Release Notes
JBoss Operations Network 3.0.1
for release information
Copyright © 2012 Red Hat, Inc
March 18, 2012
Abstract
These release notes contain important information about fixed bugs, known issues, and other technical notes available at the time that JBoss Operations Network 3.0.1 was released.
JBoss Operations Network 3.0.1 is a bug fix release which addresses numerous issues from JBoss ON 3.0.
1. Notable Changes in 3.0.1
While JBoss ON 3.0.1 is primarily a bug fix release, there have been some changes in JBoss ON functionality related to those bug fixes and that address recent security updates.
1.1. Improved Version and Package Management
Packages are uniquely identified in JBoss ON based on their version number Before JBoss ON 3.0.1, the method to calculate the package version ID number was a combination of the package name and the package version, where the package version could be derived from the package manifest or from a user-supplied value. However, this method of calculating the version could be inconsistent and could easily lead to collisions that prevented packages from being properly uploaded and deployed. Yet, the version number itself is critical to maintaining package data.
Starting in JBoss ON 3.0.1, there are two package version numbers:
- A display version number, a user-friendly string that is used to identify the package in the UI and CLI but which does not have to be unique.
- A unique internal version number. This string is a calculated SHA-256 checksum based on the package contents and, optionally, the specification and implementation versions given in the
META-INF/MANIFEST.MFfile.
Note
Existing packages are automatically updated to use the new version scheme. The agent re-discovers all of the content and then generates the appropriate version number based on the SHA-256 hash and the relevant information in the package's
META-INF/MANIFEST.MF file.
A version number for the package looks like this:
SpecificationVersion(ImplementationVersion)[sha256=abcd1234]
If the
META-INF/MANIFEST.MF file does not contain either the specification version or the implementation version, then only one is used. If neither exists, the SHA is used.
Important
For unexploded (archived) content, the checksum is recalculated with every package discovery scan and compared to the checksum in inventory.
For exploded WARs and EARs, the calculated SHA-256 checksum is added to the
MANIFEST.MF file. This allows the agent to check the file during discovery scans to verify the version of the package quickly.
Manifest-Version: 1.0
Created-By: Apache Maven
RHQ-Sha256: 570f196c4a1025a717269d16d11d6f37
...
Because the content deployment process edits the
META-INF/MANIFEST.MF file, the deployed content is not exactly identical to the content packages that were uploaded.
Versioning only matters to content knit with a resource, like EARs and WARs. Other types of content stored in content sources (like CLI scripts used for alerting) do not track versions. Content deployed in bundles handles versioning through the bundle definition, not the content system.
1.2. Changes to Agent Registration
When the JBoss ON agent starts up, it registers with the JBoss ON server. The JBoss ON server creates an entry based on the given agent name, IP address, and port number. The JBoss ON server also creates a randomly-generated string, a security token, which is also associated with the agent name and with the IP address and port number pair. The agent sends its security token to the server when it restarts as a form of pseudo-authentication.
Prior to JBoss ON 3.0.1, the server allowed an agent to re-register using the same agent name, from a different IP address and port, without the security token. An unapproved agent could use the name and identity of an approved agent. The JBoss ON server simply treated the new agent as if it were the original agent.
The JBoss ON server now verifies the agent identity through the security token before allowing registration changes:
- An agent cannot re-register with an existing agent name without the corresponding security token.
- An agent cannot re-register with an existing IP address/port combination without the corresponding security token.
The agent security token is persisted in the agent's Java preferences and remains even if the agent is restarted or uninstalled. The agent command-line options have been updated to help manage the security token in the agent preferences:
- The
--cleanconfighas been been changed so that it clears all agent configuration, except the security token. This allows the agent to be re-registered easily at a later time. - The
--fullcleanconfighas been added to clean all configuration, including the security token.
These fixes are related to Bugzilla 781964/CVE-2012-0052 and Bugzilla 783008/CVE-2012-0062.
1.3. New and Changed Remote API Methods
The ContentManagerRemote interface has been updated to accommodate the changes in how the content system handles version numbers. One method is deprecated (
void deployPackages), and two new methods have been added (PackageVersion createPackageWithDisplayVersion and void deployPackagesWithNote).
The details of changes between 3.0.0 and 3.0.1 is available with the API at https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Operations_Network/3.1/html/API/index.html.
