Please use the newest JBoss EAP 6.1.0.Final to follow this document, or you'll meet a lot of bugs.
In this article, I'd like to show you how to setup JBoss AS7 in domain mode and enable clustering so we can get HA (high availability) and session replication among the nodes. It's a step to step guide so you can follow the instructions in this article and build the sandbox by yourself.
We need to prepare two hosts (or virtual hosts) to do the experiment. We will use these two hosts as follows:
- Install Fedora 16 on them (Another linux version may also work, but I'll use Fedora 16 in this article)
- Make sure the hosts are in same local network
- Make sure that they can access each other via different TCP/UDP ports (it's better to turn off firewall and disable SELinux during the experiment or they will cause network problems).
Here are some details on what we are going to do:
- Let's call one host 'master' and the other one 'slave'.
- Both master and slave will run AS7, and master will run as domain controller, slave will under the domain management of master.
- Apache httpd will be run on master, and we'll enable the mod_cluster module in httpd. The as7 on master and slave will form a cluster and be discovered by httpd.
- We will deploy a demo project into domain and verify that the project is deployed into both master and slave by domain controller. Thus we could confirm that domain management provide us a single point to manage the deployments across multiple hosts in a single domain.
- We will access the cluster URL and verify that httpd has distributed the request to one of the as7 host. This helps us confirm that the cluster is working properly.
- We will try to make a request to the cluster, and if the request is forwarded to master as7, we then kill the as7 process on master. After that we will go on requesting cluster and we should see that the request has been forwarded to slave, but the session has not been lost. Our goal is to verify the HA is working and sessions are replicated.
- After the previous step has been completed we reconnect the master as7 by restarting it. We should see the master as7 is registered back into cluster, and we should also see slave as7 recognizes master as7 as domain controller again and connects to it.
Please don't worry if you cannot digest so all the details now. Let's move on and you will get the points step by step.
First we should download the AS7 from website:
The version I downloaded is 7.1.0.CR1b, please don't use the version prior to this one, or you will meet this bug when running in clustering mode:
After the download has completed, I have the zip file:
Then I unzipped the package to master and try a test run:
If everything ok we should see AS7 successfully startup in domain mode:
Now exit as7 and let's repeat the same steps on slave host. Finally we get AS7 run on both master and slave, then we can move onto the next step.
In this section we'll setup both master and slave for them to run in domain mode. And we will configure master to be the domain controller.
First open the host.xml in master as7 for editing:
The default settings for interface in this file is like:
We need to change the address to the management interface so slave can connect to master. The public interface allows the application to be accessed by non-local HTTP, and the unsecured interface allows remote RMI access. My master's ip address is 10.211.55.7, so I change the config to:
Now we will setup interfaces on slave. First we need to remove the domain.xml from slave, because slave will not act as domain controller and is under the management of master. I just rename the domain.xml so it won't be processed by as7:
From AS 7.1.Final you don't need to rename domain.xml anymore.
Then let's edit host.xml. Similar to the steps on master, open host.xml first:
The configuration we'll use on slave is a little bit different because we need to let slave as7 connect to master as7. First we need to set the hostname. We change the name property from:
Then we need to modify domain-controller section so slave as7 can connect to master's management port:
As we know, 10.211.55.7 is the ip address of master.
Finally, we also need to configure interfaces section and expose the management ports to public address:
10.211.55.2 is the ip address of the slave. Refer to the domain controller configuration above for an explanation of the management, public, and unsecured interfaces.
|It is easier to turn off all firewalls for testing, but in production, you need to enable the firewall and allow access to the following ports: TBD|
If you start as7 on both master and slave now, you will see the slave as7 cannot be started with following error:
Because we haven't properly set up the authentication between master and slave. Now let's work on it:
In bin directory there is a script called add-user.sh, we'll use it to add new users to the properties file used for domain management authentication:
As shown above, we have created a user named 'admin' and its password is '123123'. Then we add another user called 'slave':
We will use this user for slave as7 host to connect to master.
|Notice that the username must be equal to the name given in the slaves host element. That means that for each additional host you need a user.|
In newer versions of JBoss AS7, the add-user.sh will let you choose the type of the user. Here we need to choose 'Management User' type for both 'admin' and 'slave' account:
In slave we need to configure host.xml for authentication. We should change the security-realms section as following:
We've added server-identities into security-realm, which is used for host authentication when slave tries to connect to master. Because the slave's host name is set as 'slave', so we should use the 'slave' user's password on master. In the secret value property we have 'MTIzMTIz=', which is the base64 code for '123123'. You can generate this value by using a base64 calculator such as the one at http://www.webutils.pl/index.php?idx=base64.
