DEV Community

Taashee Linux Services
Taashee Linux Services

Posted on • Originally published at taashee.com

How to Implement JBoss EAP 7.x in Managed Domain Mode in A Few Easy Steps

JBoss EAP 7.x is a Java Enterprise 7-compliant middleware platform built on open standards, designed to improve startup speed and runtime performance. Its modular structure allows you to enable services only when needed, conserving system resources. The management console and command-line interface (CLI) offer an XML-free editing experience and the ability to script and automate tasks.
JBoss EAP comes in two operating modes: standalone server mode or managed domain mode. If you want to run JBoss EAP as a single server instance, then the standalone server mode is best suited for you. On the other hand, in the managed domain operating mode, you can manage multiple JBoss EAP instances from a consolidated control point.
In this article, we provide a step-by-step look into the implementation of JBoss EAP 7.x in the managed domain mode.
Note: The names and naming conventions used here are for demonstration purposes only, please change them as necessary.

  1. Software and Pre-Deployment Scenario
    JBoss EAP 7.4.0
    Operating System = RHEL8
    RAM= 16GB 4 physical core 8vCpu
    JDK Version = 1.8

    1. Java Installation & JBoss Installation For Red Hat Enterprise Linux 8, use the following command. # subscription-manager repos --enable=jb-eap-EAP_MINOR_VERSION-for-rhel-RHEL_VERSION-ARCH-rpms Install JBoss EAP and JDK 8 using the following command. # yum groupinstall jboss-eap7
    2. JBoss Domain Mode Heap Sizing Go to the directory below for changing parameters. Use the command cd /app01/wildfly/bin, edit domain.conf and change the following. if [ "x$JAVA_OPTS" = "x" ]; then JAVA_OPTS="-Xms2048m -Xmx2048m -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true" JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true"
    3. JBoss EAP 7 Domain mode IP & PORT configuration. We have change the IP & port in the cd /etc/opt/rh/eap7/wildfly/domain configuration file. Host.xml
    4. JBoss start command: Go to the /bin directory of JBoss and create the following start script: /app01/wildfly/bin./domain.sh
    5. Creation of Management User: JBoss EAP 7.x uses the standard EAP Management Realm configuration as its authentication source. This means that adding users is a simple matter of using the existing EAP add-user script as follows [root@pavan]# cd /JBOSS_HOME/bin/ [root@pavan bin ]# ./add-user.sh What type of user do you wish to add? a) Management User (mgmt-users.properties) b) Application User (application-users.properties) (a): a Enter the details of the new user to add. Using realm ' ManagementRealm ' as discovered from the existing property files. Username : Jbossadm About to add user 'admin' for realm 'ManagementRealm' Is this correct yes/no? Yes Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
    6. The password should be different from the username
    7. The password should not be one of the following restricted values {root, admin, administrator}
    8. The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s) Password : (e.g admin@123) Re-enter Password : ( e .g. admin@123) What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]: Is this new user going to be used for one AS process to connect to another AS process? 4_e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls. yes/no? Yes To represent the user add the following to the server-identities Definition < secret value="……………" />
    9. Create Server Group & server in Domain mode. Create server group with full High Availability. Add servers to that server group: No alt text provided for this image
