Administration and Configuration Guide
For Use with Red Hat JBoss Enterprise Application Platform 6
Abstract
Chapter 1. Introduction
1.1. About Red Hat JBoss Enterprise Application Platform 6
1.2. Features of JBoss EAP 6
Feature | Description |
---|---|
Java Certification | Java Enterprise Edition 6 Full Profile and Web Profile certified. |
Managed Domain |
|
Management Console and Management CLI | New domain or standalone server management interfaces. XML configuration file editing is no longer required. The Management CLI also includes a batch mode that can script and automate management tasks. |
Simplified directory layout | The modules directory now contains all application server modules. The common and server-specific lib directories are deprecated. The domain and standalone directories contain the artifacts and configuration files for domain and standalone deployments respectively. |
Modular class loading mechanism | Modules are loaded and unloaded on demand. This improves performance, has security benefits and reduces start-up and restart times. |
Streamlined Data source management | Database drivers are deployed like other services. In addition, datasources are created and managed directly in the Management Console or Management CLI. |
Reduced and more efficient resource use | JBoss EAP 6 uses fewer system resources and uses them more efficiently than previous versions. Among other benefits, JBoss EAP 6 starts and stops faster than JBoss EAP 5. |
1.3. About JBoss EAP 6 Operating Modes
1.4. About Standalone Servers
1.5. About Managed Domains
Figure 1.1. Graphical Representation of a Managed Domain
domain.sh
or domain.bat
script is run. Host controllers are configured to delegate domain management tasks to the domain controller.
1.6. About the Domain Controller
- Maintain the domain's central management policy.
- Ensure all host controllers are aware of its current contents.
- Assist the host controllers in ensuring that all running JBoss EAP 6 instances are configured in accordance with this policy.
domain/configuration/domain.xml
file. This file is in the unzipped JBoss EAP 6 installation file, on the domain controller's host's filesystem.
domain.xml
file must be located in the domain/configuration/
directory of the host controller set to run as the domain controller. This file is not mandatory for installations on host controllers that are not meant to run as a domain controller. The presence of a domain.xml
file on such a server does no harm, however.
domain.xml
file contains the profile configurations that can be run on the server instances in a domain. A profile configuration includes the detailed settings of the various subsystems that comprise a profile. The domain configuration also includes the definition of socket groups and the server group definitions.
1.7. About Domain Controller Discovery and Failover
Example 1.1. Host controller configured with multiple domain controller options
<domain-controller> <remote security-realm="ManagementRealm"> <discovery-options> <static-discovery name="primary" host="172.16.81.100" port="9999"/> <static-discovery name="backup" host="172.16.81.101" port="9999"/> </discovery-options> </remote> </domain-controller>
- name
- The name for this domain controller discovery option
- host
- The remote domain controller's host name.
- port
- The remote domain controller's port.
--backup
option can be promoted to act as the domain controller.
Note
--backup
option will cause that controller to maintain a local copy of the domain configuration. This configuration will be used if the host controller is reconfigured to act as the domain controller.
Procedure 1.1. Promoting a host controller to be the domain controller
- Ensure the original domain controller has, or is, stopped.
- Use the Management CLI to connect to the host controller that is to become the new domain controller.
- Execute the following command to configure the host controller to act as the new domain controller.
/host=HOST_NAME:write-local-domain-controller
- Execute the following command to reload the host controller.
reload --host=HOST_NAME
1.8. About Host Controller
domain.sh
or domain.bat
script is run on a host.
domain/configuration/host.xml
file located in the unzipped JBoss EAP 6 installation file on its host's filesystem. The host.xml
file contains the following configuration information that is specific to the particular host:
- The names of the JBoss EAP 6 instances meant to run from this installation.
- Any of the following configurations:
- How the host controller contacts the domain controller to register itself and access the domain configuration.
- How to find and contact a remote domain controller.
- That the host controller is to act as the domain controller
- Configurations specific to the local physical installation. For example, named interface definitions declared in
domain.xml
can be mapped to an actual machine-specific IP address inhost.xml
. And abstract path names in domain.xml can be mapped to actual filesystem paths inhost.xml
.
1.9. About Server Groups
Example 1.2. Server group definition
<server-group name="main-server-group" profile="default"> <socket-binding-group ref="standard-sockets"/> <deployments> <deployment name="foo.war_v1" runtime-name="foo.war"/> <deployment name="bar.ear" runtime-name="bar.ear"/> </deployments> </server-group>
- name: the server group name.
- profile: the server group profile name.
- socket-binding-group: the default socket binding group used for servers in the group. This name can be overridden on a per-server basis in
host.xml
. However, this is a mandatory element for every server group and the domain can not start if it is missing.
- deployments: the deployment content to be deployed on the servers in the group.
- system-properties: the system properties to be set on servers in the group
- jvm: the default JVM settings for all servers in the group. The host controller merges these settings with any other configuration provided in
host.xml
to derive the settings used to launch the server's JVM. - socket-binding-port-offset: the default offset to be added to the port values given by the socket binding group.
- management-subsystem-endpoint: set to
true
to have servers belonging to the server group connect back to the host controller using the endpoint from their Remoting subsystem (the Remoting subsystem must be present for this to work).
1.10. About JBoss EAP 6 Profiles
1.11. Manage Servers of Different Versions
Note
- JBoss EAP schema uses different versions. Hence, JBoss EAP domain controller of a higher version must not have issues controlling a JBoss EAP host of a lower version, but the
domain.xml
must be theoldest
of all the versions in use. - If there is a cluster, all member servers of the cluster must belong to the same version of JBoss EAP.
- On every host in the domain, there are several Java processes like Process Controller, Host Controller and managed servers. These Java processes must be launched from the same installation of JBoss EAP, hence have the same version.
Warning
[named-formatter]
attribute is not understood in the target model version and must be replaced with older attributes. For more details, refer to https://access.redhat.com/solutions/1238073
Chapter 2. Application Server Management
2.1. JBoss EAP Documentation Conventions
- Zip Installation Method
- EAP_HOME refers to the directory in which the JBoss EAP ZIP file was extracted.
- Installer Method
- EAP_HOME refers to the directory in which you chose to install JBoss EAP.
- RPM Installation Method
- EAP_HOME refers to the directory
/usr/share/jbossas
.
Note
2.2. Start and Stop JBoss EAP 6
2.2.1. Start JBoss EAP 6
Operating System | Standalone Server | Managed Domain |
---|---|---|
Red Hat Enterprise Linux | EAP_HOME/bin/standalone.sh | EAP_HOME/bin/domain.sh |
Microsoft Windows Server | EAP_HOME\bin\standalone.bat | EAP_HOME\bin\domain.bat |
2.2.2. Start JBoss EAP 6 as a Standalone Server
This topic covers the steps to start JBoss EAP 6 as a Standalone Server.
Procedure 2.1. Start the Platform Service as a Standalone Server
For Red Hat Enterprise Linux.
Run the command:EAP_HOME/bin/standalone.sh
For Microsoft Windows Server.
Run the command:EAP_HOME\bin\standalone.bat
Optional: Specify additional parameters.
To list all available parameters for the start-up scripts, use the-h
parameter.
The JBoss EAP 6 Standalone Server instance starts.
2.2.3. Running Multiple JBoss EAP Standalone Servers on a Single Machine
This topic describes the steps for running multiple JBoss EAP Standalone servers on a single machine.
Procedure 2.2. Run multiple instances of JBoss EAP standalone servers on a single machine
- Create a copy of the
EAP_HOME/standalone/
directory directly under EAP_HOME/ for each standalone server. For example, to create a directory for standalone serversnode1
andnode2
, type the following commands.$ cd EAP_HOME $ cp -a ./standalone ./node1 $ cp -a ./standalone ./node2
- Start each JBoss EAP standalone instance by specifying the node name, IP address, server directory, optional server configuration file, and optional port offset. The command uses the following syntax:
$ ./bin/standalone.sh -Djboss.node.name=UNIQUE_NODENAME -Djboss.server.base.dir=EAP_HOME/NODE_DIRECTORY -b IP_ADDRESS -bmanagement MGMT_IP_ADDRESS --server-config=SERVER_CONFIGURATION_FILE -Djboss.socket.binding.port-offset=PORT_OFFSET
- This example starts
node1
$ cd EAP_HOME $ ./bin/standalone.sh -Djboss.node.name=node1 -Djboss.server.base.dir=EAP_HOME/node1 -b 10.10.10.10 -bmanagement 127.0.0.1
- This example to start
node2
depends on whether the machine supports multiple IP addresses.- If the machine supports multiple IP addresses, the following command is to be used.
$ cd EAP_HOME $ ./bin/standalone.sh -Djboss.node.name=node2 -Djboss.server.base.dir=EAP_HOME/node2 -b 10.10.10.40 -bmanagement 127.0.0.40
- If the machine does not support multiple IP addresses, you must specify a
jboss.socket.binding.port-offset
property to avoid a port conflict.$ cd EAP_HOME $ ./bin/standalone.sh -Djboss.node.name=node2 -Djboss.server.base.dir=EAP_HOME/node2 -b 10.10.10.10 -bmanagement 127.0.0.1 -Djboss.socket.binding.port-offset=100
Note
2.2.4. Start JBoss EAP 6 as a Managed Domain
The domain controller must be started before any slave servers in any server groups in the domain. Use this procedure first on the domain controller, and then on each associated host controller and each other host associated with the domain.
Procedure 2.3. Start the Platform Service as a Managed Domain
For Red Hat Enterprise Linux.
Run the command:EAP_HOME/bin/domain.sh
For Microsoft Windows Server.
Run the command:EAP_HOME\bin\domain.bat
Optional: Pass additional parameters to the start-up script.
To list all available parameters for the start-up scripts, use the-h
parameter.
The JBoss EAP 6 Managed Domain instance starts.
2.2.5. Configure the Name of a Host in a Managed Domain
Every host running in a managed domain must have a unique host name. To ease administration and allow for the use of the same host configuration files on multiple hosts, the server uses the following precedence for determining the host name.
- If set, the
host
elementname
attribute in thehost.xml
configuration file. - The value of the
jboss.host.name
system property. - The value that follows the final period (".") character in the
jboss.qualified.host.name
system property, or the entire value if there is no final period (".") character. - The value that follows the period (".") character in the
HOSTNAME
environment variable for POSIX-based operating systems, theCOMPUTERNAME
environment variable for Microsoft Windows, or the entire value if there is no final period (".") character.
Procedure 2.4. Configure the Host Name Using a System Property
- Open the host configuration file for editing, for example,
host.xml
. - Find the
host
element in the file, for example:<host name="master" xmlns="urn:jboss:domain:1.6">
- If it is present, remove the
attribute declaration. Thename
="HOST_NAME"host
element should now look like the following example.<host xmlns="urn:jboss:domain:1.6">
- Start the server passing the
-Djboss.host.name
argument, for example:-Djboss.host.name=HOST_NAME
Procedure 2.5. Configure the Host Name Using a Specific Name
- Start the JBoss EAP slave host using the following syntax:
For example:bin/domain.sh --host-config=HOST_FILE_NAME
bin/domain.sh --host-config=host-slave01.xml
- Launch the Management CLI.
- Use the following syntax to replace the host name:
For example:/host=EXISTING_HOST_NAME:write-attribute(name="name",value=UNIQUE_HOST_NAME)
You should see the following result./host=master:write-attribute(name="name",value="host-slave01")
"outcome" => "success"
This modifies the hostname
attribute in thehost-slave01.xml
file as follows:<host name="host-slave01" xmlns="urn:jboss:domain:1.6">
- You must reload the server configuration using the old host name to complete the process
For example:reload --host=EXISTING_HOST_NAME
reload --host=master
2.2.6. Create Managed Domain on Two Machines
Note
- IP1 = IP address of the domain controller (Machine 1)
- IP2 = IP address of the host (Machine 2)
Procedure 2.6. Create managed domain on two machines
On Machine 1
- Use the add-user.sh script to add management user. For example,
slave01
, so the host can authenticate the domain controller. Note theSECRET_VALUE
from theadd-user
output. - Start domain with
host-master.xml
config file, which is preconfigured for dedicated domain controller. - Use
-bmanagement=$IP1
to make domain controller visible to other machines.EAP_HOME/bin/domain.sh --host-config=host-master.xml -bmanagement=$IP1
On Machine 2
- Update
EAP_HOME/domain/configuration/host-slave.xml
file with user credentials.<?xml version='1.0' encoding='UTF-8'?> <host xmlns="urn:jboss:domain:1.6" name="slave01"> <!-- add user name here --> <management> <security-realms> <security-realm name="ManagementRealm"> <server-identities> <secret value="$SECRET_VALUE" /> <!-- use secret value from add-user.sh output--> </server-identities> ...
- Start host.
EAP_HOME/bin/domain.sh --host-config=host-slave.xml -Djboss.domain.master.address=$IP1 -b=$IP2
Now we can manage the domain.
via CLI:EAP_HOME/bin/jboss-cli.sh -c --controller=$IP1
via Web Console:http://$IP1:9990
Access the server index page:http://$IP2:8080/ http://$IP2:8230/
2.2.7. Create Managed Domain on a Single Machine
jboss.domain.base.dir
property.
Important
Procedure 2.7. Run Multiple Host Controllers on a Single Machine
- Copy the
EAP_HOME/domain
directory for the domain controller.cp -r EAP_HOME/domain /path/to/domain1
- Copy the
EAP_HOME/domain
directory for a host controller.cp -r EAP_HOME/domain /path/to/host1
- Start the domain controller using
/path/to/domain1
.EAP_HOME/bin/domain.sh --host-config=host-master.xml -Djboss.domain.base.dir=/path/to/domain1
- Start the host controller using
/path/to/host1
.EAP_HOME/bin/domain.sh --host-config=host-slave.xml -Djboss.domain.base.dir=/path/to/host1 -Djboss.domain.master.address=IP_ADDRESS -Djboss.management.native.port=PORT
Each instance started in this manner will share the rest of the resources in the base installation directory (i.e. EAP_HOME/modules/
), but use the domain configuration from the directory specified by jboss.domain.base.dir
.
2.2.8. Start JBoss EAP 6 with an Alternative Configuration
Prerequisites
- Before using an alternative configuration file, prepare it using the default configuration as a template.
- For Managed Domains, alternative configuration files are stored in the
EAP_HOME/domain/configuration/
directory. - For Standalone Servers, alternative configuration files are stored in the
EAP_HOME/standalone/configuration/
directory.
Note
EAP_HOME/docs/examples/configs/
directory. Use these examples to enable features such as clustering or the Transactions XTS API.
For a Standalone Server, provide the configuration filename using the --server-config
switch. The configuration file must be in the EAP_HOME/standalone/configuration/
directory, and you must specify the file path relative to this directory.
Example 2.1. Using an Alternate Configuration file for a Standalone Server in Red Hat Enterprise Linux
[user@host bin]$ ./standalone.sh --server-config=standalone-alternate.xml
EAP_HOME/standalone/configuration/standalone-alternate.xml
configuration file.
Example 2.2. Using an Alternate Configuration file for a Standalone Server in Microsoft Windows Server
C:\EAP_HOME\bin> standalone.bat --server-config=standalone-alternate.xml
EAP_HOME\standalone\configuration\standalone-alternative.xml
configuration file.
For a Managed Domain, provide the configuration filename using the --domain-config
switch. The configuration file must be in the EAP_HOME/domain/configuration/
directory, and you need to specify the path relative to that directory.
Example 2.3. Using an Alternate Configuration file for a Managed Domain in Red Hat Enterprise Linux
[user@host bin]$ ./domain.sh --domain-config=domain-alternate.xml
EAP_HOME/domain/configuration/domain-alternate.xml
configuration file.
Example 2.4. Using an Alternate Configuration file for a Managed Domain in Microsoft Windows Server
C:\EAP_HOME\bin> domain.bat --domain-config=domain-alternate.xml
EAP_HOME\domain\configuration\domain-alternate.xml
configuration file.
2.2.9. Stop JBoss EAP 6
Note
Procedure 2.8. Stop an instance of JBoss EAP 6
Stop an instance which was started interactively from a command prompt.
Press Ctrl-C in the terminal where JBoss EAP 6 is running.
Procedure 2.9. Stop an instance which was started as an operating system service.
Red Hat Enterprise Linux
For Red Hat Enterprise Linux, if you have written a service script, use itsstop
facility. This needs to be written into the script. Then you can useservice scriptname stop
, where scriptname is the name of the script.Microsoft Windows Server
In Microsoft Windows, use thenet service
command, or stop the service from the Services applet in the Control Panel.
Procedure 2.10. Stop an instance which is running in the background (Red Hat Enterprise Linux)
- Obtain the process ID (PID) of the process:
If only a single instance is running (standalone mode)
Either of the following commands will return the PID of a single instance of JBoss EAP 6:pidof java
jps
(Thejps
command will return an ID for two processes; one forjboss-modules.jar
and one for jps itself. Use the ID forjboss-modules.jar
to stop the EAP instance)
If multiple EAP instances are running (domain mode)
Identifying the correct process to end if more than one instance of EAP is running requires more comprehensive commands be used.- The
jps
command can be used in verbose mode to provide more information about the java processes it finds.Below is an abridged output from a verbosejps
command identifying the different EAP processes running by PID and role:$ jps -v 12155 jboss-modules.jar -D[Server:server-one] -XX:PermSize=256m -XX:MaxPermSize=256m -Xms1303m ... 12196 jboss-modules.jar -D[Server:server-two] -XX:PermSize=256m -XX:MaxPermSize=256m -Xms1303m ... 12096 jboss-modules.jar -D[Host Controller] -Xms64m -Xmx512m -XX:MaxPermSize=256m ... 11872 Main -Xms128m -Xmx750m -XX:MaxPermSize=350m -XX:ReservedCodeCacheSize=96m -XX:+UseCodeCacheFlushing ... 11248 jboss-modules.jar -D[Standalone] -XX:+UseCompressedOops -verbose:gc ... 12892 Jps ... 12080 jboss-modules.jar -D[Process Controller] -Xms64m -Xmx512m -XX:MaxPermSize=256m ...
- The
ps aux
command can also be used to return information about multiple EAP instances.Below is an abridged output from a verboseps aux
command identifying the different EAP processes running by PID and role:$ ps aux | grep java username 12080 0.1 0.9 3606588 36772 pts/0 Sl+ 10:09 0:01 /path/to/java -D[Process Controller] -server -Xms128m -Xmx128m -XX:MaxPermSize=256m ... username 12096 1.0 4.1 3741304 158452 pts/0 Sl+ 10:09 0:13 /path/to/java -D[Host Controller] -Xms128m -Xmx128m -XX:MaxPermSize=256m ... username 12155 1.7 8.9 4741800 344224 pts/0 Sl+ 10:09 0:22 /path/to/java -D[Server:server-one] -XX:PermSize=256m -XX:MaxPermSize=256m -Xms1000m -Xmx1000m -server - ... username 12196 1.8 9.4 4739612 364436 pts/0 Sl+ 10:09 0:22 /path/to/java -D[Server:server-two] -XX:PermSize=256m -XX:MaxPermSize=256m -Xms1000m -Xmx1000m -server ...
In the above examples, the Process Controller processes are the processes to stop in order to stop the entire domain.Thegrep
utility can be used with either of these commands to identify the Process Controller:jps -v | grep "Process Controller"
ps aux | grep "Process Controller"
- Send the process the
TERM
signal, by runningkill PID
, where PID is the process ID identified by one of the commands above.
Each of these alternatives shuts JBoss EAP 6 down cleanly so that data is not lost.
2.2.10. Reference of Switches and Arguments to pass at Server Runtime
standalone.xml
, domain.xml
, and host.xml
configuration files.
-h
or --help
at startup.
Argument or Switch | Mode | Description |
---|---|---|
--admin-only | Standalone | Set the server's running type to ADMIN_ONLY . This will cause it to open administrative interfaces and accept management requests, but not start other runtime services or accept end user requests. |
--admin-only | Domain | Set the host controller's running type to ADMIN_ONLY causing it to open administrative interfaces and accept management requests but not start servers or, if this host controller is the master for the domain, accept incoming connections from slave host controllers. |
-b=<value> , -b <value> | Standalone, Domain | Set system property jboss.bind.address , which is used in configuring the bind address for the public interface. This defaults to 127.0.0.1 if no value is specified. See the -b<interface>=<value> entry for setting the bind address for other interfaces. |
-b<interface>=<value> | Standalone, Domain | Set system property jboss.bind.address.<interface> to the given value. For example, -bmanagement=IP_ADDRESS |
--backup | Domain | Keep a copy of the persistent domain configuration even if this host is not the Domain Controller. |
-c=<config> , -c <config> | Standalone | Name of the server configuration file to use. The default is standalone.xml . |
-c=<config> , -c <config> | Domain | Name of the server configuration file to use. The default is domain.xml . |
--cached-dc | Domain | If the host is not the Domain Controller and cannot contact the Domain Controller at boot, boot using a locally cached copy of the domain configuration. |
--debug [<port>] | Standalone | Activate debug mode with an optional argument to specify the port. Only works if the launch script supports it. |
-D<name>[=<value>] | Standalone, Domain | Set a system property. |
--domain-config=<config> | Domain | Name of the server configuration file to use. The default is domain.xml . |
-h , --help | Standalone, Domain | Display the help message and exit. |
--host-config=<config> | Domain | Name of the host configuration file to use. The default is host.xml . |
--interprocess-hc-address=<address> | Domain | Address on which the host controller should listen for communication from the process controller. |
--interprocess-hc-port=<port> | Domain | Port on which the host controller should listen for communication from the process controller. |
--master-address=<address> | Domain | Set system property jboss.domain.master.address to the given value. In a default slave Host Controller config, this is used to configure the address of the master Host Controller. |
--master-port=<port> | Domain | Set system property jboss.domain.master.port to the given value. In a default slave Host Controller config, this is used to configure the port used for native management communication by the master Host Controller. |
--read-only-server-config=<config> | Standalone | Name of the server configuration file to use. This differs from --server-config and -c in that the original file is never overwritten. |
--read-only-domain-config=<config> | Domain | Name of the domain configuration file to use. This differs from --domain-config and -c in that the initial file is never overwritten. |
--read-only-host-config=<config> | Domain | Name of the host configuration file to use. This differs from --host-config in that the initial file is never overwritten. |
-P=<url> , -P <url> , --properties=<url> | Standalone, Domain | Load system properties from the given URL. |
--pc-address=<address> | Domain | Address on which the process controller listens for communication from processes it controls. |
--pc-port=<port> | Domain | Port on which the process controller listens for communication from processes it controls. |
-S<name>[=<value>] | Standalone | Set a security property. |
--server-config=<config> | Standalone | Name of the server configuration file to use. The default is standalone.xml . |
-u=<value> , -u <value> | Standalone, Domain | Set system property jboss.default.multicast.address , which is used in configuring the multicast address in the socket-binding elements in the configuration files. This defaults to 230.0.0.4 if no value is specified. |
-v , -V , --version | Standalone, Domain | Display the application server version and exit. |
Warning
-b
, -u
). If you change your configuration files to no longer use the system property controlled by the switch, then adding it to the launch command will have no effect.