Then in domain controller section we also need to add security-realm property:
So the slave host could use the authentication information we provided in 'ManagementRealm'.
The newer version of JBoss AS7 has enforced the security checking for HornetQ. So you need to some additional configuration in domain controller. Open domain.xml of master and find:
This is the config for hornetq, we need to put 'cluster-user' and 'cluster-password' into it:
|There are two "<subsystem xmlns="urn:jboss:domain:messaging:1.3">" config sections in domain.xml. One is for "<profile name="full">" and another for "full-ha". If you have activated both of these two profiles, then you should put the 'cluster-user' and 'cluster-password' settings in both of them.|
The 'cluster-user' and 'cluster-password' settings are just user-defined values; you can choose whatever you want. The authentication scheme used by HornetQ here is simple: when a host connects to domain controller, the HornetQ instance running on domain controller will tell the host its 'cluster-user' and 'cluster-password' settings. Then the connected host's HornetQ instance will use this setting to communicate and form a cluster with other HornetQ instances running in the domain. This is a simple but effective way to prevent some outsiders from participating on this domain's HornetQ cluster.
If you do not want to use this security scheme, just disable it in "<subsystem xmlns="urn:jboss:domain:messaging:1.3">":
Now everything is set for the two hosts to run in domain mode. Let's start them by running domain.sh on both hosts. If everything goes well we should see the following in the log on master:
That means all the configurations are correct and the two hosts are running in domain mode now as expected. Hurrah!
Now we can deploy a demo project into the domain. I have created a simple project located at:
We can use git command to fetch a copy of the demo:
In this demo project we have a very simple web application. In web.xml we've enabled session replication by adding following entry:
And it contains a jsp page called put.jsp which will put current time to a session entry called 'current.time':
Then we could fetch this value from get.jsp:
It's an extremely simple project but it could help us to test the cluster later: We will access put.jsp from cluster and see the request are distributed to master, then we disconnect master and access get.jsp. We should see the request is forwarded to slave but the 'current.time' value is held by session replication. We'll cover more details on this one later.
Let's go back to this demo project. Now we need to create a war from it. In the project directory, run the following command to get the war:
It will generate cluster-demo.war. Then we need to deploy the war into domain. First we should access the http management console on master (Because master is acting as domain controller):
It will popup a windows prompting you to input an account name and a password; we can use the 'admin' account we've just added. After logging in we will see the 'Server Instances' window. By default there are three servers listed, which are:
We can see server-one and server-two are in running status and they belong to main-server-group; server-three is in idle status, and it belongs to other-server-group.
All these servers and server groups are set in domain.xml on master as7. What we are interested in is the 'other-server-group' in domain.xml:
We could see this server-group is using 'ha' profile, which then uses 'ha-sockets' socket binding group. It enable all the modules we need to establish the cluster later (including infinispan, jgroup and mod_cluster modules). So we will deploy our demo project into a server that belongs to 'other-server-group', so 'server-three' is our choice.
|In newer version of JBoss AS7, the profile 'ha' changes to 'full-ha':|
Now server-three is not running, so let's click on 'server-three' and then click the 'start' button at bottom right of the server list. Wait a moment and server-three should start now.
Now we should also enable 'server-three' on slave: From the top of menu list on left side of the page, we could see now we are managing master currently. Click on the list, and click 'slave', then choose 'server-three', and we are in slave host management page now.
Then repeat the steps we've done on master to start 'server-three' on slave.
|server-three on master and slave are two different hosts, their names can be different.|
After server-three on both master and slave are started, we will add our cluster-demo.war for deployment. Click on the 'Manage Deployments' link at the bottom of left menu list.
