2 Replies Latest reply on Apr 22, 2010 12:39 PM by g.tomassoni

Isolating the JBoss package tree from the execution environm

g.tomassoni Sep 8, 2009 7:50 AM

Hi,

I don't know if this is the right newslist to which report this, so excuse me if it isn't and please address me to the right one.

I'm often installing JBoss with some modification in order to allow for a "tmp", a "log", a "data", a "work", and a further "deploy" directory outside of the package tree. This is to avoid messing the JBoss package tree with my application and its surroundings and lets me "switch" to new JBoss versions quite easily.

In order to accomplish this, I of course set the available JBoss runtime properties (jboss.server.log.dir, jboss.server.data.dir and catalina.base), as well as apply small changes to the "stock" conf:

These small changes are:

1) adding the following lines:

<attribute name="AttributePersistenceManagerConfig">
 <data-directory>file://${jboss.server.data.dir}/xmbean-attrs</data-directory>
 </attribute>

to the AttributePersistenceService mbean defined in jboss-service.xml;

2) adding the url of my external deploy directory to the URLs attribute of URLDeploymentScanner in jboss-service.xml (JBoss 4.x) or as a new uri element to the property applicationURIs in bootstrap/profile.xml (JBoss 5.x).

The first change is needed in order to move the xmbean-attrs directory outside of the "stock" data directory. I think this change should be included in the JBoss distribution, otherwise the jboss.server.data.dir property looses any meaning since you can't even start JBoss. Do you agree with me?

Also, while the xmbean-attrs directory gets automatically created when running the distributed JBoss "as is", the same doesn't happen when a different <data-directory> setting is given: the xmbeans-attrs have to be created in the "new" data dir before running JBoss. Why?

The second change is meant to define a further deploy directory outside of the JBoss package tree. Of course I can't ask for the provisioning of this in the stock package, but I would like to know if I have any way of adding a further deploy uri after JBoss startup, in example through JMX. The basic idea is to let JBoss start and then use JMX or whatever to contact the running JBoss and instruct it to have a look to that furter deploy URL. Is it possible? How?

Please note that all this tweaking also improves security: I run JBoss as the jboss user in the jboss group. After these changes, the ownership of whole jboss file tree can be assigned to user root, the groupship to group jboss and all the files and dirs can be o-rwx,g-w. It works, since the whole package tree becames immutable.

For your reference, this is the diff needed under 5.1.0 for the first change:

diff -rud jboss-5.1.0.GA jboss-5.1.0.GA+datadiropt
--- jboss-5.1.0.GA
+++ jboss-5.1.0.GA+datadiropt
@@ -34,6 +34,10 @@
 xmbean-dd="resource:xmdesc/AttributePersistenceService-xmbean.xml">
 <!-- the AttributePersistenceService is persistent, itself -->

+ <attribute name="AttributePersistenceManagerConfig">
+ <data-directory>file://${jboss.server.data.dir}/xmbean-attrs</data-directory>
+ </attribute>
+
 <!--
 <attribute name="AttributePersistenceManagerClass">org.jboss.system.pm.XMLAttributePersistenceManager</attribute>
 <attribute name="AttributePersistenceManagerConfig">

It can easily be backported to other 5.x versions, or even to 4.x ones.

Thank you,

Giampaolo

1. Re: Isolating the JBoss package tree from the execution envi

jaikiran Sep 11, 2009 2:19 AM (in response to g.tomassoni)
"g.tomassoni" wrote:

These small changes are:

1) adding the following lines:

<attribute name="AttributePersistenceManagerConfig"> <data-directory>file://${jboss.server.data.dir}/xmbean-attrs</data-directory> </attribute>

to the AttributePersistenceService mbean defined in jboss-service.xml;

The first change is needed in order to move the xmbean-attrs directory outside of the "stock" data directory. I think this change should be included in the JBoss distribution, otherwise the jboss.server.data.dir property looses any meaning since you can't even start JBoss. Do you agree with me?

From what i see in the JBoss AS 5.1.0 distribution, the AttributePersistenceManagerConfig is commented out:


So the data-directory value itself is just an "example". But i see what you mean. If we are providing an commented out example, we might as well provide one which uses the JBoss system property ${jboss.server.data.dir}.

