Docstoc

Administering Apache Geronimo 2.x

Document Sample
Administering Apache Geronimo 2.x Powered By Docstoc
					 Administering Apache
    Geronimo 2.x

Vamsavardhana Reddy Chillakuru
         a.k.a. Vamsi
   vamsic007@apache.org
   vamsic007@in.ibm.com
                  Who am I?
• Committer and Member of Apache
  Geronimo PMC
• Involved with ASF since 2005
• Over 11 years experience in software
  development
• Advisory Software Engineer at IBM
• Employed with IBM India since 1996


    11-Apr-2008   Administering Apache Geronimo   2
                                2.x
 Geronimo in the making 




That’s my son Susanth helping me with Geronimo 

     11-Apr-2008   Administering Apache Geronimo   3
                                 2.x
                        Agenda
•   Introduction to Geronimo
•   Securing Geronimo
•   Administration Tasks
•   Multiple Server Instances
•   Summary
•   Q&A



      11-Apr-2008   Administering Apache Geronimo   4
                                  2.x
                        Agenda
•   Introduction to Geronimo
•   Securing Geronimo
•   Administration Tasks
•   Multiple Server Instances
•   Summary
•   Q&A



      11-Apr-2008   Administering Apache Geronimo   5
                                  2.x
   Introduction to Geronimo
• J2EE/Java EE Application Server from
  Apache Software Foundation
• Brings together the best-of-breed
  technologies from open source to support
  J2EE/Java EE
• Small foot print/Highly customizable
• Ease of use is – foremost guiding principle
• V2.1 Java EE 5 Certified – Feb/2008


     11-Apr-2008   Administering Apache Geronimo   6
                                 2.x
            Geronimo History and
                 Progress




August    Oct    Jan June Sep            Jun Aug Oct Feb In Plan
 2003    2005   2006 2006 2006          2007 2007 2007 2008



            11-Apr-2008   Administering Apache Geronimo            7
                                        2.x
      Geronimo Architecture
• GBeans are the building blocks
   – E.g. Containers, Connectors, Servlets…
• Geronimo Kernel
   – A container for GBeans
   – Based on Inversion-of-Control/Dependency Injection
   – Provides Life Cycle management for GBeans
• Loosely coupled system
   – Start/stop/remove components on the fly
   – Integrate new components on the fly
• Plugins
   – Directory Server, Roller and many other



      11-Apr-2008   Administering Apache Geronimo         8
                                  2.x
  Geronimo Architecture




*Ref: http://www.ibm.com/developerworks/library/os-ag-deploy/
   11-Apr-2008   Administering Apache Geronimo                  9
                               2.x
             What it contains?
•   Apache Tomcat                     • Apache Commons
•   Jetty (Mort Bay)                  • Apache jUDDI
•   Apache Derby                      • Apache Log4J
•   Apache OpenEJB                    • HOWL
•   Apache ActiveMQ                   • TRANQL
•   Apache OpenJPA                    • Castor
•   Apache Axis                       • WADI
•   Apache Axis2                      • CGLIB
•   Apache CXF                        And many more…
•   Apache Yoko


       11-Apr-2008   Administering Apache Geronimo       10
                                   2.x
          What’s new in 2.1?
• Servers assembled out of plugins
• Custom server assemblies
    – Assemble a server feature
•   Flexible admin console
•   Monitoring Console
•   GShell
•   WADI Clustering Support for Tomcat

      11-Apr-2008   Administering Apache Geronimo   11
                                  2.x
      How to get involved?
• Geronimo project web site
  – http://geronimo.apache.org/
• Mailing lists
  – user@geronimo.apache.org
  – dev@geronimo.apache.org
• Wiki
  – http://cwiki.apache.org/geronimo/


     11-Apr-2008   Administering Apache Geronimo   12
                                 2.x
      Geronimo Installation
• http://geronimo.apache.org/downloads.html
• Geronimo Tomcat or Geronimo Jetty
  distributions
• Extract the archive to any directory
  – On windows, use a short directory name
    (for e.g. C:\ or C:\g) to avoid long-path
    problems.



     11-Apr-2008   Administering Apache Geronimo   13
                                 2.x
Geronimo Startup/Shutdown
• Requires Sun J2SE 5.0 JDK/JRE
• Environment variables
   – JAVA_HOME/JRE_HOME
   – GERONIMO_OPTS
   – JAVA_OPTS
• Run the server
   – <g_home>/bin/geronimo start
   – <g_home>/bin/geronimo jpda run
• Stop the server
   – Control+C in server console
   – <g_home>/bin/shutdown