1.4. CLI Changes
Some improvements have been made to the way that the CLI works:
- The CLI (in interactive mode) now properly accepts and interprets arguments with spaces.
- The
updateBackingContentmethod for now accepts a defined version number to use with the uploaded package.
2. Fixed Security-Related Issues
The following CVEs and security issues have been addressed in JBoss Operations Network 3.0.1.
2.1. Improper System Permissions for the JBoss ON CLI Directory: CVE-2012-0032
After extracting the
rhq-remoting-cli-version.zip package, the JBoss ON CLI root directory had global read, write, and execute permissions. Any child directories and scripts old be accessed and modified by any local user. A local attacker could use these permissions to steal JBoss ON user credentials or to run arbitrary code.
2.2. Improper Handling of LDAP Authentication Failures: Bugzilla 750521/CVE-2012-1100
If a user authenticating to JBoss ON through LDAP gave invalid credentials, they could still be logged into the JBoss ON UI as long as the user account had successfully logged in using LDAP credentials before.
A remote attacker could use this flaw to gain access to the JBoss ON server using an LDAP account without supplying a password.
2.3. CPU Usage Spikes in Tomcat as Part of DoS Attack: Bugzilla 750521/CVE-2011-4858
In some circumstances, Tomcat could allow a denial of service attack if an attacker triggered predictable collisions in the hashing algorithms used by Java, Python, PHP, and other languages in POST statements. The collisions would cause CPU usage to spike to 100% and effectively cause a denial of service.
The version of JBossWeb used by the JBoss ON server has been upgraded to include fixes for CVE-2011-4858.
3. JBoss Operations Network Prerequisites and Basic Installation
The list of supported platforms for JBoss Operations Network are listed at http://www.redhat.com/resourcelibrary/articles/jboss-operations-network-supported-configurations.
3.1. Supported Platforms
The JBoss Operations Network server and agent require Java 6. Any operating system which supports the appropriate JVM could be run a JBoss ON server or agent. Check with Red Hat support for specific platform and environment information.
These platforms are fully supported with native JVM support:
- Red Hat Enterprise Linux 6 (32-bit and 64-bit)
- Red Hat Enterprise Linux 5 (32-bit and 64-bit)
- Red Hat Enterprise Linux 4 (32-bit and 64-bit)
- Microsoft Windows 2008 R2 (32-bit and 64-bit)
- Solaris 11 (64-bit)
- Solaris 10 (64-bit) (deprecated)
The JBoss ON server requires a Java 6 JDK, while the JBoss ON agent requires a Java 6 JRE.
3.2. Supported Databases
JBoss Operations Network 3.0.1 supports these databases for the JBoss ON server:
- Oracle 11g
- Oracle 10g (deprecated)
- PostgreSQL 9.0 (new)
- PostgreSQL 8.4.x
- PostgreSQL 8.3.x
- PostregSQL 8.2.4 and later releases (deprecated)
3.3. Hardware Requirements
Regardless of the server or database platform, there are certain minimum requirements that must be met to install the JBoss ON server and its associated database.
| Minimum | |
|---|---|
| Memory | 2 GB |
| Installation Directory Storage[a] | 10 GB |
| Temporary Directory Storage | 10 GB |
[a]
The server runs as a system user. Make sure that any system limits on user memory are set high enough to accommodate the JBoss ON server and all its data.
| |
3.4. Required Java Versions
Sun and OpenJDK Java are supported.
Note
The server requires the JDK, while the agent only requires the JRE.
3.5. Installing JBoss Operations Network 3.0.1
The Installation Guide has more information on configuration databases for the JBoss ON server, upgrading servers, and other installation information. This is a quick summary of performing an initial installation.
- Set up a database named
rhqadminand a database user namedrhqadmin. Make sure the database user has adequate permissions to perform operations on the JBoss ON database. - Stop any currently running JBoss ON instances.
serverRoot/jon-server-3.0.1.GA/bin/rhq-server.sh stop
If the new JBoss ON server will use a database that existing JBoss ON instances are also using, then all of the existing JBoss ON instances have to be stopped. Otherwise, the installer will hang when it tries to contact the database and the database is unavailable because it is in use by another JBoss ON server. - Download the server packages from the Customer Support Portal.
- Click Software in the top menu.
