JBoss.orgCommunity Documentation
This section will describe how to install Overlord Runtime Governance in different environments.
If switchyard is not installed, then you won’t be able to use the quickstarts, which are based around providing runtime governance for a switchyard application.
Note: The difference between the installation types is,
| Value | Description |
|---|---|
client | This will result in only the activity collector functionality being installed, using a RESTful client to communicate with a remote Runtime Governance server. |
all | This will result in the full server configuration being installed into the server, including activity collector (for obtaining activities generated within that server), activity server (for receiving activity information whether from a remote client or internal activity collector), event processor network (to analyse the events), active collections (to maintain result information) and a collection of REST services to support remote access to the information. This is the default value. |
./install.sh [ -Dpath=<location> ]
The <location> represents the folder where the JBoss EAP or Wildfly environment exists. If the <location> is not explicitly provided on the command line, then the user will be prompted for the information.
To uninstall, simply perform the following command in the root folder of the installation:
./uninstall.sh [ -Dpath=<location> ]
To start the server, go to the EAP/Wildfly bin folder and run:
./standalone.sh -c standalone-full.xml
The final step is to configure KeyCloak with the Governance realm. This is achieved by following these steps:
You can also import this governance realm by providing the file as an option when starting the server, e.g.
./standalone.sh -c standalone-full.xml -Dkeycloak.import=<path-to-distribution>/dist/governance-realm.json
The configuration properties for the Runtime Governance capability are found in the <root>/standalone/configuration/overlord-rtgov.properties file.
Although there will be some properties that are independent of the installation type, some will be specific and therefore are listed in separate sections below.
The common properties available across all installation types are:
| Property | Description |
|---|---|
collectionEnabled | This property will determine whether activity information is collected when the server is initially started. This value can be changed at runtime using the ActivityCollector MBean (see the chapter on Managing the Infrastructure). |
ActivityServerLogger.activityListQueueSize | This property defines the queue size for pending activity lists, that are awaiting being reported to the Activity Server. |
ActivityServerLogger.durationBetweenFailureReports | To avoid logs being overlorded with failure reports, failures will only be reported once within the defined time interval (in milliseconds). |
ActivityServerLogger.freeActivityListQueueSize | This property defines the queue size to manage free activity lists that can be reused. |
ActivityServerLogger.maxThreads | This property is an integer that represents the maximum number of threads that should be used to report activity events to the server (whether remote or embedded). |
BatchedActivityUnitLogger.maxTimeInterval | The maximum wait interval (in milliseconds) before sending any held activity units to the Activity Server. |
BatchedActivityUnitLogger.maxUnitCount | The maximum number of activity units that should be held before sending as a batch to the Activity Server. |
| Property | Description |
|---|---|
ActiveCollectionManager.houseKeepingInterval | Time interval (in milliseconds) between house keeping tasks being invoked. |
ActivityStore.class | The class associated with the Activity Store implementation to be used. |
Elasticsearch.server | URL to the Elasticsearch server (HTTP port). |
infinispan.container | The infinispan container to use. |
MVELSeverityAnalyzer.scriptLocation | Optional location of a MVEL script used to determine severity levels for nodes and links within the service overview diagram. |
SituationStore.class | The class associated with the Situation Store implementation to be used. |
Activity and Situation Store implementation specific properties will be discussed in the database section below.
As part of the full installation, the RTGov UI is also installed, and includes the following additional properties:
| Property | Description |
|---|---|
SwitchYardServicesProvider.serverURLs | A comma separated list of URLs that can be used to resubmit messages to a SwitchYard server. The URLs are used with a round robin strategy. (The default values is http://localhost:8080) |
SwitchYardServicesProvider.jmxURL | The URL for the remote MBeanServer connection. If no value is provided, then a local MBeanServer connection will be used. |
SwitchYardServicesProvider.jmxUsername | Username for the remote MBeanServer connection. |
SwitchYardServicesProvider.jmxPassword | Password for the remote MBeanServer connection. |
UI.manualResolution | Resolution state will automatically be changed based on the outcome of a resubmission, but this boolean property determines whether resolution state change buttons should be included on the Situation details page, to allow a user to manually change the state. The default value is "true". |
This installation type is used to configure an execution environment that will be sending its activity information to a remote Runtime Governance server using REST. The relevant properties are:
| Property | Description |
|---|---|
RESTActivityServer.serverURL | This is the URL of the activity server collecting the activity events. |
RESTActivityServer.serverUsername | The username used to access the REST service. |
RESTActivityServer.serverPassword | The password used to access the REST service. |
This section described the configuration of the supported database options.