"g.tomassoni" wrote:

Also, while the xmbean-attrs directory gets automatically created when running the distributed JBoss "as is", the same doesn't happen when a different <data-directory> setting is given: the xmbeans-attrs have to be created in the "new" data dir before running JBoss. Why?

You mean after you uncomment that section and point it to some location, the folder (if non-existent) does not get created, in AS 5.1.0? Can you post the exact configuration (i.e. the location you are using in that file)?

"g.tomassoni" wrote:
2) adding the url of my external deploy directory to the URLs attribute of URLDeploymentScanner in jboss-service.xml (JBoss 4.x) or as a new uri element to the property applicationURIs in bootstrap/profile.xml (JBoss 5.x).

but I would like to know if I have any way of adding a further deploy uri after JBoss startup, in example through JMX. The basic idea is to let JBoss start and then use JMX or whatever to contact the running JBoss and instruct it to have a look to that furter deploy URL. Is it possible? How?

AS-5.1.0 is backed by ProfileService's DeploymentManager which is the official API for managing deployments. I am not sure where this feature is available in the current API.

"g.tomassoni" wrote:

I don't know if this is the right newslist to which report this, so excuse me if it isn't and please address me to the right one.

You have mix of questions/suggestions in this topic :) And both are not directly related to JMX itself. For the second question, i guess the best place would be the "Management" forum. But that's just my opinion. Let's see, if some moderator knows of a better place, he will move it appropriately.
Actions
2. Re: Isolating the JBoss package tree from the execution envi

g.tomassoni Apr 22, 2010 12:39 PM (in response to jaikiran)
Well, I'm sorry for my very late reply to your, Jaikiran. But let me first thank for your interest in the matter, anyway.

jaikiran pai wrote:

So the data-directory value itself is just an "example". But i see what you mean. If we are providing an commented out example, we might as well provide one which uses the JBoss system property ${jboss.server.data.dir}.

Right. That was I meant.

jaikiran pai wrote:

You mean after you uncomment that section and point it to some location, the folder (if non-existent) does not get created, in AS 5.1.0? Can you post the exact configuration (i.e. the location you are using in that file)?
I have somewhere in my startup config files:

-Djboss.server.data.dir=/var/lib/jboss/data

One would expect that this dir had to be more or less like the default jboss.server.data.dir: an empty directory owned by jboss. But this doesn't seem enough, since starting jboss with that setting and an empty /var/lib/jboss/data, one gets the following error in boot.log:

16:53:41,276 DEBUG [AttributePersistenceService] Starting failed jboss:service=AttributePersistenceService java.lang.NullPointerException at org.jboss.system.pm.XMLAttributePersistenceManager.create(XMLAttributePersistenceManager.java:184) at org.jboss.system.pm.AttributePersistenceService.startService(AttributePersistenceService.java:186) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:376) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:322) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) ... 16:53:41,279 ERROR [AbstractKernelController] Error installing to Start: name=jboss:service=AttributePersistenceService state=Create mode=Manual requiredState=Installed

One has to create the xmbean-attrs directory in it, then everything gets fine. Maybe the problem may be circumvented by specifying some further attribute in the AttributePersistenceManagerConfig entry,

There is nowere an error explicitly stating that, so it is a bit tricky to isolate this as the source of the problem.

jaikiran pai wrote:

AS-5.1.0 is backed by ProfileService's DeploymentManager which is the official API for managing deployments. I am not sure where this feature is available in the current API.

Ok, thank you: I'm going to see if I can find somthing about the ProfileService's DeploymentManager, then.

jaikiran pai wrote:

You have mix of questions/suggestions in this topic And both are not directly related to JMX itself.

Well, I'm sorry about both my "mixed mode" and, of course, about the fact I didn't get which was the right place to report/ask about this.

jaikiran pai wrote:

For the second question, i guess the best place would be the "Management" forum. But that's just my opinion. Let's see, if some moderator knows of a better place, he will move it appropriately.

I see they didn't move this, but I'm going to stick with your hint anyway.

Thankyou again for your prompt reply, Jaikira.
Actions

Go to original post