Thursday May 17, 2007

Latest drop for HTTP Load Balancer

  • GlassFish V2 HTTP Load Blancer has a new drop, aslb-MS4-b3.jar, with couple of bug fixes and revamped installation directory structure. It's accessible at the following location(s)

    http://download.java.net/javaee5/external/<OS>/aslb/jars/aslb-9.1-MS4-b3.jar

    where : <OS> represents the platform and has the following values - SunOS, SunOS_X86, Linux and WINNT.

  • For the benefit of absolute URL's, following are the links to platform specific aslb-MS4-b3.jar drops :
    SunOS
    SunOS_X86
    Linux
    WINNT
  • Friday Mar 16, 2007

    Configuring WebServer 7.0 for GlassFish DAS Based Administration of HTTP Load Balancer

    SJSWS 7.0 uses Network Security Services (NSS) to manage security database that stores the keys and certificates. GlassFish (V2) beta ,on the server side, uses Java Keystore (JKS) to manage it's security database.
    GlassFish HTTP Load Balancer's advanced administration support, requires SSL setup between the WebServer and the Domain Administration Server (DAS). To set this up requires exporting and importing DAS certificate from the JKS system into the WebServer's NSS based one.

    The under mentioned details enlist the steps that an administrator can use to configure this.

    • Configure GlassFish HTTP Load Balancer on WebServer 7.0 to accept DAS as a trusted client.

    1. Create a new HTTP listener and enable it for SSL. While doing so attach the default server certificate available with SJSWS 7.0 installation. For ease you can do this by using the WebServer's GUI based administration console.
    2. Use the JavaSE 5.0 security tool keytool for exporting the DAS certificate, named with alais “s1as”. While doing so select the -rfc option to export the certificate in printable encoding format, as defined by the Internet RFC 1421 standard..

      In its printable encoding format, the encoded certificate is bounded at the beginning by:

      -----BEGIN CERTIFICATE-----
      and at the end by
      -----END CERTIFICATE-----

      Command (Solaris / Linux)
      <JAVA_HOME>/bin/keytool -export -rfc -alias s1as -keystore <GLASSFISH_HOME>/domains/<DOMAIN_NAME>/config/keystore.jks -file s1as.rfc

      where:
      <GLASSFISH_HOME> is the installation directory for GlassFish application server
      <DOMAIN_NAME> refers to the GlassFish domain, DAS, whose certificate is being exported. Also Note this takes into assumption that cluster profile is choosen for this created domain.

    3. Use the NSS security tool certutil to import the DAS certificate from the rfc file created.

      <WS_INSTALL_ROOT>/bin/certutil -A -a -n s1as -t "TC" -i s1as.rfc -d <WS_INSTALL_ROOT>/admin-server/config-store/<DEFAULT_CONFIG_NAME>/config
      where, <WS_INSTALL_ROOT> refers to the SJSWS 7.0 installation directory and
      <DEFAULT_CONFIG_NAME> refers to the config name created for the default WebServer
      instance.

      You can check the presence of this certificate by using the following command, which would list s1as certificate along with other CA certificates including the default server certificate :
      <WS_INSTALL_ROOT>/bin/certutil -L -d <WS_INSTALL_ROOT>/admin-server/config-store/<DEFAULT_CONFIG_NAME>/config

      You can also use the SJSWS 7.0 GUI admin console to view this. Select the configuration to which the certificate has been imported to, in our case the default config, and then select the Certificates tab. You can now look at all the certificates available by selecting the Certificate Authorities sub tab. Following is screen shot for this :

      Following screen shot relates to the information on the imported DAS certificate nicknamed s1as:


    • Configuration changes to WebServer 7.0

    1. Append the following directives to obj.conf file :
      <WS_INTSTALL_ROOT>/admin-server/config-store/<DEFAULT_CONFIG_NAME>/config/obj.conf

      <Object ppath="\*lbconfigupdate\*">
      PathCheck fn="get-client-cert" dorequest="1" require="1"
      <Object>

      <Object ppath="\*lbgetmonitordata\*">
      PathCheck fn="get-client-cert" dorequest="1" require="1"
      </Object>


    • Deploy the configuration


    1. While doing the changes enlisted above, the admin console would mark this configuration to be deployed. Select the icon for “Deployment Pending”.
      This can also be done by executing the deploy-config WebServer command from WebServer's wadm CLI utility.