2.3. Start and Stop Servers
2.3.1. Start and Stop Servers Using the Management CLI
Prerequisites
Standalone Servers, started either by a script or manually at a shell prompt, can be shut down from the Management CLI using the shutdown
command.
Example 2.5. Stop a Standalone Server instance via the Management CLI
[standalone@localhost:9999 /] shutdown
The Management Console can selectively start or stop specific servers in a domain. This includes server groups across the whole of a domain as well as specific server instances on a host.
Example 2.6. Stop a Server Host in a Managed Domain via the Management CLI
shutdown
command is used to shut down a declared Managed Domain host. This example stops a server host named master by declaring the instance name before calling the shutdown operation.
[domain@localhost:9999 /] shutdown --host=master
Example 2.7. Start and Stop a Server Group in a Managed Domain via the Management CLI
main-server-group
by declaring the group before calling the start
and stop
operations.
[domain@localhost:9999 /] /server-group=main-server-group:start-servers
[domain@localhost:9999 /] /server-group=main-server-group:stop-servers
Example 2.8. Start and Stop a Server Instance in a Managed Domain via the Management CLI
server-one
on the master
host by declaring the host and server configuration before calling the start
and stop
operations.
[domain@localhost:9999 /] /host=master/server-config=server-one:start
[domain@localhost:9999 /] /host=master/server-config=server-one:stop
Note
2.3.2. Start a Server Using the Management Console
Prerequisites
Procedure 2.11. Start the Server for a Managed Domain
- Select the Domain tab at the top of the console and then, select the tab. In the left navigation bar, under , select .
- From the list of Server Instances, select the server you want to start. Servers that are running are indicated by a check mark.Hover the cursor over an instance in this list to show options in blue text below the server's details.
- To start the instance, click on thetext when it appears. A confirmation dialogue box will open. Click to start the server.
The selected server is started and running.
2.3.3. Stop a Server Using the Management Console
Prerequisites
Procedure 2.12. Stop a Server in a Managed Domain Using the Management Console
- Select the Domain tab at the top of the console and then, select the tab. In the left navigation bar, under , select .
- A list of available Server Instances is displayed on the Hosts, groups and server instances table. Servers that are running are indicated by a check mark.
- Hover the cursor over the chosen server. Click on thetext that appears. A confirmation dialogue window will appear.
- Clickto stop the server.
The selected server is stopped.
2.4. Configuration Files
2.4.1. About JBoss EAP 6 Configuration Files
Server mode | Location | Purpose |
---|---|---|
domain.xml | EAP_HOME/domain/configuration/domain.xml | This is the main configuration file for a managed domain. Only the domain master reads this file. On other domain members, it can be removed. |
host.xml | EAP_HOME/domain/configuration/host.xml | This file includes configuration details specific to a physical host in a managed domain, such as network interfaces, socket bindings, the name of the host, and other host-specific details. The host.xml file includes all of the features of both host-master.xml and host-slave.xml , which are described below. This file is not present for standalone servers. |
host-master.xml | EAP_HOME/domain/configuration/host-master.xml | This file includes only the configuration details necessary to run a server as a managed domain master server. This file is not present for standalone servers. |
host-slave.xml | EAP_HOME/domain/configuration/host-slave.xml | This file includes only the configuration details necessary to run a server as a managed domain slave server. This file is not present for standalone servers. |
standalone.xml | EAP_HOME/standalone/configuration/standalone.xml | This is the default configuration file for a standalone server. It contains all information about the standalone server, including subsystems, networking, deployments, socket bindings, and other configurable details. This configuration is used automatically when you start your standalone server. |
standalone-full.xml | EAP_HOME/standalone/configuration/standalone-full.xml | This is an example configuration for a standalone server. It includes support for every possible subsystem except for those required for high availability. To use it, stop your server and restart using the following command: EAP_HOME/bin/standalone.sh -c standalone-full.xml |
standalone-ha.xml | EAP_HOME/standalone/configuration/standalone-ha.xml | This example configuration file enables all of the default subsystems and adds the mod_cluster and JGroups subsystems for a standalone server, so that it can participate in a high-availability or load-balancing cluster. This file is not applicable for a managed domain. To use this configuration, stop your server and restart using the following command: EAP_HOME/bin/standalone.sh -c standalone-ha.xml |
standalone-full-ha.xml | EAP_HOME/standalone/configuration/standalone-full-ha.xml | This is an example configuration for a standalone server. It includes support for every possible subsystem, including those required for high availability. To use it, stop your server and restart using the following command: EAP_HOME/bin/standalone.sh -c standalone-full-ha.xml |
Note
2.4.2. Back up JBoss EAP Configuration Data
This topic describes the files that must be backed up in order to later restore the JBoss EAP server configuration.
Procedure 2.13. Back Up the Configuration Data
- To keep user and profile data, domain, host, slave, and logging configuration, back up the entire contents of the following directories.
- EAP_HOME/standalone/configuration/
- EAP_HOME/domain/configuration
- Back up any custom modules created in the
EAP_HOME/modules/system/layers/base/
directory. - Back up any welcome content in the
EAP_HOME/welcome-content/
directory. - Back up any custom scripts created in the
EAP_HOME/bin/
directory.
2.4.3. Descriptor-based Property Replacement
standalone.xml
or domain.xml
:
Example 2.9. Descriptor-based property replacement
<subsystem xmlns="urn:jboss:domain:ee:1.2"> <spec-descriptor-property-replacement> true </spec-descriptor-property-replacement> <jboss-descriptor-property-replacement> true </jboss-descriptor-property-replacement> </subsystem>
ejb-jar.xml
and persistence.xml
.
jboss-ejb3.xml
jboss-app.xml
jboss-web.xml
*-jms.xml
*-ds.xml
Example 2.10. Example annotation
@ActivationConfigProperty(propertyName = "connectionParameters", propertyValue = "host=192.168.1.1;port=5445")
connectionParameters
can be specified via the command-line as:
./standalone.sh -DconnectionParameters='host=10.10.64.1;port=5445'
${parameter:default}
. Where an expression is used in configuration, the value of that parameter takes its place. If the parameter does not exist then the specified default value is used instead.
Example 2.11. Using an Expression in a Descriptor
<activation-config> <activation-config-property> <activation-config-property-name> connectionParameters </activation-config-property-name> <activation-config-property-value> ${jms.connection.parameters:'host=10.10.64.1;port=5445'} </activation-config-property-value> </activation-config-property> </activation-config>
${jms.connection.parameters:'host=10.10.64.1;port=5445'}
allows the connection parameters to be overridden by a command-line supplied parameter, while providing a default value.
2.4.4. Enabling or Disabling Descriptor Based Property Replacement
Finite control over descriptor property replacement was introduced in jboss-as-ee_1_1.xsd
. This task covers the steps required to configure descriptor based property replacement.
- When set to
true
, property replacements are enabled. - When set to
false
, property replacements are disabled.
Procedure 2.14. jboss-descriptor-property-replacement
jboss-descriptor-property-replacement
is used to enable or disable property replacement in the following descriptors:
jboss-ejb3.xml
jboss-app.xml
jboss-web.xml
*-jms.xml
*-ds.xml
jboss-descriptor-property-replacement
is true
.
- In the Management CLI, run the following command to determine the value of
jboss-descriptor-property-replacement
:/subsystem=ee:read-attribute(name="jboss-descriptor-property-replacement")
- Run the following command to configure the behavior:
/subsystem=ee:write-attribute(name="jboss-descriptor-property-replacement",value=VALUE)
Procedure 2.15. spec-descriptor-property-replacement
spec-descriptor-property-replacement
is used to enable or disable property replacement in the following descriptors:
ejb-jar.xml
persistence.xml
application.xml
web.xml
spec-descriptor-property-replacement
is false
.
- In the Management CLI, run the following command to confirm the value of
spec-descriptor-property-replacement
:/subsystem=ee:read-attribute(name="spec-descriptor-property-replacement")
- Run the following command to configure the behavior:
/subsystem=ee:write-attribute(name="spec-descriptor-property-replacement",value=VALUE)
The descriptor based property replacement tags have been successfully configured.
2.4.5. Nested Expressions
Example 2.12. Nested expression
${system_value_1${system_value_2}}
META-INF/jboss.properties
file in the deployment archive. In an EAR or other deployment type that supports subdeployments, the resolution is scoped to all subdeployments if the META-INF/jboss.properties
is in the outer deployment (e.g. the EAR) and is scoped to a subdeployment if META-INF/jboss.properties
is in the subdeployment archive (e.g. a WAR inside an EAR.)
Example 2.13. Use a Nested Expression in a Configuration File
<password>${VAULT::ds_ExampleDS::password::1}</password>Using a nested expression, the value of
ds_ExampleDS
could be replaced with a system property. If a system property datasource_name
is assigned the value ds_ExampleDS
, the line in the datasource definition could instead be as follows:
<password>${VAULT::${datasource_name}::password::1}</password>
${datasource_name}
, then input this to the larger expression and evaluate the resulting expression. The advantage of this configuration is that the name of the datasource is abstracted from the fixed configuration.
Example 2.14. Recursive Expression
${foo}
which resolves to the expression ${VAULT::ds_ExampleDS::password::1}
, which then resolves to a value contained in the Vault: secret
.
2.4.6. Configuration File History
standalone.xml
, as well as the domain.xml
and host.xml
files. While these files may be modified by direct editing, the recommended method is to configure the application server model with the available management operations, including the Management CLI and the Management Console.
2.4.7. Start the Server with a Previous Configuration
standalone.xml
. The same concept applies to a managed domain with domain.xml
and host.xml
respectively.
Example 2.15. Start the server with a saved configuration
- Identify the backed up version that you want to start. This example will recall the instance of the server model prior to the first modification after successfully booting up.
EAP_HOME/standalone/configuration/standalone_xml_history/current/standalone.v1.xml
- Start the server with this configuration of the backed up model by passing in the relative filename under
jboss.server.config.dir
.EAP_HOME/bin/standalone.sh --server-config=standalone_xml_history/current/standalone.v1.xml
The application server starts with the selected configuration.
Note
EAP_HOME/domain/configuration/domain_xml_history/current/domain.v1.xml
jboss.domain.config.dir
.
EAP_HOME/bin/domain.sh --domain-config=domain_xml_history/current/domain.v1.xml
2.4.8. Save a Configuration Snapshot Using the Management CLI
Configuration snapshots are a point-in-time copy of the current server configuration. These copies can be saved and loaded by the administrator.
standalone.xml
configuration file, but the same process applies to the domain.xml
and host.xml
configuration files.
Prerequisites
Procedure 2.16. Take a Configuration Snapshot and Save It
Save a snapshot
Run thetake-snapshot
operation to capture a copy of the current server configuration.[standalone@localhost:9999 /] :take-snapshot { "outcome" => "success", "result" => "/home/User/EAP_HOME/standalone/configuration/standalone_xml_history/snapshot/20110630-172258657standalone.xml"
A snapshot of the current server configuration has been saved.
2.4.9. Load a Configuration Snapshot Using the Management CLI
standalone.xml
file, but the same process applies to the domain.xml
and host.xml
files.
Procedure 2.17. Load a Configuration Snapshot
- Identify the snapshot to be loaded. This example will recall the following file from the snapshot directory. The default path for the snapshot files is as follows.
EAP_HOME/standalone/configuration/standalone_xml_history/snapshot/20110812-191301472standalone.xml
The snapshots are expressed by their relative paths, by which the above example can be written as follows.jboss.server.config.dir/standalone_xml_history/snapshot/20110812-191301472standalone.xml
- Start the server with the selected configuration snapshot by passing in the filename.
EAP_HOME/bin/standalone.sh --server-config=standalone_xml_history/snapshot/20110913-164449522standalone.xml
The server restarts with the configuration selected in the loaded snapshot.
2.4.10. Delete a Configuration Snapshot Using Management CLI
Prerequisites
standalone.xml
file, but the same process applies to the domain.xml
and host.xml
files.
Procedure 2.18. Delete a Specific Snapshot
- Identify the snapshot to be deleted. This example will delete the following file from the snapshot directory.
EAP_HOME/standalone/configuration/standalone_xml_history/snapshot/20110630-165714239standalone.xml
- Run the
:delete-snapshot
command to delete a specific snapshot, specifying the name of the snapshot as in the example below.[standalone@localhost:9999 /]
:delete-snapshot(name="20110630-165714239standalone.xml")
{"outcome" => "success"}
The snapshot has been deleted.
Procedure 2.19. Delete All Snapshots
- Run the
:delete-snapshot(name="all")
command to delete all snapshots as in the example below.[standalone@localhost:9999 /]
:delete-snapshot(name="all")
{"outcome" => "success"}
All snapshots have been deleted.
2.4.11. List All Configuration Snapshots Using Management CLI
Prerequisites
standalone.xml
file, but the same process applies to the domain.xml
and host.xml
files.
Procedure 2.20. List All Configuration Snapshots
List all snapshots
List all of the saved snapshots by running the:list-snapshots
command.[standalone@localhost:9999 /]
:list-snapshots
{ "outcome" => "success", "result" => { "directory" => "/home/hostname/EAP_HOME/standalone/configuration/standalone_xml_history/snapshot", "names" => [ "20110818-133719699standalone.xml", "20110809-141225039standalone.xml", "20110802-152010683standalone.xml", "20110808-161118457standalone.xml", "20110912-151949212standalone.xml", "20110804-162951670standalone.xml" ] } }
The snapshots are listed.
2.5. Filesystem Paths
domain.xml
, host.xml
, and standalone.xml
configuration files each include a section for declaring paths.
jboss.server.log.dir
as the logical name for the server’s log
directory.
Example 2.16. Relative path example for the logging directory
<file relative-to="jboss.server.log.dir" path="server.log"/>
Value | Description |
---|---|
java.ext.dirs | The Java development kit extension directory paths. |
jboss.home.dir | The root directory of the JBoss EAP 6 distribution. |
user.home | The user home directory. |
user.dir | The user's current working directory. |
java.home | The Java installation directory |
jboss.server.base.dir | The root directory for an individual server instance. |
jboss.server.data.dir | The directory the server will use for persistent data file storage. |
jboss.server.config.dir | The directory that contains the server configuration. |
jboss.server.log.dir | The directory the server will use for log file storage. |
jboss.server.temp.dir | The directory the server will use for temporary file storage. |
jboss.server.deploy.dir | The directory that the server will use for storing deployed content. |
jboss.controller.temp.dir | The directory the host controller will use for temporary file storage. |
jboss.domain.base.dir | The base directory for domain content. |
jboss.domain.config.dir | The directory that contains the domain configuration. |
jboss.domain.data.dir | The directory that the domain will use for persistent data file storage. |
jboss.domain.log.dir | The directory that the domain will use for persistent log file storage. |
jboss.domain.temp.dir | The directory that the domain will use for temporary file storage. |
jboss.domain.deployment.dir | The directory that the domain will use for storing deployed content. |
jboss.domain.servers.dir | The directory that the domain will use for storing outputs of the managed domain instances. |
If you are running a standalone server, you can override all the jboss.server.*
paths in one of the two ways.
- You can pass command line arguments when you start the server. For example:
bin/standalone.sh -Djboss.server.log.dir=/var/log
- You can modify the
JAVA_OPTS
variable in the server configuration file. Open theEAP_HOME/bin/standalone.conf
file and add the following line at the end of the file:JAVA_OPTS="$JAVA_OPTS -Djboss.server.log.dir=/var/log"
jboss.domain.servers.dir
can be used to change the base directories of servers in a managed domain.
You can also create your own custom path. For example, you may want to define a relative path to use for logging. You can then change the log handler to use my.relative.path
,
Example 2.17. A custom logging path
my.relative.path=/var/log
2.5.1. Directory Grouping
EAP_HOME/domain/
directory. Subdirectories are named according to the directory-grouping
attribute, either by server or file type.
The default directory grouping is by server
. If your administration is server-centric, this configuration is recommended. For example, it allows backups and log file handling to be configured per server instance.
Example 2.18. Directory Grouping by Server
EAP_HOME/domain └─ servers ├── server-one │ ├── data │ ├── tmp │ └── log └── server-two ├── data ├── tmp └── log
directory-grouping
attribute has been changed from the default, and you want to reset it, enter the following management CLI command.
/host=master:write-attribute(name="directory-grouping",value="by-server")
host.xml
configuration file:
<servers directory-grouping="by-server"> <server name="server-one" group="main-server-group" > </server> <server name="server-two" group="main-server-group" auto-start="true"> </server> </servers>
Instead of grouping each servers' directories by server, you can instead group them by file type. If your administration is file type-centric, this configuration is recommended. For example, backup configuration is simpler if you want to include only data files.
/host=master:write-attribute(name="directory-grouping",value="by-type")
host.xml
configuration file:
<servers directory-grouping="by-type"> <server name="server-one" group="main-server-group" > </server> <server name="server-two" group="main-server-group" auto-start="true"> </server> </servers>
Example 2.19. Directory Grouping by Type
EAP_HOME/domain ├── data │ └── servers │ ├── server-one │ └── server-two ├── log │ └── servers │ ├── server-one │ └── server-two └── tmp └── servers ├── server-one └── server-two
2.5.2. Use Case: Overriding Directories
/opt/jboss_eap/data/domain_data
directory, and give each top-level directory a custom name. The directory grouping used is the default: by-server
.
- Log files stored in the subdirectory
all_logs
- Data files stored in the subdirectory
all_data
- Temporary files stored in the subdirectory
all_temp
- Servers' files stored in the subdirectory
all_servers
./domain.sh \ -Djboss.domain.temp.dir=/opt/jboss_eap/data/domain_data/all_temp \ -Djboss.domain.log.dir=/opt/jboss_eap/data/domain_data/all_logs \ -Djboss.domain.data.dir=/opt/jboss_eap/data/domain_data/all_data\ -Djboss.domain.servers.dir=/opt/jboss_eap/data/domain_data/all_servers
/opt/jboss_eap/data/domain_data/ ├── all_data │ └── content ├── all_logs │ ├── host-controller.log │ └── process-controller.log ├── all_servers │ ├── server-one │ │ ├── data │ │ │ ├── content │ │ │ ├── logging.properties │ │ ├── log │ │ │ └── server.log │ │ └── tmp │ │ ├── vfs │ │ │ └── temp │ │ └── work │ │ └── jboss.web │ │ └── default-host │ └── server-two │ ├── data │ │ ├── content │ │ ├── logging.properties │ ├── log │ │ └── server.log │ └── tmp │ ├── vfs │ │ └── temp │ └── work │ └── jboss.web │ └── default-host └── all_temp └── auth ...
Chapter 3. Management Interfaces
3.1. Manage the Application Server
Note
3.2. Management Application Programming Interfaces (APIs)
The Management Console is a web interface built with the Google Web Toolkit (GWT). It communicates with the server using the HTTP management interface.
Example 3.1. HTTP API Configuration File Example
<management-interfaces> [...] <http-interface security-realm="ManagementRealm"> <socket-binding http="management-http"/> </http-interface> </management-interfaces>
URL | Description |
---|---|
http://localhost:9990/console | The Management Console accessed on the local host, controlling the Managed Domain configuration. |
http://hostname:9990/console | The Management Console accessed remotely, naming the host and controlling the Managed Domain configuration. |
http://hostname:9990/management | The HTTP Management API runs on the same port as the Management Console, displaying the raw attributes and values exposed to the API. |
Example 3.2. Retrieve attribute values using the HTTP API
read-resource
).
http://hostname:9990/management/subsystem/web/connector/http
Example 3.3. Retrieve a single attribute value using the HTTP API
enabled
attribute for the ExampleDS datasource.
http://hostname:9990/management/subsystem/datasources/data-source/ExampleDS?operation=attribute&name=enabled
The Management CLI is a Native API tool. It is available for a Managed Domain or Standalone server instance, allowing an administrator to connect to a domain controller or Standalone Server instance and execute management operations available through the de-typed management model.
Example 3.4. Native API Configuration File Example
<management-interfaces> <native-interface security-realm="ManagementRealm"> <socket-binding native="management-native"/> </native-interface> [...] </management-interfaces>
3.3. The Management Console
3.3.1. Management Console
3.3.2. Log in to the Management Console
Prerequisites
- JBoss EAP 6 must be running.
- You must have already created a user with permissions to access the Console.
- Launch your web browser and go to this address: http://localhost:9990/console/App.html
Note
Port 9990 is predefined as the Management Console socket binding. - Enter your username and password to log in to the Management Console.
Figure 3.1. Log in screen for the Management Console
Once logged in, you are redirected to the following address and the Management Console landing page appears: http://localhost:9990/console/App.html#home
3.3.3. Change the Language of the Management Console
Supported Languages
- German (de)
- Simplified Chinese (zh-Hans)
- Brazilian Portuguese (pt-BR)
- French (fr)
- Spanish (es)
- Japanese (ja)
Procedure 3.1. Change the Language of the Web-based Management Console
Log into the Management Console.
Log into the web-based Management Console.Open the Settings dialog.
Near the bottom right of the screen is a Settings label. Click it to open the settings for the Management Console.Select the desired language.
Select the desired language from the Locale selection box. Select Save. A confirmation box informs you that you need to reload the application. Click Confirm. The system refreshes your web browser automatically to use the new locale.
3.3.4. Analytics in JBoss EAP Console
Google Analytics is a free web analytics service which provides comprehensive usage statistics on a website. It provides vital data regarding a site's visitors, including their visits, page views, pages per visit and average time spent on site. Google Analytics provides more visibility around a website's presence and its visitors.