- In the Product field, select the product.
- Unzip the server distribution to the directory where will be executed from. For example:
cd /opt unzip jon-server-3.0.1.GA.zip
This creates ajon-server-3.0.1.GA/directory in your chosen installation root. - Install any additional agent plug-ins. Plug-in packs are available for EWS, EAP, and SOA-P.
cd /opt/jon/jon-server-3.0.1.GA unzip jon-plugin-pack-agent_plugin_name-3.0.1.GA.zip
- Run the JBoss ON server:
serverRoot/jon-server-3.0.1.GA/bin/rhq-server.sh start
- Open the server UI at
http://localhost:7080/. This will display the JBoss ON server installer. - Clicking the Click here to continue the installation link brings you to the main installer page.
- Go through the installer and fill in the information. Advanced settings can be exposed in the form.The main installer page appears different depending on the database settings.
Important
If any JBoss ON 3.0.1 instance has been opened in a browser on that machine, then it may be necessary to clear the cache manually and the restart the browser for the UI of the newly-installed server to load properly.
Simply using Ctrl+F5 is not sufficient to clear the cache.
If the server is upgraded from a 2.3.x version, then the cache must be cleared in order to load the new CSS and page styles used in JBoss ON 2.4.2.
4. Fixed Bugs in JBoss Operations Network 3.0.1
These bugs have been fixed in JBoss Operations Network 3.0.1. For a complete list of all issues addressed in JBoss Operations Network 3.0.1, search Bugzilla for RHQ Project bugs with a target of JON 3.0.1.
| Bug Number | Component | Description |
|---|---|---|
| Bugzilla 785985 | Agent | The agent was not properly updating its configuration if the configuration changed in the server while the agent was offline. |
| Bugzilla 772514 | CLI | Extracting the JBoss ON CLI archive resulted in a world-writable installation directory for the CLI. |
| Bugzilla 785773 | CLI | In 3.0, the CLI improperly reset the exporter variable after each call. The exporter variable should have persisted. |
| Bugzilla 790074 | CLI | If an argument passed to the CLI had a space in it, each space-separated word was treated as a separate argument. The CLI now properly interprets arguments with spaces. |
| Bugzilla 784361 | CLI | A change to the DiscoveryBossBean class broke discovery scans that were initiated through CLI scripts. |
| Bugzilla 789014 | CLI | The updateBackingContent method did not allow a version number to be assigned to a package; it automatically incremented whatever the previous installed version was. This was sub-optimal in the assigned version number and it made it difficult to have a consistent versioning scheme in both the UI and the CLI. |
| Bugzilla 788629 | CLI | The updateBackingContent method did not properly persist uploaded files. The version for the backed content was not properly maintained, so after an initial upload and then an update, the package was not updated. |
| Bugzilla 765795 | CLI | The createPackageBackedResource method threw a stack overflow exception. |
| Bugzilla 789018 | CLI | The retrieveBackingContent and updateBackingContent methods returned a null pointer exception if multiple installed packages were attached to a web app. A web app is only allowed to have a single installed package, but a database error could result in multiple packages being attached to the web app simultaneously. The agent now accepts the content update operation and corrects any problems during discovery. |
| Bugzilla 789027 | Content | The disk source content provider was originally designed only to import individual files. If a parent folder contained a subfolder, the disk source sync operation failed with a FileNotFoundException error. |
| Bugzilla 785022 | Database (Upgrade) | The database being upgraded already had an index file, then the db-upgrade.xml task failed to execute and upgrade failed. |
| Bugzilla 785968 | Drift | A drift template could not be edited if more than one drift definition was attached to it. |
| Bugzilla 761320 | Drift | The drift definition schedule could get pushed out, so that the detection scan never runs for that definition. Every time an agent scan ran, it updated both the agent scan interval and the drift run interval; since the agent scan runs more frequently, it was pushing the drift run schedule out so that drift never ran. |
| Bugzilla 789454 | Drift | If a drift directory had a Unix special file in it which drift could not process, such as a named pipe, then the drift detection failed for the entire directory. |