      >WS_INSTALL_ROOT>/bin/wadm deploy-config –user=<admin> <DEFAULT_CONFIG_NAME>
      where, <admin> is the admin user name.



    • Test the SSL connection


    1. Test this setup from GlassFish Domain Administration Server (DAS), to communicate over SSL with this configured GlassFish HTTP Load Balancer.
      Following is the screen shot for this “Test Connection” :

    Thursday Mar 08, 2007

    Installing and Configuring GlassFish HTTP Load Balancer

    GlassFish V2, the latest Java EE 5 Application Server from GlassFish provides high availability features which include Load Balancing and Clustering. GlassFish V2 provides HTTP Load Balancer which is not bundled as part of the it's download. One can however explicitly download this component.

    Sun Java System WebServer is the supported WebServer for the HTTP Load Balancer. This blog provides the mannual steps to install and configure the GlassFish HTTP Load Balancer and these details relate to Sun Java System WebServer 7.0 - the latest WebServer offering from Sun.

    Installing Load Balancer on SJSWS 7.0 under default installation setup of SJSWS 7.0


    • Installing SJSWS 7.0


    1. Download and install the SJSWS 7.0, download
    2. Create the following directories:
      <WS_INSTALL_ROOT>/plugins/lbplugin/bin
      <WS_INSTALL_ROOT>/plugins/lbplugin/resource
      <WS_INSTALL_ROOT>/plugins/lbplugin/errorpages
      where,
      <WS_INSTALL_ROOT> is SJSWS 7.0 installation directory.
    3. Start the admin server by executing <WS_INSTALL_ROOT>/admin-server/bin/startserv.


    • Installing and setting up GlassFish Load Balancer


    1. Download aslb (GlassFish Load Balancer component) from the link:
      http://download.java.net/javaee5/external/SunOS/aslb/jars/aslb-9.1-MS4-b1.jar
      where, SunOS literal relates to the Solaris Sparc based operating system platform. For other platforms the values can be - SunOS_X86, Linux and WINNT.
    2. Unjar to install into GlassFish installation, where <GLASSFISH_HOME> identifies the GlassFish installation directory.

      • Create <GLASSFISH_HOME>/lib/lbplugin.

      • Unjar aslb-9.1-MS4-b1.jar file in <GLASSFISH_HOME>/lib/lbplugin.

      • There are 2 zip files bundled inside the aslb jar: SUNWaslb.zip, SUNWaspx.zip, unzip these 2 zip files in the same directory and delete the zip files.

      • Change permissions on all shared libraries of lbplugin as below
        chmod -R 755 <GLASSFISH_HOME>/lib/lbplugin/lib


    3. Copy <GLASSFISH_HOME>/lib/lbplugin/lib/webserver-plugin/<OS>/iws61/libpassthrough.so to
      <WS_INSTALL_ROOT>/plugins/lbplugin/bin/.
      Where <OS> refers to solaris' for the Solaris platform.,'linux' for the Linux platform and 'windows' for the Windows platform.
    4. Add execute permission to <WS_INSTALL_ROOT>/plugins/lbplugin/bin/libpassthrough.so.
    5. Copy <GLASSFISH_HOME>/lib/lbplugin/lib/webserver-plugin/<OS>/iws61/errorpages/default-error.html to <WS_INSTALL_ROOT>/plugins/lbplugin/errorpages/.
    6. Copy <GLASSFISH_HOME>/lib/lbplugin/lib/webserver-plugin/<OS>/iws61/errorpages/sun-http-lberror.html to
      <WS_INSTALL_ROOT>/plugins/lbplugin/errorpages/.
    7. Copy <GLASSFISH_HOME>/lib/lbplugin/lib/webserver-plugin/<OS>/iws61/\*.res to <WS_INSTALL_ROOT>/plugins/lbplugin/resource/.
    8. Following steps relate to updating the default SJSWS 7.0 instance configuration with Load Balancer specific configuration. While doing so, these changes need to be made to the central repository maintained by the admin server for the default WebServer instance created upon installation. This repository is identified by <WS_INSTALL_ROOT>/admin-server/config-store/<default-config-name>/config/. Where, <default-config-name> is the config name created for the default WebServer instance created.