    10. Deploy the Application in Domain mode. Deploy the application using the admin console. First, go the deployment tab. No alt text provided for this image Then select the application.war in your local path. No alt text provided for this image Deploy the application. No alt text provided for this image
    11. Creation of resource-adapter for application connection in domain.xml. Go to cd /etc/opt/rh/eap7/wildfly/domain in edit domain.xml Go to profile=full-ha and add the following subsystem tocfT24ra-ra.rar XATransaction 0 0 ISO-8859-1 500 2048 OFS_SOURCE=GCS 10.1.90.13 9021 true false true
    12. Set port offset We can set port offset in a particular server as described below. Go to cd /etc/opt/rh/eap7/wildfly/domain in edit domain.xml Go to add below Go to Go to console–>runtime–>servergroup–>server then view and set the portoffset to 8 Go to console–>severgroups–>server–>upload the deployment war files
    13. SSL Configuration Go through the following steps for configuring the SSL certificate. jbapps@sapjbbrw01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.190:9990 [domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/key- store=httpsKS:add(path=XXXXX.jks,relative-to=jboss.domain.config.dir,credential-reference={clear- text=qwe333@@},type=JKS) {"outcome" => "success"} [domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@}) {"outcome" => "success"} [domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"]) {"outcome" => "success"}< [domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"]) {"outcome" => "success"} [domain@10.1.25.190:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=ssl-context,value=httpsSSC) { "outcome" => "success", "result" => undefined, "server-groups" => undefined, "response-headers" => {"process-state" => "reload-required"} } [domain@10.1.25.190:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-interface,value=management) { "outcome" => "success", "result" => undefined, "server-groups" => undefined, "response-headers" => {"process-state" => "reload-required"} } [domain@10.1.25.190:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-port,value=8443) { "outcome" => "success", "result" => undefined, "server-groups" => undefined, "response-headers" => {"process-state" => "reload-required"} } [domain@10.1.25.190:9990 /] reload --host=master Unable to connect due to unrecognised server certificate Subject - CN=*.XXXXX.com,O=XXXX.,L=XXX,C=XXX - CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US Valid From - ….. Valid To - ….. MD5 : ab:b7:3b:44:74:73:f2:59:c9:56:15:41:ca:8f:ff:95 SHA1 : 25:a7:c0:aa:1a:e3:4c:e4:c2:30:c2:28:46:a9:70:f2:5d:02:f7:06 Subject - CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US Issuer - CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Valid From - …. Valid To - …. MD5 : e6:7b:58:6f:70:46:bf:e0:aa:51:f6:66:0b:11:9d:d9 SHA1 : 1c:58:a3:a8:51:8e:87:59:bf:07:5b:76:b7:50:d4:f2:df:26:4f:cd Subject - CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US Issuer - CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Valid From - Fri Nov 10 03:00:00 AST 2006 Valid To - Mon Nov 10 03:00:00 AST 2031 MD5 : 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e SHA1 : a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36 Accept certificate? [N]o, [T]emporarily, [P]ermanently : P Server Level SSL [domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=elytron/key- store=httpsKS:add(path=”/app01/wildfly/domain/configuration/XXXXX.jks”, credential-reference={clear- text=qwe333@@}, type=JKS) [domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@}) [domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"]) [domain@10.1.25.190:9990 /] reload --host=master [domain@10.1.25.190:9990 /] batch [domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:undefine-attribute(name=security-realm) [domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:write-attribute(name=ssl-context,value=httpsSSC) [domain@10.1.25.190:9990 /] run-batch

