite:: Apache Web Server with popular modules and PHP 5 HP-UX 11i Web Server Suite

Bundled

HP-UX 11i Protected Systems Web Server: Server: Secure system built around the HP-UX 11i Bundled Web We b Server Suite  Java

Bundled

Perl

Bundled

 JBoss Application Server (JBoss AS)  JBoss Cluster: High Cluster: High Availability for JBoss AS

Subscription Subscription

MySQL Enterprise Database Server

Subscription

Hibernate Persistance Service

Subscription

Red Hat LDAP Directory Server

Bundled**

Symas CDS OpenLDAP Server

Subscription

HP-UX Bastille

Bundled

HP-UX IPFilter

Bundled

OpenSSL

Bundled

HP-UX Secure Shell: ssh client and server

Bundled

* Delivery/Support – Bundled: Bundled components are delivered free of charge on HP-UX and support is included with your HP-UX software support contract. – Subscription: To obtain a subscription, contact subscription,  contact HP HP.. ** See Red See Red Hat LDAP Directory Server for Server  for product license requirements.

HP-UX 11i 11i Web Server Suite This collection of software products allows the deployment, management, and implementation of mission critical Web servers. This suite is comprised of the following components: • HP-UX HP-UX Apach Apache-bas e-based ed W Web eb Serv Server: er: - The Apache Apache-base -based dW Web eb Serv Server er domi dominates nates tthe he W Web eb server market as the most popular and frequently deployed Web server for publishing and •

16

Overvi ervieew

serving static and dynamic Web pages. Apache Apache Modu Modules les - Th Thee Apach Apachee modu modules les pro provide vide in interfac terfaces es to tthe he com componen ponents ts tha thatt inter interact act with the Web server including Apache Tomcat (mod_jk), OpenSSL (mod_ssl), LDAP (auth_ldap), and PHP (mod_php).

 

•

•

JEE Servlet Servlet En Engine gine - H HP-UX P-UX T Tomcat omcat-base -based d Servl Servlet et Engi Engine ne - T Tomca omcatt is the se servlet rvlet co containe ntainerr that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages (JSP) technologies. It seamlessly integrates into HP-UX Apache-based Web Server. PHP - A widelywidely-used used g genera eneral-pur l-purpose pose sscriptin cripting g lang language uage tthat hat is es especial pecially ly suit suited ed for W Web eb development and can be embedded into HTML.

Secure Web Server Platform The HP-UX 11i Protected Systems W Web eb Server (PS-Webserv (PS-Webserver) er) is a secure Web services platform  built on HP-UX, that utilizes the HP-UX 11i Web Server Suite with HP-UX security products. The secure and run time environment isolates theisInternet from servers an and d is isola olates tesarchitecture the Web se serv rver er fro from m th the e int intran ranet. et. If the W eb serv server er co comp mprom romis ised, ed,backend the PS PS-W -Webs ebserv erver er mitig mit igate atess dam damag agee to syste system m an and d int intran ranet et res resou ource rcess by min minimi imizin zing g the sy syst stem em acc access ess and res resou ource rce privileges an attacker can obtain. With PSWith PS-W Webs ebserv erver er,, us users ers mit mitiga igate te ris risk k and ben benefi efitt fro from m a hig highly hly sec secure ure Web ser serve verr env enviro ironme nment nt that uses compartmented processing to isolate customer facing Web processing from internal databases, files, and applications.

 Java and a nd Scr Scripting ipting Languages •

Java Java - Ja Java va St Standar andard d Editi Edition on pro products ducts for H HP-UX P-UX p provide rovide solut solutions ions to dev develop elop aand nd depl deploy oy  Java applications with the best performance on the HP-UX operating system. T The he Java products are also referred to as Java Standard Edition ( Java SE), Java Runtime Environment (JRE), and Java Virtual Machine (JVM).

•

Pe Perl rl - A widelywidely-used used script scripting ing la langua nguage ge us used ed fo forr web applica application tion cg cgii prog programs. rams. HP-UX  bundles a version of Perl that has been optimized for HP-UX. HP-UX's Perl includes modules such as: Perl Package Manager, Oracle DBD Modules, XML Modules and more. PHP - A widelywidely-used used g genera eneral-pur l-purpose pose sscriptin cripting g lang language uage tthat hat is es especial pecially ly suit suited ed for W Web eb development and can be embedded into HTML. PHP is included as part of the HP-UX 11i Web Server Suite.

•

 JBoss Enterprise Middleware Middleware  JBoss Enterprise Middleware includes the following components. •

•

•

The JBoss Application Serv Server er - The JJBoss Boss application sserver erver is a widely u used sed JEE application serve ser verr for dev develo elopin ping g and dep deploy loying ing ent enterp erpris risee Jav Javaa app applic licatio ations, ns, Web ser service vicess app applic licati ations ons and portals. The JBoss application server provides extended enterprise services including messag mes saging ing,, clu cluste sterin ring, g, cac cachin hing, g, per persis sisten tence ce an and d mor more. e. The ser serve verr int integr egrate atess Hib Hibern ernate ate,, JBo JBoss ss Cache, and JBoss clustering. Hi Hibe bern rnat atee - Hi Hiber berna nate te is a obje object/ ct/re rela latio tiona nall pe pers rsis iste tenc ncee an and d quer query y serv service ice fo forr Ja Java va.. Hi Hibe bern rnat atee lets you develop persistent classes following common Java idiom - including association, inheritance, polymorphism, composition, and the Java collections framework. Hibernate allows you to express queries in its own portable SQL extension (HQL), as well as in native SQL, or with Java-based Criteria and Example objects. JBoss JBoss Cac Cachehe- JB JBoss oss C Cache ache iiss a pro product duct de design signed ed to ca cache che fr frequen equently tly ac accesse cessed d Jav Javaa obje objects cts in order to dramatically improve the performance of e-business applications. For example, by elimina elim inating ting unn unneces ecessar sary y data databas basee acc access ess,, JBo JBoss ss Cac Cache he dec decreas reases es netw network ork traf traffic fic and incr increas eases es the scalability of applications.  JBoss Cache provides two caching APIs to suit your needs. The JBossCache API offers a traditional, tree-structured node-based cache and the JBossCacheAOP API, which builds on the JBossCache API, provides the ability to perform fine-grained replication of Java objects, resulting in maximum performance benefits.

•

JBoss JBoss Clus Clustering tering-- Clus Clustering tering is a key featu feature re in Jav Javaa EE appl applicatio ication n serv servers. ers. It aallows llows you tto o add server hardware to handle more requests, make your application fail-safe, and make Co Comp mpon onen ents ts

17

 

efficient use of the database server server.. Clustering is traditionally important for high traffic web applications. But today, as AJAX and SOA applications become more and more popular, smaller web applications also need to handle large amount of incremental page updates and mac machine hine-to-to-mach machine ine traf traffic. fic. Ther Therefor efore, e, clus clusteri tering ng is beco becoming ming mor moree and mor moree impo importan rtant. t. In JBoss AS, clustering is mostly transparent to applications.  JBoss AS supports transparent clustering of EJB 3.0 POJOs. It also supports EJB 3.0 entity  bean cache clustering, EJB 3.0 stateful session bean clustering, and HTTP clustering out of the box.

Database TheServer MySQL Database product includes the MySQL Enterprise Database Server and the MySQL Connector/J. The MySQL Enterprise Database Server is the most secure and reliable version of the MySQL Database Server. The MySQL Connector/J is a native Java driver that converts JDBC (Java Database Connectivity) calls from JBoss AS (or other application servers) into the network protocol used by the MySQL database.

Directory Direc tory Server •

•

Red Hat Hat Direc Directory tory S Serve erverr for H HP-UX P-UX - Red Ha Hatt Direc Directory tory Serve Serverr is an Open S Source ource LDAP-based server that centralizes application settings, user profiles, group data, policies, and access control information into an operating system-independent, network-based regist reg istry ry.. For Formin ming g the cen centra trall rep reposi ositor tory y for an Ide Identi ntity ty Man Manage agemen mentt inf infras rastru tructu cture, re, Red Hat Directory Direc tory Serv Server er simp simplifie lifiess user mana manageme gement, nt, elimi eliminatin nating g data redu redundan ndancy cy and auto automatin mating g dataa mai dat mainte ntenan nance. ce. It als also o imp improv roves es sec securi urity ty,, by sto storin ring g pol polici icies es and acc access esscon contro troll inform informati ation, on, Red Hat Directory Server creates a single authentication source across the entire enterprise for both intra- and extranet applications. Symas CDS O OpenLD penLDAP AP - Sy Symas mas C CDS DS Op OpenLDA enLDAP P is aan n Open Sour Source ce impl implementa ementation tion o off LDAP.

Security •

•

•

•

18

Overvi ervieew

HP-U HP-UX X Ba Basti stille lle - HP HP-U -UX X Bas Bastil tille le can can ea ease se an orga organiz nizati ation on's 's sy syst stemem-ha harde rdenin ning g secu securit rity y an and/o d/orr regula reg ulator tory-c y-comp omplia liance nce act activit ivities ies.. It pro provide videss cus custom tomize ized d loc lock-d k-down own,, add addres ressin sing g mos mostt of the recommendations from a number of popular security scanning tools and checklists. Some of these checklists are used by security auditors. HP-U HP-UX X IP IPFi Filt lter er - HP-U HP-UX X IPFi IPFilt lter er (B (B99 9901 01AA AA)) is a st stat atef eful ul syst system em fire firew wall all th that at filt filter erss IP pa pack cket etss to control packet flow in or out of a machine. It works as a security defense by cutting down on the number of exposure points on a machine. HP-UX HP-UX 11i S Secure ecure Shell - HP-UX Secur Securee Shel Shelll is a cclient/ lient/serv server er arch architectu itecture re tha thatt supp supports orts the SSH-1 and SSH-2 protocols and provides secured remote login, l ogin, file transfer, and remote command execution. HP-UX HP-UX Open OpenSSL SSL - H HP-UX P-UX O OpenSS penSSL L is ba based sed on the op open en so source urce p produc roductt Open OpenSSL SSL an and d offers cryptography for applications by providing a general-purpose cryptography library and implementation of the Secure Socket Layer and Transport Layer Security protocols.

 

2 Configuration and Integration This chapter contains supplemental installation and configuration information, including the following topics: • Ins Instal talll Path athss and Dis Disk k Spa Space ce • In Inst stal alli ling ng JB JBos osss AS • General General Conf Configura iguration tion Infor Informatio mation n • JBo JBoss ss AS Bas Basic ic Con Config figura uratio tion n • • • •

Red Hat Dir Direct ectory ory Ser Server ver Set Setup up Int Integr egrati ating ng JBo JBoss ss AS and LDA LDAP P Int Integr egrati ating ng the Web Ser Serve verr to to U Use se LDA LDAP P Running Running Multip Multiple le JJBoss Boss AS IInstan nstances ces on the Same Serv Server er

Install Paths and Disk Space The following table provides an estimate of the sizes of files associated with HP-UX OSRA compon com ponent ents. s. Ref Refer er to ind individ ividual ual pro produc ductt doc docum ument entati ation on for more more pre precis cisee dis disk k spa space ce req requir uireme ements nts..

Table 22-1 1 Install Path and Disk Space Used b byy HP-UX O OSRA SRA 2.1 2.1 Components HP-UX OSRA 2.1 Component

Install Path

Disk Space

HP-UX 11i Web Server Suite

/opt/hpws

~300MB

HP-UX 11i Protected Sytems Web Web Server

/opt/psws

~125MB

 Java

/opt/java<version >

~205 MB

Perl

/opt/perl

~100 MB

 JBoss Application Server (JBoss AS)

/opt/jboss-<version>

~115 MB plus space for applications

 JBoss Cluster: High Availability for JBoss AS

(same as JBoss AS)

N/A. (Not available for separate install; is part of  JBoss AS installation.)

MySQL Enterprise Database Server

/usr/local/mysql-enterprise-<version> ~96 ~96 MB plu pluss databa database se tab table le space

Hibernate Persistence Service

/opt/hibernate-3.1

~98 MB if installed separately part of JBoss AS if that is(is installed)

Red Hat LDAP Directory Server

/var/opt/netscape/server7

~300 MB

Symas CDS OpenLDAP Server

/opt/symas

~31 MB plus space for directories

HP-UX Bastille

/opt/sec_mgmt/bastille

~1.1MB

HP-UX IPFilter

/opt/ipf

~7 MB

OpenSSL

/opt/openssl

~40 MB

HP-UX Secure Shell: ssh client and server

/opt/ssh

~45 MB

Ins Instal talll Pa Paths ths and and Dis Disk k Spa Space ce

19

 

Installing JBoss AS NOTE:   JBoss AS provides a number of file formats, including zip format, and a GUI installer to install software. HP only supports installing the software from the zip  file or using the GUI zip file installer. When installing from the zip zip file,  file, the installation includes all of the JBoss AS related services distributed as three instances of the JBoss AS: • all - th this is insta instance nce conta contains ins all of the JBos JBosss A AS S sservice ervicess • •

default defaultal- this instance nce contains ins d defaul efault t se settum o off sservice ervices s minimal minim - thisinsta insta instance nceconta conta contains insa the minim minimum set of servic services es

To determine which services are started in each instance, examine the <instance-name>/conf/jboss-service.xml /conf/jboss-service.xml file  file and the configuration files in the /deploy directories.  directories. Services such as clustering and caching are enabled <instance-name>/deploy in the all  instance, but may only be selectively enabled in the other instances. The GUI installer allows you to perform a basic installation or to select individual services to be installed. Using a custom JBoss AS installation created by the GUI installer simplifies the installation and configuration of JBoss AS. Download JBoss AS files to the /tmp /tmp or  or /var/tmp /var/tmp directory.  directory.