| Bugzilla 789492 | Drift | The backslash in Windows directory path names was misinterpreted as escaping the character in the path name. This resulted in incorrect or non-existent paths for drift directories on Windows. |
| Bugzilla 786613 | Drift | The drift detection process fetched all files, recursively, under the base directory to check for files that match the filters. (The drift process did not digest all the files, but it did check them.) If the base directory were set to a root or a broad directory directory, then effectively the agent scanned the entire filesystem to check for matching files. The agent could hang or have very poor performance. |
| Bugzilla 785847 | Drift | When the server requested content for files which had previously been detected, it also sent the agent a list of SHAs to identify the content. The agent verifies the content by reading the snapshot file. The agent would read, close, and re-open the snapshot file for every SHA on the list, creating excessive I/O. |
| Bugzilla 786611 | Drift | When diffing files between snapshots, the file selected first was treated as the older file and the file selected second was treated as the newer version, regardless of the actual timestamp of the files in the snapshot. Now, the newer file is always treated as the newer version in the diff, regardless of what order the files are selected when running the diff. |
| Bugzilla 785857 | Drift | If a template was deleted, any resource with detached definitions based on that template would throw an exception and none of the definitions for that resource could be listed. |
| Bugzilla 784730 | Events | When the agent was initially started, the logfile event pollers were blocked because of a write lock on the managers during the plug-in container initialization. The lock lasted longer than the poller creation timeout period, so creation would silently fail. This meant that event logs were not collected because the pollers weren't running. (The pollers would be created some time after agent startup when the plug-in container attempted to connects a component.) |
| Bugzilla 785026 | Events | If event logging were enabled but native support disabled, events were not processed. |
| Bugzilla 781621 | LDAP Authentication | Configuring LDAP authentication over an SSL connection failed with a ServiceUnavailableException error. |
| Bugzilla 790079 | Provisioning | Redeploying a bundle with the clean option would delete any files which had been edited instead of replacing them with the version in the bundle. |
| Bugzilla 786603 | Provisioning | Deploying a bundle with the manageRootDir parameter missing or set to true in the recipe file (the default) would not delete the files in the destination directory, so the destination directory would not match the bundle structure. |
| Bugzilla 789027 | Plug-ins (JBoss AS) | The discovery process did not use the home directory of a JBoss instance as a relative path for any children scripts it discovered; rather, it used the home directory of the agent's installation directory. When the agent attempted to compute a SHA-256 hash for the file after it was discovered, it could not find the file in the (wrong) location and returned a FileNotFoundException. |
| Bugzilla 790908 | Plug-ins (JBoss AS) | Some of the properties and metadata stored for JBoss child resources could be very large. The JBoss AS 5 resource could end up consuming so much memory that it caused out of memory errors on the agent. Unused properties for JBoss AS 5 child resources have been filtered to reduce the memory use. |
| Bugzilla 773661 | Plug-ins (JBoss AS) | By default, the JMX console in EAP is secured, so the agent could not connect to the JMX server to retrieve required information. However, the connection attempt failed silently. Instead of reporting that the connection attempt failed, the agent reported that the JMX server was unavailable. |
| Bugzilla 790075 | Plug-ins (JBoss AS) | EAR and WAR child resources had some plug-in configuration properties that were unset by default yet were required. This mean that opening the plug-in configuration page for the resource would immediately cause an error. |
| Bugzilla 771201 | Plug-ins (JBoss EPP) | The detection run for EPP 5.2 resources would fail with a StringIndexOutOfBoundsException. This prevented an EPP instance from being added to the inventory. |
| Bugzilla 783879 | Plug-ins (Platform) | The FileSystemComponent would return an invalid diskQueue metric the first time, which would then launch a refresh operation which got the correct metric.
Because the metric was being collected twice, this could cause a performance problem on a system where a lot of metrics were collected or multiple filesystems were being monitored.
