Chapter 5. Design and Development

As previously mentioned, the domain controller is started with the default host configuration file. This file is modified to change the server name by the CLI script. Each section of this file is inspected separately.

The security configuration remains unchanged from its default values, but a review that provides a better understanding of the authentication section is still useful. As seen below under authentication, the management realm uses both the mgmt-users.properties file, previously reviewed, as well as a local default user configuration. This local user enables silent authentication when the client is on the same machine. As such, the user node1, although created, is not necessary for the active domain. It is created for the sake of consistency across the two domains. For further information about silent authentication of a local user, refer to the product documentation.

The rest of the security configuration simply refers to the application users, and once again, it is unchanged from the default values.

Management interfaces are also configured as per the default and are not modified in the setup.

With node1 being the domain controller, the configuration file explicitly reflects this fact and points to <local/>. This is the default setup for the host.xml in EAP 7:

Interfaces and JVM configuration are also left unchanged.

The automated configuration scripts remove the sample servers that are configured by default in JBoss EAP 7 and instead create a new server as part of this cluster. This server is named in a way that reflects both the node on which it runs as well as the domain to which it belongs. All servers are configured to auto start when the host starts up:

To start the other nodes of the active domain, after the domain controller has been started, run the following commands on nodes 2 and 3, identified by IP addresses of 10.19.137.35 and 10.19.137.36:

# /opt/jboss-eap-7.0_active/bin/domain.sh -b 10.19.137.35 -bprivate=10.19.137.35 -Djboss.domain.master.address=10.19.137.34 --host-config=host-slave.xml # /opt/jboss-eap-7.0_active/bin/domain.sh -b 10.19.137.36 -bprivate=10.19.137.36 -Djboss.domain.master.address=10.19.137.34 –host-config=host-slave.xml

These two nodes are configured similarly, so it suffices to look at the host configuration file for one of them:

Once again, the host name is modified by CLI to reflect the host name. In the case of nodes 2 and 3, the name selected for the host is not only for display and informational purposes. This host name is also picked up as the user name that is used to authenticate against the domain controller. The hash value of the the user name and its associated password is provided as the secret value of the server identity:

So in this case, node2 authenticates against the domain controller running on node1 by providing node2 as its username and the above secret value as its password hash. This value is copied from the output of the add-user script when node2 is added as a user.

The rest of the security configuration remains unchanged. Management interface configuration also remains unchanged.

The domain controller is identified by a Java system property ( -Djboss.domain.master.address) that is passed to the node2 Java virtual machine (JVM) when starting the server:

Automated configuration scripts remove the sample servers of JBoss EAP 7 and instead create a new server as part of this cluster:

The bulk of the configuration for the cluster and the domain is stored in its domain.xml file. This file can only be edited when the servers are stopped, and is best modified through the management capabilities, which include the management console, CLI and various scripts and languages available on top of CLI.

The first section of the domain configuration file lists the various extensions that are enabled for this domain. This section is left unchanged and includes all the standard available extensions:

System properties are also left as default:

The next section of the domain configuration is the profiles section. JBoss EAP 7 ships with four pre-configured profiles. Since this reference architecture only uses the full-ha profile, the other three profiles have been removed to make the domain.xml easier to read and maintain.

The configuration script updates parts of the full-ha profile, but most of the profile remains unchanged from the full-ha baseline. For eample, the ExampleDS datasource, using an in-memory H2 database, remains intact but is not used in the cluster.

The configuration script deploys a JDBC driver for postgres, and configures a connection pool to the eap7 database using the database owner’s credentials:

The driver element includes the name of the JAR (Java ARchive) file where the driver class can be found. This creates a dependency on the JDBC driver JAR file and assumes that it has been separately deployed. There are multiple ways to make a JDBC driver available in EAP 7. The approach here is to deploy the driver, as with any other application.

The ExampleDS connection pool uses a different approach for its driver. The JDBC driver of the H2 Database is made available as a module. As such, it is configured under the drivers section of the domain configuration:

After datasources, the profile configures the Java EE and EJB3 subsystems. This configuration is derived from the standard full-ha profile and unchanged.

The Infinispan subsystem is also left unchanged. This section configures several standard cache containers and defines the various available caches for each container. It also determines which cache is used by each container. Clustering takes advantage of these cache containers and as such, uses the configured cache of that container.

The cache container below is for applications that use a cluster singleton service:

Next in the Infinispan subsystem is the web cache container. It is used to replicate HTTP session data between cluster nodes:

Next is the ejb cache and used to replicate stateful session bean data.

Finally, the last cache container in the subsystem is the hibernate cache and is used for replicating second-level cache data. Hibernate makes use of an entity cache to cache data on each node and invalidate other nodes of the cluster when the data is modified. It also has an optional query cache:

Several other subsystems are then configured in the profile, without any modification from the baseline full-ha profile:

The next subsystem configured in the profile is messaging, Activemq. Two JMS servers are configured using the shared-store HA policy, one is a live JMS server (named "default").