    9. Copy <GLASSFISH_HOME>/lib/lbplugin/lib/install/templates/loadbalancer.xml.example to <WS_INSTALL_ROOT>/admin-server/config-store/<default-config>/config/


      • This is just an example for notational purpose, the user should manually edit (if choosen to do this way) this file prior to using this as loadbalancer.xml, to reflect the correct cluster configuration. Refer to Configuring the Load Balancer Plugin for this.Note manual editing it not the endorsed way to configure the Load Balancer. GlassFish Admin CLI or GUI are the two supported approaches for generating this file, while providing for error free load balancer configuration generation.


    10. Copy <GLASSFISH_HOME>/lib/lbplugin/lib/dtds/sun-loadbalancer_1_2.dtd to <
      <WS_INSTALL_ROOT>/admin-server/config-store/<default-config>/config/
    11. Prepend the under mentioned “##EE” lines to <WS_INSTALL_ROOT>/admin-server/<default-config-name>/config/magnus.conf before the following “Init” directive -

      Init fn="load-modules" shlib="libj2eeplugin.so" shlib_flags="(global|now)"

      ##BEGIN EE LB Plugin Parameters
      Init fn="load-modules" shlib="${WS_INSTALL_ROOT}/plugins/lbplugin/bin/libpassthrough.so"
      funcs="init-passthrough,service-passthrough,name-trans-passthrough" Thread="no"
      Init fn="init-passthrough"
      ##END EE LB Plugin Parameters

    12. Insert the under mentioned line before the first occurrence of the "NameTrans" directive in <WS_INSTALL_ROOT>/admin-server/<default-config-name>/config/obj.conf

      NameTrans fn="name-trans-passthrough" name="lbplugin" config-file="loadbalancer.xml"

    13. Append the following lines to <WS_INSTALL_ROOT>/admin-server/<default-config-name>/config/obj.conf

      <Object name="lbplugin">
      ObjectType fn="force-type" type="magnus-internal/lbplugin"
      PathCheck fn="deny-existence" path="\*/WEB-INF/\*"
      Service type="magnus-internal/lbplugin" fn="service-passthrough"
      Error reason="Bad Gateway" fn="send-error" uri="$docroot/badgateway.html"
      </Object>

    14. Deploy the configuration to the default WebServer instance created by executing the deploy-config WebServer command from WebServer's wadm CLI utility.

      <WS_INSTALL_ROOT>/bin/wadm deploy-config –user=<admin> <default-config-name>
      where, <admin> is the admin user name.

    15. Update the default WebServer instance startserv script by suffixing the following to LD_LIBRARY_PATH,
      <GLASSFISH_HOME>/lib/lbplugin/lib. You can also get this done by setting the environment variable $LD_LIBRARY_PATH to this value
    16. .

    17. Start the default WebServer instance by executing the start-instance WebServer command from the WebServer wadm CLI utility

      <WS_INSTALL_ROOT>/bin/wadm start-instance --user=<admin> --config=<default-config-name>



      • NOTE:
        Step 11, takes into account existence of loadbalancer.xml, if this file is not present the Load Balancer would log a message that the file could not be found. Refer to the Administration support from GlassFish CLI and Admin GUI to create and export this file from Domain Administration Server to the WebServer.

    About

    pankajjairath

    Search

    Top Tags
    Archives
    « April 2014
    MonTueWedThuFriSatSun
     
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
        
           
    Today