NOTE:   Obtaining JBoss AS components is part of your H HP P Support Subscription service.

Installing From the zip File When performing an installation, the following order of installation must be followed: 1.   Install recommended Operating System patches. Information about Operating System patches can be found at: http://www1.itrc.hp.com at:  http://www1.itrc.hp.com 2.   Check the disk space requirements (~115 MB under /opt , plus space for applications) and increase space as needed. 3.   Update JJava ava to 5. 5.0, 0, if required. 4.   Install the remaining components. Use the following command to install JBoss AS from the zip zip file:  file: cd /opt jar xvf /var/tmp/jboss/var/tmp/jboss-<version-number> .zip

During the installation, the system displays the directories that are created and the files installed on the system: created: created: created: created: created: created: created: created: . . .

jboss-4.0.3SP1/ jboss-4.0.3SP1/ jboss-4.0.3SP1/bin/ jboss-4.0.3SP1/bin/ jboss-4.0.3SP1/client/ jboss-4.0.3SP1/docs/ jboss-4.0.3SP1/docs/dtd/ jboss-4.0.3SP1/docs/exa jboss-4.0.3SP1/docs/examples/ mples/ jboss-4.0.3SP1/docs/exa jboss-4.0.3SP1/docs/examples/bindin mples/binding-manager/ g-manager/ jboss-4.0.3SP1/docs/examples/jboss.net/.

extracted: extracted: extracted: extracted: extracted: 20

jboss-4.0.3SP1/client/concurrent.jar jboss-4.0.3SP1/client/getopt.jar jboss-4.0.3SP1/client/jacorb.jar jboss-4.0.3SP1/client/j jboss-4.0.3SP1/client/javax.servlet avax.servlet.jar .jar jboss-4.0.3SP1/client/j jboss-4.0.3SP1/client/jboss-aop-jdk boss-aop-jdk50-client.ja 50-client.jar. r.

Confi Configur gurati ation on and and Integr Integrati ation on

 

. . .

Installing From the GUI Installer The GUI installer allows you to perform a basic installation or to select individual services to be instal ins talled led.. Usi Using ng a cus custom tom JBo JBoss ss AS ins install tallati ation, on, cre create ated d by the ins instal taller ler,, sim simplif plifies ies the ins instal tallat lation ion and configuration of JBoss AS. You should run the installation program as the login user id of the user that JBoss AS will run as. Down load the JAR file, jboss-<version>-installer.jar jboss-<version>-installer.jar.. Use the following command to install JBoss AS: java -jar jboss-<version>-installer.jar During the installation, you are asked to: • Define Define the d directo irectory ry tha thatt JBos JBosss AS iiss inst installed alled iin. n. HP recom recommends mends you creat createe a dire directory ctory with the same name and version number as the JBoss AS version you are installing. For  JBoss AS Version <version> <version>,, create the directory /opt/jboss-<version> and ins instal talll JBo JBoss ss AS in that directory. • Select the compo components nents you wa want nt insta installed. lled. • Spe Specif cify y a con config figura uratio tion n nam name. e. • Enable Enable o orr Di Disable sable Isola Isolation tion or Call by Value sema semantics. ntics. By default, JBoss AS uses call by reference semantics in a relatively flat class loading model. This provides increased performance, and allows you to easily share objects among applications on the same JBoss AS server. With call by reference, you do not need to include EJB interface classes in both the .war files (which contain Web objects that use the EJBs) and the .ejb files (which contain the ejb objects). You need only define the interface classes once in the .ej .ejb b file. file. App Applic licati ation onss tha thatt share share obj object ectss are mor moree dep depen enden dentt upo upon n one one an anoth other er thr throu ough gh the version of the shared object libraries. The al The alter terna nati tive ve is to us usee call call by valu valuee se sema mant ntic icss with with a mo more re sc scop oped ed hier hierar arch chica icall cl clas asss lo load ader er,, forcing the serialization of shared objects. The resulting code libraries are slower and larger,  but more independent. The JEE standard requires call-by-value semantics. See  http://wiki.jboss.org/wik See http://wiki.jboss.org/wiki/Wiki.jsp?page=C i/Wiki.jsp?page=ClassLoadingConfigu lassLoadingConfiguration ration for  for more •

information. Secure Secure Jav Javaa Manag Management ement Extens Extensions ions (JMX) interf interfaces. aces. Selecting this option allows you to secure Enterprise JavaBeans (EJBs), Web applications and other services during the installation. See  http://wiki.jboss.org/wik See http://wiki.jboss.org/wiki/Wiki.jsp?page=Se i/Wiki.jsp?page=SecureJBoss cureJBoss for  for more information.

 V  Verify erifying ing JBoss AS Installation You can verify that JBoss AS and your system are working correctly after the installation by starting JBoss AS and verifying no errors occur during operation. Use the following command to start the server. cd /opt/jboss-<version>/bin sh run.sh

Note that if you specified a configuration name in the installation process, you will need to use that name on the command line:

Inst Instal alli ling ng JB JBos osss AS

21

 

cd /opt/jboss-<version>/bin /opt/jboss-<version>/bin sh run.sh -c <name>

A pro prope perl rly y in inst stal alle led d syst system em wi will ll re retu turn rn info inform rmat atio ion n simi simila larr to th thee fo foll llow owin ing, g, an and d cont contin inue ue to ru run n without producing errors. ========================================================================= JBoss Bootstrap Environment JBOSS_HOME: /opt/jboss JAVA: java JAVA_OPTS: -server -Xms128m -Xmx128m -Dprogram.name=run.sh CLASSPATH: /opt/jboss/bin/run.jar:/lib/tools. /opt/jboss/bin/run.jar:/lib/tools.jar jar ========================================================================= 09:39:57,845 INFO [Server] Starting JBoss (MX MicroKernel)... 09:39:57,847 INFO [Server] Release ID: JBoss JBoss [Zion] 4.0.3SP1 (bu (build: ild: CVSTag=JBoss_4_0_3_SP1 da date=200510231751) te=200510231751) 09:39:57,850 INFO [Server] Home Dir: /opt/jboss 09:39:57,851 INFO [Server] Home URL: file:/o file:/opt/jboss/ pt/jboss/ 09:39:57,853 INFO [Server] Patch URL: null 09:39:57,853 INFO [Server] Server Name: default 09:39:57,853 INFO [Server] Server Home Dir: /opt/jboss/server/default 09:39:57,854 INFO [Server] Server Home URL: file:/opt/jboss/server/default/ 09:39:57,854 INFO [Server] Server Temp Dir: /opt/jboss/server/default/tmp 09:39:57,857 INFO [Server] Root Deployment Filename Filename: : jboss-service.xml 09:39:59,056 INFO [ServerInfo] Java version: 1.4.2. 1.4.2.09,Hewlett-Packard 09,Hewlett-Packard C Co. o. 09:39:59,056 INFO [ServerInfo] Java VM: Java HotSpot(TM) Server VM 1.4.2 1.4.2. 1.4.2. 09-050713-09:59-IA64N IA64,Hewlett-Packard Company 09:39:59,056 INFO [ServerInfo] OS-System: HP HP-UX -UX B.11.23,I B.11.23,IA64N A64N 09:40:00,197 INFO [Server] Core system initialized 09:40:03,591 INFO [Log4jService$URLWatchTimerTask] Configuring from URL: resource:log4j.xml resource:log4j.xml

Removing JBoss AS Components The GUI in insta stalle llerr cre create atess an un unins insta talle llerr pro progr gram am in th thee /opt/jboss<version>/Uninstaller directory. You can use this program to remove the JBoss AS components and files: 1.   Log in as root 2.   Shut down JBo JBoss ss AS as described in the Bas Basic ic Configuration Information section of this chapter. 3.   Use the following com command mand to run the uninstaller pro program: gram: java -jar /opt/jboss< /opt/jboss<version>/Uni version>/Uninstaller/uni nstaller/uninstaller.jar nstaller.jar

To remove the files installed from the JBoss AS tar file installation: 1.   Log in as root 2.   Shut down JBo JBoss ss AS as described in the Bas Basic ic Configuration Information section of this chapter. 3.   Use the following command to remo remove ve the files ins installed talled on yo your ur system: rm -rf /opt/jboss<version>

22

Confi Configur gurati ation on and and Integr Integrati ation on

 

General Configuration Information This section provides basic configuration information for the majority of the HP-UX OSRA 2.1 components. Additional sections, in this chapter, describe the more complex tasks required to configure the JBoss AS and Red Hat Directory Server components. The fol follow lowing ing lis listt pro provid vides es the bas basic ic inf inform ormati ation on req requir uired ed to sta start, rt, sto stop, p, and min minima imally lly con config figur uree many of the HP-UX OSRA 2.1 components. Tomcat Startup: /opt/hpws/tomcat/bin/startup.sh <options> Shutdown: /opt/hpws/tomcat/bin/shutdown.sh <options> System Startup and Shutdown: /sbin/init.d/hpws_tomcat start|stop  - startup /etc/rc.confid.d/hpws_tomcatconf /etc/rc.confid.d/hpws_tomcatconf configuration file. Configuration file: /opt/hpws/tomcat/conf/server.xml  - primary /opt/hpws/tomcat/conf/server.xml configuration file. These files are for the standalone Tomcat server server,, provided with the HP-UX Web Server Suite. JBoss AS contains a copy of Tomcat that is controlled through the JBoss AS. Apache Web Server

Start and Stop: /opt/hpws/apache/bin/apachectl start|stop Configuration file: /opt/hpws/apache/conf/httpd.conf System Startup and Shutdown: /sbin/init.d/hpws_apache start|stop /etc/rc.config.d/hpws_apacheconf - startup configuration file. Both Apache and Tomcat are integrated with OpenSSL and HP Integrity Crypto hardware.

MySQL Server

Startup: /usr/local/mysql-enterprise-<version-platform>/bin/mysqld start /usr/local/mysql-enterprise-<version-platform>/bin/mysqld_safe  - safe start (restart on error, log errors). <options> <options> /usr/local/mysql-enterprise-<version-platform>/bin/mysqld_multi <options> - manages several mysqld processes running in different UNIX sockets and TCP/IP ports. /usr/local/mysql-enterprise-<version-platform>/bin/mysql <options> <options>  - start a MySQL client. Shutdown: /usr/local/mysql-enterprise-<version-platform>/bin/mysqld stop System Startup and Shutdown:

General Gener al Conf Configura iguration tion Info Informati rmation on

23

 

Refer to the mysql.server(1) man page or MySQL documentation for instructions on how to set up system startup and shutdown.  Java

Startup: /opt/java<version>/jre/bin/java

 JBoss AS

Startup: /opt/jboss-<version>/bin/run.sh<options> System Startup and Shutdown: /sbin/init.d/jboss start|stop - see the JBoss AS Basic Configuration section of this chapter for an example of configuring this file. /etc/rc.config.d/jboss - startup configuration file.  JVM configuration file: /opt/jboss-<version>/bin/run.conf Initial Application Server Configuration: /opt/jboss-<version>/server/<instance>/conf/jboss-service.xml

Red Hat Directory Server

Startup: /var/opt/netscape/server7/slapd-<servername>/start-slapd <options>

Shutdown: /var/opt/netscape/server7/slapd-<servername>/stop-slapd<options> Configuration files: /var/opt/netscape/server7/slapd-<servername>/config No system startup script is provided with Red Hat Directory Server Server.. Syma Symass CDS OpenL penLDA DAP P

Ref Refer to th thee Syma Symass CDS In Inst stal alla lati tion on Gu Guid ide. e. Configuration files: /opt/symas/etc/openldap/slapd.conf /opt/symas/etc/openldap/cds.conf Start: /sbin/init.d/cdsserver start|stop

HP-UX Secure Shell

Start and Stop: /usr/sbin/sshd  <options> /sbin/init.d/secsh start|stop Configuration files: main n con config figura uratio tion n file. file. /etc/opt/ssh/sshd_config - mai /etc/opt/ssh - other configuration files and key files /etc/opt/ssh directory. System Startup and Shutdown: /sbin/init.d/secsh start|stop /etc/rc.config.d/sshd - syst system em start startup up confi configura guration tion file.

24

Confi Configur gurati ation on and and Integr Integrati ation on

 

NOTE:   Th Thee foll follow owin ing g pr prod oduc ucts ts do no nott ru run n as serv servic ices es an and d th thus us do no nott ha have ve st star artu tup p or shut shutdo down wn commands: OpenSSL, Perl, PHP, PHP, Hibernate, JBoss Cluster and JBoss Cache. OpenSSL is a library that can be added to a custom-built service. Perl is a scripting language that can be used to run services. PHP is integrated with the HP Apache Web Server. Hibernate, JBoss Cluster and JBoss Cache are libraries that can be added to a Java Web Server, such as Tomcat.

General Gener al Conf Configura iguration tion Info Informati rmation on

25

General Gener al Conf Configura iguration tion Info Informati rmation on  

 JBoss AS Basic Confi Configurati guration on This section provides basic configuration information for the JBoss AS. Sample configuration files are provided and a number of configuration topics are discussed.