      11-Apr-2008   Administering Apache Geronimo   14
                                  2.x
11-Apr-2008   Administering Apache Geronimo   15
                            2.x
      Administration Console
•   Web-based, Convenient, user-friendly
•   Based on Apache Pluto (JSR-168)
•   Access at http://localhost:8080/console
•   Portlets for administration
    – Web Server, JMS Server, JMS Resources, DB Manager,
      Database Pools
    – Application portlets – Deploy New, Web App WARs, Plan
      Creator etc..
    – Security Realms, Keystores
• Portlets for monitoring server status
    – Information, Java System Info, Server Logs, Monitoring,
      etc.
• Don’t forget the Help view in the portlets


       11-Apr-2008   Administering Apache Geronimo              16
                                   2.x
11-Apr-2008   Administering Apache Geronimo   17
                            2.x
                        Agenda
•   Introduction to Geronimo
•   Geronimo Console
•   Securing Geronimo
•   Administration Tasks
•   Multiple Server Instances
•   Do’s & Don’ts
•   Q&A

      11-Apr-2008   Administering Apache Geronimo   18
                                  2.x
Geronimo directory structure
+-bin                              +-i1=instance-name
|-deploy                             +-deploy
|-etc                                +-var
|-lib                                  +-config
|-repository                           |-derby
|-schema                               |-security
|-var                                  | +-keystores
  +-config                             |-shared
  |-derby                                +-classes
  |-security                             |-lib
  |-shared


    11-Apr-2008   Administering Apache Geronimo         19
                                2.x
Important configuration files
• Located in <g_home>/var/config
• config.xml
  – Overridden GBean attributes
  – New GBeans and configurations
• config-substitutions.properties
  – Properties used in confg.xml
• artifact_aliases.properties
  – Substitute one artifact for another


    11-Apr-2008   Administering Apache Geronimo   20
                                2.x
     Replace Default Realm
• Default security realm - geronimo-admin
   – Used by JMX server, Admin Console, Online-deployer,
     MEJB application
• Change default credentials
   – Edit var/security/users.properties
   – Users and Groups portlet
• Replace default realm
   – Deploy desired realm with name geronimo-admin
       • Database or LDAP Realm recommended for production
   – Delete the realm gbean in server-security-config




      11-Apr-2008   Administering Apache Geronimo            21
                                  2.x
      Protecting passwords
• Pluggable Encryption Mechanism
<gbean name="org.apache.geronimo.configs/rmi-
naming/2.1/car?name=ConfiguredEncryption,
j2eeType=GBean"
gbeanInfo="o.a.g.system.util.ConfiguredEncryption">
    <attribute name="path">
        var/security/ConfiguredSecretKey.ser
    </attribute>
    <reference name="ServerInfo">
        <pattern><name>ServerInfo</name></pattern>
    </reference>
</gbean>




     11-Apr-2008   Administering Apache Geronimo      22
                                 2.x
          Securing Derby
• <g_home>/var/derby/derby.properties
     derby.connection.requireAuthentication=true
     derby.authentication.provider=BUILTIN
     derby.user.userName1=password1
     derby.user.userName2=password2

  • Other authentication methods
     – LDAP, application-defined
     – o.a.d.authentication.UserAuthenticator
  • Users at database level too
  • http://db.apache.org/derby/binaries/jta-
    WE15.pdf
    11-Apr-2008 Administering Apache Geronimo      23
                       2.x
    Update database pools
• Update credentials used by database pools
  – Using Admin Console
     • Update before enabling Derby security. Otherwise
       Geronimo server will not start.
  – By editing config.xml (xml shown next)
  – Database pools to update
     •   MonitoringClientDS
     •   NoTxDatasource
     •   SystemDatasource
     •   jdbc/ActiveDS
     •   jdbc/ArchiveDS
     •   jdbc/juddiDB
     •   Any other database pools that use Embedded Derby

     11-Apr-2008   Administering Apache Geronimo            24
                                 2.x
  Update DB pools - config.xml
<module name="org.apache.geronimo.configs/system-
  database/2.1/car">
   <gbean name="o.a.g.c/system-
      database/2.1/car?...,name=SystemDatasource">
     <attribute name="UserName">userName1</attribute>
     <attribute name="Password">password1</attribute>
   </gbean>
   <gbean name="o.a.g.c/system-database/2.1/car?...,
      name=NoTxDatasource">
     <attribute name="UserName">userName1</attribute>
     <attribute name="Password">password1</attribute>
   </gbean>
</module>




      11-Apr-2008   Administering Apache Geronimo       25
                                  2.x
                        Agenda
•   Introduction to Geronimo
•   Securing Geronimo
•   Administration Tasks
•   Multiple Server Instances
•   Summary
•   Q&A



      11-Apr-2008   Administering Apache Geronimo   26
                                  2.x
            A typical scenario
•   Setup the web server
•   Create user database and DB Pools
•   Create Security Realms
•   Create JMS Factories and Queues
•   Deploy Applications
•   Manage Applications
•   Server Logs
•   Monitoring