And the other is a backup JMS server (named "backup").

The live JMS server uses the shared-store-master tag and the backup JMS server use the shared-store-slave tag. With the shared-store HA policy, when the live and backup JMS servers share the same file path, they form a live-backup group.

To have a JMS HA Cluster and to set up 3 nodes, one solution is to set up 3 copies of the full-ha profiles, almost identical to each other, but different in their messaging-activemq subsystem. This would allow the 3 profiles to be modified indiviually, following the diagrom below to form a 3 node JMS cluster: each profile will have 1 active jms server and 1 backup server.

However a simpler setup is possible that is both easier to understand and maintain. This reference architecture is set up with a single full-ha profile, with 2 JMS servers inside, one live and one backup JMS server. The same profile will apply to all 3 nodes, thus 1 live server and 1 backup server on each node. The key point is using variables to make sure that at runtime, the live and backup servers belong to different groups and form a live-backup pair with a different JVM.

Please note the use of variables in this reference architecture’s shared-store file path, which 's the way to make sure a backup JMS server won’t be in the same JVM as the live JMS server. Of course with a live-backup pair within the same JVM, failure at JVM or OS level will cause outage to both the live and its backup JMS server at same time and the backlog of messages being processed by that server will not be picked up by any other node, something that must be avoided in a true HA environment.

These 2 variables, live-group and backup-group, are runtime values are from the host.xml of the DMC node and host-slave.xml of slave nodes, defined inside each server tag.

Sample values for the active domain: in this setup, the second JMS server of node1 will be the backup server for the live server of node2, the second JMS server of node2 will be the backup server for the live server of node3, and the second JMS server of node3 will be the backup server for the live server of node1.

The cluster-connection for both JMS servers use separately defined remote-connector configurations instead of the default http-connector, to avoid conflict on the http port.

After messaging, the next subsystem configuration in the domain configuration file is mod_cluster, which is used to communicated with JWS apache http server:

The rest of the profile remains unchanged from the baseline full-ha configuration.

The domain configuration of the available interfaces is also based on the defaults provided in the full-ha configuration:

The four socket binding groups provided by default, remain configured in the setup, but only full-ha-sockets is used, and the other items are ignored.

The full-ha-sockets configures a series of port numbers for various protocols and services. Most of these port numbers are unchanged in the profiles and only three are modified. Jgroups-mping and jgroups-udp are changed to for cluster communication. mod-cluster affects full-ha profile’s modcluster subsystem, which is used to communicate with the JWS Apache http server.

Finally, the new server group is added and replaces the default ones:

This server group has three applications deployed:

The second and passive cluster/domain is configured through the same script with a slightly modified property file. The only properties that is changed for the second domain are as follows:

For this reference architecture, the CLI is invoked through the configure.sh shell script in both cases.

The configure.sh script performs the following tasks in order:

# pkill -f 'jboss'

if [ -d $CONF_BACKUP_HOME ]
then
   echo "========configuration to remove: " $CONF_HOME
   rm -rf $CONF_HOME
   echo "========restore from: " $CONF_BACKUP_HOME
   cp -r $CONF_BACKUP_HOME $CONF_HOME
else
   echo "========No configuration backup at " $CONF_BACKUP_HOME
fi
ls -l  $JBOSS_HOME/domain
echo "========clean servers folder"
rm -rf $JBOSS_HOME/domain/servers/*

echo "========build deployments if needed"
if [ -f ${SCRIPT_DIR}/code/webapp/target/clusterApp.war ]
then
   echo "========clusterApp.war is already built"
else
   mvn -f ${SCRIPT_DIR}/code/pom.xml install
fi

$JBOSS_HOME/bin/jboss-cli.sh --properties=$SCRIPT_DIR/cluster.properties --file=$SCRIPT_DIR/setup-master.cli -Dhost.file=host.xml
THIS_HOSTNAME=`$JBOSS_HOME/bin/jboss-cli.sh  -Djboss.domain.master.address=127.0.0.1 --commands="embed-host-controller --domain-config=domain.xml --host-config=host-slave.xml,read-attribute local-host-name"`

. $SCRIPT_DIR/slaves.properties
for slave in $(echo $slaves | sed "s/,/ /g")
do
        #Variable names for each node's name and identity secret:
        name="${slave}_name"
        secret="${slave}_secret"
        echo Will configure ${slave}
        #Back up host-slave as it will be overwritten by CLI:
        cp $CONF_HOME/host-slave.xml $CONF_HOME/host-slave-orig.xml

