Tuesday Feb 28, 2006

Concept of a GlassFish Domain ...

GlassFish has a concept of a domain. More precisely, it is the administrative domain. At first, it may be perceived a little difficult to understand, especially given that in Java EE paradigm, one is used to servers rather than domains. This is especially true with developers.
This post tries to explain what a GlassFish Domain (domain, henceforth) is, how to use it effectively if you want to quickly deploy your applications to GlassFish and the reasons to call it a domain.


A domain (statically) is an administrative name space. It's a boundary, all GlassFish entities within which are controlled by an administrator or more precisely administrative three tuple (Let's call it Admin 3T). This three tuple is called "admin user, admin password, certificate database password (or master password). If you are a developer, you don't really care about the master password and it defaults to "changeit". This is the password with which your keystore (cacerts.jks) is locked and most of the times, you don't care about this.

This is how your domains look like.

A domain (dynamically) is a Java EE Engine. Thus it is your server, once you have started it. In other words, at run time, a domain = server. Thus, a running domain can host user Java EE applications and can be effectively used as the target for your deployments. For developers, this is what they care about. It is for developers that this gap has been bridged and they can forget about the domain. The defaults are so carefully chosen that you'd never need to know about the fact that you are managing and deploying to a domain!

So, what is that that domain provides on top of behaving like a server? Here is a list of things:

  • Domain provides you with a built-in administration capability.
  • Domain has multiple system applications predeployed which facilitate the management. Thus the entire admin console
  • is available as a system web application. All you need to do it connect to "http://localhost:admin-port(4848)".
  • Domain has another system application predeployed to take care of all the asadmin commands. Note that (almost) all the asadmin commands invoke the running domain in
  • Domain has an EJB Timer Service already configured to work with. A timer database is also created.
  • Domain has a JDBC Connection Pool configured for the EJB timer database.
  • Domain has two keyfiles created by default so that one has authentication realms for the security conscious people. All you need to do is create the security mappings in your applications.
  • Domain has a default web.xml that decides the default behavior of all deployed web applications.
  • Domain has a JMX Connector's Server end so that you can easily connect to the admin infrastructure, using JConsole and browse the MBeans. As you know MBeans are to Administration what EJB's are to Enterprise Computing.

All this is enabled by a simple set of steps:

  1. Either you download GlassFish and invoke ant -f setup.xml that creates the so-called fully configured, ready-to-go default domain, OR
  2. Explode the GlassFish image and do [glassfish]/bin/asadmin create-domain --adminport 4848 mydomain

All this is great. But how does a developer exploit it?

Simple. Your answer is NetBeans. Just download "The" IDE and do the following:

  • Go to the Runtime tab and right click for "Adding a target server".
    See how NetBeans itentifies your default domain, domain1. The port is also identified. This is the administration port. Next, you could provide the user name and password for administration. That's it. This domain is now deployment ready .
  • You need to create a web application. Just create it using the intuitive menus in the IDE.
  • The IDE is so well integrated with the GlassFish domain/server is that it just allows you to start the GlassFish server in debug mode and debug your application. This is really seamless!
  • Here is your application deployed and being tested!


This is how I develop and test my applications. I am a developer. Hope fellow developers find this as easy as I do.

If you are a CLI fan, there are a bunch of intuitive asadmin commands that configure the domain/server.
If you are an ANT fan, there are ANT tasks like sun-appserv-deploy that help you continue to write your build.xml files.
We are planning to integrate asadmin into a scripting language of your choice. You'd have to wait till Mustang releases, though.
I know this sounds easy. But it sounds so because it is so.

Finally, the $1M Question: Why do you call it a domain? Well, the reason lies in more sophisticated Sun Software like Application Server Standard Edition (SE) . When you enter into the real enterprise arena, it is no more a server. It is a bunch of servers (which are also known as app server instances, each of which is a Java EE Engine) that are woven into clusters to impart the coveted high availability. Still, the "Administrative" domain remains the same. You don't have to learn a new concept when you go from one edition of the product to an advanced one. A set of simple rules emerges:

  • A Domain is comprised of a set of Instances. A Domain is "bigger" than an Instance.
  • Domain has a "dual nature". For a simple case, Domain equals Instance (I tend to relate to the dual nature of electron -- "is it a wave, is it a particle" here :) ).


Thus, it is the best of both the worlds: For developers, a domain is a server. For system administrators, a domain is something that they manage so that an uninterrupted service is provided!

Makes sense to me. How about you? Please let me know ...

Monday Feb 20, 2006

Dotted Names of GlassFish Administration ...

Following text pertains to GlassFish App Server and Sun's App server 9.0 Beta.

Learning any Language is a cognitive activity. Language designers have to strive hard to design it such that its constructs are simple.

The idea is simple. You want to manage the GlassFish server and you are a fan of Command Line Interfaces (CLI's). The CLI's can become arbitrarily complex and unless there is an attempt made to ease the administrator's woes, they are going to give in to other sophisticated UI's. It is obvious that CLI's enjoy the so-called "batch-mode" that user community is used to, but that alone should not be a license to make it hard for a normal human being because at some point, the CLI's themselves tend to become "Languages". Examples of this include:

  • Just ls the directory (list it).
  • Now, cd to where you installed Software.
  • Grep for "analysis" in this file.
  • ...