JBoss EAP 6 provides users the option to enable or disable Google Analytics in the management console. The Google Analytics feature aims to help Red Hat EAP team understand how the customers are using the console and which parts of the console matter the most to the customers. This information will in-turn help the team adapt the console design, features and content to the immediate needs of the customers.
Note
3.3.5. Enable Google Analytics in JBoss EAP Console
- Log in to the Management Console
- Clickon the Management Console
Figure 3.2. Log in screen of the Management Console
- Selectcheckbox on the
Settings
dialog and click button. Confirm the application reload to activate the new settings.Figure 3.3. Settings dialog (Enable Usage Data Collection)
3.3.6. Disable Google Analytics in JBoss EAP Console
- Log in to the Management Console
- Clickon the Management Console
Figure 3.4. Log in screen of the Management Console
- Uncheck theoption on the
Settings
dialog to remove the selection. Click button. Confirm the application reload to activate the new settings.Figure 3.5. Settings dialog (Disable Usage Data Collection)
3.3.7. Configure a Server Using the Management Console
Prerequisites
Procedure 3.2. Configure the Server
- Select the Domain tab from the top of the console. Available server instances will be displayed in a table.
- Click Server Configurations.The Server Configurations panel for the relevant host appears.
- Select the server instance from the Available Server Configurations table.
- Clickabove the details of the chosen server.
- Make changes to the configuration attributes.
- Clickto finish.
Figure 3.6. Server configuration
The server configuration is changed, and will take effect next time the server restarts.
3.3.8. Add a Deployment in the Management Console
Prerequisites
- Select the Deployments tab at the top of the console.
- Select Content Repository tab. A Create Deployment dialog box appears.on the
Figure 3.7. Manage standalone deployments
- In the dialog box, click. Browse to the file you want to deploy, select it and upload it. Click to proceed.
Figure 3.8. Deployment selection
- Verify the deployment name and runtime name that appear in the Create Deployments dialog box. Click to upload the file once the names are verified.
The selected content is uploaded to the server and is now ready for deployment.
3.3.9. Create a New Server in the Management Console
Prerequisites
Procedure 3.3. Create a New Server Configuration
Navigate to the Server Configurations page in the Management Console
Select the Domain tab from the top of the console.Figure 3.9. Server Configuration
- Click Server Configurations in the left menu.
Create a new configuration
- Select the Available Server Configurations table.button above the
- Enter the basic server settings in the Create Server Configuration dialog.
- Select thebutton to save the new Server Configuration.
Figure 3.10. Create a new configuration
3.3.10. Change the Default Log Levels Using the Management Console
Procedure 3.4. Edit the Logging Levels
Navigate to the Logging panel in the Management Console
- If you are working with a managed domain, select the Configuration tab at the top of the console, then select the relevant profile from the drop-down list on the left of the console.
- For either a managed domain or a standalone server, expand the Logging entry.menu from the list on the left of the console and click the
- Click on the Log Categories tab in the top of the console.
Figure 3.11. Logging panel
Edit logger details
Edit the details for any of the entries in the Log Categories table.- Select an entry in the Log Categories table, then click in the Details section below.
- Set the log level for the category with the Log Level drop-down box. Click the button when done.
The log levels for the relevant categories are now updated.
3.3.11. Create a New Server Group in the Management Console
Prerequisites
Procedure 3.5. Configure and Add a new Server Group
Navigate to the Server Groups view
Select the Domain tab from the top of the console.- Select Server Groups in the left hand column.
Figure 3.12. The Server Groups view
Add a server group
Click thebutton to add a new server group.Configure the server group
- Enter a name for the server group.
- Select the profile for the server group.
- Select the socket binding for the server group.
- Click the Save button to save your new group.
Figure 3.13. The Create Server Group dialog
The new server group is visible in the Management Console.
3.3.12. Viewing Logs in the Management Console
jboss.server.log.dir
directory. The JBoss EAP 6 Log Viewer also respects user RBAC role assignments, so a user logged in to the Management Console can only view logs that they are authorized to access.
Prerequisites
Procedure 3.6. View JBoss EAP 6 Logs in the Management Console
- Select thetab from the top of the Management Console.
- If you are using a Managed Domain, use thebutton on the left menu to select the JBoss EAP 6 server that you want to view the logs of.
- Expand themenu on the left, and select .
- Select a log file from the list, and click thebutton.You can also clickto download the log file to your local machine.
Note
The Management Console Log Viewer displays a confirmation if you attempt to open a log file that is larger than 15MB.The Management Console Log Viewer is not intended to be a text editor replacement for viewing very large log files (>100MB). Opening very large log files in the Management Console Log Viewer could crash your web browser, so you should always download large log files separately and open them in a text editor. - The selected log will open as a new tab within the Management Console. You can open multiple log files in other tabs by returning to the LOG FILES tab and repeating the previous step.
3.3.13. Customer Portal Integration in the Management Console
- Search Customer Portal
- Open Case
- Modify Case
Note
Search Customer Portal
Open Case
Modify Case
3.4. The Management CLI
3.4.1. About the Management Command Line Interface (CLI)
3.4.2. Launch the Management CLI
Prerequisites:
Procedure 3.7. Launch CLI in Linux or Microsoft Windows Server
Launch the CLI in Linux
Run theEAP_HOME/bin/jboss-cli.sh
file by entering the following at a command line:$ EAP_HOME/bin/jboss-cli.sh
Launch the CLI in Microsoft Windows Server
Run theEAP_HOME\bin\jboss-cli.bat
file by double-clicking it, or by entering the following at a command line:C:\>EAP_HOME\bin\jboss-cli.bat
3.4.3. Quit the Management CLI
quit
command:
[domain@localhost:9999 /] quit
3.4.4. Connect to a Managed Server Instance Using the Management CLI
Prerequisites
Procedure 3.8. Connect to a Managed Server Instance
Run the
connect
commandFrom the Management CLI, enter theconnect
command:[disconnected /]
connect
Connected to domain controller at localhost:9999- Alternatively, to connect to a managed server when starting the Management CLI on a Linux system, use the
--connect
parameter:$
EAP_HOME/bin/jboss-cli.sh --connect
- The
--connect
parameter can be used to specify the host and port of the server. To connect to the address192.168.0.1
with the port value9999
the following would apply:$
EAP_HOME/bin/jboss-cli.sh --connect --controller=192.168.0.1:9999
3.4.5. Obtain Help with the Management CLI
Sometimes you might need guidance if you need to learn a CLI command or feel unsure about what to do. The Management CLI features a help dialog with general and context-sensitive options. (Note that the help commands dependent on the operation context require an established connection to either a standalone or domain controller. These commands will not appear in the listing unless the connection has been established.)
Prerequisites
For general help
From the Management CLI, enter thehelp
command:[standalone@localhost:9999 /]
help
Obtain context-sensitive help
From the Management CLI, enter thehelp -commands
extended command:[standalone@localhost:9999 /]
help --commands
- For a more detailed description of a specific command, enter the command, followed by
--help
.[standalone@localhost:9999 /]
deploy --help
The CLI help information is displayed.
3.4.6. Use the Management CLI in Batch Mode
Batch processing allows a number of operation requests to be grouped in a sequence and executed together as a unit. If any of the operation requests in the sequence fail, the entire group of operations is rolled back.
Note
Prerequisites
Procedure 3.9. Batch Mode Commands and Operations
Enter batch mode
Enter batch mode with thebatch
command.[standalone@localhost:9999 /] batch
Batch mode is indicated by the hash symbol (#
) in the prompt.Add operation requests to the batch
Once in batch mode, enter operation requests as normal. The operation requests are added to the batch in the order they are entered.Refer to Section 3.4.8, “Use Operations and Commands in the Management CLI” for details on formatting operation requests.Run the batch
Once the entire sequence of operation requests is entered, run the batch with therun-batch
command.[standalone@localhost:9999 / #] run-batch The batch executed successfully.
Refer to Section 3.4.7, “CLI Batch Mode Commands” for a full list of commands available for working with batches.Batch commands stored in external files
Frequently run batch commands can be stored in an external text file and can either be loaded by passing the full path to the file as an argument to thebatch
command or executed directly by being an argument to therun-batch
command.You can create a batch command file using a text editor. Each command must be on a line by itself and the CLI should be able to access it.The following command will load amyscript.txt
file in the batch mode. All commands in this file will now be accessible to be edited or removed. New commands can be inserted. Changes made in this batch session do not persist to themyscript.txt
file.[standalone@localhost:9999 /] batch --file=myscript.txt
The following will instantly run the batch commands stored in the filemyscript.txt
[standalone@localhost:9999 /] run-batch --file=myscript.txt
The entered sequence of operation requests is completed as a batch.
3.4.7. CLI Batch Mode Commands
Command Name | Description |
---|---|
list-batch | List of the commands and operations in the current batch. |
edit-batch-line line-number edited-command | Edit a line in the current batch by providing the line number to edit and the edited command. Example: edit-batch-line 2 data-source disable --name=ExampleDS . |
move-batch-line fromline toline | Re-order the lines in the batch by specifying the line number you want to move as the first argument and its new position as the second argument. Example: move-batch-line 3 1 . |
remove-batch-line linenumber | Remove the batch command at the specified line. Example: remove-batch-line 3 . |
holdback-batch [batchname] |
You can postpone or store a current batch by using this command. Use this if you want to suddenly execute something in the CLI outside the batch. To return to this heldback batch, simply type
batch again at the CLI command line.
If you provide a batchname while using
holdback-batch command the batch will be stored under that name. To return to the named batch, use the command batch batchname . Calling the batch command without a batchname will start a new (unnamed) batch. There can be only one unnamed heldback batch.
To see a list of all heldback batches, use the
batch -l command.
|
discard-batch | Dicards the currently active batch. |
3.4.8. Use Operations and Commands in the Management CLI
Prerequisites
Procedure 3.10. Create, Configure and Execute Requests
Construct the operation request
Operation requests allow for low-level interaction with the management model. They provide a controlled way to edit server configurations. An operation request consists of three parts:- an address, prefixed with a slash (
/
). - an operation name, prefixed with a colon (
:
). - an optional set of parameters, contained within parentheses (
()
).
Determine the address
The configuration is presented as a hierarchical tree of addressable resources. Each resource node offers a different set of operations. The address specifies which resource node to perform the operation on. An address uses the following syntax:/node-type=node-name
- node-type is the resource node type. This maps to an element name in the configuration XML.
- node-name is the resource node name. This maps to the
name
attribute of the element in the configuration XML. - Separate each level of the resource tree with a slash (
/
).
Refer to the configuration XML files to determine the required address. TheEAP_HOME/standalone/configuration/standalone.xml
file holds the configuration for a standalone server and theEAP_HOME/domain/configuration/domain.xml
andEAP_HOME/domain/configuration/host.xml
files hold the configuration for a managed domain.Note
Running the CLI commands in Domain Mode requires host and server specification. For example,/host=master/server=server-one/subsystem=logging
Example 3.5. Example operation addresses
To perform an operation on the logging subsystem, use the following address in an operation request:/subsystem=logging
To perform an operation on the Java datasource, use the following address in an operation request:/subsystem=datasources/data-source=java
Determine the operation
Operations differ for each different type of resource node. An operation uses the following syntax::operation-name
- operation-name is the name of the operation to request.
Use theread-operation-names
operation on any resource address in a standalone server to list the available operations.Example 3.6. Available operations
To list all available operations for the logging subsystem, enter the following request for a standalone server:[standalone@localhost:9999 /] /subsystem=logging:read-operation-names { "outcome" => "success", "result" => [ "add", "read-attribute", "read-children-names", "read-children-resources", "read-children-types", "read-operation-description", "read-operation-names", "read-resource", "read-resource-description", "remove", "undefine-attribute", "whoami", "write-attribute" ] }
Determine any parameters
Each operation may require different parameters.Parameters use the following syntax:(parameter-name=parameter-value)
- parameter-name is the name of the parameter.
- parameter-value is the value of the parameter.
- Multiple parameters are separated by commas (
,
).
To determine any required parameters, perform theread-operation-description
command on a resource node, passing the operation name as a parameter. Refer to Example 3.7, “Determine operation parameters” for details.Example 3.7. Determine operation parameters
To determine any required parameters for theread-children-types
operation on the logging subsystem, enter theread-operation-description
command as follows:[standalone@localhost:9999 /] /subsystem=logging:read-operation-description(name=read-children-types) { "outcome" => "success", "result" => { "operation-name" => "read-children-types", "description" => "Gets the type names of all the children under the selected resource", "reply-properties" => { "type" => LIST, "description" => "The children types", "value-type" => STRING }, "read-only" => true } }
Enter the full operation request
Once the address, operation, and any parameters have been determined, enter the full operation request.Example 3.8. Example operation request
[standalone@localhost:9999 /]
/subsystem=web/connector=http:read-resource(recursive=true)
The management interface performs the operation request on the server configuration.
3.4.9. Use if-else Control Flow with the Management CLI
if
-else
control flow, which allows you to choose which set of commands and operations to execute based on a condition. The if
condition is a boolean expression which evaluates the response of the management command or operation specified after the of
keyword.
- Conditional operators (&&, ||)
- Comparison operators (>, >=, <, <=, ==, !=)
- Parentheses to group and prioritize expressions
Example 3.9. Using an if
statement with Management CLI commands
test
. If outcome
is not success
(meaning that the property does not exist), then the system property will be added and set to true
.
if (outcome != success) of /system-property=test:read-resource /system-property=test:add(value=true) end-if
outcome
, which is returned when the CLI command after the of
keyword is executed, as shown below:
[standalone@localhost:9999 /] /system-property=test:read-resource { "outcome" => "failed", "failure-description" => "JBAS014807: Management resource '[(\"system-property\" => \"test\")]' not found", "rolled-back" => true }
Example 3.10. Using an if
-else
statement with Management CLI commands
STANDALONE
or DOMAIN
) and issues the appropriate CLI command to enable the ExampleDS
datasource.
if (result == STANDALONE) of /:read-attribute(name=launch-type) /subsystem=datasources/data-source=ExampleDS:write-attribute(name=enabled, value=true) else /profile=full/subsystem=datasources/data-source=ExampleDS:write-attribute(name=enabled, value=true) end-if
if
-else
control flow can be specified in a file (one per line) and passed to the jboss-cli.sh
script to be executed non-interactively.
EAP_HOME/bin/jboss-cli.sh --connect --file=CLI_FILE
Note
if
-else
statements is not supported.
3.4.10. Management CLI Configuration Options
jboss-cli.xml
- is loaded each time the CLI is started. It must be located either in the directory $EAP_HOME/bin
or a directory specified in the system property jboss.cli.config
.
-
default-controller
- Configuration of the controller to which to connect if the
connect
command is executed without any parameters.default-controller Parameters
-
host
- Hostname of the controller. Default:
localhost
. -
port
- Port number on which to connect to the controller. Default: 9999.
-
-
validate-operation-requests
- Indicates whether the parameter list of the operation requests is to be validated before the requests are sent to the controller for execution. Type: Boolean. Default:
true
. -
history
- This element contains the configuration for the commands and operations history log.
history
Parameters-
enabled
- Indicates whether or not the
history
is enabled. Type: Boolean. Default:true
. - file-name
- Name of the file in which the history is to be stored. Default =
.jboss-cli-history
. - file-dir
- Directory in which the history is to be stored. Default =
$USER_HOME
- max-size
- Maximum size of the history file. Default: 500.
-
- resolve-parameter-values
- Whether to resolve system properties specified as command argument (or operation parameter) values before sending the operation request to the controller or let the resolution happen on the server side. Type: Boolean. Default =
false
. - connection-timeout
- The time allowed to establish a connection with the controller. Type: Integer. Default: 5000 seconds.
- ssl
- This element contains the configuration for the Key and Trust stores used for SSL.
Warning
Red Hat recommends that you explicitly disable SSL in favor of TLSv1.1 or TLSv1.2 in all affected packages.ssl
Parameters- vault
- Type:
vaultType
- key-store
- Type: string.
- key-store-password
- Type: string.
- alias
- Type: string
- key-password
- Type: string
- trust-store
- Type: string.
- trust-store-password
- Type: string.
- modify-trust-store
- If set to
true
, the CLI will prompt the user when unrecognised certificates are received and allow them to be stored in the truststore. Type: Boolean. Default:true
.
vaultType
If neithercode
normodule
are specified, the default implementation will be used. Ifcode
is specified but notmodule
, it will look for the specified class in the Picketbox module. Ifmodule
andcode
are specified, it will look for the class specified bycode
in the module specified by 'module'.- code
- Type: String.
- module
- Type: String
-
silent
- Specifies if informational and error messages are to be output to the terminal. Even if the
false
is specified, the messages will still be logged using the logger if its configuration allows and/or if the output target was specified as part of the command line using >. Default:False
.
3.4.11. Reference of Management CLI Commands
Prerequisites
The topic Section 3.4.5, “Obtain Help with the Management CLI” describes how to access the Management CLI help features, including a help dialogue with general and context sensitive options. The help commands are dependent on the operation context and require an established connection to either a standalone or domain controller. These commands will not appear in the listing unless the connection has been established.
Command | Description |
---|---|
batch | Starts the batch mode by creating a new batch or, depending on the existing held back batches, re-activates one. If there are no held back batches this command, when invoked without arguments, will start a new batch. If there is an unnamed held back batch, this command will re-activate it. If there are named held back batches, they can be activated by executing this command with the name of the held back batch as the argument. |
cd | Changes the current node path to the argument. The current node path is used as the address for operation requests that do not contain the address part. If an operation request does include the address, the included address is considered relative to the current node path. The current node path may end on a node-type. In that case, to execute an operation specifying a node-name would be sufficient, such as logging:read-resource. |
clear | Clears the screen. |
command | Allows you to add new, remove and list existing generic type commands. A generic type command is a command that is assigned to a specific node type and which allows you to perform any operation available for an instance of that type. It can also modify any of the properties exposed by the type on any existing instance. |
connect | Connects to the controller on the specified host and port. |
connection-factory | Defines a connection factory. |
data-source | Manages JDBC datasource configurations in the datasource subsystem. |
deploy | Deploys the application designated by the file path or enables an application that is pre-existing but disabled in the repository. If executed without arguments, this command will list all the existing deployments. |
echo |
Available from JBoss EAP 6.4, the
echo command outputs to the console the specified text. The text is output verbatim so the use of variables is not available.
Example:
|
help | Displays the help message. Can be used with the --commands argument to provide context sensitive results for the given commands. |
history | Displays the CLI command history in memory and displays a status of whether the history expansion is enabled or disabled. Can be used with arguments to clear, disable and enable the history expansion as required. |
jms-queue | Defines a JMS queue in the messaging subsystem. |
jms-topic | Defines a JMS topic in the messaging subsystem. |
ls | List the contents of the node path. By default the result is printed in columns using the whole width of the terminal. Using the -l switch will print results on one name per line. |
pwd | Prints the full node path of the current working node. |
quit | Terminates the command line interface. |
read-attribute | Prints the value and, depending on the arguments, the description of the attribute of a managed resource. |
read-operation | Displays the description of a specified operation, or lists all available operations if none is specified. |
undeploy | Undeploys an application when run with the name of the intended application. Can be run with arguments to remove the application from the repository also. Prints the list of all existing deployments when executed without an application specified. |
version | Prints the application server version and environment information. |
xa-data-source | Manages JDBC XA datasource configuration in the datasource subsystem. |
3.4.12. Reference of Management CLI Operations
Operations in the Management CLI can be exposed by using the read-operation-names
operation described in the topic Section 3.5.5, “Display the Operation Names using the Management CLI”. The operation descriptions can be exposed by using the read-operation-descriptions
operation described in the topic Section 3.5.4, “Display an Operation Description using the Management CLI”.
Operation Name | Description |
---|---|
add-namespace | Adds a namespace prefix mapping to the namespaces attribute's map. |
add-schema-location | Adds a schema location mapping to the schema-locations attribute's map. |
delete-snapshot | Deletes a snapshot of the server configuration from the snapshots directory. |
full-replace-deployment | Add previously uploaded deployment content to the list of content available for use, replace existing content of the same name in the runtime, and remove the replaced content from the list of content available for use. Refer to link for further information. |
list-snapshots | Lists the snapshots of the server configuration saved in the snapshots directory. |
read-attribute | Displays the value of an attribute for the selected resource. |
read-children-names | Displays the names of all children under the selected resource with the given type. |
read-children-resources | Displays information about all of a resource's children that are of a given type. |
read-children-types | Displays the type names of all the children under the selected resource. |
read-config-as-xml | Reads the current configuration and displays it in XML format. |
read-operation-description | Displays the details of an operation on the given resource. |
read-operation-names | Displays the names of all the operations for the given resource. |
read-resource | Displays a model resource's attribute values along with either basic or complete information about any child resources. |
read-resource-description | Displays the description of a resource's attributes, types of children and operations. |
reload | Reloads the server by shutting all services down and restarting. |
remove-namespace | Removes a namespace prefix mapping from the namespaces attribute map. |
remove-schema-location | Removes a schema location mapping from the schema-locations attribute map. |
replace-deployment | Replace existing content in the runtime with new content. The new content must have been previously uploaded to the deployment content repository. |
resolve-expression | Operation that accepts an expression as input or a string that can be parsed into an expression, and resolves it against the local system properties and environment variables. |
resolve-internet-address | Takes a set of interface resolution criteria and finds an IP address on the local machine that matches the criteria, or fails if no matching IP address can be found. |
server-set-restart-required | Puts the server into a restart-required mode |
shutdown | Shuts down the server via a call to System.exit(0) . |
start-servers | Starts all configured servers in a Managed Domain that are not currently running. |
stop-servers | Stops all servers currently running in a Managed Domain. |
take-snapshot | Takes a snapshot of the server configuration and saves it to the snapshots directory. |
upload-deployment-bytes | Indicates that the deployment content in the included byte array should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime. |
upload-deployment-stream | Indicates that the deployment content available at the included input stream index should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime. |
upload-deployment-url | Indicates that the deployment content available at the included URL should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime. |
validate-address | Validates the operation's address. |
write-attribute | Sets the value of an attribute for the selected resource. |
3.4.13. Property Substitution in the Management CLI
- the operation address part of the operation request (as node types and/or names);
- operation name;
- operation parameter names;
- header names and values;
- command names;
- command argument names.