[jbapps@sapjbatm01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.196:9990 [domain@10.1.25.196:9990 /] /host=master/subsystem=elytron/key- store=httpsKS:add(path=XXXXX.jks,relative-to=jboss.domain.config.dir,credential- reference={clear-text=qwe333@@},type=JKS)
{"outcome" => "success"}
[domain@10.1.25.196:9990 /] /host=master/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="XXX",credential-reference={clear-text=qwe333@@})
{"outcome" => "success"}
[domain@10.1.25.196:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"])
{"outcome" => "success"}
[domain@10.1.25.196:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=ssl-context,value=httpsSSC)
{
"outcome" => "success", "result" => undefined,
"server-groups" => undefined,
"response-headers" => {"process-state" => "reload-required"}
}
[domain@10.1.25.196:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-interface,value=management)
{
"outcome" => "success", "result" => undefined,
"server-groups" => undefined,
"response-headers" => {"process-state" => "reload-required"}
}
[domain@10.1.25.196:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-port,value=8443)
{
"outcome" => "success", "result" => undefined,
"server-groups" => undefined,
"response-headers" => {"process-state" => "reload-required"}
}
[domain@10.1.25.196:9990 /] reload --host=master
Unable to connect due to unrecognised server certificate
Subject - CN=.XXXXX.com,O=XXXXX,L=XXXXX,C=XXXXX - CN=DigiCert TLS RSA
SHA256 2020 CA1, O=DigiCert Inc, C=US
Valid From - Wed Oct 13 03:00:00 AST 2021
Valid To - Mon Nov 14 02:59:59 AST 2022
MD5 : ab:b7:3b:44:74:73:f2:59:c9:56:15:41:ca:8f:ff:95
SHA1 : 25:a7:c0:aa:1a:e3:4c:e4:c2:30:c2:28:46:a9:70:f2:5d:02:f7:06
Subject - CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US
Issuer - CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Valid From - Wed Apr 14 03:00:00 AST 2021
Valid To - Mon Apr 14 02:59:59 AST 2031
MD5 : e6:7b:58:6f:70:46:bf:e0:aa:51:f6:66:0b:11:9d:d9
SHA1 : 1c:58:a3:a8:51:8e:87:59:bf:07:5b:76:b7:50:d4:f2:df:26:4f:cd
Subject - CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
Issuer - CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Valid From - Fri Nov 10 03:00:00 AST 2006
Valid To - Mon Nov 10 03:00:00 AST 2031
MD5 : 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e
SHA1 : a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36
Accept certificate? [N]o, [T]emporarily, [P]ermanently : P
[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=elytron/key-
store=httpsKS:add(path=”/app01/wildfly/domain/configuration/XXXXX.jks”, credential-
reference={clear-text=qwe333@@}, type=JKS)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined
}
[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined
}
[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=elytron/server-ssl-
context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined
}
[domain@10.1.25.196:8443 /] reload --host=master
[domain@10.1.25.196:8443 /] exit
[domain@10.1.25.196:8443 /] batch
[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:undefine-attribute(name=security-realm)
[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:write-attribute(name=ssl-context,value=httpsSSC)
[domain@10.1.25.196:8443 /] run-batch
[jbapps@sapjbint01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.192:9990
[domain@10.1.25.192:9990 /] /host=master/subsystem=elytron/key-
store=httpsKS:add(path=XXXXX.jks,relative-to=jboss.domain.config.dir,credential-
reference={clear-text=qwe333@@},type=JKS)
{"outcome" => "success"}
[domain@10.1.25.192:9990 /] /host=master/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})
{"outcome" => "success"}
[domain@10.1.25.192:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key-
manager=httpsKM,protocols=["TLSv1.2"])
{"outcome" => "success"}
[domain@10.1.25.192:9990 /] /host=master/core-service=management/management-
interface=http-interface:write-attribute(name=ssl-context,value=httpsSSC)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined,
"response-headers" => {"process-state" => "reload-required"}
}
[domain@10.1.25.192:9990 /] /host=master/core-service=management/management-interface=http-
interface:write-attribute(name=secure-interface,value=management)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined,
"response-headers" => {"process-state" => "reload-required"}
}
[domain@10.1.25.192:9990 /] /host=master/core-service=management/management-interface=http-
interface:write-attribute(name=secure-port,value=8443)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined,
"response-headers" => {"process-state" => "reload-required"}
}
[domain@10.1.25.192:9990 /] reload --host=master
Unable to connect due to unrecognised server certificate
Subject - CN=
.XXXXX.com,O=XXXX, L=XXXXX,C=XXXX - CN=DigiCert TLS RSA
SHA256 2020 CA1, O=DigiCert Inc, C=US
Valid From - Wed Oct 13 03:00:00 AST 2021
Valid To - Mon Nov 14 02:59:59 AST 2022
MD5 : ab:b7:3b:44:74:73:f2:59:c9:56:15:41:ca:8f:ff:95
SHA1 : 25:a7:c0:aa:1a:e3:4c:e4:c2:30:c2:28:46:a9:70:f2:5d:02:f7:06
Subject - CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US
Issuer - CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Valid From - Wed Apr 14 03:00:00 AST 2021
Valid To - Mon Apr 14 02:59:59 AST 2031
MD5 : e6:7b:58:6f:70:46:bf:e0:aa:51:f6:66:0b:11:9d:d9
SHA1 : 1c:58:a3:a8:51:8e:87:59:bf:07:5b:76:b7:50:d4:f2:df:26:4f:cd
Subject - CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
Issuer - CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Valid From - Fri Nov 10 03:00:00 AST 2006
Valid To - Mon Nov 10 03:00:00 AST 2031
MD5 : 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e
SHA1 : a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36<