 JBoss AS Startup Configur Configuration ation File Filess Example 2-1 contains a JBoss AS startup control script that you can use to configure JBoss AS at system startup. With JBoss AS version 4.0.4, this control script is delivered as the /opt/jboss-<version>/bin/jboss_init_hpux.sh file. /opt/jboss-<version>/bin/jboss_init_hpux.sh  file. You will need to edit this file, adding the correct installation path and defining variables for JBoss AS. The following steps describe how to install this example file: 1.   Copy /opt/jboss-<version>/jboss_init_hpux.sh /opt/jboss-<version>/jboss_init_hpux.sh to  to /sbin/init.d/jboss 2.   Create softlinks to the file from the various startup and shu shutdown tdown directories: # #

ln -s /sbin/init.d/jboss /sbin/init.d/jboss /sbin/rc2.d/K001jbos /sbin/rc2.d/K001jboss s ln -s /sbin/init.d/jboss /sbin/init.d/jboss /sbin/rc3.d/S999jbos /sbin/rc3.d/S999jboss s

The following example contains a sample /etc/rc.config.d/jboss  file. Specify the /etc/rc.config.d/jboss file. approp app ropria riate te value valuess for your your con config figura uratio tion n and ins instal talll the file file in the /etc/rc.config.d directory.

Example 2-1 2-1 /etc/rc.config.d/jboss File # Home directory of JBoss Installation on this system JBOSS_HOME=/opt/jboss-4.0.3.SP1 # INSTANCE is the name of the server under $JBOSS_HOME/server which should # be started at system startup time INSTANCE="default" # set JBOSS_START to 1 to start jboss at system start time, 0 otherwise. JBOSS_START=1 # User name the JBoss should be run as. If you select a non-root user then JBoss needs # additional configuration so it won't open any TCP port numbers less than 1000. JBOSS_USER=jboss

Running JBoss AS With a Different User Name By default, JBoss AS runs as root, but does not require root privileges to operate correctly. To reduc red ucee the the ris risk k of us users ers gaini gaining ng root root pri privil vileg eges es thr throu ough gh the JBo JBoss ss AS, you you shou should ld ru run n the pro progr gram am as a non-root user. jboss_init_hpux.sh The sample JBoss defines the JBoss AS user as jboss. In or orde derr fo forr JB JBos osss AS to ru run n as th this is us user erfile (or (orprovided an any y othe otherrwith no nonn-ro root ot us user er), ), you mu must st ma make ke th the e fo foll llow owin ing g modifications to the system: 1.   Create a user account: useradd -g other <username>

off all server files to the user<username> 2.   Change ownership o chown -R <username>:other /opt/jboss-<version>/server/*

thee serv server er directory writable by the us user: er: 3.   Make th chmod 0755 /opt/jboss-<version>/server/*

protection tection for the data, data/hypersonic, deploy,and 4.   Set the file pro deploy,and farm directories writable by user. (Note: INSTANCE=all, or default, or minimal) chmod 0755 <JBOSS_HOME>/server/<INSTANCE>/data \ <JBOSS_HOME>/server/<INSTANCE>/data/hypersonic \

25

26

Confi Configur gurati ation on and and Integr Integrati ation on

 

<JBOSS_HOME>/server/<INSTANCE>/deploy \ <JBOSS_HOME>/server/<IN <JBOSS_HOME >/server/<INSTANCE>/farm  STANCE>/farm 

5.   Make the h hypersonic ypersonic database writable by  user :  chmod u+rw <JBOSS_HOME <JBOSS_HOME>/server/<IN >/server/<INSTANCE>/data STANCE>/data/hypersonic/ /hypersonic/localDB.* localDB.*

6.   Edit the /etc/rc.config.d/jboss /etc/rc.config.d/jboss file.  file. Set the value of the variable JBOSS_USER to <username>: (JBOSS_USER=<username>).

numbered mbered lower tha than n NOTE:   HP-UX does not permit non-root users to open ports that are nu

1000. By default, JBoss AS ports are assigned to numbers higher than 1000. If you have changed port assignments to lower numbered ports, you cannot run JBoss AS as a non-root user until you restore the port assignments to numbers higher than 1000.

Setting the Java Memory Allocation Pool Size Some Some in inst stal alla lati tion onss of JB JBos osss AS wi will ll re requ quir iree in incr crea easi sing ng th thee size size of th thee Ja Java va me memo mory ry allo alloca cati tion on po pool ol size. JBoss AS memory requirements increase as the number of simultaneous requests to the server increase. Memory requirements vary depending upon the needs of the applications that are deployed on the server. The default Java memory allocation pool is set conservatively and should be increased in installations that anticipate more than moderate server loads. You can change the size of the memory allocation pool for JBoss AS by changing the JAVA_OPTS the  JAVA_OPTS parameter in the /opt/jboss-<version>/bin/run.conf  file. /opt/jboss-<version>/bin/run.conf file. For example, to set the maximum pool size to 1024 MB:JAVA_OPTS="-server -Xms128m  -Xmx1024m" See the java the java(1) (1) manpage for more information about configuring the memory allocation pool.

Configure the Oracle Data Source for JBoss If you configure the Oracle data source, the Oracle documentation describes only some of the steps required. The following steps must be performed to complete this task: values lues in the 1.   Set the padding for the Oracle Xid va <JBOSS_INSTANCE>/conf/jboss-services.xml /conf/jboss-services.xml file:  file:  <!-- The configurable configurable Xid factory. For<mbean use with Oracle, set pad to true --> code="org.jboss.tm.XidF code="org.j boss.tm.XidFactory" actory" name="jboss:service=Xid name="jboss :service=XidFactory"> Factory"> <attribute name="Pad">true</attribute> </mbean>

2.   Modify the conf/standardjbosscmp-jbdbc.xml conf/standardjbosscmp-jbdbc.xmlfile, file, specifying the use of the Oracle data source. <jbosscmp-jdbc> <defaults> <datasource>java:/OraceleDS</datasource>   <datasource-mapping>Oracle9i</datasource-mapping>    

<create-table>true</create-table> <remove-table>false<.remove-table>

 

<read-only>false</read-only> <read-time-out>300000</read-time-out> <row-locking>false</row-locking> <pk-constraint>true</pk-constraint> <fk-constraint>false</fk-constraint> <preferred-relation-mapping>foreign-key</preferred-relation-mapping>

 JBoss AS Basic Configuration  

 

<read-ahead> <strategy>on-load</strategy> <page-size>1000</page-size> <eager-load-group>*</eager-load-group> </read-ahead> <list-cache-max>1000</list-cache-max> <clean-read-ahead-on-load>false</clean-read-ahead-on-load> <unknown-pk> <key-generator-factory>UUIDKeyGeneratorFactory</key-generator-factory> <unknown-pk-class>java.lang.String</unknown-pk-class> <jdbc-type>VARCHAR</jdbc-type> <sql-type>VARCHAR(32)</sql-type> </unknown-pk> <entity-command name="default"/> <ql-compiler>org.jboss.ejb.plugins.cmp.jdbc.JDBCEJBQLCompiler</ql-compiler> </defaults>

MySQL Integration with JBoss AS To integrate MySQL with JBoss AS, complete the following steps: 1.   Download the MySQL Con Connector/J nector/J driver from the MySQL w web eb site http://www.mysql.com/products/connector/j/ http://www.mysql.com/products/conn ector/j/ to  to the /tmp /tmp directory.  directory. Choose the .zip .zip file  file download.

 file into /usr/local/mysql-connector-java-<version> 2.   Unpack the .zip .zip file /usr/local/mysql-connector-java-<version>.. # cd /usr/local # jar xvf /tmp/mysql-connector-<ve /tmp/mysql-connector-<version>.zip rsion>.zip

3.   Copy the .jar .jar file  file to the JBoss server lib directory. # cp /usr/local/mysql-connector-java-<version>/mysql-connector-java-<version>– /usr/local/mysql-connector-java-<version>/mysql-connector-java-<version>–bin.jar \ /opt/jboss-<version>/server/<instance>/lib/

4.   Copy the sam sample ple MySQL data ssource ource configuration file from the JBoss JBoss AS docs directory to the JBoss server deploy directory directory.. # cp /opt/jboss-<version>/docs/examples/jca/mysql-ds.xml \ /opt/jboss-<version>/server/<instanc /opt/jboss-<version>/ser ver/<instance>/deploy/my e>/deploy/mysql-ds.xml sql-ds.xml

5.   Edit and mo modify dify the My MySQL SQL data source configu configuration ration file, sspecify: pecify:

- the system where the MySQL Database Server is located - the database name - the database password Here is a sample mysql-ds.xml mysql-ds.xml file:  file: <?xml version="1.0" encoding="UTF-8"?> <!-- $Id: mysql-ds.xml,v 1.3.2.1 2004/12/01 11:46:00 schrouf Exp $ --> <!-- Datasource config for MySQL using 3.0.9 available from: http://www.mysql.com/downloads/api-jdbc-stable.html --> <datasources>   <local-tx-datasource>   <jndi-name>MySqlDS</jndi-name>   <connection-url>jdbc:mysql://mysql-hostname:3306/jbossdb</connection-url>   <driver-class>com.mysql.jdbc.Driver</driver-class>   <user-name>x</user-name>    

<password>y</password> <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>

         

<!-- sql to call when connection is created <new-connection-sq l>some arbitrary sql</new-connection- sql> --> <!-- sql to call on an existing pooled connection when it is obtained from pool <check-valid-conne ction-sql>some arbitrary sql</check-valid-c onnection-sql>

27

28

Confi Configur gurati ation on and and Integr Integrati ation on

 

 

-->

  <!-- corresponding type-mapping in the standardjbosscmp- jdbc.xml (optional) -->   <metadata>   <type-mapping>mySQL</type-mapping>   </metadata>   </local-tx-datasource> </datasources>

6.   Restart JBoss AS. # cd /opt/jboss-<version>/bin /opt/jboss-<version>/bin # ./shutdown.sh -S # ./run.sh -C <instance>

 JBoss AS Basic Configuration  

Red Hat Directory Server Setup After installing the Red Hat Directory Server you need to configure the server. This section provides an example of the server configuration using the Directory Server setup program. The initial setup of the Red Hat Directory Server is straightforward, as illustrated in the example  below.. Run the Setup program and provide the requested input as the program guides you  below through each of the required setup steps. In the example all of the default values are used. In most cases, these values are acceptable for most configurations. Before performing the server configuration, you should refer to the following documentation: •   Red Hat Directory Server Installation Guide Guide located  located at: http://www.docs.hp.com/en/internet.html#Netscape%20Directory%20Server/Red%20Hat%20Directory%20Server • The REA README DME.hp .hp file loc locate ated d in the /var/opt/netscape/server7 /var/opt/netscape/server7 directory  directory.. This file provides prov ides info informat rmation ion abou aboutt gen general eral HPHP-UX UX sys system tem requ requirem irements ents incl includin uding g kern kernel el para paramete meterr settings, patches required and file systems requirements. Use the following command to start the setup program: # cd /var/opt/netscape/serve /var/opt/netscape/server7/setup r7/setup # ./setup

Figure Figu re 2-1 2-1 Welcome Welcome Screen Screen

The first step to the installation requires you to accept the license terms of use for the product. Select Yes to continue.

29

30

Confi Configur gurati ation on and and Integr Integrati ation on

 

Figure Figu re 2-2 2-2 License License Screen

The choice of three types of installation are offered in the Installation Type screen. You want to perform a Typical installation from this screen, select 2 in this screen.

Figure Figu re 2-3 Instal Installation lation Type

The system displays the Domain Name screen. The domain name of your system should be displayed in this screen. Press Enter to accept the default or enter the correct domain name.

Red Hat Dir Direct ectory ory Ser Serve verr Set Setup up  

Fi Figur guree 2-4 Dom Domain ain Name Name

The Us The User er an and d Gr Grou oup p sc scre reen en id iden enti tifi fies es th thee us user er ID an and d gr grou oup p ID th that at th thee Re Red d Ha Hatt Dire Directo ctory ry Serv Server er ru runs ns as. as. Th Thee us user er an and d grou group p mu must st ex exis istt on you ourr syst system em in or orde derr fo forr th thee di dire rect ctor ory y serv server er to op oper erat ate. e.

Figure Figu re 2-5 User and Group Group

The next configuration step requires you to select a configuration server if you are adding this se serv rver er to an ex exis istin ting g conf config igur urat ation ion se serv rver er,, or to speci specify fy th that at th thee serv server er is co conf nfig igur ured ed as a st stan anda dalon lonee server. Enter No to configure a standalone server.

31

32

Confi Configur gurati ation on and and Integr Integrati ation on

 

Figure Figu re 2-6 Stand Standalone alone Server  Server 

The nex nextt ste step p det determ ermine iness if you you wil willl us usee ano anothe therr dir direct ector ory y serv server er to sto store re inf inform ormati ation on.. Th Thee def defaul aultt configuration does not use an additional directory server to store data. Enter No for the default.

Figure Figu re 2-7 2-7 Directory Directory Server Server Data Data Store Store

In the Network Portport Number screen, specify a network portintouse beand usedyou by are the logged directory server. The default number is 389you if the port is not already in as the root user. The screen provides information about port selection if the default port cannot be selected.

Red Hat Dir Direct ectory ory Ser Serve verr Set Setup up  

Figure Figu re 2-8 Netwo Network rk PPort ort Number  Number 

A unique name is required for a directory server. The default name is the system name, taken from the DNS host name.

Figure Figu re 2-9 Unique Identifier  Identifier 

An administrator name and password are required for the directory server. This step provides a default administrator name, but requires you to enter and verify a unique password.

Figure 2-1 2-10 Administrator Name and Password Password

A directory suffix is the directory entry that represents the first entry in a directory tree. You will ne need ed at le leas astt one one di dire rect ctor ory y suff suffix ix for for th thee tree tree th that at wi will ll co cont ntai ain n yo your ur en ente terpr rpris ise' e'ss da data ta.. It is co comm mmon on practi pra ctice ce to se sele lect ct a di direc recto tory ry suff suffix ix th that at corr corres espo pond ndss to th thee DN DNS S host host na name me us used ed by your your enter enterpri prise se.. For example, if your organization uses the DNS name example.com, then select a suffix of dc=example,dc=com. The defaults provided in this screen are taken from the DNS host name.