GlassFish Administration takes several steps in this direction of making the life of administrators easier. One of the steps is to reduce the number of commands that administrator has to remember or find out. Imagine that administrator needs to configure several elements that are arranged in an abstract hierarchy as shown below.

my-server
    |---- web-engine (name=web-engine, port=88, host=localhost)
	         |---- virtual-server (name=vs1, id=foo.com)
	|---- ejb-engine (name=ejb30, pool-size=40)
	|---- thread-pools (size=32)
	|---- applications
	         |---- app1 (name=petstore, context-root=/pets)
...

The elements have several attributes. The basic operations that are of stereotyped nature are:

  • Listing the immediate or all children of a node at any level in the hierarchy
  • Getting and setting the attributes of a node at any level in the hierarchy.

These two operations resemble the familiar File System Explorer kind of UI. User wants to see a list of nodes in the hierarchy and also, wants to get/set the attributes of a node of choice.

The GlassFish Administration CLI aka asadmin capitalizes on this observation and delivers a powerful UI in conjuction with two symbols one that is made popular by Java's package names, the '.' and a symbol that matches anything -- the asterisk '\*' to denote anything and everything. So, where will you begin?

Obviously, by asking asadmin "What have you got?". And the asterisk is the succint notation to do that! Yes, you got it, the command is:

asadmin list "\*"

Voila! Here is curtailed output: (See here for the complete output).

domain.applications
domain.applications.j2ee-application.MEjbApp
domain.applications.j2ee-application.__JWSappclients
...

server.ejb-container
server.ejb-container.ejb-timer-service
server.http-service
...

server.http-service.http-listener.admin-listener
server.http-service.http-listener.http-listener-1
server.http-service.http-listener.http-listener-2
...

server.http-service.virtual-server.__asadmin
server.http-service.virtual-server.server
server.iiop-service
...
server.java-config

...

Thus, this command shows the children in the abstract configuration hierarchy that GlassFish domain is comprised of! Now one can use get and set on a particular node as:

asadmin get server.java-config.\*

-- I want to get all the attributes -- now I don't want any nodes because that is the forte of the list command. Here is the output of the get command:

server.java-config.bytecode-preprocessors =
server.java-config.classpath-prefix =
server.java-config.classpath-suffix =
server.java-config.debug-enabled = false
server.java-config.debug-options = -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=
9009
server.java-config.env-classpath-ignored = true
server.java-config.java-home = ${com.sun.aas.javaRoot}
server.java-config.javac-options = -g
server.java-config.jvm-options = -client,-Djava.endorsed.dirs=${com.sun.aas.installRoot}/lib/endorsed,-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy,-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf,-Dsun.rmi.dgc.server.gcInterval=3600000,-Dsun.rmi.dgc.client.gcInterval=3600000,-Xmx512m,-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks,-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks,-Djava.ext.dirs=${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext${path.separator}${com.sun.aas.derbyRoot}/lib,-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver,-Djavax.management.builder.initial=com.sun.enterprise.admin.server.core.jmx.AppServerMBeanServerBuilder,-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory,-Dcom.sun.enterprise.taglibs=appserv-jstl.jar,jsf-impl.jar,-Dcom.sun.enterprise.taglisteners=jsf-impl.jar,-XX:NewRatio=2
server.java-config.native-library-path-prefix =
server.java-config.native-library-path-suffix =
server.java-config.rmic-options = -iiop -poa -alwaysgenerate -keepgenerated -g
server.java-config.server-classpath =
server.java-config.system-classpath = ${com.sun.aas.installRoot}/lib/appserv-launch.jar

Alternatively, while doing the "set", you just get the full name of the attribute, use the '=' symbol and the value for that attribute. And that's there to it.

Languages are infinite. Their grammars are finite. This is a little language with only 3 powerful constructs -- list, get and set. I am not going to fill more pages describing the each and every dotted name because that's not the purpose of this post. It is just to encourage you to do it. So, download the 9.0 PE Beta , start the server and get-list-set!

And do you know the biggest enabler of this powerful feature? --- Right, it is your (as a user) intuition and logical use of common actions that we associate with some English verbs! No need to read any manual.

There are so many scripts that use these dotted names to configure GlassFish. All these users thank us because we did not make them RTFM and remember a distinct command (e.g. setApplicationScanInterval) for each attribute.