|
| Bugzilla 736737 | Plug-ins (Tomcat) | If the connection to the Tomcat server fails for any reason, the agent caught the entire exception and simply marked the Tomcat resource as down. Essentially availability checks for Tomcat could fail silently. |
| Bugzilla 771495 | Plug-ins (Tomcat) | The regular expression used to discover Tomcat WAR files could exclude some valid WAR deployments because the way it interpreted the WAR name did not always match the value in the Tomcat virtual host. The regular expression has been fixed. |
| Bugzilla 772761 | Plug-ins (Tomcat) | The Tomcat plug-in was hard-coded to use a one-second timeout value for operations. This caused start, stop, and restart operations to fail routinely. A new operation parameter has been added to allow administrators to set a different timeout value. |
| Bugzilla 788733 | Plug-ins (JBoss AS and Tomcat) | Deleting a content-backed resource (WAR or EAR) and then recreating a new WAR/EAR resource with the same name preserved all of the package history and version information for the deleted web app. |
| Bugzilla 773737 | Server | The version of JBossWeb used by the JBoss ON server has been upgraded to include fixes for CVE-2011-4858, to prevent possible denial-of-service attacks through the web UI. |
| Bugzilla 789419 | UI | Intermittent problems in the UI could interfere with right-click menus. Specifically, when creating a new child resource, not all possible child types may be listed in the right-click menu. |
| Bugzilla 785019 | UI | When LDAP authentication was enabled, if an LDAP user attempting to log into the UI first, they would get only a blank screen and could not log in. If a JBoss ON user logged into the system first, so that the login screen was in the browser cache, then login was successful. |
5. Known Issues in JBoss Operations Network 3.0.1
This section contains a subset of the known issues at the time that JBoss Operations Network 3.0.1 was released. When possible, workarounds are provided.
5.1. Upgrade and Installation
Some information about the server cannot be changed during upgrade. Even though the fields are editable in the upgrade form, changing these values from the original settings causes upgrade problems. This includes information like the server name. If any of that information changes, then one of the results is NPEs in the server logs.
For example, the process to register the upgraded server plug-ins fails with a null pointer exception. For example:
2012-03-08 20:33:34,523 ERROR [org.rhq.enterprise.server.core.plugin.ServerPluginScanner] Failed to register server plugin file [/home/hudson/jon-server-3.0.1.GA/jbossas/server/default/deploy/rhq.ear/rhq-serverplugins/rhq-serverplugin-ant-bundle-4.2.0.JON.3.0.1.GA.jar] java.lang.NullPointerException at org.rhq.enterprise.server.core.plugin.ServerPluginScanner.registerServerPlugin(ServerPluginScanner.java:212) ...
This error only occurs if a different server name was entered in the configuration page when the server was upgraded. Changing the Server Name field is not supported for upgrades.
If the installer is not bound to 0.0.0.0 when setting up a server, then it does not set all of the required connection properties. Specifically, the installer does not set the
java.rmi.server.hostname parameter to the real value, and it uses the default of 0.0.0.0. This parameter must be set to the real IP address of the server by manually editing the rhq-server.properties file.
Automatic upgrades of agents on Windows appear to fail. Two conditions must be true for automatic upgrade of agents to work on Windows:
- The agent must be installed and running as a Windows service.
- No Windows Explorer window can be open to any agent subdirectory. Windows sets a lock on directories when they are open, which blocks the upgrade process.
When starting a server while agents are running, the server may log servlet errors in the logs. This is because the remoting (communications) classes are loaded early in the startup sequence, before the server is completely started. This causes some communications interruptions until the server is completely started. These errors can be ignored.
If a JBoss ON server was added to the resource inventory, the old JBoss ON server resource must be deleted from the inventory after upgrade. The old resource entry is unusable after upgrade.
Null pointer exceptions for the
org.apache.catalina.connector.CoyoteAdapter service are returned when the JBoss ON 3.0.1 server is first installed. These errors are harmless and can be ignored. Installation will complete successfully, and both the server and the GUI will start and run properly.
The installer shows non-replaced {} properties.
5.2. Server Configuration
The password mechanism in the server installer doesn't properly hash Unicode characters. The Unicode characters are translated into the HTML entities, and then the HTML characters are hashed and stored as the password.
For example, the string
你好 is treated as the string 你好 in the installer, and the second string is the one that is hashed and stored in the rhq-server.properties file.
After configuring the server, but before logging in, manually update the password in the
rhq-server.properties file:
- Manually generate a hashed password based on the Unicode password:
serverRoot/jon-server-3.0.1.GA/bin/generate-db-password.sh 你好 Encoded password: 68f725778bb36d3b
- Replace the database password value with the new hashed password.
rhq.server.database.password=68f725778bb36d3b
5.3. Agents
When a plug-in, effectively a resource type, is deleted, the agent's plug-in container is automatically rebooted, to reload the new configuration. If the agent itself is running as a daemon, then rebooting the plug-in container also kills the agent thread. That means that if a plug-in (with resources of that type in the inventory) is deleted while the agent is running in the background, the agent process is stopped.