33

34

Confi Configur gurati ation on and and Integr Integrati ation on

 

Figure 22-1 11 Directory Suffix

In this screen you are asked to identify a Directory Manager. The Directory Manager is the administrative user that performs directory administrative tasks. You can use the defaults provided in this screen.

Figure 22-1 12 Directory Manager 

The administration domain allows you to group multiple servers together logically so that you can more easily distribute server administrative tasks. The default configuration does not use administration domains. Select the default administration domain in this step.

Figure 22-1 13 Administration Domain

Red Hat Dir Direct ectory ory Ser Serve verr Set Setup up  

The administration domain uses a dedicated, restricted network port, one that is different from the directory server port defined earlier in the setup procedure.

Figure 2-1 2-14 Administration Server Network Network Port Port

The final configuration step is to define an what user the Administration Server runs as. The default user is root. The root user has the privileges required to use the server administration screen to start and stop the server.

Figure 2-1 2-15 Administration Server User 

After selecting the administration server user, the system automatically starts the Red Hat Directory Server and displays information similar to that shown in the following screen. After the server starts, you can add entries to the server and perform other administrative tasks.

35

36

Confi Configur gurati ation on and and Integr Integrati ation on

 

Figure 22-1 16 Red Hat Directory Server Startup

 V  Verify erify Direct Directory ory Operati Operation on Use the following command to verify that the directory server is running and is configured correctly: #  cd /var/opt/netscape/serve /var/opt/netscape/server7/shared/bi r7/shared/bin/ n/ #  ldapsearch -x -b '' -s base '(objectclas '(objectclass=*)' s=*)' namingContexts

A correctly configured system will return the following information: version: 1 dn: namingContexts: dc=example,dc=com namingContexts: o=NetscapeRoot

If the system does not appear to be working correctly, then consult the  Administrators Guide for Guide for taking corrective action. (http://www.docs.hp.com/en/internet.html#Netscape%20Directory%20Server/Red%20Hat%20Directory%20Server )

 Add and Verify Direct Directory ory Entri Entries es To add directory entries and verify that the directory server is operating correctly, you need to create an LDIF (LDAP Data Interchange Format) file with initial configuration data, insert the entries into the directory, and then verify that the entries have been added correctly. Referr to th Refe thee Red Hat Dir Direct ectory ory Ser Server ver's 's Adm Adminis inistra trators tors Gui Guide de , Appendix A and the LDIF LDIF(5) (5) man manpag pagee for more information on these tasks.

Red Hat Dir Direct ectory ory Ser Serve verr Set Setup up  

Use an editor to create the file /tmp/example.ldif /tmp/example.ldif containing  containing the content listed below. dn: ou=myexample, dc=example, dc=com objectclass: top objectclass: organizationalunit ou: example description: Example organizational unit

Use the ldapmodify ldapmodify command  command to insert the entries into the directory: #  cd /var/opt/netscape/server /var/opt/netscape/server7/shared/bin 7/shared/bin #  ./ldapmodify -a -D "cn=Directory Manager" -w password\-f /tmp/example.ldif

The system returns the following information : ldapmodify: started Fri Oct 7 12:57:45 2005 ldap_init( localhost, 389 ) add objectclass: top organizationalunit add ou: exampleadd description: Example organizational unitadding new entry ou=myexample, dc=example, dc=com modify complete

Use the ldapsearch  command to verify that the entry was added correctly: ldapsearch command # ./ldapsearch -x -b 'dc=example, dc=com' '(objectclass=*)'

If your entry was added correctly, the system returns information similar to the following: version: 1 dn: dc=example,dc=com dc=example,dc=com objectClass: top objectClass: domain dc: hp dn: cn=Directory Administrators, dc=example,dc=com dc=example,dc=com objectClass: top objectClass: groupofuniquenames cn: Directory Administrato Administrators rs dn: ou=Groups, dc=example,dc=com objectClass: top objectClass: organizationalunit ou: Groups dn: ou=People, dc=example,dc=com objectClass: top objectClass: organizationalunit ou: People dn: ou=Special Users,dc=example,dc=com Users,dc=example,dc=com objectClass: top objectClass: organizationalUnit ou: Special Users description: Special Administrative Accounts dn: cn=Accounting cn=Accounting Managers,ou= Managers,ou=groups,dc=ex groups,dc=example,dc=com ample,dc=com objectClass: top objectClass: groupOfUniqueNames cn: Accounting Managers ou: groups description: People who can manage accounting entries dn: cn=HR Managers,ou=groups,dc=ex Managers,ou=groups,dc=example,dc=com ample,dc=com objectClass: top objectClass: groupOfUniqueNames

37

38

Confi Configur gurati ation on and and Integr Integrati ation on

 

cn: HR Managers ou: groups description: People who can manage HR entries dn: cn=QA Managers,ou=groups,dc=example,dc=com objectClass: objectClass : top objectClass: objectClass : groupOfUniqueNames groupOfUniqueNames cn: QA Managers ou: groups description: People who can manage QA entries dn: cn=PD Managers,ou=groups,dc=example,dc=com objectClass: objectClass : top objectClass: objectClass : groupOfUniqueNames groupOfUniqueNames cn: PD Managers ou: groups description: People who can manage engineer entries dn: ou=example, dc=example,dc=com objectClass: objectClass : top objectClass: objectClass : organizationalunit organizationalunit ou: myexample description: description : Example organizational unit

Red Hat Dir Direct ectory ory Ser Serve verr Set Setup up  

Integrating JBoss AS and LDAP This section describes how to configure JBoss, and applications deployed under JBoss AS, to use LDAP for authentication. This integration requires the following steps: LDAP.. 1.   Configure JBoss AS to use LDAP 2.   Configure the ssecurity ecurity chara characteristics cteristics of the application. 3.   Create users and roles in the LDAP directory directory..

Configuring JBoss to Use LDAP To configure LDAP for login security edit the /opt/jboss-<version>/server/<instance>/conf/login-config.xml file /opt/jboss-<version>/server/<instance>/conf/login-config.xml  file to add a new application policy to the file for LDAP. This application policy corresponds to the security realm rea lm def define ined d in an app applic licati ation on's 's web.xml file file.. An ex exam ampl plee of th thee login-config.xml follows: <application-policy name="testLDAP"> <application-policy name="testLDAP">   <authentication>   <login-module <login-module code="org.jb code="org.jboss.security oss.security.auth.spi.Ld .auth.spi.LdapLoginModul apLoginModule" e"   flag="required">   <module-option <module-option name="java.naming.facto name="java.naming.factory.initial"> ry.initial">   com.sun.jndi.ldap.LdapCtxFactory   </module-option>   <module-option <module-opt ion name="java.naming.provid name="java.n aming.provider.url"> er.url">   ldap://ldaphost.exampledc=example.com:1389/   </module-option>   <module-option <module-option name="java.naming.secur name="java.naming.security.authenti ity.authentication"> cation">            

simple </module-option> <module-option <module-option name="principalDNPrefix name="principalDNPrefix">uid=</modu ">uid=</module-option> le-option> <module-option <module-option name="principalDNSuffix name="principalDNSuffix"> "> ,ou=People,dc=example,dc=com </module-option>

         

<module-option <module-opt ion name="rolesCtxDN"> name="rolesC txDN"> ou=Roles,dc=example,dc=com </module-option> <module-option <module-opt ion name="uidAttributeID">me name="uidAtt ributeID">member</module mber</module-option> -option> <module-option <module-option name="matchOnUserDN">tr name="matchOnUserDN">true</module-o ue</module-option> ption>

     

<module-option <module-option name="roleAttributeID"> name="roleAttributeID">cn</module-o cn</module-option> ption> <module-option <module-option name="roleAttributeIsDN name="roleAttributeIsDN">false ">false </module-opt </module-option> ion> </login-module>

  </authentication> </application-policy>

Create or Update Users and Roles in the LDAP Directory Update the LDAP server, adding user names, passwords, and role information that matches the roles created in this section. Y You ou can do this by creating an LDIF formatted file similar to the one shown below. In the example entries for the users and roles that the sample application security configuration validates against are created. Areas that must match the entry in the JBoss AS login-config.xml file login-config.xml  file are also added. • •

In the example, the user with u uid id 200 needs to be authenticated and h have ave his ro roles les v validated alidated for the dukesbank application. Once JJBoss Boss AS v validates alidates the user id (uid) and pa password ssword it searches an LDAP domain ffor or the roles that theroles uid isisdefined in.by In the the module-option the LDAP domain login-config.xml file, login-config.xml defines user identified named file, "rolesCtxDN", which inthat this casee is "ou cas "ou=Ro =Roles les,dc ,dc=ex =examp ample, le,dc= dc=com com". ". JBo JBoss ss AS sea search rches es thi thiss dom domain ain and all it' it'ss sub sub-do -domai mains ns for user roles. JBoss AS uses the "uidAttributeID" to identify member entries in the "roles "ro lesCtx CtxDN" DN" dom domain ain to obt obtain ain the rol roles es the they y are def define ined d in. In our exa exampl mplee "ui "uidAt dAttrib tributr utreID eID""

39

40

Confi Configur gurati ation on and and Integr Integrati ation on

 

•

is set to "member". Since "matchOnUserDn" is also set to "true" in the login-config.xml file, the member id must match the user's domain name. In this example, if the user id is "200", then the LDAP "uidAttributeID" entries in the domains under the "rolesCtxDN" domain "dn: ou=Roles,dc=example,dc=com" must match "member: uid=200,ou=People,dc=example,dc=com" When a matc matching hing role in the LD LDAP AP dir director ectory y is fo found, und, tthe he cor correspo responding nding "role "roleAttribu Attribute" te" value is returned. In the login-config.xml login-config.xml file,  file, the "roleAttribute" is configured to be "cn". Also, in the LDAP file users with uid "200" and "300" are assigned the role of "bankCus "ban kCustomer tomer". ". This is defin defined ed unde underr the doma domain in "cn= "cn=bankC bankCusto ustomer mer,, ou=R ou=Roles. oles.dc=ex dc=example ample,, dc=com" with the entry "cn: bankCustomer", and the appropriate "member" entries for each user id. Therefore, in this example uid "200" returns a role of "bankCustomer" for the JBoss AS "testLDAP" login-config.xml login-config.xml application  application policy policy..

Example LDIF file: dn: dc=example,dc=com objectclass: objectclass : top objectclass: objectclass : domain dc: example dn: ou=People, dc=example,dc=com objectClass: objectClass : top objectClass: objectClass : organizationalunit organizationalunit ou: People dn: uid=200,ou=People,dc=example,dc=com objectclass: objectclass : top objectclass objectclass: : objectclass: objectclass : account person uid: 200 cn: Java Duke sn: Duke userPassword: j2ee dn: uid=201,ou=People,dc=example,dc=com objectclass: objectclass : top objectclass: objectclass : account objectclass: objectclass : person uid: 201 cn: Janet Jones sn: Jones userPassword: janetJones dn: ou=Roles,dc=example,dc=com objectclass: objectclass : top objectclass: objectclass : organizationalUnit organizationalUnit ou: Roles dn: cn=bankCustomer,ou=Roles,dc=example,dc=com objectclass: objectclass : top objectclass: objectclass : groupOfNames cn: bankCustomer member: uid=200,ou=People,dc=example,dc=com member: uid=201,ou=People,dc=example,dc=com description: description : The Duke's Bank Customers

Use the following command to update the directory server with the information in the LDIF file (use an editor to create this file, naming it /tmp/example2.ldif /tmp/example2.ldif): ): # cd /var/opt/netscape/server7/shared/bin # ./ldapmodify -p 1389 -ac -D "cn=Directory Manager" -w passwd -f /tmp/example2.ldif

The system displays the following information in response to this command:

Int Integr egrati ating ng JBo JBoss ss AS and LDA LDAP P  

adding new entry dc=example,dc=com ldap_add: Already exists adding new entry ou=People, dc=example,dc=com ldap_add: Already exists adding new entry uid=200,ou=People,dc=example,dc=com adding new entry uid=201,ou=People,dc=example,dc=com adding new entry ou=Roles,dc=example,dc=com adding new entry cn=bankCustomer,ou=Roles,dc=example,dc=com

Configure Confi gure the Application Secu Security rity Charac Characteris teristics tics  JBoss AS adheres to the JEE security model, based on the Jav Javaa Authentication and Authorization Service (JAAS). For more information on this security model see the following documents: • The Securit Security y on JBos JBosss cha chapter pter o off the JBoss Applica Application tion S Server erver Guide at http://labs.jboss.com/portal/jbossas/docs • Java Servlet Specification at http://java.su http://java.sun.com/products/servlet/downloa n.com/products/servlet/download.html#specs d.html#specs • Enterprise Java-Beans Specifications http://java.sun http://java.sun.com/products/ejb/docs.html#s .com/products/ejb/docs.html#specs pecs • JAAS Specif Specificatio ication n http:/ http://jav /java.sun a.sun.com/ .com/produ products/j cts/jaas/ aas/ Configure the security domain in the application's jboss-web.xml jboss-web.xml file  file with the Java Naming Directory Interface (JNDI) name of the application-policy name in the JBoss conf/login-config.xml file. conf/login-config.xml  file. For example, if the application policy name is "dukesbank" then the JNDI name is  as shown in the following sample jboss-web.xml  file: java:/jaas/dukesbank as java:/jaas/dukesbank jboss-web.xml file: <?xml version="1.0" version="1.0" encoding="UT encoding="UTF-8"?> F-8"?> <!DOCTYPE jboss-web PUBLIC   "-//JBoss//DTD "-//JBoss// DTD Web Application 2.4//EN"   "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd"> <jboss-web>   <security-domain>java:/jaas/dukesbank</security-domain>                