Procedure 3.11. Enable Property Substitution in the Management CLI
- Open the file
EAP_HOME/bin/jboss-cli.xml
. - Locate the
resolve-parameter-values
parameter and change the value totrue
(the default isfalse
).<!-- whether to resolve system properties specified as command argument or operation parameter values in the Management CLI VM before sending the operation requests to the controller --> <resolve-parameter-values>true</resolve-parameter-values>
resolve-parameter-values
element is, unless it is a parameter/argument value.
--properties=/path/to/file.properties
argument or one or more -Dkey=VALUE
parameters, when starting your Management CLI instance. The properties file uses a standard key=value syntax.
${MY_VAR}
.
Example 3.11. Example: Using properties in Management CLI commands
/subsystem=datasources/data-source=${datasourcename}:add(connection-url=jdbc:oracle:thin:@server:1521:ora1, jndi-name=java:/jboss/${name}, driver-name=${drivername})
3.5. Management CLI Operations
3.5.1. Display the Attributes of a Resource with the Management CLI
Prerequisites
The read-attribute
operation is a global operation used to read the current runtime value of a selected attribute. It can be used to expose only the values that have been set by the user, ignoring any default or undefined values. The request properties include the following parameters.
Request Properties
name
- The name of the attribute to get the value for under the selected resource.
include-defaults
- A Boolean parameter that can be set to
false
to restrict the operation results to only show attributes set by the user and ignore default values.
Procedure 3.12. Display the Current Runtime Value of a Selected Attribute
Run the
read-attribute
operationFrom the Management CLI, use theread-attribute
operation to display the value of a resource attribute. For more details on operation requests, refer to the topic Section 3.4.8, “Use Operations and Commands in the Management CLI”.[standalone@localhost:9999 /]
:read-attribute(name=name-of-attribute)
read-attribute
operation is the ability to expose the current runtime value of a specific attribute. Similar results can be achieved with the read-resource
operation, but only with the addition of the include-runtime
request property, and only as part of a list of all available resources for that node. The read-attribute
operation is intended for fine-grained attribute queries, as the following example shows.
Example 3.12. Run the read-attribute
operation to expose the public interface IP
read-attribute
to return the exact value in the current runtime.
[standalone@localhost:9999 /] /interface=public:read-attribute(name=resolved-address) { "outcome" => "success", "result" => "127.0.0.1" }
resolved-address
attribute is a runtime value, so it is not displayed in the results of the standard read-resource
operation.
[standalone@localhost:9999 /] /interface=public:read-resource { "outcome" => "success", "result" => { "any" => undefined, "any-address" => undefined, "any-ipv4-address" => undefined, "any-ipv6-address" => undefined, "inet-address" => expression "${jboss.bind.address:127.0.0.1}", "link-local-address" => undefined, "loopback" => undefined, "loopback-address" => undefined, "multicast" => undefined, "name" => "public", "nic" => undefined, "nic-match" => undefined, "not" => undefined, "point-to-point" => undefined, "public-address" => undefined, "site-local-address" => undefined, "subnet-match" => undefined, "up" => undefined, "virtual" => undefined } }
resolved-address
and other runtime values, you must use the include-runtime
request property.
[standalone@localhost:9999 /] /interface=public:read-resource(include-runtime=true) { "outcome" => "success", "result" => { "any" => undefined, "any-address" => undefined, "any-ipv4-address" => undefined, "any-ipv6-address" => undefined, "inet-address" => expression "${jboss.bind.address:127.0.0.1}", "link-local-address" => undefined, "loopback" => undefined, "loopback-address" => undefined, "multicast" => undefined, "name" => "public", "nic" => undefined, "nic-match" => undefined, "not" => undefined, "point-to-point" => undefined, "public-address" => undefined, "resolved-address" => "127.0.0.1", "site-local-address" => undefined, "subnet-match" => undefined, "up" => undefined, "virtual" => undefined } }
The current runtime attribute value is displayed.
3.5.2. Display the Active User in the Management CLI
Prerequisites
The whoami
operation is a global operation used to identify the attributes of the current active user. The operation exposes the identity of the username and the realm that they are assigned to. The whoami
operation is useful for administrators managing multiple users accounts across multiple realms, or to assist in keeping track of active users across domain instances with multiple terminal session and users accounts.
Procedure 3.13. Display the Active User in the Management CLI Using the whoami
Operation
Run the
whoami
operationFrom the Management CLI, use thewhoami
operation to display the active user account.[standalone@localhost:9999 /]
:whoami
The following example uses thewhoami
operation in a standalone server instance to show that the active user is username, and that the user is assigned to theManagementRealm
realm.Example 3.13. Use the
whoami
in a standalone instance[standalone@localhost:9999 /]:whoami { "outcome" => "success", "result" => {"identity" => { "username" => "username", "realm" => "ManagementRealm" }} }
Your current active user account is displayed.
3.5.3. Display System and Server Information in the Management CLI
Prerequisites
Procedure 3.14. Display System and Server Information in the Management CLI
Run the
version
commandFrom the Management CLI, enter theversion
command:[domain@localhost:9999 /]
version
Your application server version and environment information is displayed.
3.5.4. Display an Operation Description using the Management CLI
Prerequisites
Procedure 3.15. Execute the Command in Management CLI
Run the
read-operation-description
operationFrom the Management CLI, useread-operation-description
to display information about the operation. The operation requires additional parameters in the format of a key-value pair to indicate which operation to display. For more details on operation requests, refer to the topic Section 3.4.8, “Use Operations and Commands in the Management CLI”.[standalone@localhost:9999 /]
:read-operation-description(name=name-of-operation)
Example 3.14. Display the list-snapshots operation description
list-snapshots
operation.
[standalone@localhost:9999 /] :read-operation-description(name=list-snapshots) { "outcome" => "success", "result" => { "operation-name" => "list-snapshots", "description" => "Lists the snapshots", "request-properties" => {}, "reply-properties" => { "type" => OBJECT, "value-type" => { "directory" => { "type" => STRING, "description" => "The directory where the snapshots are stored", "expressions-allowed" => false, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }, "names" => { "type" => LIST, "description" => "The names of the snapshots within the snapshots directory", "expressions-allowed" => false, "required" => true, "nillable" => false, "value-type" => STRING } } }, "access-constraints" => {"sensitive" => {"snapshots" => {"type" => "core"}}}, "read-only" => false } }
The description is displayed for the chosen operation.
3.5.5. Display the Operation Names using the Management CLI
Prerequisites
Procedure 3.16. Execute the Command in Management CLI
Run the
read-operation-names
operationFrom the Management CLI, use theread-operation-names
operation to display the names of the available operations. For more details on operation requests, refer to the topic Section 3.4.8, “Use Operations and Commands in the Management CLI”.[standalone@localhost:9999 /]
:read-operation-names
Example 3.15. Display the operation names using the Management CLI
read-operation-names
operation.
[standalone@localhost:9999 /]:read-operation-names
{
"outcome" => "success",
"result" => [
"add-namespace",
"add-schema-location",
"delete-snapshot",
"full-replace-deployment",
"list-snapshots",
"read-attribute",
"read-children-names",
"read-children-resources",
"read-children-types",
"read-config-as-xml",
"read-operation-description",
"read-operation-names",
"read-resource",
"read-resource-description",
"reload",
"remove-namespace",
"remove-schema-location",
"replace-deployment",
"resolve-expression",
"resolve-internet-address",
"server-set-restart-required",
"shutdown",
"take-snapshot",
"undefine-attribute",
"upload-deployment-bytes",
"upload-deployment-stream",
"upload-deployment-url",
"validate-address",
"validate-operation",
"whoami",
"write-attribute"
]
}
The available operation names are displayed.
3.5.6. Display Available Resources using the Management CLI
Prerequisites
The read-resource
operation is a global operation used to read resource values. It can be used to expose either basic or complete information about the resources of the current or child nodes, along with a range of request properties to expand or limit the scope of the operation results. The request properties include the following parameters.
Request Properties
recursive
- Whether to recursively include complete information about child resources.
recursive-depth
- The depth to which information about child resources should be included.
proxies
- Whether to include remote resources in a recursive query. For example including the host level resources from slave Host Controllers in a query of the Domain Controller.
include-runtime
- Whether to include runtime attributes in the response, such as attribute values that do not come from the persistent configuration. This request property is set to false by default.
include-defaults
- A boolean request property that serves to enable or disable the reading of default attributes. When set to false only the attributes set by the user are returned, ignoring any that remain undefined.
read-resource
operation
From the Management CLI, use the read-resource
operation to display the available resources.
[standalone@localhost:9999 /]:read-resource
read-resource
operation on a standalone server instance to expose general resource information. The results resemble the standalone.xml
configuration file, displaying the system resources, extensions, interfaces and subsystems installed or configured for the server instance. These can be further queried directly.
Example 3.16. Using the read-resource
operation at the root level
[standalone@localhost:9999 /]:read-resource { "outcome" => "success", "result" => { "management-major-version" => 1, "management-micro-version" => 0, "management-minor-version" => 7, "name" => "localhost", "namespaces" => [], "product-name" => "EAP", "product-version" => "6.4.0.GA", "profile-name" => undefined, "release-codename" => "Janus", "release-version" => "7.5.0.Final-redhat-17", "schema-locations" => [], "core-service" => { "service-container" => undefined, "server-environment" => undefined, "module-loading" => undefined, "platform-mbean" => undefined, "management" => undefined, "patching" => undefined }, "deployment" => undefined, "deployment-overlay" => undefined, "extension" => { "org.jboss.as.clustering.infinispan" => undefined, "org.jboss.as.connector" => undefined, "org.jboss.as.deployment-scanner" => undefined, "org.jboss.as.ee" => undefined, "org.jboss.as.ejb3" => undefined, "org.jboss.as.jaxrs" => undefined, "org.jboss.as.jdr" => undefined, "org.jboss.as.jmx" => undefined, "org.jboss.as.jpa" => undefined, "org.jboss.as.jsf" => undefined, "org.jboss.as.logging" => undefined, "org.jboss.as.mail" => undefined, "org.jboss.as.naming" => undefined, "org.jboss.as.pojo" => undefined, "org.jboss.as.remoting" => undefined, "org.jboss.as.sar" => undefined, "org.jboss.as.security" => undefined, "org.jboss.as.threads" => undefined, "org.jboss.as.transactions" => undefined, "org.jboss.as.web" => undefined, "org.jboss.as.webservices" => undefined, "org.jboss.as.weld" => undefined }, "interface" => { "management" => undefined, "public" => undefined, "unsecure" => undefined }, "path" => { "jboss.server.temp.dir" => undefined, "user.home" => undefined, "jboss.server.base.dir" => undefined, "java.home" => undefined, "user.dir" => undefined, "jboss.server.data.dir" => undefined, "jboss.home.dir" => undefined, "jboss.server.log.dir" => undefined, "jboss.server.config.dir" => undefined, "jboss.controller.temp.dir" => undefined }, "socket-binding-group" => {"standard-sockets" => undefined}, "subsystem" => { "jaxrs" => undefined, "jsf" => undefined, "jca" => undefined, "jmx" => undefined, "threads" => undefined, "webservices" => undefined, "sar" => undefined, "remoting" => undefined, "infinispan" => undefined, "weld" => undefined, "ejb3" => undefined, "transactions" => undefined, "datasources" => undefined, "deployment-scanner" => undefined, "logging" => undefined, "jdr" => undefined, "pojo" => undefined, "jpa" => undefined, "naming" => undefined, "ee" => undefined, "mail" => undefined, "web" => undefined, "resource-adapters" => undefined, "security" => undefined }, "system-property" => undefined } }
read-resource
operation against a child node
The read-resource
operation can be run to query child nodes from the root. The structure of the operation first defines the node to expose, and then appends the operation to run against it.
[standalone@localhost:9999 /]/subsystem=web/connector=http:read-resource
read-resource
operation towards the specific web subsystem node.
Example 3.17. Expose child node resources from the root node
[standalone@localhost:9999 /] /subsystem=web/connector=http:read-resource { "outcome" => "success", "result" => { "configuration" => undefined, "enable-lookups" => false, "enabled" => true, "executor" => undefined, "max-connections" => undefined, "max-post-size" => 2097152, "max-save-post-size" => 4096, "name" => "http", "protocol" => "HTTP/1.1", "proxy-name" => undefined, "proxy-port" => undefined, "redirect-port" => 443, "scheme" => "http", "secure" => false, "socket-binding" => "http", "ssl" => undefined, "virtual-server" => undefined } }
cd
command to navigate into the child nodes and run the read-resource
operation directly.
Example 3.18. Expose child node resources by changing directories
[standalone@localhost:9999 /] cd subsystem=web
[standalone@localhost:9999 subsystem=web] cd connector=http
[standalone@localhost:9999 connector=http] :read-resource { "outcome" => "success", "result" => { "configuration" => undefined, "enable-lookups" => false, "enabled" => true, "executor" => undefined, "max-connections" => undefined, "max-post-size" => 2097152, "max-save-post-size" => 4096, "name" => "http", "protocol" => "HTTP/1.1", "proxy-name" => undefined, "proxy-port" => undefined, "redirect-port" => 443, "scheme" => "http", "secure" => false, "socket-binding" => "http", "ssl" => undefined, "virtual-server" => undefined } }
The recursive parameter can be used to expose the values of all attributes, including non-persistent values, those passed at startup, or other attributes otherwise active in the runtime model.
[standalone@localhost:9999 /]/interface=public:read-resource(include-runtime=true)
include-runtime
request property exposes additional active attributes, such as the bytes sent and bytes received by the HTTP connector.
Example 3.19. Expose additional and active values with the include-runtime
parameter
[standalone@localhost:9999 /] /subsystem=web/connector=http:read-resource(include-runtime=true) { "outcome" => "success", "result" => { "any" => undefined, "any-address" => undefined, "any-ipv4-address" => undefined, "any-ipv6-address" => undefined, "inet-address" => expression "${jboss.bind.address:127.0.0.1}", "link-local-address" => undefined, "loopback" => undefined, "loopback-address" => undefined, "multicast" => undefined, "name" => "public", "nic" => undefined, "nic-match" => undefined, "not" => undefined, "point-to-point" => undefined, "public-address" => undefined, "resolved-address" => "127.0.0.1", "site-local-address" => undefined, "subnet-match" => undefined, "up" => undefined, "virtual" => undefined } }
3.5.7. Display Available Resource Descriptions using the Management CLI
Prerequisites
read-resource-description
operation
From the Management CLI, use the read-resource-description
operation to read and display the available resources. For more details on operation requests, refer to the topic Section 3.4.8, “Use Operations and Commands in the Management CLI”.
[standalone@localhost:9999 /]:read-resource-description
The read-resource-description
operation allows the use of the additional parameters.
- Use the
operations
parameter to include descriptions of the resource's operations.[standalone@localhost:9999 /]
:read-resource-description(operations=true)
- Use the
inherited
parameter to include or exclude descriptions of the resource's inherited operations. The default state is true.[standalone@localhost:9999 /]
:read-resource-description(inherited=false)
- Use the
recursive
parameter to include recursive descriptions of the child resources.[standalone@localhost:9999 /]
:read-resource-description(recursive=true)
- Use the
locale
parameter to get the resource description in. If null, the default locale will be used.[standalone@localhost:9999 /]
:read-resource-description(locale=true)
- Use the
access-control
parameter to get the information about the permissions the current caller has for this resource.[standalone@localhost:9999 /]
:read-resource-description(access-control=none)
Descriptions of the available resources are displayed.
3.5.8. Reload the Application Server using the Management CLI
Prerequisites
reload
operation to shut down all services and restart the JBoss EAP instance. Note that the JVM itself is not restarted. When the reload
is complete the Management CLI will automatically reconnect.
Example 3.20. Reload the Application Server
[standalone@localhost:9999 /]reload
{"outcome" => "success"}
3.5.9. Shut the Application Server down using the Management CLI
Prerequisites
Procedure 3.17. Shut down the Application Server
Run the
shutdown
operation- From the Management CLI, use the
shutdown
operation to shut the server down via theSystem.exit(0)
system call. For more details on operation requests, refer to the topic Section 3.4.8, “Use Operations and Commands in the Management CLI”.- In the standalone mode, use the following command:
[standalone@localhost:9999 /]
shutdown
- In the domain mode, use the following command with the appropriate host name:
[domain@localhost:9999 /]
shutdown --host=master
- To connect to a detached CLI instance and shut down the server, execute the following command:
jboss-cli.sh --connect command=shutdown
- To connect to a remote CLI instance and shut down the server, execute the following command:
[disconnected /] connect IP_ADDRESS [standalone@IP_ADDRESS:9999 /] shutdown
Replace IP_ADDRESS with the IP address of your instance.
Note
--restart=true
argument to the shutdown
command (as shown below) will prompt the server to restart.
[standalone@localhost:9999 /]shutdown --restart=true
The application server is shut down. The Management CLI will be disconnected as the runtime is unavailable.
3.5.10. Configure an Attribute with the Management CLI
Prerequisites
The write-attribute
operation is a global operation used to write or modify a selected resource attribute. You can use the operation to make persistent changes and to modify the configuration settings of your managed server instances. The request properties include the following parameters.
Request Properties
name
- The name of the attribute to set the value for under the selected resource.
value
- The desired value of the attribute under the selected resource. May be null if the underlying model supports null values.
Procedure 3.18. Configure a Resource Attribute with the Management CLI
Run the
write-attribute
operationFrom the Management CLI, use thewrite-attribute
operation to modify the value of a resource attribute. The operation can be run at the child node of the resource or at the root node of the Management CLI where the full resource path is specified.
Example 3.21. Disable the deployment scanner with the write-attribute
operation
write-attribute
operation to disable the deployment scanner. The operation is run from the root node, using tab completion to aid in populating the correct resource path.
[standalone@localhost:9999 /] /subsystem=deployment-scanner/scanner=default:write-attribute(name=scan-enabled,value=false) {"outcome" => "success"}
read-attribute
operation.
[standalone@localhost:9999 /] /subsystem=deployment-scanner/scanner=default:read-attribute(name=scan-enabled) { "outcome" => "success", "result" => false }
read-resource
operation. In the following example, this particular configuration shows the scan-enabled
attribute is now set to false
.
[standalone@localhost:9999 /] /subsystem=deployment-scanner/scanner=default:read-resource { "outcome" => "success", "result" => { "auto-deploy-exploded" => false, "auto-deploy-xml" => true, "auto-deploy-zipped" => true, "deployment-timeout" => 600, "path" => "deployments", "relative-to" => "jboss.server.base.dir", "scan-enabled" => false, "scan-interval" => 5000 } }
The resource attribute is updated.
3.5.11. Configure System Properties Using the Management CLI
Procedure 3.19. Configure System Properties Using the Management CLI
- Start the JBoss EAP server.
- Launch the Management CLI using the command for your operating system.For Linux:
For Windows:EAP_HOME/bin/jboss-cli.sh --connect
EAP_HOME\bin\jboss-cli.bat --connect
- Add a system property.The command you use depends on whether you are running a standalone server or a managed domain. If you are running a managed domain, you can add system properties to any or all of the servers running in that domain.
- Add a system property on a standalone server using the following syntax:
/system-property=PROPERTY_NAME:add(value=PROPERTY_VALUE)
Example 3.22. Add a system property to a standalone server
[standalone@localhost:9999 /] /system-property=property.mybean.queue:add(value=java:/queue/MyBeanQueue) {"outcome" => "success"}
- Add a system property to all hosts and servers in a managed domain using the following syntax:
/system-property=PROPERTY_NAME:add(value=PROPERTY_VALUE)
Example 3.23. Add a system property to all servers in a managed domain
[domain@localhost:9999 /] /system-property=property.mybean.queue:add(value=java:/queue/MyBeanQueue) { "outcome" => "success", "result" => undefined, "server-groups" => {"main-server-group" => {"host" => {"master" => { "server-one" => {"response" => {"outcome" => "success"}}, "server-two" => {"response" => {"outcome" => "success"}} }}}} }
- Add a system property to a host and its server instances in a managed domain using the following syntax:
/host=master/system-property=PROPERTY_NAME:add(value=PROPERTY_VALUE)
Example 3.24. Add a system property to a host and its servers in a domain
[domain@localhost:9999 /] /host=master/system-property=property.mybean.queue:add(value=java:/queue/MyBeanQueue) { "outcome" => "success", "result" => undefined, "server-groups" => {"main-server-group" => {"host" => {"master" => { "server-one" => {"response" => {"outcome" => "success"}}, "server-two" => {"response" => {"outcome" => "success"}} }}}} }
- Add a system property to a server instance in a managed domain using the following syntax:
/host=master/server-config=server-one/system-property=PROPERTY_NAME:add(value=PROPERTY_VALUE)
Example 3.25. Add a system property to a server instance in a managed domain
[domain@localhost:9999 /] /host=master/server-config=server-one/system-property=property.mybean.queue:add(value=java:/queue/MyBeanQueue) { "outcome" => "success", "result" => undefined, "server-groups" => {"main-server-group" => {"host" => {"master" => {"server-one" => {"response" => {"outcome" => "success"}}}}}} }
- Read a system property.The command you use depends on whether you are running a standalone server or a managed domain.
- Read a system property from a standalone server using the following syntax:
/system-property=PROPERTY_NAME:read-resource
Example 3.26. Read a system property from a standalone server
[standalone@localhost:9999 /] /system-property=property.mybean.queue:read-resource { "outcome" => "success", "result" => {"value" => "java:/queue/MyBeanQueue"} }
- Read a system property from all hosts and servers in a managed domain using the following syntax:
/system-property=PROPERTY_NAME:read-resource
Example 3.27. Read a system property from all servers in a managed domain
[domain@localhost:9999 /] /system-property=property.mybean.queue:read-resource { "outcome" => "success", "result" => { "boot-time" => true, "value" => "java:/queue/MyBeanQueue" } }
- Read a system property from a host and its server instances in a managed domain using the following syntax:
/host=master/system-property=PROPERTY_NAME:read-resource
Example 3.28. Read a system property from a host and its servers in a domain
[domain@localhost:9999 /] /host=master/system-property=property.mybean.queue:read-resource { "outcome" => "success", "result" => { "boot-time" => true, "value" => "java:/queue/MyBeanQueue" } }
- Read a system property from a server instance in a managed domain using the following syntax:
/host=master/server-config=server-one/system-property=PROPERTY_NAME:read-resource
Example 3.29. Read a system property from a server instance in a managed domain
[domain@localhost:9999 /] /host=master/server-config=server-one/system-property=property.mybean.queue:read-resource { "outcome" => "success", "result" => { "boot-time" => true, "value" => "java:/queue/MyBeanQueue" } }
- Remove a system property.The command you use depends on whether you are running a standalone server or a managed domain.
