Red Hat Training

A Red Hat training course is available for Red Hat JBoss Operations Network

11. Deploying Applications on Application Servers

Applications such as EAR and WAR files that are deployed on an application server are cross between a child resource (of the application server) and content that is managed in a repository.
For these content-backed resources, the child resource is created first, by uploading a package to the JBoss server. After that, they are managed like content, with updated packages added to a content repo and then applied to the application server.

11.1. Setting Permissions for Agent and Resource Users

The assumption is that the JBoss ON agent and resources like a JBoss server or Tomcat server run as the same system user. This allows the agent and the application server itself to manage resource content and configuration simultaneously.
However, if the agent user is different than the resource user, then there can be problems when one entity makes a configuration change and the other attempts a change later.
For example, when deploying an application, the deployment operation is initiated by the agent and the content is supplied through the agent, and then the application server completes the actual deployment. When deleting an application, the application server handles the undeployment by itself.
If a WAR file is deployed exploded without a MANIFEST.MF file, the agent creates one when it writes the SHA-256 value for the package. When the JBoss AS server tries to remove the WAR application later (and the JBoss AS user is different than the agent user), then the removal fails. The JBoss AS server cannot delete the MANIFEST.MF file. The agent then rediscovers the application directory and re-initiates the deployment operation for the removed WAR.

Note

This situation only occurs when the application is exploded and does not contain the MANIFEST.MF file — meaning, a situation where the agent creates a file within the deployment directory. Even if the agent and JBoss AS users are different, this situation does not occur if the application is not exploded or where the agent does not write any files.
This situation can be avoided. If the agent user and resource user are different, then change the system settings:
  1. Add the agent user and the resource user to the same primary group.
  2. Set the umask value for the agent user to give read and write permissions, such as 660. For example: 
    vim /home/rhqagent/.bashrc

umask 660