Chapter 5. Reference
5.1. Artifact Repository Mirrors
A repository in Maven holds build artifacts and dependencies of various types (all the project jars, library jar, plugins or any other project specific artifacts). It also specifies locations from where to download artifacts from, while performing the S2I build. Besides using central repositories, it is a common practice for organizations to deploy a local custom repository (mirror).
Benefits of using a mirror are:
- Availability of a synchronized mirror, which is geographically closer and faster.
- Ability to have greater control over the repository content.
- Possibility to share artifacts across different teams (developers, CI), without the need to rely on public servers and repositories.
- Improved build times.
Often, a repository manager can serve as local cache to a mirror. Assuming that the repository manager is already deployed and reachable externally at http://10.0.0.1:8080/repository/internal/, the S2I build can then use this manager by supplying the MAVEN_MIRROR_URL
environment variable to the build configuration of the application as follows:
Identify the name of the build configuration to apply
MAVEN_MIRROR_URL
variable against:oc get bc -o name buildconfig/jdg
Update build configuration of
jdg
with aMAVEN_MIRROR_URL
environment variableoc env bc/jdg MAVEN_MIRROR_URL="http://10.0.0.1:8080/repository/internal/" buildconfig "jdg" updated
Verify the setting
oc env bc/jdg --list # buildconfigs jdg MAVEN_MIRROR_URL=http://10.0.0.1:8080/repository/internal/
- Schedule new build of the application
During application build, you will notice that Maven dependencies are pulled from the repository manager, instead of the default public repositories. Also, after the build is finished, you will see that the mirror is filled with all the dependencies that were retrieved and used during the build.
5.2. Information Environment Variables
The following information environment variables are designed to convey information about the image and should not be modified by the user:
Variable Name | Description | Value |
---|---|---|
JBOSS_DATAGRID_VERSION | The full release that the containerized image is based from. | 7.1.0.GA |
JBOSS_HOME | The directory where the JBoss distribution is located. | /opt/datagrid |
JBOSS_IMAGE_NAME | Image name, same as Name label | jboss-datagrid-7/datagrid71-openshift |
JBOSS_IMAGE_RELEASE | Image release, same as Release label | Example: dev |
JBOSS_IMAGE_VERSION | Image version, same as Version label | Example: 1.2 |
JBOSS_MODULES_SYSTEM_PKGS | org.jboss.logmanager | |
JBOSS_PRODUCT | datagrid | |
LAUNCH_JBOSS_IN_BACKGROUND | Allows the data grid server to be gracefully shutdown even when there is no terminal attached. | true |
5.3. Configuration Environment Variables
Configuration environment variables are designed to conveniently adjust the image without requiring a rebuild, and should be set by the user as desired.
Variable Name | Description | Example Value |
---|---|---|
ADMIN_GROUP | Comma-separated list of groups / roles to configure for the JDG user specified via the USERNAME variable. | Example: admin,___schema_manager,___script_manager |
CACHE_CONTAINER_START | Should this cache container be started on server startup, or lazily when requested by a service or deployment. Defaults to LAZY | Example: EAGER |
CACHE_CONTAINER_STATISTICS | Determines if the cache container collects statistics. Disable for optimal performance. Defaults to true. | Example: false |
CACHE_NAMES | List of caches to configure. Defaults to default, memcached, and each defined cache will be configured as a distributed-cache with a mode of SYNC. | Example: addressbook, addressbook_indexed |