(We should ensure the server-three are running on both master and slave)
Then enter 'Manage Deployments' page, click 'Add Content' at top right corner. Then we should choose our cluster-demo.war and follow the instruction to add it into our content repository.
Now we can see cluster-demo.war is added. Next we click 'Add to Groups' button and add the war to 'other-server-group' and then click 'save'.
After waiting a few seconds, the management console should tell you that the project is deployed into 'other-server-group'.：
Please note we have two hosts participate in this server group, so the project should be deployed in both master and slave now - that's the power of domain management.
Now let's verify this by trying to access cluster-demo from both master and slave. They should all work now:
Now that we have finished the project deployment and see the usages of domain controller, we will then head up for using these two hosts to establish a cluster
|Why the port number is 8330 instead of 8080? Please check the settings in host.xml on both master and slave:
The port-offset is set to 250, so 8080 + 250 = 8330
Now we quit the as7 process on both master and slave. We have some work left on host.xml configurations. Open the host.xml of master, and make the following modifications to the servers section changing from:
We've set auto-start to true so we don't need to enable it in management console each time as7 restart. Now open slave's host.xml, and modify the server-three section:
Besides setting auto-start to true, we've renamed the 'server-three' to 'server-three-slave'. We need to do this because mod_cluster will fail to register the hosts with same name in a single server group. It will cause name conflict.
After finishing the above configuration, let's restart two as7 hosts and go on to cluster configuration.
We will use mod_cluster + apache httpd on master as our cluster controller here. Because AS7 has been configured to support mod_cluster out of box so it's the easiest way.
|The AS7 domain controller and httpd are not necessary to be on same host. But in this article I just install them all on master for convenience.|
First we need to ensure that httpd is installed:
And then we need to download newer version of mod_cluster from its website:
The version I downloaded is:
|Jean-Frederic has suggested to use mod_cluster 1.2.x. Because 1.1.x it is affected by CVE-2011-4608
With mod_cluster-1.2.0 you need to add EnableMCPMReceive in the VirtualHost.
Then we extract it into:
Then we edit httpd.conf:
We should add the modules:
Please note we should comment out:
This is in conflict with cluster module. Then we need to make httpd listen to public address so we can do the testing. Because we installed httpd on master host we know the ip address of it:
Then we do the necessary configuration at the bottom of httpd.conf:
|For more details on mod_cluster configurations please see this document:|
If everything goes well we can now start the httpd service:
Now we access the cluster:
We should see the request is distributed to one of the hosts(master or slave) from the as7 log. For me the request is sent to master:
Now I disconnect master as7 by using the management interface. Select 'runtime' and the server 'master' in the upper corners.
Select 'server-three' and kick the stop button, the active-icon should change.
Killing the server by using system commands will have the effect that the Host-Controller restart the instance immediately!
Then wait for a few seconds and access cluster:
Now the request should be served by slave and we should see the log from slave as7:
From the get.jsp we should see that the time we get is the same we've put by 'put.jsp'. Thus it's proven that the session has been correctly replicated to slave.
Now we restart master as7 and should see the host is registered back to cluster.
|It doesn't matter if you found the request is distributed to slave at first time. Then just disconnect slave and do the testing, the request should be sent to master instead. The point is we should see the request is being redirected from one host to another and the session is held.|
- If you'd like to understand how to set multiple httpd load balancers in a cluster, please refer to this article: Setting multiple mod_cluster load balancers in clustering environment
- This article is focusing on AS7 domain mode + mod_cluster integration. If you are interested in using AS7 with mod_jk, please check Using mod_jk with JBoss AS7
- If you want to know how to develop an application with AS7, please check Developing JSF Project Using JBoss AS7, Maven and IntelliJ
Wolf-Dieter Fink has contributed the updated add-user.sh usages and configs in host.xml from 7.1.0.Final.
Jean-Frederic Clere provided the mod_cluster 1.2.0 usages.
Misty Stanley-Jones has given a lot of suggestions and helps to make this document readable.