- Remove a system property from a standalone server using the following syntax:
/system-property=PROPERTY_NAME:remove
Example 3.30. Remove a system property from a standalone server
[standalone@localhost:9999 /] /system-property=property.mybean.queue:remove {"outcome" => "success"}
- Remove a system property from all hosts and servers in a managed domain using the following syntax:
/system-property=PROPERTY_NAME:remove
Example 3.31. Remove a system property from all hosts and servers in a domain
[domain@localhost:9999 /] /system-property=property.mybean.queue:remove { "outcome" => "success", "result" => undefined, "server-groups" => {"main-server-group" => {"host" => {"master" => { "server-one" => {"response" => {"outcome" => "success"}}, "server-two" => {"response" => {"outcome" => "success"}} }}}} }
- Remove a system property from a host and its server instances in a managed domain using the following syntax:
/host=master/system-property=PROPERTY_NAME:remove
Example 3.32. Remove a system property from a host and its instances in a domain
[domain@localhost:9999 /] /host=master/system-property=property.mybean.queue:remove { "outcome" => "success", "result" => undefined, "server-groups" => {"main-server-group" => {"host" => {"master" => { "server-one" => {"response" => {"outcome" => "success"}}, "server-two" => {"response" => {"outcome" => "success"}} }}}} }
- Remove a system property from a server instance in a managed domain using the following syntax:
/host=master/server-config=server-one/system-property=PROPERTY_NAME:remove
Example 3.33. Remove a system property from a server in a managed domain
[domain@localhost:9999 /] /host=master/server-config=server-one/system-property=property.mybean.queue:remove { "outcome" => "success", "result" => undefined, "server-groups" => {"main-server-group" => {"host" => {"master" => {"server-one" => {"response" => {"outcome" => "success"}}}}}} }
Note
redacted
when output via logging. This improves security by avoiding having passwords output in plain text in log files.
3.5.12. Create a New Server with the Management CLI
master
and adds it to clustered-server-group
:
[domain@localhost:9999 /] /host=master/server-config=clustered-server-1:add(group=clustered-server-group)
3.6. The Management CLI Command History
3.6.1. About the Management CLI Command History
.jboss-cli-history
. This history file is configured by default to record up to a maximum of 500 CLI commands.
history
command by itself will return the history of the current session, or with additional arguments will disable, enable or clear the history from the session memory. The Management CLI also features the ability to use your keyboard's arrow keys to go back and forth in the history of commands and operations.
Functions of the Management CLI history
3.6.2. View Management CLI Command History
Prerequisites
Procedure 3.20. View the Management CLI Command History
Run the
history
commandFrom the Management CLI, enter thehistory
command:[standalone@localhost:9999 /]
history
The CLI command history stored in memory since the CLI startup or the history clear command is displayed.
3.6.3. Clear the Management CLI Command History
Prerequisites
Procedure 3.21. Clear the Management CLI Command History
Run the
history --clear
commandFrom the Management CLI, enter thehistory --clear
command:[standalone@localhost:9999 /]
history --clear
The history of commands recorded since the CLI startup is cleared from the session memory. The command history is still present in the .jboss-cli-history
file saved to the user's home directory.
3.6.4. Disable the Management CLI Command History
Prerequisites
Procedure 3.22. Disable the Management CLI Command History
Run the
history --disable
commandFrom the Management CLI, enter thehistory --disable
command:[standalone@localhost:9999 /]
history --disable
Commands made in the CLI will not be recorded either in memory or in the .jboss-cli-history
file saved to the user's home directory.
3.6.5. Enable the Management CLI Command History
Prerequisites
Procedure 3.23. Enable the Management CLI Command History
Run the
history --enable
commandFrom the Management CLI, enter thehistory --enable
command:[standalone@localhost:9999 /]
history --enable
Commands made in the CLI are recorded in memory and in the .jboss-cli-history
file saved to the user's home directory.
3.7. Management Interface Audit Logging
3.7.1. About Management Interface Audit Logging
Note
Note
/host=HOST_NAME
to the command for a managed domain.
[... /] /core-service=management/access=audit:read-resource(recursive=true)
3.7.2. Enable Management Interface Audit Logging to a File
Note
/host=HOST_NAME
to the following command.
/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)
- Standalone mode:
EAP_HOME/standalone/data/audit-log.log
- Domain mode:
EAP_HOME/domain/data/audit-log.log
3.7.3. Enable Management Interface Audit Logging to a Syslog Server
Note
/host=HOST_NAME
to the /core-service
commands.
Procedure 3.24. Enable Audit Logging to a Syslog Server
Enable Audit Logging
Execute the following command:[.. /]/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=true)
Create a
syslog
HandlerIn this example thesyslog
server is running on the same server as the JBoss EAP instance, on port 514. Replace the values of thehost
attribute with values appropriate to your environment.Example 3.34. Example syslog handler
[.. /]batch [.. / #]/core-service=management/access=audit/syslog-handler=mysyslog:add(formatter=json-formatter) [.. / #]/core-service=management/access=audit/syslog-handler=mysyslog/protocol=udp:add(host=localhost,port=514) [.. /]run-batch
Add a Reference to the
syslog
HandlerExecute the following:[.. /]/core-service=management/access=audit/logger=audit-log/handler=mysyslog:add
Management interface audit log entries are logged on the syslog
server.
Note
rsyslog
configurations on Red Hat Enterprise Linux, refer to the "Basic Configuration of rsyslog"
section in the System Administrator's Guide
for Red Hat Enterprise Linux in https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/
3.7.4. Disable Management Interface Audit Logging
syslog
server can be disabled by executing the following command:
/core-service=management/access=audit/logger=audit-log:write-attribute(name=enabled,value=false)
3.7.5. Read a Management Interface Audit Log
Note
Field Name | Description |
---|---|
type | This can have the values core , meaning it is a management operation, or jmx meaning it comes from the JMX subsystem (see the JMX subsystem for configuration of the JMX subsystem's audit logging). |
r/o | Has the value true if the operation does not change the management model, false otherwise. |
booting | Has the value true if the operation was executed during the bootup process, false if it was executed once the server is up and running. |
version | The version number of the JBoss EAP instance. |
user | The username of the authenticated user. If the operation occurs via the Management CLI on the same machine as the running server, the special user $local is used. |
domainUUID | An ID to link together all operations as they are propagated from the domain controller to its servers, slave host controllers, and slave host controller servers. |
access | This can have one of the following values:
|
remote-address | The address of the client executing this operation. |
success | Has the value true if the operation is successful, false if it was rolled back. |
ops | The operations being executed. This is a list of the operations serialized to JSON. At boot this is the operations resulting from parsing the XML. Once booted the list typically contains a single entry. |
Chapter 4. User Management
4.1. About JBoss EAP User Management
add-user.sh
script. For more advanced authentication and authorization options, such as LDAP or Role-Based Access Control (RBAC), see the Core Management Authentication section of the JBoss EAP Security Architecture document.
4.2. User Creation
4.2.1. Add the User for the Management Interfaces
Procedure 4.1. Create the Initial Administrative User for the Remote Management Interfaces
Run the
add-user.sh
oradd-user.bat
script.Change to theEAP_HOME/bin/
directory. Invoke the appropriate script for your operating system.- Red Hat Enterprise Linux
[user@host bin]$
./add-user.sh- Microsoft Windows Server
C:\bin>
add-user.bat
Choose to add a Management user.
Press ENTER to select the default optiona
to add a Management user.This user is added to theManagementRealm
and is authorized to perform management operations using the web-based Management Console or command-line based Management CLI. The other choice,b
, adds a user to theApplicationRealm
, and provides no particular permissions. That realm is provided for use with applications.Enter the desired username and password.
When prompted, enter the username and password. You will be prompted to confirm the password.Enter group information.
Add the group or groups to which the user belongs. If the user belongs to multiple groups, enter a comma-separated list. Leave it blank if you do not want the user to belong to any groups.Review the information and confirm.
You are prompted to confirm the information. If you are satisfied, typeyes
.Choose whether the user represents a remote JBoss EAP 6 server instance.
Besides administrators, the other type of user which occasionally needs to be added to JBoss EAP 6 in theManagementRealm
is a user representing another instance of JBoss EAP 6, which must be able to authenticate to join a cluster as a member. The next prompt allows you to designate your added user for this purpose. If you selectyes
, you will be given a hashedsecret
value, representing the user's password, which would need to be added to a different configuration file. For the purposes of this task, answerno
to this question.Enter additional users.
You can enter additional users if desired, by repeating the procedure. You can also add them at any time on a running system. Instead of choosing the default security realm, you can add users to other realms to fine-tune their authorizations.Create users non-interactively.
You can create users non-interactively, by passing in each parameter at the command line. This approach is not recommended on shared systems, because the passwords will be visible in log and history files. The syntax for the command, using the management realm, is:[user@host bin]$
./add-user.sh username passwordTo use the application realm, use the-a
parameter.[user@host bin]$
./add-user.sh -a username password- You can suppress the normal output of the add-user script by passing the
--silent
parameter. This applies only if the minimum parametersusername
andpassword
have been specified. Error messages will still be shown.
Any users you add are activated within the security realms you have specified. Users active within the ManagementRealm
realm are able to manage JBoss EAP 6 from remote systems.
4.2.2. Pass Arguments to the User Management add-user Script
add-user.sh
or add-user.bat
command interactively or you can pass the arguments on the command line. This section describes the options available when passing command line arguments to the add-user script.
add-user.sh
or add-user.bat
command. see Section 4.2.3, “Add-user Command Arguments” .
add-user.sh
or add-user.bat
command, see Section 4.3.1, “Create a User Belonging to a Single Group Using the Default Properties Files”, Section 4.3.2, “Create a User Belonging to Multiple Groups Using the Default Properties Files”, Section 4.3.3, “Create a User With Administrator Privileges in the Default Realm Using the Default Properties Files” and Section 4.3.4, “Create a User Belonging to Single Group Using Alternate Properties Files to Store the Information”. .
4.2.3. Add-user Command Arguments
add-user.sh
or add-user.bat
command.
Command Line Argument | Argument Value | Description |
---|---|---|
-a
|
N/A
|
This argument specifies to create a user in the application realm. If omitted, the default is to create a user in the management realm.
|
-dc
|
DOMAIN_CONFIGURATION_DIRECTORY
|
This argument specifies the domain configuration directory that will contain the properties files. If it is omitted, the default directory is
EAP_HOME/domain/configuration/ .
|
-sc
|
SERVER_CONFIGURATION_DIRECTORY
|
This argument specifies an alternate standalone server configuration directory that will contain the properties files. If it is omitted, the default directory is
EAP_HOME/standalone/configuration/ .
|
-up
--user-properties
|
USER_PROPERTIES_FILE
|
This argument specifies the name of the alternate user properties file. It can be an absolute path or it can be a file name used in conjunction with the
-sc or -dc argument that specifies the alternate configuration directory.
|
-g
--group
|
GROUP_LIST
|
A comma-separated list of groups to assign to this user.
|
-gp
--group-properties
|
GROUP_PROPERTIES_FILE
|
This argument specifies the name of the alternate group properties file. It can be an absolute path or it can be a file name used in conjunction with the
-sc or -dc argument that specifies the alternate configuration directory.
|
-p
--password
|
PASSWORD
|
The password of the user. The password must satisfy the following requirements:
|
-u
--user
|
USER_NAME
|
The name of the user. Only alphanumeric characters and the following symbols are valid: ,./=@\.
|
-r
--realm
|
REALM_NAME
|
The name of the realm used to secure the management interfaces. If omitted, the default is
ManagementRealm .
|
-s
--silent
|
N/A
|
Run the add-user script with no output to the console.
|
-h
--help
|
N/A
|
Display usage information for the add-user script.
|
4.2.4. Specify Alternate Properties Files for User Management Information
By default, user and role information created using the add-user.sh
or add-user.bat
script are stored in properties files located in the server configuration directory. The server configuration information is stored in the EAP_HOME/standalone/configuration/
directory and the domain configuration information is stored in the EAP_HOME/domain/configuration/
directory. This topic describes how to override the default file names and locations.
- To specify an alternate directory for the server configuration, use the
-sc
argument. This argument specifies an alternate directory that will contain the server configuration properties files. - To specify an alternate directory for the domain configuration, use the
-dc
argument. This argument specifies an alternate directory that will contain the domain configuration properties files. - To specify an alternate user configuration properties file, use the
-up
or--user-properties
argument. It can be an absolute path or it can be a file name used in conjunction with the-sc
or-dc
argument that specifies the alternate configuration directory. - To specify an alternate group configuration properties file, use the
-gp
or--group-properties
argument. It can be an absolute path or it can be a file name used in conjunction with the-sc
or-dc
argument that specifies the alternate configuration directory.
Note
add-user
command is intended to operate on existing properties files. Any alternate properties files specified in command line arguments must exist or you will see the following error:
JBAS015234: No appusers.properties files found
4.3. Add-user Script Command Line Examples
4.3.1. Create a User Belonging to a Single Group Using the Default Properties Files
Example 4.1. Create a user belonging to a single group
EAP_HOME/bin/add-user.sh -a -u 'appuser1' -p 'password1!' -g 'guest'
- The user
appuser1
is added to the following default properties files that store user information.EAP_HOME/standalone/configuration/application-users.properties
EAP_HOME/domain/configuration/application-users.properties
- The user
appuser1
with groupguest
is added to the default properties files that store group information.EAP_HOME/standalone/configuration/application-roles.properties
EAP_HOME/domain/configuration/application-roles.properties
4.3.2. Create a User Belonging to Multiple Groups Using the Default Properties Files
Example 4.2. Create a user belonging to multiple groups
EAP_HOME/bin/add-user.sh -a -u 'appuser1' -p 'password1!' -g 'guest,app1group,app2group'
- The user
appuser1
is added to the following default properties files that store user information.EAP_HOME/standalone/configuration/application-users.properties
EAP_HOME/domain/configuration/application-users.properties
- The user
appuser1
with groupsguest
,app1group
, andapp2group
is added to the default properties files that store group information.EAP_HOME/standalone/configuration/application-roles.properties
EAP_HOME/domain/configuration/application-roles.properties
4.3.3. Create a User With Administrator Privileges in the Default Realm Using the Default Properties Files
Example 4.3. Create a user with Administrator privileges in the Default Realm
EAP_HOME/bin/add-user.sh -u 'adminuser1' -p 'password1!' -g 'admin'
- The user
adminuser1
is added to the following default properties files that store user information.EAP_HOME/standalone/configuration/mgmt-users.properties
EAP_HOME/domain/configuration/mgmt-users.properties
- The user
adminuser1
with groupadmin
is added to the default properties files that store group information.EAP_HOME/standalone/configuration/mgmt-groups.properties
EAP_HOME/domain/configuration/mgmt-groups.properties
4.3.4. Create a User Belonging to Single Group Using Alternate Properties Files to Store the Information
Example 4.4. Create a user belonging to single group using alternate properties files
EAP_HOME/bin/add-user.sh -a -u appuser1 -p password1! -g app1group -sc /home/someusername/userconfigs/ -up appusers.properties -gp appgroups.properties
- The user
appuser1
is added to the following properties file and that file is now the default file to store user information./home/someusername/userconfigs/appusers.properties
- The user
appuser1
with groupapp1group
is added to the following properties file and that file is now the default file to store group information./home/someusername/userconfigs/appgroups.properties
Chapter 5. Network and Port Configuration
5.1. Interfaces
5.1.1. About Interfaces
management
and public
interface names. The management
interface name can be used for all components and services that require the management layer, including the HTTP Management Endpoint. The public
interface name can be used for all application-related network communications, including Web and Messaging.
domain.xml
, host.xml
and standalone.xml
configuration files all include interface declarations. The declaration criteria can reference a wildcard address or specify a set of one or more characteristics that an interface or address must have in order to be a valid match.
standalone.xml
or host.xml
configuration files. Using these files allow remote host groups to maintain specific interface attributes, while still allowing references to domain controller interfaces.
inet-address
value specified for both the management and public relative name groups.
Example 5.1. An interface group created with an inet-address
value
<interfaces> <interface name="management"> <inet-address value="127.0.0.1"/> </interface> <interface name="public"> <inet-address value="127.0.0.1"/> </interface> </interfaces>
any-address
element to declare a wildcard address.
Example 5.2. A global group created with a wildcard declaration
<interface name="global"> <!-- Use the wild-card address --> <any-address/> </interface>
external
.
Example 5.3. An external group created with an NIC value
<interface name="external"> <nic name="eth0"/> </interface>
Example 5.4. A default group created with specific conditional values
<interface name="default"> <!-- Match any interface/address on the right subnet if it's up, supports multicast, and isn't point-to-point --> <subnet-match value="192.168.0.0/16"/> <up/> <multicast/> <not> <point-to-point/> </not> </interface>
5.1.2. Configure Interfaces
standalone.xml
and host.xml
configuration files offer three named interfaces with relative interface tokens for each. Use the Management Console or Management CLI to configure additional attributes and values, as listed in the table below. The relative interface bindings can be replaced with specific values as required but note that if you do so, you will be unable to pass an interface value at server runtime, as the -b
switch can only override a relative value.
Example 5.5. Default Interface Configurations
<interfaces> <interface name="management"> <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface> <interface name="unsecure"> <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/> </interface> </interfaces>
host.xml
files. For example:
<servers> <server name="server-name" group="main-server-group"> <interfaces> <interface name="public"> <inet-address value="ip-address"/> </interface> </interfaces> </server> </servers>
Note
Interface Element | Description |
---|---|
any | Element indicating that part of the selection criteria for an interface should be that it meets at least one, but not necessarily all, of the nested set of criteria. |
any-address |
Empty element indicating that sockets using this interface should be bound to a wildcard address.
The IPv6 wildcard address (::) will be used unless the java.net.preferIpV4Stack system property is set to true, in which case the IPv4 wildcard address (0.0.0.0) will be used.
If a socket is bound to an IPv6 anylocal address on a dual-stack machine, it can accept both IPv6 and IPv4 traffic; if it is bound to an IPv4 (IPv4-mapped) anylocal address, it can only accept IPv4 traffic.
|
any-ipv4-address | Empty element indicating that sockets using this interface should be bound to the IPv4 wildcard address (0.0.0.0). |
any-ipv6-address | Empty element indicating that sockets using this interface should be bound to the IPv6 wildcard address (::). |
inet-address | Either an IP address in IPv6 or IPv4 dotted decimal notation, or a hostname that can be resolved to an IP address. |
link-local-address | Empty element indicating that part of the selection criteria for an interface should be whether or not an address associated with it is link-local. |
loopback | Empty element indicating that part of the selection criteria for an interface should be whether or not it is a loopback interface. |
loopback-address | A loopback address that may not actually be configured on the machine's loopback interface. Differs from inet-address type in that the given value will be used even if no NIC can be found that has the IP address associated with it. |
multicast | Empty element indicating that part of the selection criteria for an interface should be whether or not it supports multicast. |
nic | The name of a network interface (e.g. eth0, eth1, lo). |
nic-match | A regular expression against which the names of the network interfaces available on the machine can be matched to find an acceptable interface. |
not | Element indicating that part of the selection criteria for an interface should be that it does not meet any of the nested set of criteria. |
point-to-point | Empty element indicating that part of the selection criteria for an interface should be whether or not it is a point-to-point interface. |
public-address | Empty element indicating that part of the selection criteria for an interface should be whether or not it has a publicly routable address. |
site-local-address | Empty element indicating that part of the selection criteria for an interface should be whether or not an address associated with it is site-local. |
subnet-match | A network IP address and the number of bits in the address' network prefix, written in "slash notation"; e.g. "192.168.0.0/16". |
up | Empty element indicating that part of the selection criteria for an interface should be whether or not it is currently up. |
virtual | Empty element indicating that part of the selection criteria for an interface should be whether or not it is a virtual interface. |
Configure Interface Attributes
Configure Interface Attributes with the Management CLI
You can use tab completion to complete the command string as you type, as well as to expose the available attributes.Use the Management CLI to add a new server and configure instances to it, effectively adding the same piece of configuration to the XML. Substitute server-name with your actual server name and substitute ip-address with your actual IP address./host=master/server-config=server-name:add(group=main-server-group) /host=master/server-config=server-name/interface=public:add(inet-address=ip-address)
Use the Management CLI to add new interfaces and write new values to the interface attributes.Add a New Interface
Theadd
operation creates new interfaces as required. Theadd
command runs from the root of the Management CLI session, and in the following example it creates a new interface name title interfacename, with aninet-address
declared as 12.0.0.2./interface=interfacename/:add(inet-address=12.0.0.2)
Edit Interface Attributes
Thewrite-attribute
operation writes new values to an attribute. The following example updates theinet-address
value to 12.0.0.8./interface=interfacename/:write-attribute(name=inet-address, value=12.0.0.8)
Verify Interface Attributes
Confirm that the attribute values have changed by running theread-resource
operation with theinclude-runtime=true
parameter to expose all current values active in the server model. For example:[standalone@localhost:9999 interface=public]
:read-resource(include-runtime=true)
Configure Interface Attributes with the Management Console
Log into the Management Console.
Log into the Management Console of your Managed Domain or Standalone Server instance.Navigate to Configuration tab
Select the Configuration tab from the top of the screen.Note
For Domain Mode, select a profile from the Profile drop-down menu at the top left of the screen.Select Interfaces from the Navigation Menu.
Select the Interfaces menu item from the navigation menu.Add a New Interface
- Click.
- Enter required values for Name, Inet Address and Address Wildcard.
- Click.
Edit Interface Attributes
- Select the interface that you need to edit from the Available Interfaces list and click .
- Enter required values for Name, Inet Address and Address Wildcard.
- Click.
5.2. Socket Binding Groups
5.2.1. About Socket Binding Groups
domain.xml
and standalone.xml
configuration files. Other sections of the configuration can then reference those sockets by their logical name, rather than having to include the full details of the socket configuration. This allows you to reference relative socket configurations which may otherwise vary on different machines.
Example 5.6. Default socket bindings for the standalone configuration
standalone.xml
configuration file are grouped under standard-sockets
. This group is also referenced to the public
interface, using the same logical referencing methodology.