CONTAINER_SECURITY_CUSTOM_ROLE_MAPPER_CLASS | Class of the custom principal to role mapper. | Example: com.acme.CustomRoleMapper |
CONTAINER_SECURITY_ROLE_MAPPER | Set a role mapper for this cache container. Valid values are: identity-role-mapper, common-name-role-mapper, cluster-role-mapper, custom-role-mapper. | Example: identity-role-mapper |
CONTAINER_SECURITY_ROLES | Define role names and assign permissions to them. | Example: admin=ALL, reader=READ, writer=WRITE |
DATAGRID_SPLIT | Allow multiple instances of JBoss Data Grid server to share the same persistent volume. If enabled (set to true) each instance will use a separate area within the persistent volume as its data directory. Such persistent volume is required to be mounted at /opt/datagrid/standalone/partitioned_data path. Not set by default. | Example: true |
DB_SERVICE_PREFIX_MAPPING | Define a comma-separated list of datasources to configure. | Example: test-mysql=TEST_MYSQL |
DEFAULT_CACHE | Indicates the default cache for this cache container. | Example: addressbook |
ENCRYPTION_REQUIRE_SSL_CLIENT_AUTH | Whether to require client certificate authentication. Defaults to false. | Example: true |
HOTROD_AUTHENTICATION | If defined the hotrod-connectors will be configured with authentication in the ApplicationRealm. | Example: true |
HOTROD_ENCRYPTION | If defined the hotrod-connectors will be configured with encryption in the ApplicationRealm. | Example: true |
HOTROD_SERVICE_NAME | Name of the OpenShift service used to expose HotRod externally. | Example: DATAGRID_APP_HOTROD |
INFINISPAN_CONNECTORS | Comma separated list of connectors to configure. Defaults to hotrod, memcached, rest. Note that if authorization or authentication is enabled on the cache then memcached should be removed as this protocol is inherently insecure. | Example: hotrod |
JAVA_OPTS_APPEND | The contents of JAVA_OPTS_APPEND is appended to JAVA_OPTS on startup. | Example: -Dfoo=bar |
JGROUPS_CLUSTER_PASSWORD | A password to control access to JGroups. Needs to be set consistently cluster-wide. The image default is to use the OPENSHIFT_KUBE_PING_LABELS variable value; however, the JBoss application templates generate and supply a random value. | Example: miR0JaDR |
MEMCACHED_CACHE | The name of the cache to use for the Memcached connector. | Example: memcached |
OPENSHIFT_KUBE_PING_LABELS | Clustering labels selector. | Example: application=eap-app |
OPENSHIFT_KUBE_PING_NAMESPACE | Clustering project namespace. | Example: myproject |
PASSWORD | Password for the JDG user. | Example: p@ssw0rd |
REST_SECURITY_DOMAIN | The security domain to use for authentication and authorization purposes. Defaults to none (no authentication). | Example: other |
TRANSPORT_LOCK_TIMEOUT | Infinispan uses a distributed lock to maintain a coherent transaction log during state transfer or rehashing, which means that only one cache can be doing state transfer or rehashing at the same time. This constraint is in place because more than one cache could be involved in a transaction. This timeout controls the time to wait to acquire a distributed lock. Defaults to 240000. | Example: 120000 |
USERNAME | Username for the JDG user. | Example: openshift |
HOTROD_ENCRYPTION is defined:
- If set to a non-empty string (e.g. true), or
- If JDG for OpenShift image was deployed using some of the application templates allowing configuration of HTTPS (datagrid71-https, datagrid71-mysql, datagrid71-mysql-persistent, datagrid71-postgresql, or datagrid71-postgresql-persistent), and at the same time the HTTPS_NAME parameter is set when deploying that template.
5.4. Cache Environment Variables
The following environment variables all control behavior of individual caches; when defining these values for a particular cache substitute the cache’s name for CACHE_NAME.
