Red Hat JBoss Enterprise Application Platform Administration I
Interpret the
standalone.xmlconfiguration file.Make configuration changes and updates to JBoss EAP as a standalone server.
You configure Red Hat JBoss Enterprise Platform (JBoss EAP) in a single XML file.
For a standalone server, the file is standalone.xml in the JBOSS_HOME/standalone/configuration/ directory.
The general structure of standalone.xml is similar to the following content:
<server xmlns="urn:jboss:domain:16.0">
<extensions>
...list of extensions here
</extensions>
<system-properties>
...system properties defined here
</system-properties>
<management>
...management interfaces defined here
</management>
<profile>
...list of subsystems and their configurations
</profile>
<interfaces>
...interface definitions
</interfaces>
<socket-binding-group>
...socket binding definitions
</socket-binding-group>
<deployments>
...deployed applications go here
</deployments>
</server>Extensions are modules that extend the core capabilities of the server.
A module is a bundle composed of a library developed in Java and an XML configuration file that provides Jakarta Enterprise Edition (Jakarta EE) compliant functionalities.
An extension defines one or more subsystems based on a module.
The <extensions> element contains a list of <extension> elements that make a subsystem available to that server.
For example, the following excerpt describes a list of extensions available to a server, including ejb3, which is responsible for providing the Enterprise Java Beans (EJB) runtime:
<extensions>
<!-- list all extensions that you want made available to this server -->
<extension module="org.jboss.as.clustering.infinispan"/>
<extension module="org.jboss.as.deployment-scanner"/>
<extension module="org.jboss.as.ejb3"/>
<extension module="org.jboss.as.jpa"/>
</extensions>Each extension must be declared in the standalone.xml file.
Each extension refers to a module.
The module has to be at the JBOSS_HOME/modules/system/layers/base/ directory.
In order to manage the extension, JBoss EAP requires a <subsystem> tag where all customization needed for that subsystem is declared.
This is discussed later during the course.
Note
To find the module, JBoss EAP uses the module name.
For example, to locate the org.jboss.as.jpa module, JBoss EAP searches for the org/jboss/as/jpa/ directory in the JBOSS_HOME/modules directory.
The <management> section is used for defining the following elements:
- The
management-interfaceselement Management interfaces enable remote clients to connect to the JBoss EAP instance to manage the instance. By default, JBoss EAP exposes the HTTP interface, which provides access to the management console and the management CLI.
You can also activate the HTTPS management interface. Refer to the references section to learn more about the HTTPS interface.
The following XML excerpt shows the default management interfaces configuration:
<management> ... <management-interfaces> <http-interface security-realm="ManagementRealm"> <http-upgrade enabled="true"/> <socket-binding http="management-http"/> </http-interface> </management-interfaces> ... </management>The
management-httpsocket binding is defined later in the configuration file in the<socket-binding-group>section. The<socket-binding-group>section defines the actual address and port, where these interfaces listen on.- The
audit-logelement In this element, you enable and configure an audit logging to register the activity of the management tools. JBoss EAP registers the management operations performed through the management console, or the management CLI.
Refer to the references section to learn more about the management interface audit logging.
- The
security-realmselement A security realm stores user names, passwords, and information about group membership.
In the following XML code, the
<security-realm>tag defines aManagementRealm. This realm is used by the management interface from the previous XML code. It refers to themgmt-users.propertiesfile, where user credentials are stored.Note
In a production environment, this realm is replaced with a database or LDAP realm.
The
security-realmtag namedApplicationRealmis used by client applications that need to access EAP remotely.<management> ... <security-realms> <security-realm name="ManagementRealm"> <authentication> <local default-user="$local" skip-group-loading="true"/> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization map-groups-to-roles="false"> <properties path="mgmt-groups.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> <security-realm name="ApplicationRealm"> <server-identities> <ssl> <keystore path="application.keystore" relative-to="jboss.server.config.dir" keystore-password="password" alias="server" key-password="password" generate-self-signed-certificate-host="localhost"/> </ssl> </server-identities> <authentication> <local default-user="$local" allowed-users="*" skip-group-loading="true"/> <properties path="application-users.properties" relative-to="jboss.server.config.dir"/> </authentication> <authorization> <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/> </authorization> </security-realm> </security-realms> ... </management>The security realms are discussed in detail later on in this course.
A profile is a collection of subsystems. A subsystem is where you configure the extensions of the JBoss EAP standalone instance. Adding a subsystem to a profile has two purposes:
When the subsystem is inside a profile, then that subsystem is available to the server using that profile.
The subsystem enables to configure the extension to suit the user's specific needs.
The domain mode defines different profiles, but the standalone server mode defines only one.
The <profile> element includes a collection of <subsystem> child elements, and each <subsystem> entry consists of the unique configuration settings of that particular extension.
Some subsystem definitions do not require any settings, like the jsf and jaxrs subsystems:
<profile>
<subsystem xmlns="urn:jboss:domain:jsf:1.1"/>
<subsystem xmlns="urn:jboss:domain:jaxrs:2.0"/>
...other subsystem definitions...
</profile>Some subsystems might include many configuration settings, such as the datasources subsystem:
<profile>
<subsystem xmlns="urn:jboss:domain:datasources:6.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true" statistics-enabled="${wildfly.datasources.statistics-enabled:${wildfly.statistics-enabled:false}}">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
</profile>The child elements of the <subsystem> elements are unique for each individual subsystem.
You must inspect the corresponding schema to learn about the subsystem and determine how to configure a particular one.
The schema documents are in the JBOSS_HOME/docs/schema directory.
For example, to view the settings for configuring the datasources subsystem, inspect its schema at the JBOSS_HOME/docs/schema/wildfly-datasources_6_0.xsd file.
References
For more general information about management of JBoss EAP, refer to the JBoss EAP Management chapter in the Configuration Guide in the Red Hat JBoss EAP 7 documentation at https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/configuration_guide/index#jboss_eap_management
For more information about the security of management interfaces, refer to the Advanced Security subsection of the Core Management Authentication section in the Security Architecture guide in the Red Hat JBoss EAP 7 documentation at https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/security_architecture/index#advanced_security
For more information about the audit logging, refer to the Management Audit Logging section in the Configuration Guide in the Red Hat JBoss EAP 7 documentation at https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/configuration_guide/index#management_audit_logging
For more information about each JBoss EAP subsystems, refer to the subsystem chapter in the Configuration Guide in the Red Hat JBoss EAP 7 documentation at https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/configuration_guide/