Output of the list command -- your entry point into the dotted names ...

asadmin list "\*"

domain.applications
domain.applications.j2ee-application.MEjbApp
domain.applications.j2ee-application.__JWSappclients
domain.applications.j2ee-application.__ejb_container_timer_app
domain.applications.web-module.adminapp
domain.applications.web-module.admingui
domain.resources
domain.resources.jdbc-connection-pool.DerbyPool
domain.resources.jdbc-connection-pool.__CallFlowPool
domain.resources.jdbc-connection-pool.__TimerPool
domain.resources.jdbc-resource.jdbc/__CallFlowPool
domain.resources.jdbc-resource.jdbc/__TimerPool
domain.resources.jdbc-resource.jdbc/__default
server
server.admin-service
server.admin-service.das-config
server.admin-service.jmx-connector.system
server.application-ref.MEjbApp
server.application-ref.__JWSappclients
server.application-ref.__ejb_container_timer_app
server.application-ref.adminapp
server.application-ref.admingui
server.applications
server.applications.j2ee-application.MEjbApp
server.applications.j2ee-application.__JWSappclients
server.applications.j2ee-application.__ejb_container_timer_app
server.applications.web-module.adminapp
server.applications.web-module.admingui
server.diagnostic-service
server.ejb-container
server.ejb-container.ejb-timer-service
server.http-service
server.http-service.access-log
server.http-service.connection-pool
server.http-service.http-file-cache
server.http-service.http-listener.admin-listener
server.http-service.http-listener.http-listener-1
server.http-service.http-listener.http-listener-2
server.http-service.http-protocol
server.http-service.keep-alive
server.http-service.request-processing
server.http-service.virtual-server.__asadmin
server.http-service.virtual-server.server
server.iiop-service
server.iiop-service.iiop-listener.SSL
server.iiop-service.iiop-listener.SSL.ssl
server.iiop-service.iiop-listener.SSL_MUTUALAUTH
server.iiop-service.iiop-listener.SSL_MUTUALAUTH.ssl
server.iiop-service.iiop-listener.orb-listener-1
server.iiop-service.orb
server.java-config
server.jms-service
server.jms-service.jms-host.default_JMS_host
server.log-service
server.log-service.module-log-levels
server.management-rules
server.mdb-container
server.monitoring-service
server.monitoring-service.module-monitoring-levels
server.resource-ref.jdbc/__CallFlowPool
server.resource-ref.jdbc/__TimerPool
server.resource-ref.jdbc/__default
server.resources
server.resources.jdbc-connection-pool.DerbyPool
server.resources.jdbc-connection-pool.__CallFlowPool
server.resources.jdbc-connection-pool.__TimerPool
server.resources.jdbc-resource.jdbc/__CallFlowPool
server.resources.jdbc-resource.jdbc/__TimerPool
server.resources.jdbc-resource.jdbc/__default
server.security-service
server.security-service.audit-module.default
server.security-service.auth-realm.admin-realm
server.security-service.auth-realm.certificate
server.security-service.auth-realm.file
server.security-service.jacc-provider.default
server.security-service.message-security-config.SOAP
server.security-service.message-security-config.SOAP.provider-config.ClientProvider
server.security-service.message-security-config.SOAP.provider-config.ClientProvider.request-policy
server.security-service.message-security-config.SOAP.provider-config.ClientProvider.response-policy
server.security-service.message-security-config.SOAP.provider-config.ServerProvider
server.security-service.message-security-config.SOAP.provider-config.ServerProvider.request-policy
server.security-service.message-security-config.SOAP.provider-config.ServerProvider.response-policy
server.thread-pools
server.thread-pools.thread-pool.thread-pool-1
server.transaction-service
server.web-container

Note: the <property> elements are a special case. They are handled verbatim as long as they are allowed at a particular level and have two attributes, name and value. Thus, let's say security-service allows a property sub-element and you want to define a property named "foo" with a value "bar", you would do:

asadmin set "server.security-service.property.foo=bar"

Neat?

Tuesday Jan 31, 2006

Bye Bye --password ...

GlassFish has taken steps to make the command lines more secure.

See this approved project -- Removal of --password from GlassFish Administration CLI

Stay tuned ...

Thursday Jan 19, 2006

GlassFish Administration Experience ...

Starting 19 January 2006, I will be writing about various features of GlassFish Administration. Whereas it is exciting to write about various goodies of GlassFish itself, I will be concentrating on the administration. This should cover the administration command line interface (asadmin), administration GUI, JMX infrastructure, configuration, logging and so on and so forth.

Administrative experience is one of the most significant features of GlassFish. It has a sophisticated command line interface with over 200 consistently defined commands. It also has a state-of-the-art Graphical User Interface. It can fully be managed programmatically using what are called Appserver Management Extensions (AMX). The Administrative infrastructure is based on JMX. The interaction with the Tiger-fame JConsole is smooth. GlassFish also contains a proprietary JSR 160 Connector that works over HTTP and HTTPS. Most of the configuration is stored in a text file in XML format and efforts are on to improve its editing experience. Monitoring is dynamically configurable and there is lots of monitoring data available should you suspect a particular subsystem to malfunction. Call-flow capability has improved the visibility of the internals. It integrates well with Solaris-10's SMF so that the domains get the restartability as specified by SMF.

I will be writing about all of the above. Hope it interests you ...
About

Welcome to my blog where mostly my work related thoughts are expressed.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today