Variable Name | Description | Example Value |
---|---|---|
<CACHE_NAME>_CACHE_TYPE | Determines whether this cache should be distributed or replicated. Defaults to distributed. | Example: replicated |
<CACHE_NAME>_CACHE_START | Determines if this cache should be started on server startup, or lazily when requested by a service or deployment. Defaults to LAZY. | Example: EAGER |
<CACHE_NAME>_CACHE_BATCHING | Enables invocation batching for this cache. Defaults to false. | Example: true |
<CACHE_NAME>_CACHE_STATISTICS | Determines whether or not the cache collects statistics. Disable for optimal performance. Defaults to true. | Example: false |
<CACHE_NAME>_CACHE_MODE | Sets the clustered cache mode, ASYNC for asynchronous operations, or SYNC for synchronous operations. | Example: ASYNC |
<CACHE_NAME>_CACHE_QUEUE_SIZE | In ASYNC mode this attribute can be used to trigger flushing of the queue when it reaches a specific threshold. Defaults to 0, which disables flushing. | Example: 100 |
<CACHE_NAME>_CACHE_QUEUE_FLUSH_INTERVAL | In ASYNC mode this attribute controls how often the asynchronous thread runs to flush the replication queue. This should be a positive integer that represents thread wakeup time in milliseconds. Defaults to 10. | Example: 20 |
<CACHE_NAME>_CACHE_REMOTE_TIMEOUT | In SYNC mode the timeout, in milliseconds, used to wait for an acknowledgement when making a remote call, after which the call is aborted and an exception is thrown. Defaults to 17500. | Example: 25000 |
<CACHE_NAME>_CACHE_OWNERS | Number of cluster-wide replicas for each cache entry. Defaults to 2. | Example: 5 |
<CACHE_NAME>_CACHE_SEGMENTS | Number of hash space segments per cluster. The recommended value is 10 * cluster size. Defaults to 80. | Example: 30 |
<CACHE_NAME>_CACHE_L1_LIFESPAN | Maximum lifespan, in milliseconds, of an entry placed in the L1 cache. Defaults to 0, indicating that L1 is disabled. | Example: 100. |
<CACHE_NAME>_CACHE_EVICTION_STRATEGY | Sets the cache eviction strategy. Available options are UNORDERED, FIFO, LRU, LIRS, and NONE (to disable eviction). Defaults to NONE. | Example: FIFO |
<CACHE_NAME>_CACHE_EVICTION_MAX_ENTRIES | Maximum number of entries in a cache instance. If selected value is not a power of two the actual value will default to the least power of two larger than the selected value. A value of -1 indicates no limit. Defaults to 10000. | Example: -1 |
<CACHE_NAME>_CACHE_EXPIRATION_LIFESPAN | Maximum lifespan, in milliseconds, of a cache entry, after which the entry is expired cluster-wide. Defaults to -1, indicating that the entries never expire. | Example: 10000 |
<CACHE_NAME>_CACHE_EXPIRATION_MAX_IDLE | Maximum idle time, in milliseconds, a cache entry will be maintained in the cache. If the idle time is exceeded, then the entry will be expired cluster-wide. Defaults to -1, indicating that the entries never expire. | Example: 10000 |
<CACHE_NAME>_CACHE_EXPIRATION_INTERVAL | Interval, in milliseconds, between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, then set the interval to -1. Defaults to 5000. | Example: -1 |
<CACHE_NAME>_JDBC_STORE_TYPE | Type of JDBC store to configure. This value may either be string or binary. | Example: string |
<CACHE_NAME>_JDBC_STORE_DATASOURCE | Defines the jndiname of the datasource. | Example: java:jboss/datasources/ExampleDS |
<CACHE_NAME>_KEYED_TABLE_PREFIX | Defines the prefix prepended to the cache name used when composing the name of the cache entry table. Defaults to ispn_entry. | Example: JDG |
<CACHE_NAME>_CACHE_INDEX | The indexing mode of the cache. Valid values are NONE, LOCAL, and ALL. Defaults to NONE. | Example: ALL |
<CACHE_NAME>_INDEXING_PROPERTIES | Comma separated list of properties to pass on to the indexing system. | Example: default.directory_provider=ram |
<CACHE_NAME>_CACHE_SECURITY_AUTHORIZATION_ENABLED | Enables authorization checks for this cache. Defaults to false. | Example: true |
<CACHE_NAME>_CACHE_SECURITY_AUTHORIZATION_ROLES | Sets the valid roles required to access this cache. | Example: admin, reader, writer |
<CACHE_NAME>_CACHE_PARTITION_HANDLING_ENABLED | If enabled, then the cache will enter degraded mode when it loses too many nodes. Defaults to true. | Example: false |
5.5. Datasource Environment Variables
Datasource properties may be configured with the following environment variables:
Variable Name | Description | Example Value |
---|---|---|
<NAME>_<DATABASE_TYPE>_SERVICE_HOST | Defines the database server’s hostname or IP to be used in the datasource’s connection_url property. | Example: 192.168.1.3 |
<NAME>_<DATABASE_TYPE>_SERVICE_PORT | Defines the database server’s port for the datasource. | Example: 5432 |
<PREFIX>_BACKGROUND_VALIDATION | When set to true database connections are validated periodically in a background thread prior to use. Defaults to false (<validate-on-match> method is enabled by default instead). | Example: true |
<PREFIX>_BACKGROUND_VALIDATION_MILLIS | Specifies frequency of the validation (in miliseconds), when the <background-validation> database connection validation mechanism is enabled (<PREFIX>_BACKGROUND_VALIDATION variable is set to true). Defaults to 10000. | Example: 20000 |
<PREFIX>_CONNECTION_CHECKER | Specifies a connection checker class that is used to validate connections for the particular database in use. | Example: org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker |
<PREFIX>_DATABASE | Defines the database name for the datasource. | Example: myDatabase |
<PREFIX>_DRIVER | Defines Java database driver for the datasource. | Example: postgresql |
<PREFIX>_EXCEPTION_SORTER | Specifies the exception sorter class that is used to properly detect and clean up after fatal database connection exceptions. | Example: org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter |
<PREFIX>_JNDI | Defines the JNDI name for the datasource. Defaults to java:jboss/datasources/<name>_<database_type>, where name and database_type are taken from the triplet definition. This setting is useful if you want to override the default generated JNDI name. | Example: java:jboss/datasources/test-postgresql |
<PREFIX>_JTA | Defines Java Transaction API (JTA) option for the non-XA datasource (XA datasource are already JTA capable by default). Defaults to true. | Example: false |
<PREFIX>_MAX_POOL_SIZE | Defines the maximum pool size option for the datasource. | Example: 20 |
<PREFIX>_MIN_POOL_SIZE | Defines the minimum pool size option for the datasource. | Example: 1 |
<PREFIX>_NONXA | Defines the datasource as a non-XA datasource. Defaults to false. | Example: true |
<PREFIX>_PASSWORD | Defines the password for the datasource. | Example: password |
<PREFIX>_TX_ISOLATION | Defines the java.sql.Connection transaction isolation level for the database. | Example: TRANSACTION_READ_UNCOMMITTED |
<PREFIX>_URL | Defines connection URL for the datasource. | Example: jdbc:postgresql://localhost:5432/postgresdb |
<PREFIX>_USERNAME | Defines the username for the datasource. | Example: admin |
5.6. Security Environment Variables
The following environment variables may be defined to customize the environment’s security domain:
Variable Name | Description | Example Value |
---|---|---|
SECDOMAIN_NAME | Define in order to enable the definition of an additional security domain. | Example: myDomain |
SECDOMAIN_PASSWORD_STACKING | If defined, the password-stacking module option is enabled and set to the value useFirstPass. | Example: true |
SECDOMAIN_LOGIN_MODULE | The login module to be used. Defaults to UsersRoles. | Example: UsersRoles |
SECDOMAIN_USERS_PROPERTIES | The name of the properties file containing user definitions. Defaults to users.properties. | Example: users.properties |
SECDOMAIN_ROLES_PROPERTIES | The name of the properties file containing role definitions. Defaults to roles.properties. | Example: roles.properties |
5.7. Exposed Ports
The following ports are exposed by default in the JDG for OpenShift Image:
Value | Description |
---|---|
8443 | Secure Web |
8778 | - |
11211 | memcached |
11222 | internal hotrod |
11333 | external hotrod |
The external hotrod connector is only available if the HOTROD_SERVICE_NAME environment variables has been defined.
5.8. Troubleshooting
In addition to viewing the OpenShift logs, you can troubleshoot a running JDG for OpenShift Image container by viewing its logs. These are outputted to the container’s standard out, and are accessible with the following command:
$ oc logs -f <pod_name> <container_name>
By default, the OpenShift JDG for OpenShift Image does not have a file log handler configured. Logs are only sent to the container’s standard out.