Bug 899361 (JBEWS-390)

Hi Bec

This is one of your books, right?

Cheers

J

Hi Eva,

Could you please take a look at this and see if you can work it into the Installation Guide? Thanks!

Bec

Could you, please, provide me the information I need to add to the installation guide?
Thank you

Here's the paragraph which should be linked:

http://docs.redhat.com/docs/en-US/JBoss_Operations_Network/2.4/html-single/Basic_Admin_Guide/index.html#configuring-tomcat-for-discovery

Paths to startup.sh:

Solaris:
/opt/redhat/ews/share/tomcat5/bin/startup.sh
/opt/redhat/ews/share/tomcat6/bin/startup.sh

RHEL zip - can be installed anywhere, so, $EWS_HOME/tomcat[5|6]/bin/startup.sh
RHEL RPM - I don't know, ask Ivo Studensky

Windows:
"c:\Program Files\Red Hat\Enterprise Web Server\share\tomcat5\bin\startup.sh"
"c:\Program Files\Red Hat\Enterprise Web Server\share\tomcat6\bin\startup.sh"

Maybe you could use $EWS_HOME for simplicity...

As we discussed, let's make it a new chapter, 7, "Monitoring EWS by JON", and link it from the respective places like "See <chapter7> for information on how to monitor EWS by JON" or such.
Places to link would be respective Environment Config sections of all platforms.

The actual content would be similar to
http://docs.redhat.com/docs/en-US/JBoss_Operations_Network/2.4/html/Basic_Admin_Guide/monitoring-resources-special-config.html#configuring-tomcat-for-discovery
only with an example for windows which has different syntax of adding properties to startup.bat .

Also a note - RHEL startup.sh already has this example inside, only commented out.
I filed a bug that the example should go to all platforms.
I think that this will be fulfilled, so you can mention this in this chapter.

Windows syntax:

set JAVA_OPTS="%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=9876"
set JAVA_OPTS="%JAVA_OPTS% -Dcom.sun.management.jmxremote.access.file=c:\jmx\jmxremote.access"
set JAVA_OPTS="%JAVA_OPTS% -Dcom.sun.management.jmxremote.password.file=c:\jmx\jmxremote.password"
set JAVA_OPTS="%JAVA_OPTS% -Dcom.sun.management.jmxremote.ssl=false"
set JAVA_OPTS="%JAVA_OPTS% -Dcom.sun.management.jmxremote.authenticate=false"

I've requested adding sample JMX files to EWS.

Link: Added: This issue is related to JBPAPP-6125

Sun JMX doc: http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html

I need info on how to proceed in Windows (linux instructions are already added).

I have no clue how JON works. To my understandings it needs write privileges
to httpd and tomcat conf directories under an user account.
If that's a case then JON installation must explicitly allow that,
because it has serious impacts on the overall security.

Please redirect question to someone who knows how JON works.

Ondrej. Think I told you
set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=9876"
but never
set JAVA_OPTS="%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=9876"

Mladen,

1) I rather thought that you could verify whether setting JMX for Windows is done the same way as for UNIX.
I've seen Igor using catalina.bat (IIRC the name), so I wonder. You know. The differences between platforms are so big for EWS that I am not sure of anything :)

2) Yes, I told Eva that, only forgot to fix it here. Thanks for mentioning.

Never tried JON, have no clue how it works and what it does and what options it needs.
You should really ask someone from JON.
Management system should provide instructions how to manage a particular system
not the other way around.

I agree that management system should provide instructions on how different components can be used to work with it.
Ondrej, can you please ask someone from the JON team to take a look? we don't have experience with JON. Thanks!

Charles, could you please assign someone to help with this?

Link: Added: This issue is related to JBPAPP-3755

Link: Added: This issue is related to JBPAPP-6122

Evo, one more config type:  Tomcat on RHEL installed from RPMs (aka via yum aka from RHN):

1) Instead of editing startup.sh, user needs to edit /usr/sbin/tomcat<VERSION>  (but setting JAVA_OPTS is the same)
2) More changes in CONNECTION tab in JON:
   Manager URL  =    service:jmx:rmi:///jndi/rmi://localhost:<PORT>/jmxrmi    (same as normal)
   Control Method =  RPM System V init script
   Start Script    = /usr/sbin/tomcat<VERSION>
   Shutdown Script = /usr/sbin/tomcat<VERSION>

Can't verify, I didn't find EWS doc on stage.

Rewording the paragraph once more.
Eva, rather than describing it here, can you give me a link to SVN to this chapter? I'd make a patch and send you.

For me to remember what I wanted: "To make sure that both authentication and SSL are disabled, set the following options in the file:"
-> "Add these JVM options to enable JMX publihing" or such (and then 3 lines of current 5)
4) For development purposes, you might want to disable authentication and SSL. To do so, add these lines:  (2 remaining lines)

Hi Ondrej, what's the progress on this? Did you get the SVN link you were after? Thanks.

I hope I don't come late with this.

Apply the attached patch to https://svn.devel.redhat.com/repos/ecs/JBoss_Enterprise_Web_Server/trunk/1.0/JBoss_EWS_Installation_Guide  r62316
I am quite sure I screwed the XML structure so it needs to be fixed, but the wording is now right in the sense that we don't advice users to unsecure JMX, rather the opposite.
And also, The <important> part will need to add some <para> etc. around the text snippets.

Please apply, re-stage and let me check.

Attachment: Added: JBPAPP-6089-reworded.patch

Attaching XML from which I made the patch.

Attachment: Added: ch-Monitoring_with_JBoss_Operating_Network.xml

Configuring Monitoring
======================

...

Select an available port to use for JMX monitoring (9876 in the example below). Make sure it is not blocked by a firewall.
Then append it to the JAVA_OPTS variable:

* on Red Hat Enterprise Linux and Solaris:</para>

{code}
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.port=9876"
{code}

* on Windows:
{code}
      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.port=9876"
{code}

For development purposes, you might want to disable authentication and SSL. To do so, add these lines:
{code}
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
{code}

In production environments, be sure to set up access credentials, secure JMX with SSL
(refer to http://download.oracle.com/javase/1.5.0/docs/guide/management/agent.html )
and restrict the access with a firewall. Example additonal lines:

* Linux and Solaris:
{code}
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.access.file=$EWS_HOME/jmxremote.access"
      JAVA_OPTS="${JAVA_OPTS} -Dcom.sun.management.jmxremote.password.file=$EWS_HOME/jmxremote.password"
{code}
							
 * Windows:
{code}
      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.access.file=c:\Program Files\Red Hat\Enterprise Web Server\jmxremote.access"
      set "JAVA_OPTS=%JAVA_OPTS% -Dcom.sun.management.jmxremote.password.file=c:\Program Files\Red Hat\Enterprise Web Server\jmxremote.password"
{code}
...

Verified on stage, now it's ok. Good work, Eva.