<ejb-ref> <ejb-ref-name>ejb/accountController</ejb-ref-name> <jndi-name>ebankAccountController</jndi-name> </ejb-ref> <ejb-ref> <ejb-ref-name>ejb/customerController</ejb-ref-name> <jndi-name>ebankCustomerController</jndi-name> </ejb-ref>

  <ejb-ref>   <ejb-ref-name>ejb/txController</ejb-ref-name>   <jndi-name>ebankTxController</jndi-name>   </ejb-ref> </jboss-web>

Configure the security constraints, roles, and Web authentication in the applications web.xml fil filee as req requi uired red.. Th Thee web.xml se secu curit rity y conf configu igura ratio tion n fol follow lowss the JEE secur security ity mo model del an and d is rel relate ated d to the JBoss AS LDAP module configuration. The roles defined for the application must be configured in the LDAP database. In the following web.xml web.xml file  file segment, we have defined a security constraint for a number of Web pages (URL patterns) such that users must have the role "bankCustomer" to access a page with the URL pattern: • •

The <securit <security-con y-constrain straint>.<a t>.<auth-c uth-const raint>.<rol .<role-nam e-name> e> en entries tries must m match atch w with ith a <security-role>.<role-name> entry entry.onstraint> . The role role is o obtaine btained d by v valida alidating ting th thee user name and pa passw ssword ord en entered tered tthroug hrough h the <login-config> <auth-method> configured. In this example, the application developer has specified FORM for the <auth-method>. This means that the application is providing a

41

42

Confi Configur gurati ation on and and Integr Integrati ation on

 

customized login form in the browser window. The convention for FORM based authentication is: The form action must be "j_security_check". The username and password fields must be "j_username" and "j_password". Note that the application could have used basic authentication. Basic authentication uses the browser's default login screen to prompt for a user name and password. <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.c xmlns="http://java.sun.com/xml/ns/j2 om/xml/ns/j2ee" ee" version="2.4 version="2.4" "   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml http://java .sun.com/xml/ns/j2ee/web /ns/j2ee/web-app_2_4.xsd -app_2_4.xsd"> "> . .   <security-constraint>   <display-name>SecurityConstraint</display-name>   <web-resource-collection>   <web-resource-name>WRCollection</web-resource-name>   <url-pattern>/main</url-pattern>   <url-pattern>/atm</url-pattern>   <url-pattern>/atmAck</url-pattern>   <url-pattern>/accountList</url-pattern>   <url-pattern>/accountHist</url-pattern>   <url-pattern>/transferFunds</url-pattern>   <url-pattern>/transferAck</url-pattern>                      

<url-pattern>/atm</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>bankCustomer</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint>

       

<login-config> <auth-method>FORM</auth-method> <realm-name>Duke's <realm-name>Duke's Bank</realm-name> Bank</realm-name> <form-login-config>

       

<form-login-page>/logon.jsp</form-login-page> <form-error-page>/logonError.jsp</form-error-page> </form-login-config> </login-config>

  <security-role>   <role-name>bankCustomer</role-name>   </security-role>. . . </web-app>

If the application uses EJBs, you need to configure the EJB deployment descriptors. As with the web.xml con config figura uratio tion, n, the rol roles es def define ined d in the ejb-jar.xml fi file le mu must st be de defi fine ned d in th thee LD LDAP AP database if access is to be granted. JBoss AS forwards user roles with the EJB request for service: <?xml version="1.0" encoding="UTF-8"?> <ejb-jar xmlns="http://java.sun.c xmlns="http://java.sun.com/xml/ns/j2 om/xml/ns/j2ee" ee" version="2.1 version="2.1" "   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml http://java .sun.com/xml/ns/j2ee/ejb /ns/j2ee/ejb-jar_2_1.xsd -jar_2_1.xsd"> ">

Int Integr egrati ating ng JBo JBoss ss AS and LDA LDAP P  

. .   <assembly-descriptor>   <security-role>   <role-name>bankCustomer</role-name>   </security-role>   <method-permission>   <role-name>bankCustomer</role-name>   <method>   <ejb-name>CustomerBean</ejb-name>   <method-name>*</method-name>   </method>   </method-permission> . .   </assembly-descriptor> </ejb-jar>

43

44

Confi Configur gurati ation on and and Integr Integrati ation on

 

Integrating the Web Server to Use LDAP Integrating LDAP with the Web server is simplified by use of the built in LDAP authentication module (auth_ldap (auth_ldap). ). The following examples builds on the sample LDAP configuration used to configure the Duke's Bank application for JBoss AS. You should refer to the auth_ldap auth_ldap documentation  documentation (http://<se (http: //<server rvername> name>.com/ .com/hp_do hp_docs/ap cs/apache/ ache/apach apache.admi e.admin.gu n.guide) ide) for details on how to confi configure gure auth_ldap.. auth_ldap Edit the httpd.conf file, identifying the appropriate modules as shown in the example below. Also include a separate file containing the auth_ldap directives. Sample  file: /opt/hpws/apache/conf/httpd.conf file: /opt/hpws/apache/conf/httpd.conf . . LoadModule ldap_module modules/mod_ldap.so modules/mod_ldap.so LoadModule auth_ldap_module auth_ldap_module modules/mod_auth_ldap.s modules/mod_auth_ldap.so. o. . . Include conf/ldap.conf

You must configure the auth_ldap module to define how to search the LDAP directory and to authenticate and authorize user logins. The following example uses the same LDAP configuration as the one used in the JBoss AS configuration with LDAP (uid 200 and 201 are defined under ou=People, dc=example, dc=com) Sample /opt/hpws/apache/conf/ldap.conf /opt/hpws/apache/conf/ldap.conf file:  file: # Use ldap to protect the manual directory <IfModule !mod_auth_ldap.c>   LoadModule auth_ldap_module auth_ldap_m odule modules/auth_ldap.so modules/auth _ldap.so </IfModule> <IfModule mod_auth_ldap.c>   LDAPSharedCacheFile LDAPSharedCa cheFile logs/ldap_cache logs/ldap_ca che </IfModule> <Location /manual>   AuthName "Restricted Area"   AuthType Basic # AuthLDAPURL should point to your ldap server   AuthLDAPURL ldap://hpdhl217.example.com:1389/ou=People,dc=example,dc=com?uid # AuthLDAPStartTLS on require valid-user </Location>

Activate the changes by starting and stopping the Web server : # /opt/hpws/a /opt/hpws/apache/bin/ap pache/bin/apachectl achectl stop # /opt/hpws/a /opt/hpws/apache/bin/ap pache/bin/apachectl achectl start or startssl

You can check the Web server error log for any errors (/opt/hpws/apache/logs/error_log ). /opt/hpws/apache/logs/error_log).

Integratin Integ rating g the Web Serv Server er to Use LDAP  

Running Multiple JBoss AS Instances on the Same Server The primary consideration when running multiple instances on the same server is whether to assi assign gn a un uniq ique ue IP ad addr dres esss to ea each ch se serv rver er in inst stan ance ce or no not. t. In gene genera rall it is easi easier er to as assi sign gn a di diff ffer eren entt IP address to each server because: • Network Network ffirew irewall all rul rules es are less likely to be iimpacte mpacted d beca because use th thee serv server er port numb numbers ers ar aree consistent across IP addresses. • It is easier easier to mov movee a se server rver iinstan nstance ce to aanothe notherr phys physical ical sserver erver if yo you u wis wish h to do so. • You ca cann nnot ot ha have ve mu multi ltiple ple se serv rver er in inst stan ance cess list listen enin ing g to th thee sa same me TC TCP P an and d UD UDP P po port rt nu numb mber erss with the same IP address. Each instance requires a different set of port numbers if the same IP address is used. This configuration is discussed at the JBoss Wiki at: http://wiki.jboss.org/wiki/Wiki.jsp?page=Configuring iki.jsp?page=ConfiguringMultipleJBossInstancesOnOn MultipleJBossInstancesOnOneMachine eMachine http://wiki.jboss.org/wiki/W HP-UX supports the assignment of multiple IP addresses to a single physical network interface wi with th the the sam con config figura uratio tion n uti utility lity or the ifconfig com comman mand. d. For exa exampl mple, e, ins instea tead d of ass assign igning ing a single address to the interface lan0, you would assign an IP address to lan0:1 and another IP address to lan0:2, as follows: # ifconfig lan0:1 inet 192.168.0.1 netmask 255.255.255.0 # ifconfig lan0:2 inet 192.168.0.2 netmask 255.255.255.0

If these configuration changes are made with the sam utility utility,, they are automatically maintained ac acro ross ss syst system em rebo reboot ots. s. If you you us usee th thee ifconfig comm comman and d to ma make ke th thes esee chan change ges, s, you you mu must st also also update the /etc/rc.config.d/netconf fi update file le so that that th they ey ar aree ma main inta taine ined d ac acro ross ss sy syst stem em re rebo boot ots. s. The JBoss Wiki describes how to assign a different set of TCP/UDP ports to different server instances on the same machine. The process is summarized with an example: • Make sure sure th that at each serv server er inst instance ance y you ou wis wish h to co configu nfigure re has its ow own n direc directory tory rroot oot under under $JBOSS_HOME/server. For example, you can create a new directory instance as follows: # cd $JBOSS_HOME/server # cp -r all node1

•

Modify conf/jboss-service.xml conf/jboss-service.xml (or  (or deploy/binding-service.xml deploy/binding-service.xml in  in Version 4.0.3 and later) uncomment "Service Binding" section and select "ServerName?" value from sample-bindings.xml (for sample-bindings.xml  (for example, ports-01 or ports-02). This "ServerName" must be configured in thejboss-bindings.xml thejboss-bindings.xml file  file and must be unique for each server instance: <!-Service Binding -->-->   <!-==================================================================== <!-- Automatically activated when generating the clustering environment -->   <!-- @TESTSUITE_CLUSTER_CONFIG@ --> <!| Binding service manager for port/host mapping. | This is a sample config that demonstrates a JBoss | instances with a server name 'ports-01' | loading its bindings from an XML file using the ServicesStoreFactory | implementation returned by the XMLServicesStoreFactory. | | ServerName: The unique name assigned to a JBoss server instance for | lookup purposes. This allows a single ServicesStore to handle mulitiple JBoss servers. | StoreURL: The URL string passed to org.jboss.services.binding.ServicesStore | during initialization that specifies how to | connect to the bindings store. | StoreFactory: The | org.jboss.services.binding.ServicesStoreFactory interface | implementation to create to obtain the ServicesStore instance.   --> <mbean code="org.jboss.services.binding.ServiceBindingManager"   name="jboss.system:service=ServiceBindingManager">   <attribute name="ServerName">ports-01</ name="ServerN ame">ports-01</attribute> attribute>   <!--

45

46

Confi Configur gurati ation on and and Integr Integrati ation on

 

  <attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>            

•

--> <attribute name="StoreURL">/etc/jboss-bi name="StoreURL ">/etc/jboss-bindings.xml</att ndings.xml</attribute> ribute> <attribute name="StoreFactoryClassName"> name="StoreFac toryClassName"> org.jboss.services.binding.XMLServicesStoreFactory </attribute> </mbean>

Co Copy py ser servic vicee bin bindin dings gs in the file file  to $JBOSS_HOME/docs/examples/binding-manager/sample-bindings.xml $JBOSS_HOME/docs/examples/binding-manager/sample-bindings.xml to /etc/jboss-bindings.xml  and modify them as appropriate (in the /etc/jboss-bindings.xml and jboss-bindings.xml file). jboss-bindings.xml  file). The following file segment shows the port assignments for server "ports-01":   <!-- ********************************************************** -->   <!-- * ports-01 * -->   <!-- ****************************** *************** ****************************** **************************** ************* -->   <server name="ports-01"> name="ports-01 ">  

<!-- ********************* ************** ******* jboss-service.xml jboss-service.x ml ****************** ************** **** -->

  <service-config name="jboss:service=Naming"delegateClass="org.jboss.services.binding.AttributeMappingDelegate"          

> <delegate-config <delegate-conf ig portName="Port" portName="Port " hostName="BindAddress"> hostName="Bin dAddress"> <attribute name="RmiPort">10005</attribut name="RmiPort"> 10005</attribute> e> </delegate-config> <binding port="10006" host="${jboss.bind.address}"/ host="${jboss. bind.address}"/> >

  </service-config> <service-config name="jboss:service=WebService"   delegateClass="org.jboss.services.binding.AttributeMappingDelegate"   >   <delegate-config <delegate-conf ig portName="Port"/> portName="Port "/>   <binding port="10008"/>   </service-config>                      

<service-config <service-confi g name="jboss:service=invoker, name="jboss:s ervice=invoker,type=jrmp" type=jrmp" delegateClass="org.jboss.services.binding.AttributeMappingDelegate" > <delegate-config <delegate-conf ig portName="RMIObjectPort"/> portName="RMIO bjectPort"/> <binding port="10009"/> </service-config><service-con </service-conf ig><service-config fig name="jboss:service=invoker,t name="jboss:se rvice=invoker,type=pooled" ype=pooled" delegateClass="org.jboss.services.binding.AttributeMappingDelegate" > <delegate-config <delegate-conf ig portName="ServerBindPort"/> portName="Serv erBindPort"/> <binding port="10010"/> </service-config>

 