The agent can be restarted without any errors, and the plug-in is successfully removed.
Attempting to use the
config import command in the agent command prompt fails with an InvalidPreferencesFormatException exception.
java.util.prefs.InvalidPreferencesFormatException: org.xml.sax.SAXParseException; lineNumber: 2; columnNumber: 41; Document root element "preferences", must match DOCTYPE root "null". ...
The JVM can sometimes cause the agent to crash when Augeas is running.
A fatal error has been detected by the Java Runtime Environment ...
5.4. Databases
The agent assumes that PostgreSQL uses a default password. If a different password is used, the PostgreSQL resource is shown as unavailable in the UI even if it is running.
5.5. Groups
A dynagroup definition with a short recalculation interval (less than two minutes) can cause duplicate groups to be created.
Changing the recursive setting on a group disassociates the group from any roles it was (previously) associated with.
5.6. Provisioning
Hot deployment fails if the file changes during provisioning.
If a bundle is being deployed in a hot deployment and one of the underlying bundle files, like a WAR or JAR, is changed while the bundle is being uploaded, then provisioning will fail.
Using the Recipe option to upload a recipe file separately than the bundle archive files requires that the XML in the recipe be well-formed and that all tags are explicitly closed, using the format
<tag></tag>, not the abbreviated format <tag />.
Additionally, the Recipe option's upload button does not work on Internet Explorer. To add a recipe file using this option with Internet Explorer, copy the entire recipe file and paste it directly into the text box.
The
<rhq:system-service> Ant tag only works on Red Hat Enterprise Linux systems. Using the tag and then deploying the bundle to other operating systems causes the Ant task to fail to operate and can cause the deployment to fail.
5.7. Content and Repositories
A repository can only be used for one resource, the one it was initially defined for.
Attempting to upload a CLI script directly to a repository to use for alerting fails because it says the SHA-256 checksum for the script is not an OSGi string. Uploading a CLI script through the alert configuration UI works successfully.
Attempting to delete a repository with a space in the name throws an exception and the deletion fails.
Deploying WARs from a content repository is not supported. WARs and EARs should be deployed using bundles.
5.8. Remote API and the CLI
The JBoss ON remote API cannot be used to connect to the JBoss ON server when the client is running inside an application server. For example, the remote API cannot be run from a client inside an EAP instance; it fails with errors like the following:
Caused by: java.lang.IllegalArgumentException: interface org.rhq.enterprise.server.auth.SubjectManagerRemote is not visible from class loader at java.lang.reflect.Proxy.getProxyClass(Proxy.java:353) at java.lang.reflect.Proxy.newProxyInstance(Proxy.java:581) at org.rhq.enterprise.client.RemoteClientProxy.getProcessor(RemoteClientProxy.java:69)
The JBoss ON CLI hangs if it is executed as a service or in the background.
5.9. UI
Problems with Sessions and Multiple Tabs
If there are multiple tabs open to the JBoss ON UI and one of those sessions times out, then the other tabs will register errors. This can also occur if multiple people are logged into JBoss ON as the same user.
If there are more than 200 children for a resource, not all of the children are displayed in the resource tree. Additionally, refreshing the tree may display a different subset of child resources.
All of the buttons on the Inventory tab are disabled after a child resource is created.
Searching for a resource with a backslash (\) in the name returned no results, even if the resource exists.
Bugzilla 736732: Bookmarked UI Pages May Display the Old UI
The page names used for different pages in the JBoss ON UI for version 3.0 are different than the ones used in JBoss ON 2.4. However, because JBoss ON 3.0 retains some of the elements used in the older JSF-based UI, these pages still exist. This means that bookmarks will go to the old style pages.
For example, the Dashboard page in the old JSF UI had the URL http://localhost:7080/Dashboard.do/. In the new UI, the location is http://localhost:7080/coregui/#Dashboards.
All of the new pages have the
coregui/ element in them. Remove any old bookmarks and replace them with the new GWT-based pages in the coregui/ area.
5.10. Measurements and Monitoring
A user-defined baseline value for a metric is ignored and overwritten by the server-calculated baseline.