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}"> <socket-binding name="management-native" interface="management" port="${jboss .management.native.port:9999}"/> <socket-binding name="management-http" interface="management" port="${jboss .management.http.port:9990}"/> <socket-binding name="management-https" interface="management" port="${jboss .management.https.port:9443}"/> <socket-binding name="ajp" port="8009"/> <socket-binding name="http" port="8080"/> <socket-binding name="https" port="8443"/> <socket-binding name="remoting" port="4447"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group>
Example 5.7. Default socket bindings for the domain configuration
domain.xml
configuration file contain four groups: the standard-sockets
, ha-sockets
, full-sockets
and the full-ha-sockets
groups. These groups are also referenced to an interface called public
.
<socket-binding-groups> <socket-binding-group name="standard-sockets" default-interface="public"> <!-- Needed for server groups using the 'default' profile --> <socket-binding name="ajp" port="8009"/> <socket-binding name="http" port="8080"/> <socket-binding name="https" port="8443"/> <socket-binding name="remoting" port="4447"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> <socket-binding-group name="ha-sockets" default-interface="public"> <!-- Needed for server groups using the 'ha' profile --> <socket-binding name="ajp" port="8009"/> <socket-binding name="http" port="8080"/> <socket-binding name="https" port="8443"/> <socket-binding name="jgroups-mping" port="0" multicast-address="${jboss .default.multicast.address:230.0.0.4}" multicast-port="45700"/> <socket-binding name="jgroups-tcp" port="7600"/> <socket-binding name="jgroups-tcp-fd" port="57600"/> <socket-binding name="jgroups-udp" port="55200" multicast-address="${jboss .default.multicast.address:230.0.0.4}" multicast-port="45688"/> <socket-binding name="jgroups-udp-fd" port="54200"/> <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/> <socket-binding name="remoting" port="4447"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> <socket-binding-group name="full-sockets" default-interface="public"> <!-- Needed for server groups using the 'full' profile --> <socket-binding name="ajp" port="8009"/> <socket-binding name="http" port="8080"/> <socket-binding name="https" port="8443"/> <socket-binding name="jacorb" interface="unsecure" port="3528"/> <socket-binding name="jacorb-ssl" interface="unsecure" port="3529"/> <socket-binding name="messaging" port="5445"/> <socket-binding name="messaging-group" port="0" multicast-address="${jboss .messaging.group.address:231.7.7.7}" multicast-port="${jboss.messaging.group.port:9876}"/> <socket-binding name="messaging-throughput" port="5455"/> <socket-binding name="remoting" port="4447"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> <socket-binding-group name="full-ha-sockets" default-interface="public"> <!-- Needed for server groups using the 'full-ha' profile --> <socket-binding name="ajp" port="8009"/> <socket-binding name="http" port="8080"/> <socket-binding name="https" port="8443"/> <socket-binding name="jacorb" interface="unsecure" port="3528"/> <socket-binding name="jacorb-ssl" interface="unsecure" port="3529"/> <socket-binding name="jgroups-mping" port="0" multicast-address="${jboss .default.multicast.address:230.0.0.4}" multicast-port="45700"/> <socket-binding name="jgroups-tcp" port="7600"/> <socket-binding name="jgroups-tcp-fd" port="57600"/> <socket-binding name="jgroups-udp" port="55200" multicast-address="${jboss .default.multicast.address:230.0.0.4}" multicast-port="45688"/> <socket-binding name="jgroups-udp-fd" port="54200"/> <socket-binding name="messaging" port="5445"/> <socket-binding name="messaging-group" port="0" multicast-address="${jboss .messaging.group.address:231.7.7.7}" multicast-port="${jboss.messaging.group.port:9876}"/> <socket-binding name="messaging-throughput" port="5455"/> <socket-binding name="modcluster" port="0" multicast-address="224.0.1.105" multicast-port="23364"/> <socket-binding name="remoting" port="4447"/> <socket-binding name="txn-recovery-environment" port="4712"/> <socket-binding name="txn-status-manager" port="4713"/> <outbound-socket-binding name="mail-smtp"> <remote-destination host="localhost" port="25"/> </outbound-socket-binding> </socket-binding-group> </socket-binding-groups>
standalone.xml
and domain.xml
source files in the application server directory. The recommended method of managing bindings is to use either the Management Console or the Management CLI. The advantages of using the Management Console include a graphical user interface with a dedicated Socket Binding Group screen under the General Configuration section. The Management CLI offers an API and workflow based around a command line approach that allows for batch processing and the use of scripts across the higher and lower levels of the application server configuration. Both interfaces allow for changes to be persisted or otherwise saved to the server configuration.
5.2.2. Configure Socket Bindings
standard-sockets
group, and is unable to create any further groups. Instead you can create alternate standalone server configuration files. For a managed domain however, you can create multiple socket binding groups and configure the socket bindings that they contain as you require. The following table shows the available attributes for each socket binding.
Attribute | Description | Role |
---|---|---|
name | Logical name of the socket configuration that should be used elsewhere in the configuration. | Required |
port | Base port to which a socket based on this configuration should be bound. Note that servers can be configured to override this base value by applying an increment or decrement to all port values. | Required |
interface | Logical name of the interface to which a socket based on this configuration should be bound. If not defined, the value of the default-interface attribute from the enclosing socket binding group will be used. | Optional |
multicast-address | If the socket will be used for multicast, the multicast address to use. | Optional |
multicast-port | If the socket will be used for multicast, the multicast port to use. | Optional |
fixed-port | If true , declares that the value of port must always be used for the socket and should not be overridden by applying an increment or decrement. | Optional |
Configure Socket Bindings in Socket Binding Groups
Choose either the Management CLI or the management console to configure your socket bindings as required.Configure Socket Bindings Using the Management CLI
Use the Management CLI to configure socket bindings.Add a New Socket Binding
Use theadd
operation to create a new address setting if required. You can run this command from the root of the Management CLI session, which in the following examples creates a new socket binding titled newsocket, with aport
attribute declared as 1234. The examples apply for both a standalone server and a managed domain editing on thestandard-sockets
socket binding group as shown.[domain@localhost:9999 /] /socket-binding-group=standard-sockets/socket-binding=newsocket/:add(port=1234)
Edit Pattern Attributes
Use thewrite-attribute
operation to write a new value to an attribute. You can use tab completion to help complete the command string as you type, as well as to expose the available attributes. The following example updates theport
value to 2020[domain@localhost:9999 /] /socket-binding-group=standard-sockets/socket-binding=newsocket/:write-attribute(name=port,value=2020)
Confirm Pattern Attributes
Confirm the values are changed by running theread-resource
operation with theinclude-runtime=true
parameter to expose all current values active in the server model.[domain@localhost:9999 /] /socket-binding-group=standard-sockets/socket-binding=newsocket/:read-resource
Configure Socket Bindings Using the Management Console
Use the management console to configure socket bindings.Log into the Management Console.
Log into the management console of your managed domain or standalone server.Navigate to the Configuration tab.
Select the Configuration tab at the top of the screen.Select the Socket Binding item from the navigation menu.
Expand the General Configuration menu. Select Socket Binding. If you are using a managed domain, select the desired group in the Socket Binding Groups list.Add a New Socket Binding
- Click thebutton.
- Enter any required values for Name, Port and Binding Group.
- Clickto finish.
Edit Socket Binding
- Select a socket binding from the list and click.
- Enter any required values such as Name, Interface or Port.
- Clickto finish.
5.2.3. Network Ports Used By JBoss EAP 6
- Whether your server groups use one of the default socket binding groups, or a custom group.
- The requirements of your individual deployments.
Note
8080
, and your server uses a port offset of 100
, its HTTP port is 8180
.
The default socket binding groups
full-ha-sockets
full-sockets
ha-sockets
standard-sockets
domain.xml
. The standalone server profiles contain only standard socket binding group. This group corresponds to standard-sockets in standalone.xml
, ha-sockets
for standalone-ha.xml
, full-sockets
for standalone-full.xml
, and full-ha-sockets
for standalone-full-ha.xml
. Standalone profiles contain some more socket bindings, for example, management-{native,http,https}.
Name | Port | Multicast Port | Description | full-ha-sockets | full-sockets | ha-socket | standard-socket |
---|---|---|---|---|---|---|---|
ajp | 8009 | Apache JServ Protocol. Used for HTTP clustering and load balancing. | Yes | Yes | Yes | Yes | |
http | 8080 | The default port for deployed web applications. | Yes | Yes | Yes | Yes | |
https | 8443 | SSL-encrypted connection between deployed web applications and clients. | Yes | Yes | Yes | Yes | |
jacorb | 3528 | CORBA services for JTS transactions and other ORB-dependent services. | Yes | Yes | No | No | |
jacorb-ssl | 3529 | SSL-encrypted CORBA services. | Yes | Yes | No | No | |
jgroups-diagnostics | 7500 | Multicast. Used for peer discovery in HA clusters. Not configurable using the Management Interfaces. | Yes | No | Yes | No | |
jgroups-mping | 45700 | Multicast. Used to discover initial membership in a HA cluster. | Yes | No | Yes | No | |
jgroups-tcp | 7600 | Unicast peer discovery in HA clusters using TCP. | Yes | No | Yes | No | |
jgroups-tcp-fd | 57600 | Used for HA failure detection over TCP. | Yes | No | Yes | No | |
jgroups-udp | 55200 | 45688 | Multicast peer discovery in HA clusters using UDP. | Yes | No | Yes | No |
jgroups-udp-fd | 54200 | Used for HA failure detection over UDP. | Yes | No | Yes | No | |
messaging | 5445 | JMS service. | Yes | Yes | No | No | |
messaging-group | 0 | 9876 | Referenced by HornetQ JMS broadcast and discovery groups. | Yes | Yes | No | No |
messaging-throughput | 5455 | Used by JMS Remoting. | Yes | Yes | No | No | |
mod_cluster | 23364 | Multicast port for communication between JBoss EAP 6 and the HTTP load balancer. | Yes | No | Yes | No | |
remoting | 4447 | Used for remote EJB invocation. | Yes | Yes | Yes | Yes | |
txn-recovery-environment | 4712 | The JTA transaction recovery manager. | Yes | Yes | Yes | Yes | |
txn-status-manager | 4713 | The JTA / JTS transaction manager. | Yes | Yes | Yes | Yes |
In addition to the socket binding groups, each host controller opens two more ports for management purposes:
9990
- The Web Management Console port9999
- The port used by the Management Console and Management API
5.2.4. About Port Offsets for Socket Binding Groups
5.2.5. Configure Port Offsets
Configure Port Offsets
Choose either the Management CLI or the Management Console to configure your port offsets.Configure Port Offsets Using the Management CLI
Use the Management CLI to configure port offsets.Edit Port Offsets
Use thewrite-attribute
operation to write a new value to the port offset atttribute. The following example updates thesocket-binding-port-offset
value of server-two to 250. This server is a member of the default local host group. A restart is required for the changes to take effect.[domain@localhost:9999 /] /host=master/server-config=server-two/:write-attribute(name=socket-binding-port-offset,value=250)
Confirm Port Offset Attributes
Confirm the values are changed by running theread-resource
operation with theinclude-runtime=true
parameter to expose all current values active in the server model.[domain@localhost:9999 /] /host=master/server-config=server-two/:read-resource(include-runtime=true)
Configure Port Offsets Using the Management Console
Use the Management Console to configure port offsets.Log into the Management Console.
Log into the Management Console of your Managed Domain.Select the Domain tab
Select the Domain tab at the top of the screen.Edit Port Offset Attributes
- Select the server under the
Available Server Configurations
list and click at the top of the attibutes list below. - Enter any desired values in the Port Offset field.
- Clickto finish.
5.3. IPv6
5.3.1. Configure JVM Stack Preferences for IPv6 Networking
- Summary
- This topic covers enabling IPv6 networking for the JBoss EAP 6 installation.
Procedure 5.1. Disable the IPv4 Stack Java Property
- Open the relevant file for the installation:
For a Standalone Server:
OpenEAP_HOME/bin/standalone.conf
.For a Managed Domain:
OpenEAP_HOME/bin/domain.conf
.
- Change the IPv4 Stack Java property to false:
-Djava.net.preferIPv4Stack=false
For example:Example 5.8. JVM options
# Specify options to pass to the Java VM. # if [ "x$JAVA_OPTS" = "x" ]; then JAVA_OPTS="-Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=false -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv6Addresses=true" fi
5.3.2. Configure the Interface Declarations for IPv6 Networking
Follow these steps to configure the interface inet address to the IPv6 default:
Procedure 5.2. Configure the Interface for IPv6 Networking
- Select the Configuration tab at the top of the screen.
- Expand the General Configuration menu and select Interfaces.
- Select the interface from the Available Interfaces list.
- Clickin the detail list.
- Set the inet address to:
${jboss.bind.address.management:[ADDRESS]}
- Clickto finish.
- Restart the server to implement the changes.
5.3.3. Configure JVM Stack Preferences for IPv6 Addresses
- Summary
- This topic covers configuring the JBoss EAP 6 installation to prefer IPv6 addresses through the configuration files.
Procedure 5.3. Configure the JBoss EAP 6 Installation to Prefer IPv6 Addresses
- Open the relevant file for the installation:
For a Standalone Server:
OpenEAP_HOME/bin/standalone.conf
.For a Managed Domain:
OpenEAP_HOME/bin/domain.conf
.
- Append the following Java property to the Java VM options:
-Djava.net.preferIPv6Addresses=true
For example:Example 5.9. JVM options
# Specify options to pass to the Java VM. # if [ "x$JAVA_OPTS" = "x" ]; then JAVA_OPTS="-Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=false -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djava.net.preferIPv6Addresses=true" fi
5.4. Remoting
5.4.1. Configuration of Message Size in Remoting
MAX_INBOUND_MESSAGE_SIZE
) and the maximum outbound message size (MAX_OUTBOUND_MESSAGE_SIZE
) to ensure that messages are received and sent within appropriate size limits.
MAX_INBOUND_MESSAGE_SIZE
and MAX_OUTBOUND_MESSAGE_SIZE
can be set in ejb3 subsystem, and the value is in byte.
<subsystem xmlns="urn:jboss:domain:ejb3:1.5"> ...... <remote connector-ref="remoting-connector" thread-pool-name="default"> <channel-creation-options> <option name="MAX_INBOUND_MESSAGE_SIZE" value="xxxxx" type="remoting"/> <option name="MAX_OUTBOUND_MESSAGE_SIZE" value="xxxxx" type="remoting"/> </channel-creation-options> </remote> ...... </subsystem>
MAX_OUTBOUND_MESSAGE_SIZE
), the server throws an exception and cancels the transmission of data. However the connection remains open and the sender can choose to close the message if needed.
MAX_INBOUND_MESSAGE_SIZE
) the message is closed asynchronously with the connection still open.
5.4.2. Configure the Remoting Subsystem
JBoss Remoting has three top-level configurable elements: the worker thread pool, one or more connectors, and a series of local and remote connection URIs. This topic presents an explanation of each configurable item, example CLI commands for how to configure each item, and an XML example of a fully-configured subsystem. This configuration only applies to the server. Most people will not need to configure the Remoting subsystem at all, unless they use custom connectors for their own applications. Applications which act as Remoting clients, such as EJBs, need separate configuration to connect to a specific connector.
Note
The CLI commands are formulated for a managed domain, when configuring the default
profile. To configure a different profile, substitute its name. For a standalone server, omit the /profile=default
part of the command.
There are a few configuration aspects which are outside of the remoting
subsystem:
- Network Interface
- The network interface used by the
remoting
subsystem is thepublic
interface defined in thedomain/configuration/domain.xml
orstandalone/configuration/standalone.xml
.<interfaces> <interface name="management"/> <interface name="public"/> <interface name="unsecure"/> </interfaces>
The per-host definition of thepublic
interface is defined in thehost.xml
in the same directory as thedomain.xml
orstandalone.xml
. This interface is also used by several other subsystems. Exercise caution when modifying it.<interfaces> <interface name="management"> <inet-address value="${jboss.bind.address.management:127.0.0.1}"/> </interface> <interface name="public"> <inet-address value="${jboss.bind.address:127.0.0.1}"/> </interface> <interface name="unsecure"> <!-- Used for IIOP sockets in the standard configuration. To secure JacORB you need to setup SSL --> <inet-address value="${jboss.bind.address.unsecure:127.0.0.1}"/> </interface> </interfaces>
- socket-binding
- The default socket-binding used by the
remoting
subsystem binds to TCP port 4447. Refer to the documentation about socket bindings and socket binding groups for more information if you need to change this.Information about socket binding and socket binding groups can be found in the Socket Binding Groups chapter of JBoss EAP's Administration and Configuration Guide available at https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4 - Remoting Connector Reference for EJB
- The EJB subsystem contains a reference to the remoting connector for remote method invocations. The following is the default configuration:
<remote connector-ref="remoting-connector" thread-pool-name="default"/>
- Secure Transport Configuration
- Remoting transports use StartTLS to use a secure (HTTPS, Secure Servlet, etc) connection if the client requests it. The same socket binding (network port) is used for secured and unsecured connections, so no additional server-side configuration is necessary. The client requests the secure or unsecured transport, as its needs dictate. JBoss EAP 6 components which use Remoting, such as EJBs, the ORB, and the JMS provider, request secured interfaces by default.
Warning
The worker thread pool is the group of threads which are available to process work which comes in through the Remoting connectors. It is a single element <worker-thread-pool>
, and takes several attributes. Tune these attributes if you get network timeouts, run out of threads, or need to limit memory usage. Specific recommendations depend on your specific situation. Contact Red Hat Global Support Services for more information.
Attribute | Description | CLI Command |
---|---|---|
read-threads |
The number of read threads to create for the remoting worker. Defaults to
1 .
| /profile=default/subsystem=remoting/:write-attribute(name=worker-read-threads,value=1)
|
write-threads |
The number of write threads to create for the remoting worker. Defaults to
1 .
| /profile=default/subsystem=remoting/:write-attribute(name=worker-write-threads,value=1)
|
task-keepalive |
The number of milliseconds to keep non-core remoting worker task threads alive. Defaults to
60 .
| /profile=default/subsystem=remoting/:write-attribute(name=worker-task-keepalive,value=60)
|
task-max-threads |
The maximum number of threads for the remoting worker task thread pool. Defaults to
16 .
| /profile=default/subsystem=remoting/:write-attribute(name=worker-task-max-threads,value=16)
|
task-core-threads |
The number of core threads for the remoting worker task thread pool. Defaults to
4 .
| /profile=default/subsystem=remoting/:write-attribute(name=worker-task-core-threads,value=4)
|
task-limit |
The maximum number of remoting worker tasks to allow before rejecting. Defaults to
16384 .
| /profile=default/subsystem=remoting/:write-attribute(name=worker-task-limit,value=16384)
|
The connector is the main Remoting configuration element. Multiple connectors are allowed. Each consists of a element <connector>
element with several sub-elements, as well as a few possible attributes. The default connector is used by several subsystems of JBoss EAP 6. Specific settings for the elements and attributes of your custom connectors depend on your applications, so contact Red Hat Global Support Services for more information.
Attribute | Description | CLI Command |
---|---|---|
socket-binding | The name of the socket binding to use for this connector. | /profile=default/subsystem=remoting/connector=remoting-connector/:write-attribute(name=socket-binding,value=remoting)
|
authentication-provider |
The Java Authentication Service Provider Interface for Containers (JASPIC) module to use with this connector. The module must be in the classpath.
| /profile=default/subsystem=remoting/connector=remoting-connector/:write-attribute(name=authentication-provider,value=myProvider)
|
security-realm |
Optional. The security realm which contains your application's users, passwords, and roles. An EJB or Web Application can authenticate against a security realm.
ApplicationRealm is available in a default JBoss EAP 6 installation.
| /profile=default/subsystem=remoting/connector=remoting-connector/:write-attribute(name=security-realm,value=ApplicationRealm)
|
Attribute | Description | CLI Command |
---|---|---|
sasl |
Enclosing element for Simple Authentication and Security Layer (SASL) authentication mechanisms
| N/A
|
properties |
Contains one or more
<property> elements, each with a name attribute and an optional value attribute.
| /profile=default/subsystem=remoting/connector=remoting-connector/property=myProp/:add(value=myPropValue)
|
You can specify three different types of outbound connection:
- Outbound connection to a URI.
- Local outbound connection – connects to a local resource such as a socket.
- Remote outbound connection – connects to a remote resource and authenticates using a security realm.
<outbound-connections>
element. Each of these connection types takes an outbound-socket-binding-ref
attribute. The outbound-connection takes a uri
attribute. The remote outbound connection takes optional username
and security-realm
attributes to use for authorization.