<!-- ********************* ************** ******* cluster-service.xml cluster-service .xml **************** *************** * -->

           

<service-config <service-confi g name="jboss:service=HAJNDI" name="jboss:s ervice=HAJNDI" delegateClass="org.jboss.services.binding.AttributeMappingDelegate" > <delegate-config <delegate-conf ig portName="RmiPort"/> portName="RmiP ort"/> <binding port="10005"/> </service-config>

  <service-config <service-confi g name="jboss:service=HAJNDI" name="jboss:s ervice=HAJNDI"   delegateClass="org.jboss.services.binding.AttributeMappingDelegate"   >   <delegate-config <delegate-conf ig portName="Port"/> portName="Port "/>   <binding port="10007"/>   </service-config> <service-config> name="jboss:service=invoker,type=jrmpha"</service-config> <!-- ********************* snmp-adaptor.sar ****************** --> <service-config name="jboss.jmx:name=SnmpAgent,service=trapd,type=logger"   delegateClass="org.jboss.services.binding.AttributeMappingDelegate"        

> <delegate-config <delegate-conf ig portName="Port"/> portName="Port "/> <binding port="10018"/> </service-config>

   

<service-config <service-confi g name="jboss.jmx:name=SnmpAge name="jboss.j mx:name=SnmpAgent,service=snmp nt,service=snmp,type=adaptor" ,type=adaptor" delegateClass="org.jboss.services.binding.AttributeMappingDelegate"

Running Runn ing Mult Multiple iple JBos JBosss A AS S Instanc Instances es o on n th thee Same Same Server Server  

  >   <delegate-config <delegate-confi g portName="Por portName="Port"/> t"/>   <binding port="10017"/>   </service-config> <!-- ********************* jbossmq-service.xml **************** --> <!-- JMS relatedservices-->

47

48

Confi Configur gurati ation on and and Integr Integrati ation on

 

3 Load Balancing and Cluster Configuration This chapter describes the JBoss AS and Web serve serverr integration concepts and describes the steps required to successfully configure some of the integration options. The chapter discusses the following topics: • Web Ser Servic vices es Ses Sessio sions ns • Integratin Integrating g the Web Serv Server er and JBoss AS • Horizontal Horizontal Scalin Scaling g of Web and Applica Application tion Serv Servers ers

 Web  W eb Service Servicess Sessi Sessions ons A session is a series of requests to the Web server and the JBoss AS, originating from the same Web browser. Applications use session constructs to keep track of individual users. A large amount of session information may be generated during a session. This information includes a unique session ID, the individual user identification and state information that can include, security information, personal information, status, and so on. For example, during a session, the Web services software may use an online shopping cart to keep track of a customer's potential purchases. If particular shopping items, shopping carts, and session IDs are not all linked together, the wrong items could end up in the wrong cart. Application server software distinguishes users by their unique session IDs. The session ID may  be stored in a Web browser as a cookie, or may be delivered back and forth between the Web  browser, WHTTPS Web eb server, application server throughout the session. In somemay cases, requests made over or and Secure Socket Layer (SSL) connections. These sessions use SSL are information for session identification.

Session Sessi on State Replicati Replication on Fail over and load balancing require the session state to be replicated at different servers in a cluster. Session state replication allows a client to get session information from another server in the cluster when the original server, on which the client established a session, fails. The state can be syste system m sta state te and and/or /or app applic licati ation on state state (ap (appli plicat cation ion sta state te con contai tains ns the obj object ectss and dat dataa sto stored red in an HTT HTTP P ses sessio sion, n, whi while le the syste system m state state con contai tains ns sta status tus of the envir environm onment ent tha thatt the app applic licati ation on is running in). The goal of session replication is to maintain session details if a cluster member  becomes unavailable. Maintaining session persistence in a cluster can be a simple scenario where session information is stored on a single server, while other cluster members are unaware of any of this session information. A cluster can be implemented so that each cluster member is completely aware of the session state sta te of oth other er clu cluste sterr mem member bers, s, wit with h the ses sessio sion n sta state te per period iodica ically lly pro propag pagate ated d to all (or prefer preferabl ably y, one or two) cluster members. This type of session is known as a replicated session. There are three ways to implement replicated session persistence: • Memory-toMemory-to-memor memory y repl replicatio ication, n, wh where ere the individ individual ual o objects bjects in the sess session ion ar aree seri serialized alized to a backup server (or servers) as they change. • File syste system m repli replication cation,, whe where re ses session sion infor informatio mation n is w written ritten to and read ffrom rom a centralized centralized file system. • Database Database rreplicat eplication, ion, where sess session ion data data iiss sto stored red in in a rrelatio elational nal d databas atabase. e. Database and file system replication limit scalability when storing large or numerous objects in the session. Every time a user adds an object to the session, all of the objects in the session are serialized and written to the database or shared file system.

Web Ser Servic vices es Ses Sessio sions ns  

There are cas There cases es wh where ere se sess ssion ion da data ta is not not nec necess essari arily ly rep replic licate ated. d. In the these se sess session ions, s, all Web re requ quest estss are directed to the same Web or application server by load balancing hardware or software. These sessions are referred to as sticky sessions or session affinity.

Session Replication in Tomcat Session replication in the Tomcat server is an all-to-all replication of session state, meaning the sessio ses sion n att attrib ribute utess are pro propag pagate ated d to all clu cluste sterr mem member bers, s, all of the tim time. e. Thi Thiss alg algori orithm thm is eff effici icient ent with small clusters. There are three types of session replication mechanisms in Tomcat: • •

•

Using in-me in-memory mory replic replication ation,, wi with th the Simple SimpleT TcpClu cpCluster ster (in the org.apache.catalina.cluster.tcp package) that ships with Tomcat 5 (in server/lib/catalina-cluster.jar)) server/lib/catalina-cluster.jar Saving Saving the se session ssion to a sha shared red dat database abase ((org. org.apach apache.cata e.catalina.s lina.sessio ession.JDB n.JDBCStor CStore). e). Fo Forr more information, see the server.xml server.xml directive  directive <StoreclassName="org.apache.catalina.session.JDBCStore">. Saving Saving the se session ssion state tto o a shar shared ed file ssystem ystem (org. (org.apach apache.cata e.catalina.s lina.sessio ession.Fil n.FileStore eStore,, part of catalina-optional.jar catalina-optional.jar). ).

By default, the Tomcat server, bundled with the JBoss AS, uses in-memory replication of HTTP session data when JBoss AS clustering is turned on.

 JBoss AS Cluste Clustering ring  JBoss AS clustering is enabled, automatically automatically,, when you install the full version of JBoss AS. Clustering is enabled in the all  instance of the server software. The cluster configuration is all instance defined in the file cluster-service.xml cluster-service.xml file  file in the <instance>/deploy <instance>/deploy directory.  directory. Other than configuring the cluster-service.xml cluster-service.xml file  file and starting the all all instance  instance of the server serv er,, no addi addition tional al clus cluster ter conf configur iguratio ation n is requ required ired.. The defa default ult con configu figurati ration on use usess the JGro JGroups ups service to automatically detect other JBoss AS servers, on the same LAN segment, with which it can form a cluster. Also, any application (packaged as a .war, .sar, or .ear) deployed to the  group is automatically deployed to all servers in the cluster. <instance>/farm group <instance>/farm The cluster-service.xml cluster-service.xml file  file provides configuration for clustering of: • HTTP Sess Sessions ions via the Tomcat Servle Servlett Cont Container ainer • Session Session and Entity Enter Enterprise prise Jav Javaa Beans (EJBs (EJBs)) • Java Java Namin Naming g and Direc Directory tory Interf Interface ace (JNDI ) Servic Services es  JBoss recommends avoiding clustering entity y beans b because ecause of potential data synchronization issues between hosts. of EJB2.0 entit The JNDI naming service plays a key role in JEE applications, providing the infrastructure used to loc locate ate obj object ectss or se servi rvices ces wit within hin JBo JBoss ss AS. The Hig High h Availa vailabil bility ity JND JNDII (HA (HA-JN -JNDI) DI) servi service ce kee keeps ps track of cluster-wide services, and helps maintain a distinction between cluster bound services and those that are not cluster bound. The cluster-service.xml  file provides additional configuration options that allow you to cluster-service.xml file limit a cluster by specifying a cluster partition name and/or specifying which remote hosts can form for m the clu cluste sterr. You can als also o spe specif cify y cac cache he rep replica licatio tion n pol polici icies es for propag propagati ating ng sta state te inf inform ormati ation on to the nodes in a cluster. For more information about JBoss AS clustering, JBossCache, and JGroups Services see the the JBoss  JBoss 4 Application Server Guide. Guide.

Integrating the Web Server and JBoss AS Theree are Ther are a nu numb mber er of op opti tion onss av avai aila labl blee to in inte tegr grat atee th thee Web serv server er an and d th thee JB JBos osss AS AS.. Th Thee pr prim imar ary y reasons for integrating JBoss and the Web server are:

49

50

Load Bala Balancing ncing and Clus Cluster ter Configura Configuration tion

 

•

•

•

You can in integrat tegratee them in ssuch uch a w way ay that ffocus ocuses es on th thee streng strengths ths of eeach ach ser server ver.. The W Web eb server is well suited and more efficient at providing static Web content while the JBoss AS is an excellent tool for providing dynamic Web content with JEE application services. With With the add addition ition o off a jav javaa conn connector ector m module odule ((mod_ mod_jk) jk) th thee W Web eb serv server er can be u used sed to lo load ad  balance requests to several JBoss AS servers. While other more efficient load balancing techniques exist, this approach offers the advantage of not having to incorporate load  balancing hardware or configure complex load balancing software. If us user er au auth then enti tica cati tion on an and d au auth thor oriz izat atio ion n is to be pe perf rfor orme med, d, an and d JB JBos osss AS an and d th thee Web serv server er are integrated, JBoss AS is well suited for providing these services because it offers built-in role-based access control.

Content Directed Integrati Integration on The simplest way to integrate JBoss AS and the Web server is to let the content define the integration. If a user is served up a page from JBoss AS that contains static content, such as embedded images, then the URL for the static content should point to a Web server. Likewise, a static Web page may contain links to content that is served in JBoss AS. The in The inte tegr grat atio ion n occu occurs rs wh when en th thee cont conten entt is de deliv liver ered ed to th thee Web clien clientt as illus illustra trated ted in Fig Figure ure 3-1 3-1.. No special JBoss or HP Web Server Suite configuration is required for this integration.

Figure 33-1 1 Content Directed Integration

 Tomcat  Tomc at

    l   o   c    t  o   r  o    P      t  p    t    H

JBoss Application Server

Web Client H    t    t     p    P    r    o  t    o  c    o  l    

Apache Web Server

In this configuration, when a user authorization and authentication policy is required, it should  be implemented in the JBoss AS because JBoss AS and JEE make use of role-based security security.. This allows deployment of applications that use more fine grained privileges. Users with specified roles can access resources for which these roles are enabled. If the JBoss AS and Web servers are operating in a hostile Web client environment they should  be secured by disabling unnecessary services, and implementing reasonable system security policies. HP-UX 11i provides a number of tools to help with this: • HP-UX HP-UX IPF IPFilter ilter ffor or net network work lockd lockdown own th that at bloc blocks ks un undesira desirable ble net network work traff traffic. ic. • HP-UX HP-UX Bastil Bastille le for syst system em lockd lockdown own policy enfor enforcemen cement. t. • HP-UX HP-UX Secu Security rity C Contai ontainment nment for im implemen plementing ting rrole-ba ole-based sed aaccess ccess contr controls ols and and pro providing viding a secure environment for the Web services components.

Integrating Integr ating the Web Serv Server er and JBoss AS  

• •

Security Security P Patch atch Ch Check eck for ensur ensuring ing the H HP-UX P-UX o operatin perating g sys system tem is up to to date w with ith sec security urity patches. OpenSSL OpenSSL fo forr pro providing viding encry encrypted pted H HTTP TTP co commun mmunication icationss wit with h the Web cli client. ent.

 Apache Directed Content Integration Anotherr int Anothe integ egrat ration ion app appro roach ach is to acc access ess all con conten tentt thr throu ough gh the Web ser serve verr. Thi Thiss is usefu usefull whe when: n: • The The Web se serv rver er is in a per perim imete eterr ne netw twor ork k es estab tablis lishe hed d to ho hous usee pu publi blicc servi services ces,, bu butt ma maint intain ained ed outside of the internal, protected network (this is known as a demilitarized zone (DMZ)). Since a DMZ is open to allow public access to services, it is considered less secure than the internal, protected network and access to the application is mediated by the Web server. • The Web Web clien clientt will onl only y acces accesss the ad address dress of the W Web eb serv server er.. The app applicatio lication n serv server er and its associated database server are deployed behind a firewall. • The The us user er au auth thor oriz izat atio ion n an and d au auth then enti tica cati tion on se secu curi rity ty po poli licy cy is im imple pleme ment nted ed in th thee Web serv server er.. The Web server may or may not use encryption for HTTP communications between the Web client and the Web server. • The Web Web serv server er sys system tem is h highly ighly ssecure ecure aand nd is loc locked ked do down wn to mi minimize nimize the like likelihoo lihood d of a security breach. If an intrusion or attack does occur, the Web server is sufficiently isolated from the rest of the system to minimize the damage. • mod_jk mod_jk is pr primaril imarily y use used d to co connect nnect the W Web eb ser server ver to JBos JBosss AS, tthrou hrough gh the embedd embedded ed Tomcat server, but may be used to load balance connections to several JBoss AS servers. 3-2 shows the integration of JBoss AS through the Web server with the mod_jk module. Figure 3-2 shows

Figure Figu re 3-2 3-2 Apache Directed Directed Integr Integration ation

 Web Client

Http Protocol

 Apache  Web Server

Mod  JK

 AJP Protocol Protocol

 AJP Connector

Tomcat

 JBoss  Application  Applica tion Server

Horizontal Scaling of Web and Application Servers Horizontal scaling involves configuring multiple servers, with each running either the Web or application server software, and distributing the work across multiple servers. Vertical scaling involves adding multiple instances of an application to a single server and distributing the workload among the instances of the application. Horizontal scaling provides increased throughput and provides failover support. This topology lets you handle application server process failure and hardware failure without significant interruption to client services. In a hor horizo izontal ntally ly sca scaled led conf configu igurati ration, on, you you can use diff differen erentt load bala balancin ncing g tech techniqu niques es to opti optimize mize the distribution of client requests: • Hardware Hardware loa load d balan balancing, cing, w where here y you ou add aan n additi additional onal sserver erver tto o act as tthe he load balanc balancer er.. • Domain Domain Nam Namee Sys System tem (D (DNS), NS), w where here lo load ad bala balancing ncing is pro provided vided b by y sof softwa tware re inc included luded with the HP-UX operating system. • Apache Apache mod_ mod_jk, jk, w where here lload oad ba balancin lancing g is p provide rovided d by a ssoftw oftware are mo module dule iinclud ncluded ed with the HP Web Server Suite. The following sections provide information about each of these load balancing techniques.