Setting a metric collection interval to zero (0) seconds results in out of memory errors for the agent and metric collection fails. That is an invalid setting for the collection interval and should not be used.
The agent returns invalid values for thread-related metrics for a Tomcat instance if the Tomcat connectors are configured to use a shared thread pool (executor).
5.11. Alerts
In Oracle, the alert notification table is created with the NOLOGGING option. This means that users are required to review the alert notification configuration manually for every alert to verify that the configuration is correct.
Alerts with compound AND conditions can incorrectly fire when one of the conditions goes from true to false within 30 seconds of the other condition going from false to true.
Alert conditions and alert notifications in an alert definition cannot be edited. The condition or notification must be deleted and a new item added.
Recovery alerts are not triggered by an availability condition.
5.12. Drift
Drift definitions can be created for resources which do not support drift, using the remote API to create a script.
Drift monitoring is not supported for embedded web applications, only for standalone applications.
The assumption is that the JBoss ON agent and resources like a JBoss server or Tomcat server run as the same system user. If the agent user is different than the resource user, then there can be problems when one entity makes a configuration change and the other attempts a change later.
For example, when deploying an application, the deployment operation is initiated by the agent and the content is supplied through the agent, and then the application server completes the actual deployment. When deleting an application, the application server handles the undeployment by itself.
If a WAR file is deployed exploded without a
MANIFEST.MF file, the agent creates one when it writes the SHA-256 value for the package. When the JBoss AS server tries to remove the WAR application later (and the JBoss AS user is different than the agent user), then the removal fails. The JBoss AS server cannot delete the MANIFEST.MF file. The agent then rediscovers the application directory and re-initiates the deployment operation for the removed WAR.
5.13. Resources, Inventory, and Discovery
If a resource is ignored in the discovery queue, the server throws a ConcurrentModificationException error.
15:17:56,508 WARN [DiscoveryBossBean] Could not perform commit synchronization
with agent for server [OpenSSH sshd]
java.lang.RuntimeException: java.util.ConcurrentModificationException
at
org.rhq.core.pc.inventory.InventoryManager.synchInventory(InventoryManager.java:1072)
If a WAR file is configured to be deployed to a non-standard location on a Tomcat application server, an invalid deployment name is added to the inventory. The
unpackWARs option extracts the web app to a second, invalid directory. For example, if it should be extracted to /myapps/helloworld, the web app is extracted both there and to /myapps#helloworld.
If EAR, WAR, or script resources are deleted, the agent throws an exception during discovery, and the server is not informed that the resource was deleted.
Apache directives are case-insensitive, but the Apache plug-in treats them as if they were case-sensitive. This makes the plug-in disregard directives with non-default case.
Discovering a JBoss AS instance fails if the configuration directory is a URL.
The discovery process fails to determine the JNP URL if the data directory is not located at ${jboss.server.home.dir}/data.
Turning off an agent does not show the platform as unavailable for 15 minutes, the time of the next agent availability report.
Shutting down a JBoss AS 5 resource can fail with java.rmi.NoSuchObjectException: no such object in table.
It is not possible to add some system properties for a JBoss AS resource.
The inventory for a Linux platform may discover non-existent network adapters, which are added and then shown as unavailable in the inventory.
The JBoss AS plug-in is unable to load resource configuration for JMS queues that are deployed using a SAR file.
The agent cannot discover a Tomcat instance if its Java process is running as a user other than the system user that the agent is running as.
5.15. Performance
Attempting to update the members in a compatible group with thousands of members times out and fails with 'Failed to fetch Resource Group.'
Viewing configuration, alerts, or other data for groups with more than 1000 members can fail with the SQL exception maximum number of expressions in a list is 1000.
5.16. Plug-in Writing
If an embedded plug-in extension is defined and the parent resource type has subcategories, those subcategories cannot be changed or it causes a database deadline.
6. Document History
| Revision History | ||||
|---|---|---|---|---|
| Revision 3.0.1-6 | 2013-10-31 | |||
| ||||
| Revision 3.0.1-5 | August 21, 2012 | |||
| ||||
| Revision 3.0.1-4 | March 20, 2012 | |||
| ||||
| Revision 3.0.1-1 | March 18, 2012 | |||
| ||||
Legal Notice
Copyright © 2012 Red Hat, Inc.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