Attribute | Description | CLI Command |
---|---|---|
outbound-connection | Generic outbound connection. | /profile=default/subsystem=remoting/outbound-connection=my-connection/:add(uri=http://my-connection)
|
local-outbound-connection | Outbound connection with a implicit local:// URI scheme. | /profile=default/subsystem=remoting/local-outbound-connection=my-connection/:add(outbound-socket-binding-ref=remoting2)
|
remote-outbound-connection |
Outbound connections for remote:// URI scheme, using basic/digest authentication with a security realm.
| /profile=default/subsystem=remoting/remote-outbound-connection=my-connection/:add(outbound-socket-binding-ref=remoting,username=myUser,security-realm=ApplicationRealm)
|
Before defining the SASL child elements, you need to create the initial SASL element. Use the following command:
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl:add
Attribute | Description | CLI Command |
---|---|---|
include-mechanisms |
Contains a
value attribute, which is a list of SASL mechanisms.
|
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl:write-attribute(name=include-mechanisms,value=["DIGEST","PLAIN","GSSAPI"]) |
qop |
Contains a
value attribute, which is a list of SASL Quality of protection values, in decreasing order of preference.
|
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl:write-attribute(name=qop,value=["auth"]) |
strength |
Contains a
value attribute, which is a list of SASL cipher strength values, in decreasing order of preference.
|
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl:write-attribute(name=strength,value=["medium"]) |
reuse-session |
Contains a
value attribute which is a boolean value. If true, attempt to reuse sessions.
|
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl:write-attribute(name=reuse-session,value=false) |
server-auth |
Contains a
value attribute which is a boolean value. If true, the server authenticates to the client.
|
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl:write-attribute(name=server-auth,value=false) |
policy |
An enclosing element which contains zero or more of the following elements, which each take a single
value .
|
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/sasl-policy=policy:add /profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/sasl-policy=policy:write-attribute(name=forward-secrecy,value=true) /profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/sasl-policy=policy:write-attribute(name=no-active,value=false) /profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/sasl-policy=policy:write-attribute(name=no-anonymous,value=false) /profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/sasl-policy=policy:write-attribute(name=no-dictionary,value=true) /profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/sasl-policy=policy:write-attribute(name=no-plain-text,value=false) /profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/sasl-policy=policy:write-attribute(name=pass-credentials,value=true) |
properties |
Contains one or more
<property> elements, each with a name attribute and an optional value attribute.
|
/profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/property=myprop:add(value=1) /profile=default/subsystem=remoting/connector=remoting-connector/security=sasl/property=myprop2:add(value=2) |
Example 5.10. Example Configurations
<subsystem xmlns="urn:jboss:domain:remoting:1.1"> <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"/> </subsystem>
<subsystem xmlns="urn:jboss:domain:remoting:1.1"> <worker-thread-pool read-threads="1" task-keepalive="60" task-max-threads="16" task-core-thread="4" task-limit="16384" write-threads="1" /> <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm"> <sasl> <include-mechanisms value="GSSAPI PLAIN DIGEST-MD5" /> <qop value="auth" /> <strength value="medium" /> <reuse-session value="false" /> <server-auth value="false" /> <policy> <forward-secrecy value="true" /> <no-active value="false" /> <no-anonymous value="false" /> <no-dictionary value="true" /> <no-plain-text value="false" /> <pass-credentials value="true" /> </policy> <properties> <property name="myprop1" value="1" /> <property name="myprop2" value="2" /> </properties> </sasl> <authentication-provider name="myprovider" /> <properties> <property name="myprop3" value="propValue" /> </properties> </connector> <outbound-connections> <outbound-connection name="my-outbound-connection" uri="http://myhost:7777/"/> <remote-outbound-connection name="my-remote-connection" outbound-socket-binding-ref="my-remote-socket" username="myUser" security-realm="ApplicationRealm"/> <local-outbound-connection name="myLocalConnection" outbound-socket-binding-ref="my-outbound-socket"/> </outbound-connections> </subsystem>
Configuration Aspects Not Yet Documented
- JNDI and Multicast Automatic Detection
Chapter 6. Datasource Management
6.1. Introduction
6.1.1. About JDBC
Procedure 6.1. Test datasource pools connection using Management Console
- Select thetab from the top of the Management Console.
- Expand themenu on the left, and select .
- Click thebutton to test the connection to the datasource and verify the settings are correct.
Procedure 6.2. Test datasource connection using Management CLI
- Launch the CLI tool and connect to your server.
- Run the following Management CLI command to test the connection:
- In Standalone mode, enter the following command:
/subsystem=datasources/data-source=ExampleDS:test-connection-in-pool
- In Domain mode, enter the following command:
host=master/server=server-one/subsystem=datasources/data-source=ExampleDS:test-connection-in-pool
6.1.2. JBoss EAP 6 Supported Databases
6.1.3. Types of Datasources
datasources
and XA datasources
.
6.1.4. The Example Datasource
Warning
6.1.5. Deployment of -ds.xml files
*-ds.xml
datasource configuration file was required in the deployment directory of the server configuration. *-ds.xml
files can still be deployed in JBoss EAP 6, following the 1.1 data sources schema available under Schemas here: http://www.ironjacamar.org/documentation.html.
Warning
Important
*-ds.xml
files.
6.2. JDBC Drivers
6.2.1. Install a JDBC Driver with the Management Console
Before your application can connect to a JDBC datasource, your datasource vendor's JDBC drivers need to be installed in a location where JBoss EAP 6 can use them. JBoss EAP 6 allows you to deploy these drivers like any other deployment. This means that you can deploy them across multiple servers in a server group, if you use a managed domain.
Before performing this task, you need to meet the following prerequisites:
- Download the JDBC driver from your database vendor.
Note
Procedure 6.3. Modify the JDBC Driver JAR
- Change to, or create, an empty temporary directory.
- Create a META-INF subdirectory.
- Create a META-INF/services subdirectory.
- Create a META-INF/services/java.sql.Driver file, which contains one line indicating the fully-qualified class name of the JDBC driver.
- Use the JAR command-line tool to update the JAR like this:
jar \-uf jdbc-driver.jar META-INF/services/java.sql.Driver
- If you use a managed domain, deploy the JAR file to a server group. Otherwise, deploy it to your server. See Section 10.2.2, “Enable a Deployed Application Using the Management Console”.
The JDBC driver is deployed, and is available for your applications to use.
6.2.2. Install a JDBC Driver as a Core Module
Before performing this task, you need to meet the following prerequisites:
- Download the JDBC driver from your database vendor. JDBC driver download locations are listed here: Section 6.2.3, “JDBC Driver Download Locations”.
- Extract the archive.
Procedure 6.4. Install a JDBC Driver as a Core Module Using the Management CLI
- Start the Server.
- Start the Management CLI, but do not use the
--connect
or-c
argument to connect to the running instance. - Use the
module add
CLI command to add the new module.Example 6.1. Example CLI command to add a MySQL JDBC driver module
module add --name=com.mysql --resources=/path/to/mysql.jar --dependencies=javax.api,javax.transaction.api
Note
Using themodule
management CLI command to add and remove modules is provided as technology preview only, and should not be used to add modules to a remote JBoss EAP instance. Modules should be added and removed manually in a production environment.Perform the following steps to add a module manually.Execute- A file path structure will be created under the
EAP_HOME/modules/
directory. For example, for a MySQL JDBC driver, the following will be created:EAP_HOME/modules/com/mysql/main/
. - The JAR files specified as resources will be copied to the
main/
subdirectory. - A module.xml file with the specified dependencies will be created in the
main/
subdirectory. See Section 7.1.1, “Modules” for an example of a module.xml file.
module --help
for more details on using this command to add and remove modules. - Use the
connect
CLI command to connect to the running instance. - Run the CLI command to add the JDBC driver module to the server configuration.The command you choose depends on the number of classes listed in the
/META-INF/services/java.sql.Driver
file located in the JDBC driver JAR. For example, the/META-INF/services/java.sql.Driver
file in the MySQL 5.1.20 JDBC JAR lists two classes:When there is more than one entry, you must also specify the name of the driver class. Failure to do so results in an error similar to the following:com.mysql.jdbc.Driver
com.mysql.fabric.jdbc.FabricMySQLDriver
Example 6.2. Driver class error
JBAS014749: Operation handler failed: Service jboss.jdbc-driver.mysql is already registered
- Run the CLI command for JDBC JARs containing one class entry.
/subsystem=datasources/jdbc-driver=DRIVER_NAME:add(driver-name=DRIVER_NAME,driver-module-name=MODULE_NAME,driver-xa-datasource-class-name=XA_DATASOURCE_CLASS_NAME)
Example 6.3. CLI Command for Standalone Mode for JDBC JARs with one driver class
/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource)
Example 6.4. CLI Command for Domain Mode for JDBC JARs with one driver class
/profile=ha/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource)
- Run the CLI command for JDBC JARs containing multiple class entries.
/subsystem=datasources/jdbc-driver=DRIVER_NAME:add(driver-name=DRIVER_NAME,driver-module-name=MODULE_NAME,driver-xa-datasource-class-name=XA_DATASOURCE_CLASS_NAME, driver-class-name=DRIVER_CLASS_NAME)
Example 6.5. CLI Command for Standalone Mode for JDBC JARs with multiple driver class entries
/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource, driver-class-name=com.mysql.jdbc.Driver)
Example 6.6. CLI Command for Domain Mode for JDBC JARs with multiple driver class entries
/profile=ha/subsystem=datasources/jdbc-driver=mysql:add(driver-name=mysql,driver-module-name=com.mysql,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource, driver-class-name=com.mysql.jdbc.Driver)
Example 6.7. CLI Command for Domain Mode for JDBC JARs with multiple non-XA driver class entries
/profile=ha/subsystem=datasources/jdbc-driver=oracle/:add(driver-module-name=com.oracle,driver-name=oracle,jdbc-compliant=true,driver-datasource-class-name=oracle.jdbc.OracleDriver)
The JDBC driver is now installed and set up as a core module, and is available to be referenced by application datasources.
6.2.3. JDBC Driver Download Locations
Note
Vendor | Download Location |
---|---|
MySQL | |
PostgreSQL | |
Oracle | |
IBM | |
Sybase | |
Microsoft |
6.2.4. Access Vendor Specific Classes
This topic covers the steps required to use the JDBC specific classes. This is necessary when an application needs to use vendor specific functionality that is not part of the JDBC API.
Warning
Important
Important
Prerequisites
Procedure 6.5. Add a Dependency to the Application
Configure the
MANIFEST.MF
file- Open the application's
META-INF/MANIFEST.MF
file in a text editor. - Add a dependency for the JDBC module and save the file.
Dependencies: MODULE_NAME
Example 6.8. MANIFEST.MF file with com.mysql declared as a dependency
Dependencies: com.mysql
Create a
jboss-deployment-structure.xml
fileCreate a file calledjboss-deployment-structure.xml
in theMETA-INF/
orWEB-INF
folder of the application.Example 6.9.
jboss-deployment-structure.xml
file with com.mysql declared as a dependency<jboss-deployment-structure> <deployment> <dependencies> <module name="com.mysql" /> </dependencies> </deployment> </jboss-deployment-structure>
Example 6.10. Access the Vendor Specific API
import java.sql.Connection; import org.jboss.jca.adapters.jdbc.WrappedConnection; Connection c = ds.getConnection(); WrappedConnection wc = (WrappedConnection)c; com.mysql.jdbc.Connection mc = wc.getUnderlyingConnection();
6.3. Non-XA Datasources
6.3.1. Create a Non-XA Datasource with the Management Interfaces
This topic covers the steps required to create a non-XA datasource, using either the Management Console or the Management CLI.
Prerequisites
- The JBoss EAP 6 server must be running.
Note
Note
Procedure 6.6. Create a Datasource using either the Management CLI or the Management Console
Management CLI
- Launch the CLI tool and connect to your server.
- Run the following Management CLI command to create a non-XA datasource, configuring the variables as appropriate:
Note
The value for DRIVER_NAME depends on the number of classes listed in the/META-INF/services/java.sql.Driver
file located in the JDBC driver JAR. If there is only one class, the value is the name of the JAR. If there are multiple classes, the value is the name of the JAR + driverClassName + "_" + majorVersion +"_" + minorVersion. Failure to do so will result in the following error being logged:JBAS014775: New missing/unsatisfied dependencies
For example, the DRIVER_NAME value required for the MySQL 5.1.31 driver, ismysql-connector-java-5.1.31-bin.jarcom.mysql.jdbc.Driver_5_1
.data-source add --name=DATASOURCE_NAME --jndi-name=JNDI_NAME --driver-name=DRIVER_NAME --connection-url=CONNECTION_URL
- Enable the datasource:
data-source enable --name=DATASOURCE_NAME
Management Console
- Login to the Management Console.
Navigate to the Datasources panel in the Management Console
- Select the Configuration tab from the top of the console.
- For Domain mode only, select a profile from the drop-down box in the top left.
- Expand themenu on the left of the console, then expand the menu.
- Selectfrom the menu on the left of the console.
Create a new datasource
- Click Datasources panel.at the top of the
- Enter the new datasource attributes in the Create Datasource wizard and proceed with the button.
- Enter the JDBC driver details in the Create Datasource wizard and click to continue.
- Enter the connection settings in the Create Datasource wizard.
- Click thebutton to test the connection to the datasource and verify the settings are correct.
- Clickto finish
The non-XA datasource has been added to the server. It is now visible in either the standalone.xml
or domain.xml
file, as well as the management interfaces.
6.3.2. Modify a Non-XA Datasource with the Management Interfaces
This topic covers the steps required to modify a non-XA datasource, using either the Management Console or the Management CLI.
Prerequisites
Note
jta
parameter is set to true
.
Procedure 6.7. Modify a Non-XA Datasource
Management CLI
- Use the
write-attribute
command to configure a datasource attribute:/subsystem=datasources/data-source=DATASOURCE_NAME:write-attribute(name=ATTRIBUTE_NAME,value=ATTRIBUTE_VALUE)
- Reload the server to confirm the changes:
reload
Management Console
Navigate to the Datasources panel in the Management Console
- Select the Configuration tab from the top of the console.
- For Domain mode only, select a profile from the drop-down box in the top left.
- Expand themenu on the left of the console, then expand the menu.
- Selectfrom expanded menu.
Edit the datasource
- Select a datasource from the Available Datasources list. The datasource attributes are displayed below.
- Clickto edit the datasource attributes.
- Clickto finish.
The non-XA datasource has been configured. The changes are now visible in either the standalone.xml
or domain.xml
file, as well as the management interfaces.
- To create a new datasource, refer here: Section 6.3.1, “Create a Non-XA Datasource with the Management Interfaces”.
- To remove the datasource, refer here: Section 6.3.3, “Remove a Non-XA Datasource with the Management Interfaces”.
6.3.3. Remove a Non-XA Datasource with the Management Interfaces
This topic covers the steps required to remove a non-XA datasource from JBoss EAP 6, using either the Management Console or the Management CLI.
Prerequisites
Procedure 6.8. Remove a Non-XA Datasource
Management CLI
- Run the following command to remove a non-XA datasource:
data-source remove --name=DATASOURCE_NAME
Management Console
Navigate to the Datasources panel in the Management Console
- Select the Configuration tab from the top of the console.
- For Domain mode only, select a profile from the drop-down box in the top left.
- Expand themenu on the left of the console, then expand the menu.
- Select.
- Select the datasource to be deleted, then click.
The non-XA datasource has been removed from the server.
- To add a new datasource, refer here: Section 6.3.1, “Create a Non-XA Datasource with the Management Interfaces”.
6.4. XA Datasources
6.4.1. Create an XA Datasource with the Management Interfaces
Prerequisites:
This topic covers the steps required to create an XA datasource, using either the Management Console or the Management CLI.
Note
Procedure 6.9. Create an XA Datasource, Using Either the Management CLI or the Management Console
Management CLI
- Run the following Management CLI command to create an XA datasource, configuring the variables as appropriate:
Note
The value for DRIVER_NAME depends on the number of classes listed in the/META-INF/services/java.sql.Driver
file located in the JDBC driver JAR. If there is only one class, the value is the name of the JAR. If there are multiple classes, the value is the name of the JAR + driverClassName + "_" + majorVersion +"_" + minorVersion. Failure to do so will result in the following error being logged:JBAS014775: New missing/unsatisfied dependencies
For example, the DRIVER_NAME value required for the MySQL 5.1.31 driver, ismysql-connector-java-5.1.31-bin.jarcom.mysql.jdbc.Driver_5_1
.xa-data-source add --name=XA_DATASOURCE_NAME --jndi-name=JNDI_NAME --driver-name=DRIVER_NAME --xa-datasource-class=XA_DATASOURCE_CLASS
Configure the XA datasource properties
Set the server name
Run the following command to configure the server name for the host:/subsystem=datasources/xa-data-source=XA_DATASOURCE_NAME/xa-datasource-properties=ServerName:add(value=HOSTNAME)
Set the database name
Run the following command to configure the database name:/subsystem=datasources/xa-data-source=XA_DATASOURCE_NAME/xa-datasource-properties=DatabaseName:add(value=DATABASE_NAME)
- Enable the datasource:
xa-data-source enable --name=XA_DATASOURCE_NAME
Management Console
Navigate to the Datasources panel in the Management Console
- Select the Configuration tab from the top of the console.
- For Domain mode only, select a profile from the drop-down box at the top left.
- Expand themenu on the left of the console, then expand the menu.
- Select.
- Select the XA Datasource tab.
Create a new XA datasource
- Click.
- Enter the new XA datasource attributes in the Create XA Datasource wizard and click .
- Enter the JDBC driver details in the Create XA Datasource wizard and click .
- Enter the XA properties and click.
- Enter the connection settings in the Create XA Datasource wizard.
- Click thebutton to test the connection to the XA datasource and verify the settings are correct.
- Clickto finish
The XA datasource has been added to the server. It is now visible in either the standalone.xml
or domain.xml
file, as well as the management interfaces.
See Also:
6.4.2. Modify an XA Datasource with the Management Interfaces
This topic covers the steps required to modify an XA datasource, using either the Management Console or the Management CLI.
Prerequisites
Procedure 6.10. Modify an XA Datasource, Using Either the Management CLI or the Management Console
Management CLI
Configure XA datasource attributes
Use thewrite-attribute
command to configure a datasource attribute:/subsystem=datasources/xa-data-source=XA_DATASOURCE_NAME:write-attribute(name=ATTRIBUTE_NAME,value=ATTRIBUTE_VALUE)
Configure XA datasource properties
Run the following command to configure an XA datasource subresource:/subsystem=datasources/xa-data-source=DATASOURCE_NAME/xa-datasource-properties=PROPERTY_NAME:add(value=PROPERTY_VALUE)
- Reload the server to confirm the changes:
reload
Management Console
Navigate to the Datasources panel in the Management Console
- Select the Configuration tab from the top of the console.
- For Domain Mode only, select a profile from the drop-down box at top left.
- Expand themenu on the left of the console, then expand the menu.
- Select.
- Select the XA Datasource tab.
Edit the datasource
- Select the relevant XA datasource from the Available XA Datasources list. The XA datasource attributes are displayed in the Attributes panel below it.
- Select thebutton to edit the datasource attributes.
- Edit the XA datasource attributes and select thebutton when done.
The XA datasource has been configured. The changes are now visible in either the standalone.xml
or domain.xml
file, as well as the management interfaces.
- To create a new datasource, refer here: Section 6.4.1, “Create an XA Datasource with the Management Interfaces”.
- To remove the datasource, refer here: Section 6.4.3, “Remove an XA Datasource with the Management Interfaces”.
6.4.3. Remove an XA Datasource with the Management Interfaces
This topic covers the steps required to remove an XA datasource from JBoss EAP 6, using either the Management Console or the Management CLI.
Prerequisites
Procedure 6.11. Remove an XA Datasource Using Either the Management CLI or the Management Console
Management CLI
- Run the following command to remove an XA datasource:
xa-data-source remove --name=XA_DATASOURCE_NAME
Management Console
Navigate to the Datasources panel in the Management Console
- Select the Configuration tab from the top of the console.
- For Domain mode only, select a profile from the drop-down box in the top left.
- Expand themenu on the left of the console, then expand the menu.
- Select.
- Select the XA Datasource tab.
- Select the registered XA datasource to be deleted, and clickto permanently delete the XA datasource.
The XA datasource has been removed from the server.
- To add a new XA datasource, refer here: Section 6.4.1, “Create an XA Datasource with the Management Interfaces”.
6.4.4. XA Recovery
6.4.4.1. About XA Recovery Modules
com.arjuna.ats.jta.recovery.XAResourceRecovery
.
6.4.4.2. Configure XA Recovery Modules
Attribute | Description |
---|---|
recovery-username |
The username the recovery module should use to connect to the resource for recovery.
|
recovery-password |
The password the recovery module should use to connect to the resource for recovery.
|
recovery-security-domain |
The security domain the recovery module should use to connect to the resource for recovery.
|
recovery-plugin-class-name |
If you need to use a custom recovery module, set this attribute to the fully-qualified class name of the module. The module should extend class
com.arjuna.ats.jta.recovery.XAResourceRecovery .
|
recovery-plugin-properties |
If you use a custom recovery module which requires properties to be set, set this attribute to the list of comma-separated key=value pairs for the properties.
|
Note
Vendor-Specific Configuration Information
- Oracle
- If the Oracle datasource is configured incorrectly, you may see errors like the following in your log output:
Example 6.11. Incorrect configuration error
WARN [com.arjuna.ats.jta.logging.loggerI18N] [com.arjuna.ats.internal.jta.recovery.xarecovery1] Local XARecoveryModule.xaRecovery got XA exception javax.transaction.xa.XAException, XAException.XAER_RMERR
To resolve this error, ensure that the Oracle user configured inrecovery-username
has access to the tables needed for recovery. The following SQL statement shows the correct grants for Oracle 11g or Oracle 10g R2 instances patched for Oracle bug 5945463.Example 6.12. Grant configuration
GRANT SELECT ON sys.dba_pending_transactions TO recovery-username; GRANT SELECT ON sys.pending_trans$ TO recovery-username; GRANT SELECT ON sys.dba_2pc_pending TO recovery-username; GRANT EXECUTE ON sys.dbms_xa TO recovery-username;
If you use an Oracle 11 version prior to 11g, change the finalEXECUTE
statement to the following:GRANT EXECUTE ON sys.dbms_system TO recovery-username;
- PostgreSQL and Postgres Plus Advanced Server
- For PostgreSQL to be able to handle XA transaction, change the configuration parameter
max_prepared_transactions
to an value higher than 0. - MySQL
- No special configuration is required. For more information, refer to MySQL documentation.
- IBM DB2
- No special configuration is required. For more information, refer to IBM DB2 documentation.
- Sybase
- Sybase expects XA transactions to be enabled on the database. Without correct database configuration, XA transactions will not work.
enable xact coordination
enables or disables Adaptive Server transaction coordination services. When this parameter is enabled, Adaptive Server ensures that updates to remote Adaptive Server data commit or roll back with the original transaction. To enable transaction coordination, use:sp_configure 'enable xact coordination', 1
. - MSSQL
- For more information, refer to Microsoft documentation. You can also refer http://msdn.microsoft.com/en-us/library/aa342335.aspx as a starting point.
Vendor-specific issues and their consequences
- Oracle
- There are no known issues related to database.
- PostgreSQL
- Jdbc driver returns XAER_RMERR when an error occurs during the call of commit method protocol. Database returns this error code and leaves the transaction in
in-doubt
state on the database side. The correct return code should be XAER_RMFAIL or XAER_RETRY. For more information, see https://github.com/pgjdbc/pgjdbc/issues/236. This causes the transaction to be left in theHeuristic
state on the EAP side and holding locks in database which requires user intervention. - The incorrect error code returned by the jdbc driver can cause data inconsistency in some cases. For more information, refer to https://developer.jboss.org/thread/251537, https://github.com/pgjdbc/pgjdbc/issues/236
- Postgres Plus Advanced Server
- Jdbc driver returns XAER_RMERR when an error occurs during the call of commit method protocol. Database returns this error code and leaves the transaction in
in-doubt
state on the database side. The correct return code should be XAER_RMFAIL or XAER_RETRY. For more information, see https://github.com/pgjdbc/pgjdbc/issues/236. This causes the transaction to be left in theHeuristic
state on the EAP side and holding locks in database which requires user intervention. - The incorrect error code returned by the jdbc driver can cause data inconsistency in some cases. For more information, refer to https://developer.jboss.org/thread/251537
- If
XAResource.rollback
is called for the same XID more than once thenXAException
is thrown. Calling rollback against the same XID several times is compliant with JTS spec and noXAException
should be thrown. For more information, see https://github.com/pgjdbc/pgjdbc/issues/78.