51

52

Load Bala Balancing ncing and Clus Cluster ter Configura Configuration tion

 

Hardware Load Balancing In very high traffic situations, a hardware load balancer may provide the best performance. Figure 3-3 (page 53) 53) illustrates  illustrates a hardware load balancer distributing client requests to a farm of two JBoss AS servers.

Figure Figu re 3-3 Hard Hardwar waree Load Load Balancing Balancing JBoss  Tomcat  Tomc at

Application Server

 Tomcat  Tomc at

JBoss Application Server

    l   o   c    t  o   r  o    P      t  p    t    H

Web Client

Http Protocol

Hardware Load Balancer H    t    t     p    P    r    o  t    o  c    o  l    

Typically the hardware load balancer is configured with a virtual IP address. When a Web client requests a Web service, the load balancer translates the virtual IP address into the address of one of the JBoss AS servers. The request is passed on to a JBoss AS server based on the translated ad addre dress ss an and d bas based ed on an alloc allocati ation on po polic licy y. Th Thee all alloc ocati ation on po polic licy y ca can n de defin finee the min minim imum um re respo spons nsee time required by the server, the number of requests allowed to a server, the server weight, and so on. The load balancer will typically not route requests to a JBoss AS server that is unavailable. In practice, you may have many servers, each serving the same Web session, or one server, in the farm, serving a complete Web session. When configuring any load balancer, consideration must be given to storage of session inform inf ormatio ation. n. If mul multipl tiplee ser serve vers rs ser serve ve a ses sessio sion, n, the they y mus mustt hav havee acc access ess to the ses sessio sion n inf inform ormati ation. on. This information must be stored, updated, and made available to each of the servers serving the session. When a single application server serves a Web session, the session state information can  be stored on the server serving the Web session.

Domain Name System (DNS) Round-Robin Load Balancing DNS rou roundnd-robi robin n load bala balancin ncing g pro provide videss loa load d bala balancin ncing g with without out requ requirin iring g addi addition tional al har hardw dware are.. With DNS round-robin we assign the IP address of several JBoss AS servers to a virtual server na name me,, such such as ww www w.m .mys yser ervic vice. e.co com. m. Wh When en a Web cl clien ientt re requ ques ests ts a Web re reso sour urce ce fr from om th thee virt virtua uall server name, DNS assigns one of the IP addresses through the DNS named server. Subsequent requests to DNS to resolve the virtual server name are assigned another IP address in a round-robin fashion until all the available addresses have been assigned. In theory, theory, the JBoss AS servers will be equally loaded because incoming Web service requests will be evenly distributed among them. Figure 3-4 (page 54) 54) shows  shows an example of a DNS load balancing configuration.

Horizontal Horiz ontal Scal Scaling ing of Web and App Applica lication tion Serv Servers ers  

Figure Figu re 3-4 DNS Load Balancin Balancing g

Tomcat

   l  o  c    o o   t  o    P   r o   t  p    H  t

 JBoss  Application Server

 Web Client H    t   p   t    P    r  o  t  o  c  o  l   

D  N    S    B    i    n  d     P    r  o  t  o  c  o  l   

Tomcat

 JBoss  Application Server

D  B     N    e  t  w   o r   k    P    r  o  t  o  c  o  l   

   l  o  c  o   o   t  o   r o    P      k  o  r   w   e  t    N    B     D

Database Server

DNS (Bind Server)

When compared to hardware load balancing, there are several potential shortfalls when using a DNS load balancing configuration: • The DNS named sserver erver do does es not consider the status o off the JBoss AS serv servers ers when it resolves the virtual server name. It is possible that requests may be routed to a server that is very  busy or is no longer available. • The The DN DNS S na name med d se serv rver er ha hass no no noti tion on of a stic sticky ky sess sessio ion. n. Subs Subseq eque uent nt re requ ques ests ts fr from om th thee sa same me client to resolve the virtual server name will likely receive a different IP addresses. This will cause cau se pro proble blems ms if the app applic licati ation on is kee keepin ping g ses sessio sion n sta state te inf inform ormati ation on on the JBo JBoss ss AS ser serve verr. The application will not work properly because subsequent client requests will be routed to dif diffe fere rent nt se serv rver erss un unle less ss th thee JB JBos osss AS se serv rver er ta take kess st steps eps to pr prop opag agat atee th thee st stat atee info inform rmat atio ion. n. In general, approaches to propagate state information do not scale well and may defeat the advantages gained by using a server farm. In a DNS load balancing configuration, applications must not store state information in the JBoss AS, unless it is propagated. Note that Figure that Figure 3-4 3-4 shows  shows a single database server. All session data must be written to the database server or returned in an HTTP session cookie or URL encoded query string, to the client, with each request. All JBoss AS servers must share the same database server, or the database must instantly replicate session state data to all database servers used by the farm. •

The Web Web clien clientt often ccaches aches the IP ad address dress retur returned ned by th thee DNS. T This his res resolve olvess the sti sticky cky session problem, but it also means that the client will not respond to changes in the DNS round-robin configuration in a timely manner. In addition, the same client will not load  balance over several JBoss AS servers, but will always use the same server until the DNS to IP address cache is flushed. You can use techniques to reduce or eliminate the time a name

53

54

Load Bala Balancing ncing and Clus Cluster ter Configura Configuration tion

 

spends in the name cache, but flushing the cache more frequently puts a larger load on the DNS name server as more requests are forwarded to it.

Load Balancing With Apache mod_jk The Apache mod_jk module is a plug-in that handles the communication between Tomcat and the HP-UX Apache-based Web server. Load balancing with mod_jk eliminates many of the limitations of DNS Round-Robin load balancing and does not require any additional hardware. Load balancing with mod_jk is illustrated in Figure in  Figure 3-5 3-5.. The mod_jk module is set up to load  balance between several JBoss AS servers. In most cases, the Web server would handle the static data and distribute dynamic content to the JBoss AS servers.

Figure Figu re 3-5 Load Balancin Balancing g With With m mod_jk od_jk

 AJP Connector

Tomcat

 JBoss  Application Server

 AJP Connector

Tomcat

 JBoss  Application Server

   l  c o  o   o   t   r o    P      P   J   A

 Web Cl Client ient

Http Protocol

 Apache

Mod

 Web Server

 JK

 A    J    P    P  r   o t   o c   o l   

When configuring mod_jk load balancing, you can: • Ensure Ensure th that at req requests uests are n not ot ro routed uted to a machin machinee tha thatt is n not ot res respondin ponding. g. • Set up roun round-rob d-robin, in, or weig weighted hted ro round-r und-robin obin tto o rou route te requ requests ests tto o a se server rver.. • Route Route all re reques quests, ts, fr from om the same sess session, ion, to to the ssame ame se server rver ((stick sticky y ses session sion). ).

DNS Load Balancing Configuration Example This sec This sectio tion n des descri cribes bes ho how w to con config figur uree DN DNS S Ro Roun und d Rob Robin in loa load d bal balan ancin cing g an and d pro provid vides es exa examp mples les of the files you must create and modify when setting up this configuration. This exa This exampl mplee use usess the hosts_to_named uti utilit lity y to con conve vert rt the /et /etc/h c/host ostss file file int into o the app approp ropria riate te Internet domain name server (named) (named) configuration files. The goal is to configure a virtual host name with multiple addresses, so that each time a client makes a request to the host name, the client receives a different address, in round-robin order. The steps to configure DNS Round-Robin are: host ost name. 1.   Configure named with the virtual server h 2.   Tune the DNS cache. For more information, see the named(1m), named.conf(4) manpages, and the HP-UX the  HP-UX IP Address http://docs.hp.com/en/B2355-90775/index.html). ). and Client Management Administrator's Guide ( Guide  (http://docs.hp.com/en/B2355-90775/index.html

Horizontal Horiz ontal Scal Scaling ing of Web and App Applica lication tion Serv Servers ers  

Configure named With the Virtual Server Hostname This con This config figur urati ation on exa exampl mplee use usess a dom domain ain nam namee ser serve verr fo forr the dom domain ain tes test.n t.name ameX.e X.exam xample ple.co .com. m. In that domain we have a virtual hostname specj.test.nameX.example.com that may use one of the fol follow lowing ing add addres resses ses:: 10. 10.10. 10.118 118.23 .230, 0, 10. 10.10. 10.118 118.23 .231, 1, or 10. 10.10. 10.118 118.23 .232. 2. Eac Each h of the these se thr three ee add addres resses ses is also assigned to another server. For instance 10.10.118.230 is bound to the name hpdhl230-2.test.nameX.example.com. Use the following steps to configure named with the virtual hostname: 1.   Update the local /etc/hosts /etc/hosts file  file with the names of the individual servers in the server farm, and with the virtual hostname. Note that in the example we assign three separate addresses to the virtual hostname. The example /etc/hosts  file follows: /etc/hosts file 127.0.0.1 localhost loopback 172.16.118.67 172.16.118.6 7 hptem270.nam hptem270.nameX.example.c eX.example.com om hptem270 # 10.10.118.67 hptem270.test.nameX.example.com hptem270.test 10.10.118.230 10.10.118.23 0 specj.test.n specj.test.nameX.example ameX.example.com .com specj.test 10.10.118.231 10.10.118.23 1 specj.test.n specj.test.nameX.example ameX.example.com .com specj.test 10.10.118.232 10.10.118.23 2 specj.test.n specj.test.nameX.example ameX.example.com .com specj.test 10.10.118.208 10.10.118.20 8 hpdhl208.tes hpdhl208.test.nameX.exam t.nameX.example.com ple.com hpdhl208.tes hpdhl208.test t 10.10.118.209 10.10.118.20 9 hpdhl209.tes hpdhl209.test.nameX.exam t.nameX.example.com ple.com hpdhl209.tes hpdhl209.test t 10.10.118.211 10.10.118.21 1 hpdhl211.tes hpdhl211.test.nameX.exam t.nameX.example.com ple.com hpdhl211.tes hpdhl211.test t 10.10.118.212 10.10.118.21 2 hpdhl212.tes hpdhl212.test.nameX.exam t.nameX.example.com ple.com hpdhl212.tes hpdhl212.test t 10.10.118.214 10.10.118.21 4 hpdhl214.tes hpdhl214.test.nameX.exam t.nameX.example.com ple.com hpdhl214.tes hpdhl214.test t 10.10.118.230 10.10.118.23 0 hpdhl230.tes hpdhl230.test.nameX.exam t.nameX.example.com ple.com hpdhl230.tes hpdhl230.test t 10.10.118.231 10.10.118.23 1 hpdhl231.tes hpdhl231.test.nameX.exam t.nameX.example.com ple.com hpdhl231.tes hpdhl231.test t 10.10.118.23 10.10.118.232 2 hpdhl232.tes hpdhl232.test.nameX.exam t.nameX.example.com ple.com hpdhl232.tes hpdhl232.test t # 10.10.119.67 hptem270-2.test.nameX.example.com hptem270-2.test 10.10.119.230 10.10.119.23 0 hpdhl230-2.t hpdhl230-2.test.nameX.ex est.nameX.example.com ample.com hpdhl230-2.t hpdhl230-2.test est 10.10.119.231 10.10.119.23 1 hpdhl231-2.t hpdhl231-2.test.nameX.ex est.nameX.example.com ample.com hpdhl231-2.t hpdhl231-2.test est 10.10.119.232 10.10.119.23 2 hpdhl232-2.t hpdhl232-2.test.nameX.ex est.nameX.example.com ample.com hpdhl232-2.t hpdhl232-2.test est # 172.16.118.66 172.16.118.6 6 spec-mysql.t spec-mysql.test.nameX.ex est.nameX.example.com ample.com spec-myql.te spec-myql.test st 172.16.118.4 ple.cospec-myql.testspec-mysql.test.nameX.exam

In the example /etc/hosts /etc/hosts file,  file, two subnets will be used for our configuration: • Add Addres resses ses beg beginn inning ing wit with h 10. 10.10. 10.** • Addres Addresses ses begin beginning ning with 172.1 172.16.118 6.118** The con config figura uratio tion n onl only y use usess dom domain ain nam names es tha thatt are in the dom domain ain:: tes test.n t.name ameX.e X.exam xample. ple.com com 2.   Generate the named  configuration files in the /usr/local/domain  directory: named configuration /usr/local/domain directory: # mkdir /usr/local/domain /usr/local/domain # cd /usr/local/domain /usr/local/domain # hosts_to_nam hosts_to_named ed -d test.nameX.e test.nameX.example.com xample.com -n 10.10 -n 172.16. 118