        $JBOSS_HOME/bin/jboss-cli.sh --file=$SCRIPT_DIR/setup-slave.cli -Djboss.domain.master.address=127.0.0.1 -Dhost.file=host-slave.xml -Dold.host.name=$THIS_HOSTNAME -Dhost.name=${!name} -Dserver.identity=${!secret} -Dlive.group=${!liveGroup} -Dbackup.group=${!backupGroup} --properties=$SCRIPT_DIR/cluster.properties


        #Copy final host-slave file to a directory for this node, restore the original
        mkdir $CONF_HOME/$slave
        mv $CONF_HOME/host-slave.xml $CONF_HOME/$slave/
        mv $CONF_HOME/host-slave-orig.xml $CONF_HOME/host-slave.xml
done

1) setup-master.cli

/host=master/server-config=server-three/:remove
/server-group=other-server-group/:remove
/host=master/server-config=server-one/:remove
/host=master/server-config=server-two/:remove
/server-group=main-server-group/:remove

/profile=default:remove
/profile=full:remove
/profile=ha:remove

/socket-binding-group=full-ha-sockets/socket-binding=jgroups-mping:write-attribute(name=multicast-address,value="${jboss.default.multicast.address:"$multicastAddress}
/socket-binding-group=full-ha-sockets/socket-binding=jgroups-udp:write-attribute(name=multicast-address,value="${jboss.default.multicast.address:"$multicastAddress}

/socket-binding-group=full-ha-sockets/remote-destination-outbound-socket-binding=mod-cluster:add(host=$lbHost,port=$lbPort)
/profile=full-ha/subsystem=modcluster/mod-cluster-config=configuration:write-attribute(name=advertise,value=false)
/profile=full-ha/subsystem=modcluster/mod-cluster-config=configuration:list-add(index=0,name=proxies,value=mod-cluster)

/server-group=demo-cluster:add(profile=full-ha,socket-binding-group=full-ha-sockets)
/server-group=demo-cluster/jvm=default:add(heap-size=66m, max-heap-size=512m)

/host=master/server-config=$serverName:add(group=demo-cluster,auto-start=true)
/host=master/server-config=$serverName:write-attribute(name=socket-binding-port-offset,value=$portOffset)

/host=master/core-service=management/management-interface=http-interface:write-attribute(name=port,value="${jboss.management.http.port:"$mgmtHttpPort}
/host=master/core-service=management/management-interface=native-interface:write-attribute(name=port,value="${jboss.management.native.port:"$mgmtNativePort}

/host=master/server-config=$serverName/system-property=live-group:add(value=$liveGroup)
/host=master/server-config=$serverName/system-property=backup-group:add(value=$backupGroup)

deploy ${env.SCRIPT_DIR}/postgresql-9.4.1208.jar  --server-groups=demo-cluster
data-source add --profile=full-ha --name=eap7 --driver-name=postgresql-9.4.1208.jar --connection-url=$psqlConnectionUrl --jndi-name=java:jboss/datasources/ClusterDS --user-name=jboss --password=password --use-ccm=false --max-pool-size=25 --blocking-timeout-wait-millis=5000 --new-connection-sql="set datestyle = ISO, European;"
holdback-batch deploy-postgresql-driver

	/socket-binding-group=full-ha-sockets/socket-binding=messaging:add
	/socket-binding-group=full-ha-sockets/socket-binding=messaging:write-attribute(name=port,value=$messagingPort)
	/socket-binding-group=full-ha-sockets/socket-binding=messaging-backup:add
	/socket-binding-group=full-ha-sockets/socket-binding=messaging-backup:write-attribute(name=port,value=$messagingBackupPort)

	/profile=full-ha/subsystem=messaging-activemq/server=default:write-attribute(name=cluster-user,value=$clusterUser)
	/profile=full-ha/subsystem=messaging-activemq/server=default:write-attribute(name=cluster-password,value=$clusterPassword)

add shared-store-master /profile=full-ha/subsystem=messaging-activemq/server=default/ha-policy=shared-store-master:add(failover-on-server-shutdown=true) #change the value from 1000 (default) to 0 /profile=full-ha/subsystem=messaging-activemq/server=default/address-setting=:write-attribute(name=redistribution-delay,value=0)