      11-Apr-2008   Administering Apache Geronimo   27
                                  2.x
    Administering Tomcat
• WebServers portlet for connectors
  – Connector protocol: HTTP, HTTPS, AJP
  – BIO/NIO/APR
  – add/delete/edit/stop/start/restart
• Configuring HTTPS
  – Server Authentication only
  – ClientAuth



    11-Apr-2008   Administering Apache Geronimo   28
                                2.x
                  Virtual hosts
• Add HostGBeans to Tomcat config
• Specify virtual host in deployment
  plan
  <container-config>
    <tomcat>
       <host>virtualhost1.com</host>
    </tomcat>
  </container-config>


    11-Apr-2008   Administering Apache Geronimo   29
                                2.x
             Single Sign-On
• Login to one application maintains
  login across all applications on the
  server
• Create a SingleSignOn valve and
  connect to the valve chain
  – Edit config.xml




    11-Apr-2008   Administering Apache Geronimo   30
                                2.x
        Managing Keystores
•   Add keystores
•   Lock/unlock keystores
•   Create/delete private keys
•   Change keystore/key passwords
•   Add/delete trust certificates
•   Manage private keys/certificates
•   Support for all keystore types in v2.1

      11-Apr-2008   Administering Apache Geronimo   31
                                  2.x
      Administering Derby
• DB Info portlet
• DB Manager portlet
  – Create/delete databases
  – View tables, table content
  – Run SQL
• Derby Log Viewer portlet



    11-Apr-2008   Administering Apache Geronimo   32
                                2.x
            Database Pools
• Database pools portlet
  – Create/edit database pool
• J2EE Connectors portlet
  – Stop/start/delete connector
    configurations




    11-Apr-2008   Administering Apache Geronimo   33
                                2.x
            Security Realms
• Add security realms
  – Properties File Realm
  – Database (SQL) Realm
  – LDAP Realm
  – Custom Realm
• Edit security realms
• Configure Auditing, Lockout


    11-Apr-2008   Administering Apache Geronimo   34
                                2.x
   Administering ActiveMQ
• JMS Server portlet
  – Add/delete/start/stop connectors
  – Stopped connectors started at next run
• JMS Resources portlet
  – Add connection factories, queues, topics
    for ActiveMQ or any other JMS provider
• J2EE Connectors portlet
  – Stop/start/delete connector configs


    11-Apr-2008   Administering Apache Geronimo   35
                                2.x
       Deploy Applications
• Command Line Deployer
  – bin\deploy
  – Offline deployment: bin\deploy -o
  – inPlace deployment
  – Deploy to different target stores
  – Start/stop/restart/deploy/undeploy …
• Deploy New portlet
  – Deploy and redeploy operations only


    11-Apr-2008   Administering Apache Geronimo   36
                                2.x
Deploy Applications (contd.)
• Hot deployer
  – Copy to <g_home>/deploy directory
  – Plan should be part of archive
• Plan Creator
  – Lets you create a deployment plan in a
    series of steps.
  – Web Apps only as of v2.1
  – EJB, EAR etc under development

    11-Apr-2008   Administering Apache Geronimo   37
                                2.x
       Manage Applications
•   System Modules portlet
•   Web App WARs portlet
•   EJB Jars portlet
•   Application EARs portlet
•   App Clients
•   J2EE Connectors



      11-Apr-2008   Administering Apache Geronimo   38
                                  2.x
                      Logging
• var/log/server-log4j.properties
  – org.apache.geronimo.log.ConsoleLogLe
    vel system property to change console
    log level
  – org.apache.geronimo.log4jservice.config
    uration to change the default config file
• ServerLogs portlet
  – Update config file temporarily


    11-Apr-2008   Administering Apache Geronimo   39
                                2.x
           Web Access logs
• Server Logs–Web Access Log Viewer
• Log rotation – rotated daily
  – NOTE: Logs not deleted by Geronimo
• Changing log configuration

 <gbean name="AccessLogValve">
     <attribute
 name="initParams">prefix=${ServerHostname}_access_log.
     suffix=.txt
     pattern=common
     fileDateFormat=yyyy-MM</attribute>
 </gbean>


     11-Apr-2008   Administering Apache Geronimo          40
                                 2.x
                  Monitoring
• Servers - Local and remote servers
  – EJB and JMX protocols
• Graphs
  – Select MBean and statistic
  – Based on two statistics from the MBean
• Views
  – Compose multiple graphs into views


    11-Apr-2008   Administering Apache Geronimo   41
                                2.x
                    Debug Views
•   JMX Viewer
•   LDAP Viewer
•   ClassLoader Viewer
•   JNDI Viewer
•   Dependency Viewer