The system displays the following information: Translating /etc/hosts to lower case ... Collecting network data ... 10.10 172.16.118 Creating list of multi-homed hosts ... Creating "A" data (name to address mapping) for net 10.10 ... The following names were left out of the database: hptem270.test (name not in test.nameX.example.com) specj.test (name not in test.nameX.example.com) . . hpdhl230-2.test (name not in test.nameX.example.com) hpdhl231-2.test (name not in test.nameX.example.com) hpdhl232-2.test (name not in test.nameX.example.com) Creating "PTR" data (address to name mapping) for net 10.10 ... Creating "A" data (name to address mapping) for net 172.16.118 ... The following names were left out of the database: spec-myql.test (name not in test.nameX.example.com) spec-myql.test (name not in test.nameX.example.com)

55

56

Load Bala Balancing ncing and Clus Cluster ter Configura Configuration tion

 

The following lines were left out of the database: 172.16.118.67 hptem270.nameX.example.com hptem270 (first name not in test.nameX.example.com) Creating "PTR" data (address to name mapping) for net 172.16.118 ...Creating "MX" (mail exchanger) data ... Building default named.boot file ... Building default db.cache file ... WARNING: db.cache must be filled in with the name(s) and address(es) of therootserver(s) Building default boot.cacheonly for caching only servers ... done

you u are are us usin ing g DN DNS S forw forwar arde ders rs to re reso solv lvee na name mess an and d ad addr dres esse sess th that at th thee lo loca call na name med d serv server er 3.   If yo cannot resolve, you must update themust db.cache filethe with the forwarders names. In our case we are using two forwarders so we update db.cache as db.cache  as follows: ; FILL IN THE NAMES AND ADDRESSES OF THE ROOT SERVERS ; ; . 99999999 IN NS root.server. ; root.server. 99999999 IN A ??.??.??.?? . 99999999 IN NS namX-resolver.nameX.test.net. namX-resolver.nameX.test.net. 99999999 IN A 172.243.128.51 . 99999999 IN NS namY-resolver.nameY.test.net. namY-resolver.nameY.test.net. 99999999 IN A 172.243.160.51

4.   Update the options ssection ection of the named.conf file: • Specify Specify a forw forwarders arders direct directive ive if fforw orwarders arders are being used. • Specify Specify the rrrsetrset-order order direct directive ive sso o that equal priori priority ty MX rrecord ecordss are returned returned in round-robin order instead of random order: # # type domain source file # options { directory "/usr/local/domain"; "/usr/local/domain"; forwarders { 172.243.128.51; 172.243.160.51; }; rrset-order { order cyclic; }; }; zone "0.0.127.IN-ADDR.ARPA" "0.0.127.IN-ADDR.ARPA" {   type master; file "db.127.0.0"; }; zone "test.nameX.example.com "test.nameX.example.com" " { type master; file "db.test"; }; zone "10.10.IN-ADDR.ARPA" { type master; file "db.10.10"; }; zone "118.16.172.IN-ADDR.ARPA" { type master; file "db.172.16.118"; }; zone "." {   type hint;   file "db.cache"; };

5.   Start or restart the named named server.  server. • Sto Stop p the cur curren rently tly run runnin ning g ser server ver::

Horizontal Horiz ontal Scal Scaling ing of Web and App Applica lication tion Serv Servers ers  

# ps -eax | grep -v grep | grep named | read pid restofline # (($?==0)) && kill $pid

Start the the named named server:  server:

•

# named -c /usr/local/d /usr/local/domain/named. omain/named.conf conf

Configure the /etc/rc.config.d/namesvrs /etc/rc.config.d/namesvrs file  file so that the named server starts au auto toma matic tical ally ly wh when en th thee syst system em is star starte ted. d. Set Set the the va varia riable ble NA NAME MED D to 1, an and d th thee ap appr prop opri riat atee value for NAMED_ARGS: NAMED=1 NAMED_ARGS="-c /usr/local/domain/named.conf"

Configure the DNS Cache TTL Value To address the problem of DNS clients caching the virtual server name, change the time-to-live (TTL) parameter for the virtual server name in the DNS configuration file. Changing the TTL parameter does not guarantee that your Web client will honor this number. Older versions of Microsoft Internet Explorer and Mozilla Firefox cache DNS server names, ignoring the DNS TTL value. Internet Explorer, version 6.0 and later is reported to now respect the TTL value. Later versions of Firefox are reported to cache entries for 1 minute by default. When you configure the DNS TTL value, you can change the value for all servers, or change the value for the virtual name. The following examplebychanges thethe DNS TTL value for thefile virtual server name. server The value is changed to 60 seconds updating zone configuration (/usr/local/domain/db.test /usr/local/domain/db.test). ). $TTL

60

@  (            

IN

SOA

hptem270.test.nameX.ex hptem27 0.test.nameX.example.com. ample.com. root.hptem270.test.nameX.exam root.hptem270. test.nameX.example.com. ple.com.

NS

2 ; Serial 10800 ; Refresh every 3 hours 3600 ; Retry every hour 604800 ; Expire after a week 60 ) ; Minimum ttl of 1 day hptem270.test.nameX.example.co hptem270.test.n ameX.example.com. m.

localhost hptem270 specj specj specj

IN IN IN IN IN

A A A A A

127.0.0.1 10.10.118.67 10.10.118.230 10.10.118.231 10.10.118.232

hpdhl208 hpdhl209 hpdhl211 hpdhl212 hpdhl214 hpdhl230 hpdhl231 hpdhl232 hptem270-2 hpdhl230-2 hpdhl231-2 hpdhl232-2 hpdhl208 hpdhl209 hpdhl211 hpdhl212 hpdhl214 hpdhl230 hpdhl230-2 hpdhl231 hpdhl231-2 hpdhl232 hpdhl232-2 hptem270 hptem270-2 specj

IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN

A A A A A A A A A A A A MX MX MX MX MX MX MX MX MX MX MX MX MX MX

10.10.118.208 10.10.118.209 10.10.118.211 10.10.118.212 10.10.118.214 10.10.118.230 10.10.118.231 10.10.118.232 10.10.119.67 10.10.119.230 10.10.119.231 10.10.119.232 10 hpdhl208.test.nameX.example.c hpdhl208.test. nameX.example.com. om. 10 hpdhl209.test.nameX.example.c hpdhl209.test. nameX.example.com. om. 10 hpdhl211.test.nameX.example.c hpdhl211.test. nameX.example.com. om. 10 hpdhl212.test.nameX.example.c hpdhl212.test. nameX.example.com. om. 10 hpdhl214.test.nameX.example.c hpdhl214.test. nameX.example.com. om. 10 hpdhl230.test.nameX.example.c hpdhl230.test. nameX.example.com. om. 10 hpdhl230-2.test.nameX.example.com. 10 hpdhl231.test.nameX.example.c hpdhl231.test. nameX.example.com. om. 10 hpdhl231-2.test.nameX.example.com. 10 hpdhl232.test.nameX.example.c hpdhl232.test. nameX.example.com. om. 10 hpdhl232-2.test.nameX.example.com. 10 hptem270.test.nameX.example.c hptem270.test. nameX.example.com. om. 10 hptem270-2.test.nameX.example.com. 10 specj.test.nameX.example.com. specj.test.nam eX.example.com.

IN

57

58

Load Bala Balancing ncing and Clus Cluster ter Configura Configuration tion

 

Note that setting the TTL value to zero is not recommended because it can, in theory, cause problems with the DNS proxy servers. It is very common to set the TTL to a small value, such as 5 minutes, because many Web clients use DHCP and must react fairly quickly to changes in their IP address allocation. After changing the TTL value, restart the named  server as described in the previous section. named server

Disable the Java DNS Cache  Java 1.5 does not respect the DNS TTL value you set in the zone configuration file. If you are running your Web client in a JVM, you need to specify your own TTL value. By default, Java caches DNS addresses indefinitely. To disable DNS caching, start the JVM with the following properties: networkaddress.cache.ttl=0 sun.net.inetaddr.ttl=0 The command format is: # java -D networkaddress.cache.ttl=0 -D sun.net.inetaddr.ttl=0...

Using DNS Round Robin With JBoss AS If you are using DNS Round Robin to load balance across a farm of JBoss AS servers, you cannot store state information on the JBoss AS server unless you replicate the state information to the other servers in the farm. For instance, this means that the JEE features Stateful Session Bean EJB and the HttpSession Objects in the Tomcat Servlet Container of JBoss cannot be used. To work around this problem, use JBoss Cache with Tomcat to replicate the session state information. However, any object stored with the session must implement the serializable interface. JBoss Cache and HTTPSession replication are automatically configured with the JBoss all instance configuration. For more information, see the JBoss the  JBoss 4 Application Server Guide. In general clustering provides your application with JBoss AS server failover capabilities, but it requ requir ires es syst system em an and d ne netw twor ork k re reso sour urce cess to im impl plem emen ent, t, an and d ma may y no nott sc scal alee ou outt as serv server erss ar aree ad adde ded d to the cluster farm.

 Apache mod_jk Confi Configurati guration on Example In order to configure mod_jk load balancing with JBoss AS you must complete the following steps: • •

Configur Configuree mo mod_jk d_jk load balan balancing cing with the Web sserve erver. r. Configure the JBos JBosss AS embedded T Tomcat omcat server to w work ork with the W Web eb serv server er and mod_jk.

Configuring the Web Server and mod_jk NOTE:   This configuration requ requires ires mod_jk version 1.2.10 or later, available with the HP W Web eb Server Suite version 2.11. To configure load balancing with mod_jk, for the Web server, do the following: ollowing line to the /opt/hpws/apache/conf/httpd.conf /opt/hpws/apache/conf/httpd.conf file:  file: 1.   Add the ffollowing Include Includ e conf/m conf/mod_jk. od_jk.conf conf /opt/hpws/apache/conf/mod_jk pt/hpws/apache/conf/mod_jk.conf .conf file to specify which URLs should be load 2.   Edit the /o  balanced. The following sample mod_jk.conf file will load balance all URLs starting with /crime, /bookstore1, /bank, and /jmx-console.  Sample mod_jk configuration file <IfModule !mod_jk.c> LoadModule jk_module /opt/hpws/apache/module /opt/hpws/a pache/modules/mod_jk.so s/mod_jk.so </IfModule>

Horizontal Horiz ontal Scal Scaling ing of Web and App Applica lication tion Serv Servers ers  

JkWorkersFile /opt/hpws/ap JkWorkersFile /opt/hpws/apache/conf/wo ache/conf/workers.proper rkers.properties ties JkLogFile /opt/hpws/apache/logs/jk /opt/hpws/apache/logs/jk.log .log JkLogLevel info JkMount /bookstore1 router JkMount /bookstore1/* router JkMount /bank router JkMount /bank/* router JkMount /crime router JkMount /crime/* router JkMount /jmx-console router JkMount /jmx-console/* router <Location /jkstatus/> JkMount status Order allow,deny Allow from all </Location>

3.   Edi Editt the the /opt/hpws/apache/conf/workers.properties file file to spe specif cify y whi which ch mac machin hines es wi will ll lo load ad bala balanc ncee th thee UR URLs Ls spec specif ifie ied d in the the mod_jk.conf file. file. The fol follow lowing ing exa exampl mplee show showss the contents of a workers.properties file that will load balance between two nodes: workers.properties workers.tomcat_home=/op workers.properties workers.tomcat_home=/opt/hpws/tomca t/hpws/tomcat t workers.java_home=/opt/java1.4 ps=/ # # worker.node1.port=8009 worker.node1 .port=8009 worker.node1.host=hpdhl worker.node1.host=hpdhl207.nameX.ex 207.nameX.example.com ample.com worker.node1.type=ajp13 worker.node1.lbfactor=1 worker.node1.cachesize=10 worker.node2.port=8009 worker.node2 .port=8009 worker.node2.host=hpdhl worker.node2.host=hpdhl221.nameX.ex 221.nameX.example.com ample.com worker.node2.type=ajp13 worker.node2.lbfactor=1 worker.node2.cachesize=10 worker.router.type=lb worker.router.balance_wo worker.route r.balance_workers=node1, rkers=node1,node2 node2 worker.route worker.router.sticky_ses r.sticky_session=1 sion=1 worker.status.type=statu worker.statu s.type=status s worker.list=router,statu worker.list=router,status s

Configuring JBoss AS and mod_jk The following steps are required to configure the JBoss AS embedded Tomcat server on each of the application server systems (hpdhl207 for node1 and hpdhl221 for node2): 1.   Modify the file /opt/jboss<ve /<instance>/deploy/jbossweb-tomcat55.sar/META-INF/jbos setting UseJKrsion>/server to true: <attribute_name="UseJK">true</attribute> <attribute_name="UseJK">true</attribute>. . s-service.xml , 2.   Modify the file /opt/jboss<version>/server/<instance>/deploy/jbossweb-tomcat55.sar/server.xml.. /opt/jboss<version>/server/<instance>/deploy/jbossweb-tomcat55.sar/server.xml Add a jvmRoute argument to the Engine directive. Make sure that the nodename tag used matches one of the nodenames specified in the mod_jk workers.properties workers.properties file.  file. For example, on the node representing node1(hpdhl207) include the following jvmRoute argument to the engine directive: <Engine directive: <Engine name="jboss.web" jvmRoute="node1" default-Host="localhost">.. default-Host="localhost">

59