This is the default "out of the box" configuration.
To use Elasticsearch as the Activity and Situation Store implementation, the following property values need to be defined:
ActivityStore.class=org.overlord.rtgov.activity.store.elasticsearch.ElasticsearchActivityStore SituationStore.class=org.overlord.rtgov.analytics.situation.store.elasticsearch.ElasticsearchSituationStore
with the additional support properties:
| Property | Description |
|---|---|
Elasticsearch.hosts | Either has value "embedded" (the default), or a list of <host>:<port> values representing nodes in the Elasticsearch cluster, the port representing the TCP transport connection. |
Elasticsearch.schedule | When using batched mode, the interval (in milliseconds) between updates being sent to the Elasticsearch server. |
Elasticsearch.ActivityStore.responseSize | Maximum size for the response (default value 100000). |
Elasticsearch.ActivityStore.timeout | "Best effort" timeout value (milliseconds) (default value 10000ms). |
Elasticsearch.SituationStore.responseSize | Maximum size for the response (default value 100000). |
Elasticsearch.SituationStore.timeout | "Best effort" timeout value (milliseconds) (default value 10000ms). |
The following information describes the Elasticsearch clustering options that are supported with RTGov. For more information please see http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/modules-node.html
Out of the box, RTGov starts up with an in-VM Elasticsearch node for convenience. Such a setup is not recommended for a production environment for the following reasons:
RTGov does not attempt to wrap or hide the standard Elasticsearch configurations. If you know how to tweak and tune an Elasticsearch node then these configuration changes can be applied to the appropriate location (dependent upon platform):
| Value | Description |
|---|---|
EAP or Wildfly | The configuration properties for the Runtime Governance capability are found in the <root>/standalone/configuration/overlord-rtgov.properties file. |
If you want to learn how to configure and tune Elasticsearch then please reference the Elasticsearch documentation at http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html
Some of those configuration properties that may need to be changed include:
There are 3 ways Elasticsearch cluster communication can be configured within RTGov:
Local Elasticsearch embedded server
node.local=true
This configuration does not communicate outside of the VM, only performing discovery of Elasticsearch nodes started on the same same VM.
Client only with no local data
When you start an Elasticsearch client, the most important decision is whether it should hold data or not. In other words, should indices and shards be allocated to it. Many times we would like to have the clients just be clients, without shards being allocated to them. This is simple to configure by setting either:
node.data=false
and/or
node.client=true
With this configuration, the client is cluster aware and can route its data to the responsible shards avoiding a double hop.
Clustered client with local data
This is the default "out of the box" configuration for RTGov. This starts a simple Elasticsearch node that can hold data and also join other Elasticsearch nodes in a cluster.
node.data=true node.client=false node.local=true
To use a SQL database as the Activity and Situation Store implementation, the following property values need to be defined:
| Property | Value |
|---|---|
ActivityStore.class |
|
SituationStore.class |
|
with the additional support properties:
| Property | Description |
|---|---|
JPAActivityStore.jndi.datasource | The JNDI name used to retrieve the datasource. |
JPAEventProcessor.jndi.datasource | The JNDI name used to retrieve the datasource. |
JPASituationStore.jndi.datasource | The JNDI name used to retrieve the datasource. |
JpaStore.jtaPlatform | The JTA platform Java implementation class. |
As of RTGov 2.x, Elasticsearch is the main supported implementation of the Activity and Situation Store.
When RTGov has been installed, try out the samples to get an understanding of its capabilities, and check that your environment has been correctly installed/configured.
To install the samples into JBoss EAP go to the samples folder in the distribution. You will need to install Apache Maven to be able to use the examples.
The key examples are explained below. Each quickstart also has a readme providing the instructions for use.
The samples/ordermgmt folder contains examples related to an Order Management system implemented using a SwitchYard application.
The samples/ordermgmt/app folder contains the switchyard application, with some additional interceptors to execute policies synchronously (see Activity Validators section for more information, and the Synchronous Policy quickstart more a specific example of its use).
The samples/ordermgmt/epn folder contains an Event Processor Network (see later section for details) that is used to convert switchyard application exceptions into "Situations", which is a form of alert used by the Runtime Governance platform.