- MySQL
- MySQL is not capable of handling XA transactions. If a client is disconnected the MySQL then all the information about such transactions is lost. For more information, see http://bugs.mysql.com/bug.php?id=12161.
- IBM DB2
- There are no known issues related to database.
- Sybase
- Jdbc driver returns XAER_RMERR when an error occurs during the call of commit method protocol. Database returns this error code and leaves the transaction in
in-doubt
state on the database side. The correct return code should be XAER_RMFAIL or XAER_RETRY. For more information, see https://github.com/pgjdbc/pgjdbc/issues/236. This causes the transaction to be left in theHeuristic
state on the EAP side and holding locks in database which requires user intervention. - If
XAResource.rollback
is called for the same XID more than once thenXAException
is thrown. Calling rollback against the same XID several times is compliant with JTS spec and noXAException
should be thrown. For more information, see https://github.com/pgjdbc/pgjdbc/issues/78.
- MSSQL
- Jdbc driver returns XAER_RMERR when an error occurs during the call of commit method protocol. Database returns this error code and leaves the transaction in
in-doubt
state on the database side. The correct return code should be XAER_RMFAIL or XAER_RETRY. For more information, see https://github.com/pgjdbc/pgjdbc/issues/236. This causes the transaction to be left in theHeuristic
state on the EAP side and holding locks in database which requires user intervention.This issue was reported on the Microsoft Connect site at https://connect.microsoft.com/SQLServer/feedback/details/1207381/jdbc-driver-is-not-xa-compliant-in-case-of-connection-failure-error-code-xaer-rmerr-is-returned-instead-of-xaer-rmretry. - If
XAResource.rollback
is called for the same XID more than once thenXAException
is thrown. Calling rollback against the same XID several times is compliant with JTS spec and noXAException
should be thrown. For more information, see https://github.com/pgjdbc/pgjdbc/issues/78. - The call of
XAResource.rollback
for the same XID causes the following message being logged in server log file.WARN [com.arjuna.ats.jtax] ...: XAResourceRecord.rollback caused an error from resource ... in transaction ...: java.lang.NullPointerException
- Messaging
IBM Websphere
- When JTS is used then second call of rollback against the same XID during the periodic recovery can cause an error to be logged in the log file. Second rollback against the same XID is JTS complaint and can be ignored.When RAR does not know such XID, then XAER_NOTA return code is expected. But IBM Websphere may return an incorrect return code XAER_RMFAIL.
The method 'xa_rollback' has failed with errorCode '-7' due to the resource being closed.'
ActiveMQ
- Resource adapter returns XAER_RMERR when an error occurs during the call of commit method protocol, for example network disconnection. Resource adapter returns this error code back to transaction manager and it causes the transaction being left in
in-doubt
state on message broker side. This behaviour is against XA specification and the correct return code should be XAER_RMFAIL or XAER_RETRY. The wrong error code can cause data inconsistency in some cases. For more information, refer to https://developer.jboss.org/thread/251537 .WARN [com.arjuna.ats.jtax] ...: XAResourceRecord.rollback caused an XA error: ARJUNA016099: Unknown error code:0 from resource ... in transaction ...: javax.transaction.xa.XAException: Transaction ... has not been started.
TIBCO
- When JTS is used then second call of rollback against the same XID during the periodic recovery can cause an error to be logged in the log file. Second rollback against the same XID is JTS complaint and can be ignored.
WARN [com.arjuna.ats.jtax] ...: XAResourceRecord.rollback caused an XA error: XAException.XAER_RMFAIL from resource ... in transaction ...: javax.transaction.xa.XAException
6.5. Datasource Security
6.5.1. About Datasource Security
Example 6.13. Security Domain Example
<security-domain name="DsRealm" cache-type="default"> <authentication> <login-module code="ConfiguredIdentity" flag="required"> <module-option name="userName" value="sa"/> <module-option name="principal" value="sa"/> <module-option name="password" value="sa"/> </login-module> </authentication> </security-domain>
<datasources> <datasource jndi-name="java:jboss/datasources/securityDs" pool-name="securityDs"> <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url> <driver>h2</driver> <new-connection-sql>select current_user()</new-connection-sql> <security> <security-domain>DsRealm</security-domain> </security> </datasource> </datasources>
Note
cache-type
attribute to none
or by removing the attribute altogether. However, if caching is desired, then a separate security domain should be used for each datasource.
Example 6.14. Password Vault Example
<security> <user-name>admin</user-name> <password>${VAULT::ds_ExampleDS::password::N2NhZDYzOTMtNWE0OS00ZGQ0LWE4MmEtMWNlMDMyNDdmNmI2TElORV9CUkVBS3ZhdWx0}</password> </security>
6.6. Database Connection Validation
6.6.1. Configure Database Connection Validation Settings
Database maintenance, network problems, or other outage events may cause JBoss EAP 6 to lose the connection to the database. You enable database connection validation using the <validation>
element within the <datasource>
section of the server configuration file. Follow the steps below to configure the datasource settings to enable database connection validation in JBoss EAP 6.
Procedure 6.12. Configure Database Connection Validation Settings
Choose a Validation Method
Select one of the following validation methods.<validate-on-match>true</validate-on-match>
When the<validate-on-match>
option is set totrue
, the database connection is validated every time it is checked out from the connection pool using the validation mechanism specified in the next step.If a connection is not valid, a warning is written to the log and it retrieves the next connection in the pool. This process continues until a valid connection is found. If you prefer not to cycle through every connection in the pool, you can use the<use-fast-fail>
option. If a valid connection is not found in the pool, a new connection is created. If the connection creation fails, an exception is returned to the requesting application.This setting results in the quickest recovery but creates the highest load on the database. However, this is the safest selection if the minimal performance hit is not a concern.<background-validation>true</background-validation>
When the<background-validation>
option is set totrue
, it is used in combination with the<background-validation-millis>
value to determine how often background validation runs. The default value for the<background-validation-millis>
parameter is 0 milliseconds, meaning it is disabled by default. This value should not be set to the same value as your<idle-timeout-minutes>
setting.It is a balancing act to determine the optimum<background-validation-millis>
value for a particular system. The lower the value, the more frequently the pool is validated and the sooner invalid connections are removed from the pool. However, lower values take more database resources. Higher values result in less frequent connection validation checks and use less database resources, but dead connections are undetected for longer periods of time.
Note
If the<validate-on-match>
option is set totrue
, the<background-validation>
option should be set tofalse
. The reverse is also true. If the<background-validation>
option is set totrue
, the<validate-on-match>
option should be set tofalse
.Choose a Validation Mechanism
Select one of the following validation mechanisms.Specify a <valid-connection-checker> Class Name
This is the preferred mechanism as it optimized for the particular RDBMS in use. JBoss EAP 6 provides the following connection checkers:- org.jboss.jca.adapters.jdbc.extensions.db2.DB2ValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.mssql.MSSQLValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLReplicationValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.novendor.JDBC4ValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.novendor.NullValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.sybase.SybaseValidConnectionChecker
Specify SQL for <check-valid-connection-sql>
You provide the SQL statement used to validate the connection.The following is an example of how you might specify a SQL statement to validate a connection for Oracle:<check-valid-connection-sql>select 1 from dual</check-valid-connection-sql>
For MySQL or PostgreSQL, you might specify the following SQL statement:<check-valid-connection-sql>select 1</check-valid-connection-sql>
Set the <exception-sorter> Class Name
When an exception is marked as fatal, the connection is closed immediately, even if the connection is participating in a transaction. Use the exception sorter class option to properly detect and clean up after fatal connection exceptions. JBoss EAP 6 provides the following exception sorters:- org.jboss.jca.adapters.jdbc.extensions.db2.DB2ExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.informix.InformixExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.novendor.NullExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.sybase.SybaseExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.mssql.MSSQLExceptionSorter
6.7. Datasource Configuration
6.7.1. Datasource Parameters
Parameter | Description |
---|---|
jndi-name | The unique JNDI name for the datasource. |
pool-name | The name of the management pool for the datasource. |
enabled | Whether or not the datasource is enabled. |
use-java-context |
Whether to bind the datasource to global JNDI.
|
spy |
Enable
spy functionality on the JDBC layer. This logs all JDBC traffic to the datasource. Note that the logging category jboss.jdbc.spy must also be set to the log level DEBUG in the logging subsystem.
|
use-ccm | Enable the cached connection manager. |
new-connection-sql | A SQL statement which executes when the connection is added to the connection pool. |
transaction-isolation |
One of the following:
|
url-selector-strategy-class-name | A class that implements interface org.jboss.jca.adapters.jdbc.URLSelectorStrategy . |
security |
Contains child elements which are security settings. See Table 6.8, “Security parameters”.
|
validation |
Contains child elements which are validation settings. See Table 6.9, “Validation parameters”.
|
timeout |
Contains child elements which are timeout settings. See Table 6.10, “Timeout parameters”.
|
statement |
Contains child elements which are statement settings. See Table 6.11, “Statement parameters”.
|
Parameter | Description |
---|---|
jta | Enable JTA integration for non-XA datasources. Does not apply to XA datasources. |
connection-url | The JDBC driver connection URL. |
driver-class | The fully-qualified name of the JDBC driver class. |
connection-property |
Arbitrary connection properties passed to the method
Driver.connect(url,props) . Each connection-property specifies a string name/value pair. The property name comes from the name, and the value comes from the element content.
|
pool |
Contains child elements which are pooling settings. See Table 6.6, “Pool parameters common to non-XA and XA datasources”.
|
url-delimiter |
The delimiter for URLs in a connection-url for High Availability (HA) clustered databases.
|
Parameter | Description |
---|---|
xa-datasource-property |
A property to assign to implementation class
XADataSource . Specified by name=value. If a setter method exists, in the format setName , the property is set by calling a setter method in the format of setName(value) .
|
xa-datasource-class |
The fully-qualified name of the implementation class
javax.sql.XADataSource .
|
driver |
A unique reference to the class loader module which contains the JDBC driver. The accepted format is driverName#majorVersion.minorVersion.
|
xa-pool |
Contains child elements which are pooling settings. See Table 6.6, “Pool parameters common to non-XA and XA datasources” and Table 6.7, “XA pool parameters”.
|
recovery |
Contains child elements which are recovery settings. See Table 6.12, “Recovery parameters”.
|
Parameter | Description |
---|---|
min-pool-size | The minimum number of connections a pool holds. |
max-pool-size | The maximum number of connections a pool can hold. |
prefill | Whether to try to prefill the connection pool. The default is false . |
use-strict-min | Whether the idle connection scan should strictly stop marking for closure of any further connections, once the min-pool-size has been reached. The default value is false . |
flush-strategy |
Whether the pool is flushed in the case of an error. Valid values are:
The default is
FailingConnectionOnly .
|
allow-multiple-users | Specifies if multiple users will access the datasource through the getConnection(user, password) method, and whether the internal pool type accounts for this behavior. |
Parameter | Description |
---|---|
is-same-rm-override | Whether the javax.transaction.xa.XAResource.isSameRM(XAResource) class returns true or false . |
interleaving | Whether to enable interleaving for XA connection factories. |
no-tx-separate-pools |
Whether to create separate sub-pools for each context. This is required for Oracle datasources, which do not allow XA connections to be used both inside and outside of a JTA transaction.
Using this option will cause your total pool size to be twice
max-pool-size , because two actual pools will be created.
|
pad-xid | Whether to pad the Xid. |
wrap-xa-resource |
Whether to wrap the XAResource in an
org.jboss.tm.XAResourceWrapper instance.
|
Parameter | Description |
---|---|
user-name | The username to use to create a new connection. |
password | The password to use to create a new connection. |
security-domain | Contains the name of a JAAS security-manager which handles authentication. This name correlates to the application-policy/name attribute of the JAAS login configuration. |
reauth-plugin | Defines a reauthentication plug-in to use to reauthenticate physical connections. |
Parameter | Description |
---|---|
valid-connection-checker |
An implementation of interface
org.jboss.jca.adaptors.jdbc.ValidConnectionChecker which provides a SQLException.isValidConnection(Connection e) method to validate a connection. An exception means the connection is destroyed. This overrides the parameter check-valid-connection-sql if it is present.
|
check-valid-connection-sql | An SQL statement to check validity of a pool connection. This may be called when a managed connection is taken from a pool for use. |
validate-on-match |
Indicates whether connection level validation is performed when a connection factory attempts to match a managed connection for a given set.
Specifying "true" for
validate-on-match is typically not done in conjunction with specifying "true" for background-validation . Validate-on-match is needed when a client must have a connection validated prior to use. This parameter is false by default.
|
background-validation |
Specifies that connections are validated on a background thread. Background validation is a performance optimization when not used with
validate-on-match . If validate-on-match is true, using background-validation could result in redundant checks. Background validation does leave open the opportunity for a bad connection to be given to the client for use (a connection goes bad between the time of the validation scan and prior to being handed to the client), so the client application must account for this possibility.
|
background-validation-millis | The amount of time, in milliseconds, that background validation runs. |
use-fast-fail |
If true, fail a connection allocation on the first attempt, if the connection is invalid. Defaults to
false .
|
stale-connection-checker |
An instance of
org.jboss.jca.adapters.jdbc.StaleConnectionChecker which provides a Boolean isStaleConnection(SQLException e) method. If this method returns true , the exception is wrapped in an org.jboss.jca.adapters.jdbc.StaleConnectionException , which is a subclass of SQLException .
|
exception-sorter |
An instance of
org.jboss.jca.adapters.jdbc.ExceptionSorter which provides a Boolean isExceptionFatal(SQLException e) method. This method validates whether an exception is broadcast to all instances of javax.resource.spi.ConnectionEventListener as a connectionErrorOccurred message.
|
Parameter | Description |
---|---|
use-try-lock | Uses tryLock() instead of lock() . This attempts to obtain the lock for the configured number of seconds, before timing out, rather than failing immediately if the lock is unavailable. Defaults to 60 seconds. As an example, to set a timeout of 5 minutes, set <use-try-lock> 300</use-try-lock> . |
blocking-timeout-millis | The maximum time, in milliseconds, to block while waiting for a connection. After this time is exceeded, an exception is thrown. This blocks only while waiting for a permit for a connection, and does not throw an exception if creating a new connection takes a long time. Defaults to 30000, which is 30 seconds. |
idle-timeout-minutes |
The maximum time, in minutes, before an idle connection is closed. If not specified, the default is
30 minutes. The actual maximum time depends upon the idleRemover scan time, which is half of the smallest idle-timeout-minutes of any pool.
|
set-tx-query-timeout |
Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout is used if no transaction exists. Defaults to
false .
|
query-timeout | Timeout for queries, in seconds. The default is no timeout. |
allocation-retry | The number of times to retry allocating a connection before throwing an exception. The default is 0 , so an exception is thrown upon the first failure. |
allocation-retry-wait-millis |
How long, in milliseconds, to wait before retrying to allocate a connection. The default is 5000, which is 5 seconds.
|
xa-resource-timeout |
If non-zero, this value is passed to method
XAResource.setTransactionTimeout .
|
Parameter | Description |
---|---|
track-statements |
Whether to check for unclosed statements when a connection is returned to a pool and a statement is returned to the prepared statement cache. If false, statements are not tracked.
|
prepared-statement-cache-size | The number of prepared statements per connection, in a Least Recently Used (LRU) cache. |
share-prepared-statements |
Whether JBoss EAP should cache, instead of close or terminate, the underlying physical statement when the wrapper supplied to the application is closed by application code. The default is
false .
|
Parameter | Description |
---|---|
recover-credential | A username/password pair or security domain to use for recovery. |
recover-plugin |
An implementation of the
org.jboss.jca.core.spi.recoveryRecoveryPlugin class, to be used for recovery.
|
6.7.2. Datasource Connection URLs
Datasource | Connection URL |
---|---|
PostgreSQL | jdbc:postgresql://SERVER_NAME:PORT/DATABASE_NAME |
MySQL | jdbc:mysql://SERVER_NAME:PORT/DATABASE_NAME |
Oracle | jdbc:oracle:thin:@ORACLE_HOST:PORT:ORACLE_SID |
IBM DB2 | jdbc:db2://SERVER_NAME:PORT/DATABASE_NAME |
Microsoft SQLServer | jdbc:sqlserver://SERVER_NAME:PORT;DatabaseName=DATABASE_NAME Note
The jdbc:microsoft:sqlserver://SERVER_NAME:PORT;DatabaseName=DATABASE_NAME template does not work with new database.
|
6.7.3. Datasource Extensions
Datasource Extension | Configuration Parameter | Description |
---|---|---|
org.jboss.jca.adapters.jdbc.spi.ExceptionSorter | <exception-sorter> | Checks whether an SQLException is fatal for the connection on which it was thrown |
org.jboss.jca.adapters.jdbc.spi.StaleConnectionChecker | <stale-connection-checker> | Wraps stale SQLExceptions in a org.jboss.jca.adapters.jdbc.StaleConnectionException |
org.jboss.jca.adapters.jdbc.spi.ValidConnection | <valid-connection-checker> | Checks whether a connection is valid for use by the application |
Extension Implementations
- Generic
- org.jboss.jca.adapters.jdbc.extensions.novendor.NullExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.novendor.NullStaleConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.novendor.NullValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.novendor.JDBC4ValidConnectionChecker
- PostgreSQL
- org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.postgres.PostgreSQLValidConnectionChecker
- MySQL
- org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLReplicationValidConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker
- IBM DB2
- org.jboss.jca.adapters.jdbc.extensions.db2.DB2ExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.db2.DB2StaleConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.db2.DB2ValidConnectionChecker
- Sybase
- org.jboss.jca.adapters.jdbc.extensions.sybase.SybaseExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.sybase.SybaseValidConnectionChecker
- Microsoft SQLServer
- org.jboss.jca.adapters.jdbc.extensions.mssql.MSSQLExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.mssql.MSSQLValidConnectionChecker
- Oracle
- org.jboss.jca.adapters.jdbc.extensions.oracle.OracleExceptionSorter
- org.jboss.jca.adapters.jdbc.extensions.oracle.OracleStaleConnectionChecker
- org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker
6.7.4. View Datasource Statistics
jdbc
and pool
using appropriately modified versions of the commands below:
Example 6.15. CLI for domain mode:
/host=master/server=server-one
and data-source=ExampleDS
according to the environment.
[domain@localhost:9999 /] /host=master/server=server-one/subsystem=datasources/data-source=ExampleDS/statistics=pool:read-resource(include-runtime=true) { "outcome" => "success", "result" => { "ActiveCount" => "0", "AvailableCount" => "20", "AverageBlockingTime" => "0", "AverageCreationTime" => "0", "CreatedCount" => "0", "DestroyedCount" => "0", "MaxCreationTime" => "0", "MaxUsedCount" => "0", "MaxWaitTime" => "0", "TimedOut" => "0", "TotalBlockingTime" => "0", "TotalCreationTime" => "0" } }
Example 6.16. CLI for standalone mode:
data-source=ExampleDS
according to the environment.
[standalone@localhost:9999 /] /subsystem=datasources/data-source=ExampleDS/statistics=pool:read-resource(include-runtime=true) { "outcome" => "success", "result" => { "ActiveCount" => "0", "AvailableCount" => "20", "AverageBlockingTime" => "0", "AverageCreationTime" => "0", "CreatedCount" => "0", "DestroyedCount" => "0", "MaxCreationTime" => "0", "MaxUsedCount" => "0", "MaxWaitTime" => "0", "TimedOut" => "0", "TotalBlockingTime" => "0", "TotalCreationTime" => "0" } }
Note
include-runtime=true
argument, as all statistics are runtime only information and the default is false
.
6.7.5. Datasource Statistics
The following table contains a list of the supported datasource core statistics:
Name | Description |
---|---|
ActiveCount |
The number of active connections. Each of the connections is either in use by an application or available in the pool
|
AvailableCount |
The number of available connections in the pool.
|
AverageBlockingTime |
The average time spent blocking on obtaining an exclusive lock on the pool. The value is in milliseconds.
|
AverageCreationTime |
The average time spent creating a connection. The value is in milliseconds.
|
CreatedCount |
The number of connections created.
|
DestroyedCount |
The number of connections destroyed.
|
InUseCount |
The number of connections currently in use.
|
MaxCreationTime |
The maximum time it took to create a connection. The value is in milliseconds.
|
MaxUsedCount |
The maximum number of connections used.
|
MaxWaitCount |
The maximum number of requests waiting for a connection at the same time.
|
MaxWaitTime |
The maximum time spent waiting for an exclusive lock on the pool.
|
TimedOut |
The number of timed out connections.
|
TotalBlockingTime |
The total time spent waiting for an exclusive lock on the pool. The value is in milliseconds.
|
TotalCreationTime |
The total time spent creating connections. The value is in milliseconds.
|
The following table contains a list of the supported datasource JDBC statistics:
Name | Description |
---|---|
PreparedStatementCacheAccessCount |
The number of times that the statement cache was accessed.
|
PreparedStatementCacheAddCount |
The number of statements added to the statement cache.
|
PreparedStatementCacheCurrentSize |
The number of prepared and callable statements currently cached in the statement cache.
|
PreparedStatementCacheDeleteCount |
The number of statements discarded from the cache.
|
PreparedStatementCacheHitCount |
The number of times that statements from the cache were used.
|
PreparedStatementCacheMissCount |
The number of times that a statement request could not be satisfied with a statement from the cache.
|
Core
and JDBC
statistics using appropriately modified versions of the following commands:
/subsystem=datasources/data-source=ExampleDS/statistics=pool:write-attribute(name=statistics-enabled,value=true)
/subsystem=datasources/data-source=ExampleDS/statistics=jdbc:write-attribute(name=statistics-enabled,value=true)