#add shared files path
	/profile=full-ha/subsystem=messaging-activemq/server=default/path=bindings-directory:add(path=$shareStorePath/group-${live-group}/bindings)
	/profile=full-ha/subsystem=messaging-activemq/server=default/path=journal-directory:add(path=$shareStorePath/group-${live-group}/journal)
	/profile=full-ha/subsystem=messaging-activemq/server=default/path=large-messages-directory:add(path=$shareStorePath/group-${live-group}/largemessages)
	/profile=full-ha/subsystem=messaging-activemq/server=default/path=paging-directory:add(path=$shareStorePath/group-${live-group}/paging)
#add remote connector netty
	/profile=full-ha/subsystem=messaging-activemq/server=default/remote-connector=netty:add(socket-binding=messaging)
	/profile=full-ha/subsystem=messaging-activemq/server=default/remote-connector=netty:write-attribute(name=params,value={use-nio=true,use-nio-global-worker-pool=true})
#	/profile=full-ha/subsystem=messaging-activemq/server=default/remote-connector=netty:write-attribute(name=params,value={name=,value=true})
#add remote acceptor netty
	/profile=full-ha/subsystem=messaging-activemq/server=default/remote-acceptor=netty:add(socket-binding=messaging)
	/profile=full-ha/subsystem=messaging-activemq/server=default/remote-acceptor=netty:write-attribute(name=params,value={use-nio=true})

	/profile=full-ha/subsystem=messaging-activemq/server=default/jms-queue=DistributedQueue/:add(entries=["java:/queue/DistributedQueue"])
	/profile=full-ha/subsystem=messaging-activemq/server=default/cluster-connection=my-cluster:remove
	/profile=full-ha/subsystem=messaging-activemq/server=default/cluster-connection=amq-cluster:add(discovery-group=dg-group1,connector-name=netty,cluster-connection-address=jms)
#update the connectors from http-connector to netty
	/profile=full-ha/subsystem=messaging-activemq/server=default/broadcast-group=bg-group1:write-attribute(name=connectors,value=["netty"])
	/profile=full-ha/subsystem=messaging-activemq/server=default/connection-factory=RemoteConnectionFactory:write-attribute(name=connectors,value=["netty"])

	/profile=full-ha/subsystem=messaging-activemq/server=backup:add(cluster-user=$clusterUser,cluster-password=$clusterPassword)
#add shared-store-slave
	/profile=full-ha/subsystem=messaging-activemq/server=backup/ha-policy=shared-store-slave:add(allow-failback=true,failover-on-server-shutdown=true)

#add shared files path
	/profile=full-ha/subsystem=messaging-activemq/server=backup/path=bindings-directory:add(path=$shareStorePath/group-${backup-group}/bindings)
	/profile=full-ha/subsystem=messaging-activemq/server=backup/path=journal-directory:add(path=$shareStorePath/group-${backup-group}/journal)
	/profile=full-ha/subsystem=messaging-activemq/server=backup/path=large-messages-directory:add(path=$shareStorePath/group-${backup-group}/largemessages)
	/profile=full-ha/subsystem=messaging-activemq/server=backup/path=paging-directory:add(path=$shareStorePath/group-${backup-group}/paging)
#add remote connector netty
	/profile=full-ha/subsystem=messaging-activemq/server=backup/remote-connector=netty-backup:add(socket-binding=messaging-backup)
#add remote acceptor netty
	/profile=full-ha/subsystem=messaging-activemq/server=backup/remote-acceptor=netty-backup:add(socket-binding=messaging-backup)
#add broadcast-group
	/profile=full-ha/subsystem=messaging-activemq/server=backup/broadcast-group=bg-group-backup:add(connectors=["netty-backup"],broadcast-period="1000",jgroups-channel="activemq-cluster")
#add discovery-group
	/profile=full-ha/subsystem=messaging-activemq/server=backup/discovery-group=dg-group-backup:add(refresh-timeout="1000",jgroups-channel="activemq-cluster")
#add cluster-connection
	/profile=full-ha/subsystem=messaging-activemq/server=backup/cluster-connection=amq-cluster:add(discovery-group=dg-group-backup,connector-name=netty-backup,cluster-connection-address=jms)

	/profile=full-ha/subsystem=transactions:write-attribute(name=node-identifier,value=node-identifier-${live-group})

deploy ${env.SCRIPT_DIR}/code/webapp/target/clusterApp.war  --server-groups=demo-cluster
deploy ${env.SCRIPT_DIR}/chat.war  --server-groups=demo-cluster

2) setup-slave.cli

/host=$oldHostName/core-service=management/security-realm=ManagementRealm/server-identity=secret:write-attribute(name=value,value=$serverIdentity)

/host=$oldHostName/core-service=management/management-interface=native-interface:write-attribute(name=port,value="${jboss.management.native.port:"$mgmtNativePort}

/host=$oldHostName/server-config=$hostName-server:add(auto-start=true,group=demo-cluster)
/host=$oldHostName/server-config=$hostName-server:write-attribute(name=socket-binding-port-offset,value=$portOffset)
/host=$oldHostName/server-config=server-one:remove()
/host=$oldHostName/server-config=server-two:remove()

/host=$oldHostName/server-config=$hostName-server/system-property=live-group:add(value=$liveGroup)
/host=$oldHostName/server-config=$hostName-server/system-property=backup-group:add(value=$backupGroup)

/host=$oldHostName:write-attribute(name=name,value=$hostName)