      11-Apr-2008   Administering Apache Geronimo   42
                                  2.x
                       Plugins
• Plugins portlet
  – Add plugin repositories
  – Search for plugins
  – Install plugins
  – Export config as plugin
  – Assemble a server
• Command Line Deployer
  – Search-plugins


    11-Apr-2008   Administering Apache Geronimo   43
                                2.x
                        Agenda
•   Introduction to Geronimo
•   Securing Geronimo
•   Administration Tasks
•   Multiple Server Instances
•   Summary
•   Q&A



      11-Apr-2008   Administering Apache Geronimo   44
                                  2.x
 Running multiple instances
• Shared directories
  – bin, lib, repository
• Instance home <inst_home> directory
  – Create <g_home>/<inst_name> dir
  – Copy <g_home>/var to <inst_home>/var
• Change PortOffset to resolve port conflicts
  – <inst_home>/var/config/config-
    substitutions.properties
• Set org.apache.geronimo.server.name
  system property.
  – Use GERONIMO_OPTS


     11-Apr-2008   Administering Apache Geronimo   45
                                 2.x
Geronimo directory structure
+-bin                              +-i1=instance-name
|-deploy                             +-deploy
|-etc                                +-var
|-lib                                  +-config
|-repository                           |-derby
|-schema                               |-security
|-var                                  | +-keystores
  +-config                             |-shared
  |-derby                                +-classes
  |-security                             |-lib
  |-shared


    11-Apr-2008   Administering Apache Geronimo         46
                                2.x
   Deploying to an instance
• Offline Deployment
  – org.apache.geronimo.server.name property
    with GERONIMO_OPTS
• Online deployment
  – Host and port deployer options
  – Deploy New portlet
• Deploy to specific target config stores
  – target deployer option
  – bin/deploy list-targets


     11-Apr-2008   Administering Apache Geronimo   47
                                 2.x
      Individual Repositories
•   Maven2Repository GBean
•   RepositoryConfigurationStore GBean
•   Deploy to the specific instance
•   Use target option to deploy to the new
    store.




      11-Apr-2008   Administering Apache Geronimo   48
                                  2.x
  New Repository – plan.xml
<!--Repository-->
<gbean name="newRepo"
   class="org.apache.geronimo.system.repository.Maven
   2Repository">
  <attribute name="resolveToServer">true</attribute>
  <reference name="ServerInfo">
    <name>ServerInfo</name>
  </reference>
</gbean>
<!--Configuration Store service-->
<gbean name="Local2"
   class="org.apache.geronimo.system.configuration.
   RepositoryConfigurationStore">
  <reference name="Repository"><name>newRepo</name>
   </reference>
</gbean>



      11-Apr-2008   Administering Apache Geronimo   49
                                  2.x
                        Agenda
•   Introduction to Geronimo
•   Securing Geronimo
•   Administration Tasks
•   Multiple Server Instances
•   Summary
•   Q&A



      11-Apr-2008   Administering Apache Geronimo   50
                                  2.x
                       Summary
•   Introduction to Geronimo
•   Replace default-realm
•   Protect passwords
•   Enable Derby security
•   Secure default keystore
•   Administration Console for most tasks
•   config.xml to add new GBeans
•   Running multiple server instances


       11-Apr-2008   Administering Apache Geronimo   51
                                   2.x
                             Do’s
•   Secure <g_home>
•   Use Database/LDAP realm
•   Use digested passwords
•   Use schema names with table names
    – E.g. AUTH.USERTABLE
• Use config-substitutions.properties for
  attribute values in config.xml


      11-Apr-2008   Administering Apache Geronimo   52
                                  2.x
                        Don’ts
• Do not enable logging to console
  when running in background in Linux
• Do not direct console output to file
• Do not use passwords in the
  command line with
  – bin\deploy
  – bin\shutdown



    11-Apr-2008   Administering Apache Geronimo   53
                                2.x
                        Agenda
•   Introduction to Geronimo
•   Securing Geronimo
•   Administration Tasks
•   Multiple Server Instances
•   Summary
•   Q&A



      11-Apr-2008   Administering Apache Geronimo   54
                                  2.x
   Administering Apache
      Geronimo 2.x


                   Q&A
          Question/Comments?
                 Vamsi
         vamsic007@apache.org
         vamsic007@in.ibm.com


11-Apr-2008   Administering Apache Geronimo   55
                            2.x
                  Resources
• http://geronimo.apache.org
• http://cwiki.apache.org/geronimo/
• Geronimo Mailing lists
  – user@geronimo.apache.org
  – dev@geronimo.apache.org
• IBM developerWorks
  – http://www.ibm.com/developerworks/ope
    nsource/top-projects/geronimo.html


    11-Apr-2008   Administering Apache Geronimo   56
                                2.x
          Thank you



11-Apr-2008   Administering Apache Geronimo   57
                            2.x

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:33
posted:8/3/2011
language:English
pages:57