Accept certificate? [N]o, [T]emporarily, [P]ermanently : P
[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=elytron/key-
store=httpsKS:add(path=”/app01/wildfly/domain/configuration/XXXXX.jks”, credential-
reference={clear-text=qwe333@@}, type=JKS)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined
}
[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined
}
[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=elytron/server-ssl-
context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])
{
"outcome" => "success",
"result" => undefined,
"server-groups" => undefined
}
[domain@10.1.25.192:8443 /] reload --host=master
[domain@10.1.25.192:8443 /] batch
[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https-
listener=https:undefine-attribute(name=security-realm)
[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https-
listener=https:write-attribute(name=ssl-context,value=httpsSSC)
[domain@10.1.25.192:8443 /] run-batch

  1. Configuring Multicast Go through the following steps to configure Multicast. Update “jboss.default.multicast.address” for all three below
  2. Configuring Access Log In the master host, use the following commands. /profile=full-ha /subsystem=undertow/server=default-server/host=default-host/setting=access- log:add(pattern="%h %l %u %t \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\" Cookie: \"%{i,COOKIE}\" Set-Cookie: \"%{o,SET-COOKIE}\" SessionID: %S Thread: \"%I\" TimeTaken: %T") /profile=full-ha/subsystem=undertow/server=default-server/http-listener=default:write- attribute(name=record-request-start-time,value=true) reload --host=master --- [domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/http- listener=default:write-attribute(name=record-request-start-time,value=true) { "outcome" => "success", "result" => undefined, "server-groups" => {"T24_ATM" => {"host" => { "master" => {"T24ATM_1" => {"response" => { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } }}}, "slvatm02" => {"T24ATM_2" => {"response" => { "outcome" => "success", "result" => undefined, "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } }}} }}} } [domain@10.1.25.196:8443 /] reload --host=master To change the Log path (on both master and slave nodes) use the following commands. cd /app01/wildfly/domain/configuration/ mv servers servers_OLD mkdir -p servers chmod -R 775 servers Use the following commands for server log rotation. Use the following commands for Access log rotation. /subsystem=logging/pattern-formatter=access-log-formatter:add(pattern="%s%n") /subsystem=logging/size-rotating-file-handler=access-log:add(autoflush=true, append=true, named- formatter=access-log-formatter, rotate-size=10m, max-backup-index=10, file={path=access.log, relative-to=jboss.server.log.dir}) /subsystem=logging/logger=io.undertow.accesslog:add(handlers=[access-log], use-parent- handlers=false) /subsystem=undertow/server=default-server/host=default-host/setting=access-log:write- attribute(name=use-server-log, value=true) [jbapps@sapjbatm01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.196:9990 [domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=logging/pattern-formatter=access-log- formatter:add(pattern="%s%n") { "outcome" => "success", "result" => undefined, "server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" => {"outcome" => "success"}}}}}} } [domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=logging/size-rotating-file-handler=access- log:add(autoflush=true, append=true, named-formatter=access-log-formatter, rotate-size=10m, max-backup-index=10, file={path=access.log, relative-to=jboss.server.log.dir}) { "outcome" => "success", "result" => undefined, "server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" => {"outcome" => "success"}}}}}} } [domain@10.1.25.196:8443 /] /profile=full full full-ha [domain@10.1.25.196:8443 /] /profile=full- ha/subsystem=logging/logger=io.undertow.accesslog:add(handlers=[access-log], use-parent- handlers=false) { "outcome" => "success", "result" => undefined, "server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" => {"outcome" => "success"}}}}}} } [domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default- server/host=default-host/setting=access-log:write-attribute(name=use-server-log, value=true) { "outcome" => "success", "result" => undefined, "server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" => { "outcome" => "success", "response-headers" => { "operation-requires-reload" => true, "process-state" => "reload-required" } }}}}}} } [domain@10.1.25.196:8443 /] reload --host=master [domain@10.1.25.196:8443 /] exit And with that, you should be good to go!

This article was originally published on our company blog.

Top comments (0)