The samples/ordermgmt/ip folder contains an Information Processor (see later sectoin for details) that is used to extract additional information from message payloads, that will be useful when analysing the activity events.
The samples/policy/sync folder contains a policy that is invoked synchronously - it determines whether a user has invoked the service more than once every two seconds, and if so, blocks the service invocation.
The samples/policy/async folder contains a policy for asynchronously calculating the debt associated with a customer, and suspending their account if it goes above a defined level. The suspended status of the customer is checked when they next invoke the service, and the service invocation blocked if they have been suspended.
The database is defined by the datasource configuration located here: $JBOSS_HOME/standalone/deployment/overlord-rtgov/rtgov-ds.xml as part of the server installation type.
The default SQL database is the H2 file based database, and is created during the installation of the all type.
The following sections discuss changes to the standalone-full.xml configuration file. If using a clustered
environment, then these changes should be applied to the standalone-full-ha.xml instead.
MySQL
$JBossAS/modules/mysql/main.
$JBossAS/modules/mysql/main folder, e.g. mysql-connector-java-5.1.12.jar.
$JBossAS/modules/mysql/main folder, with the contents:
<module xmlns="urn:jboss:module:1.1" name="mysql">
<resources>
<resource-root path="mysql-connector-java-5.1.12.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>
$JBossAS/standalone/configuration/standalone-full.xml file to include the MySQL driver:
<subsystem xmlns="urn:jboss:domain:datasources:1.0">
<datasources>
.....
<drivers>
...
<driver name="mysql" module="mysql">
<xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
$JBossAS/standalone/deployments/overlord-rtgov/rtgov-ds.xml, the contents should be:
<?xml version="1.0" encoding="UTF-8"?>
<datasources>
<datasource jndi-name="java:jboss/datasource/OverlordRTGov" pool-name="OverlordRTGov" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://localhost:3306/rtgov</connection-url>
<driver>mysql</driver>
<security>
<user-name>root</user-name>
<password></password>
</security>
</datasource>
</datasources>
Postgres
$JBossAS/modules/org/postgresql/main folder.
$JBossAS/modules/org/postgresql/main folder, e.g. postgresql-9.1-902.jdbc4.jar.
$JBossAS/modules/org/postgresql/main folder, with the contents:
<module xmlns="urn:jboss:module:1.1" name="org.postgresql">
<resources>
<resource-root path="postgresql-9.1-902.jdbc4.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
</dependencies>
</module>
$JBossAS/standalone/configuration/standalone-full.xml file to include the PostgresSQL driver:
<subsystem xmlns="urn:jboss:domain:datasources:1.0">
<datasources>
.....
<drivers>
...
<driver name="postgresql" module="org.postgresql">
<xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
$JBossAS/standalone/deployments/overlord-rtgov/rtgov-ds.xml, the contents should be:
<?xml version="1.0" encoding="UTF-8"?>
<datasources>
<datasource jndi-name="java:jboss/datasource/OverlordRTGov" pool-name="OverlordRTGov" enabled="true" use-java-context="true">
<connection-url>jdbc:postgresql://localhost:5432/rtgov</connection-url>
<driver>postgresql</driver>
<security>
<user-name>....</user-name>
<password>....</password>
</security>
</datasource>
</datasources>
The EPN and Active Collection mechanisms both have the ability to make use of caching provided by infinispan. When running the server in clustered mode (i.e. with standalone-full-ha.xml).
First step is to uncomment the infinispan.container property in the overlord-rtgov.properties file and set it to the JNDI name of the cache container (java:jboss/infinispan/container/rtgov in the example below). This property represents the default cache container to be used by EPN and Active Collection Source configurations that do not explicitly provide a container JNDI name.
The next step is to create the cache container configuration, and the specific caches, under the infinispan subsystem in the standalone-full-ha.xml file. As an example, the following cache entry for the "Principals" cache has been defined, for use with the Policy Enforcement examples:
<cache-container name="rtgov" jndi-name="java:jboss/infinispan/container/rtgov" start="EAGER">
<transport lock-timeout="60000"/>
<replicated-cache name="Principals" mode="SYNC">
<locking isolation="REPEATABLE_READ"/>
<transaction mode="FULL_XA" locking="PESSIMISTIC"/>
</replicated-cache>
</cache-container>