- From: Peter Donald <
>
- To:
- Subject: [chef] Re: Re: Re: rewriting my tomcat LWRP, how best to group options?
- Date: Tue, 17 Apr 2012 16:58:02 +1000
Hi,
On Tue, Apr 17, 2012 at 3:52 PM, Bryan Berry
<
>
wrote:
>
can you point me to the code you use for configuring your jmx access?
>
Of the top of my head this would be best served by an heavyweight
>
resource provider (HWRP? PORO?) and some helper functions, both of
>
which could live in the in the java cookbook
I don't have the extracted version handy but you can see an older
variant of the functionality in
https://github.com/realityforge-cookbooks/glassfish/blob/master/providers/mq.rb
the relevant parts being
-----
if new_resource.jmx_port
vm_args << "-Dcom.sun.management.jmxremote"
vm_args << "-Dcom.sun.management.jmxremote.port=#{new_resource.jmx_port}"
vm_args <<
"-Dcom.sun.management.jmxremote.access.file=#{instance_dir}/etc/jmxremote.access"
vm_args <<
"-Dcom.sun.management.jmxremote.password.file=#{instance_dir}/etc/jmxremote.password"
vm_args << "-Dcom.sun.management.jmxremote.ssl=false"
end
...
if new_resource.jmx_port && new_resource.jmx_port < 1024
authbind_port "AuthBind GlassFish OpenMQ JMX Port
#{new_resource.jmx_port}" do
port new_resource.jmx_port
user node[:glassfish][:user]
end
end
...
if new_resource.jmx_port
admins = {}
search(:users, "groups:#{new_resource.admin_group} AND
jmx_password:*") do |u|
admins[u['id']] = u['jmx_password']
end
monitors = {}
search(:users, "groups:#{new_resource.monitor_group} AND
jmx_password:*") do |u|
monitors[u['id']] = u['jmx_password']
end
file "#{instance_dir}/etc/jmxremote.access" do
owner node[:glassfish][:user]
group node[:glassfish][:group]
mode "0400"
action :create
content (admins.keys.sort.collect { |username|
"#{username}=readwrite\n" } + monitors.keys.sort.collect { |username|
"#{username}=readonly\n" }).join("")
notifies :restart, resources(:service =>
"omq-#{new_resource.instance}"), :delayed
end
file "#{instance_dir}/etc/jmxremote.password" do
owner node[:glassfish][:user]
group node[:glassfish][:group]
mode "0400"
action :create
content (admins.sort.collect { |username, password|
"#{username}=#{password}\n" } + monitors.sort.collect { |username,
password| "#{username}=#{password}\n" }).join("")
notifies :restart, resources(:service =>
"omq-#{new_resource.instance}"), :delayed
end
end
------------------------------
For jdk logging I also have some similar code but none in a public
space atm. But mostly it is about merging multiple property files if
any values are not set. This essentially allows me to send all the
logs to a central syslog style server (ie graylog)
>
What kind of resource would you like to see for the jdk logging and
>
jmx configuration?
>
>
Do you prefer the layout of what i have in the following example or w/
>
the more explicit xx_opts, d_opts, additional_opts attributes?
>
>
jvm do
>
xms '256m'
>
xmx '512m'
>
jmx do
>
auth
>
ssl
>
end
>
logging do
>
...
>
end
>
end
ultimately I am not entirely sure. The approach I currently use is to
separate the cookbook into 4 components;
* a recipe for the baseline binary install
* resources/providers for all the relevant resources
* a description of the application either in either node properties or
as a databag item
* a recipe that reads the description and invokes the relevant resource
Here's a sample of what I use
override[:glassfish][:domain_definitions][:planner] =
{
:config =>
{
:max_memory => 1548,
:max_perm_size => 192,
:port => 80,
:admin_port => 8082,
:username => '.....',
:password => '.....'
},
:extra_libraries =>
[
'
http://..../content/repositories/releases/net/sourceforge/jtds/jtds/1.2.5/jtds-1.2.5.jar'
],
:jvm_options => ["-Djava.naming.referral=follow"], #Required for
ActiveDirectory
:sets =>
[
"configs.config.server-config.security-service.activate-default-principal-to-role-mapping=true",
"configs.config.server-config.security-service.default-realm=ldapRealm"
],
:realms =>
{
:ldapRealm =>
{
:parameters =>
[
"--classname
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm",
"--property \"................",
]
}
},
:jdbc_connection_pools =>
{
:firesql =>
{
:parameters =>
[
"--datasourceclassname
net.sourceforge.jtds.jdbcx.JtdsDataSource",
"--restype javax.sql.DataSource",
"--isconnectvalidatereq=true",
"--validationmethod auto-commit",
"--ping true",
"--description \"My Connection Pool\"",
"--property \"............"",
],
:resources =>
{
"jdbc/firesql" =>
{
:parameters => ["--description \"My Connection
Resource\""]
}
}
}
},
:custom_resources =>
{
"SpecificTaskCreatorServiceURL" =>
"
http://.........../SpecificTaskCreatorService";
},
:deployables =>
{
:planner =>
{
:version => "0.1",
:url => "
http://............./myapp.war";,
:context_root => "/"
}
}
}
It seems I have a combination of "semantic" (i.e. :max_memory => 1548)
as well as "physical" (i.e. "-Djava.naming.referral=follow")
configuration. In hindsight I only ever need semantic ones where the
configuration interacts with other parts of the system. i.e :port =>
80 is important as I need to set up authbind rules for it as well as
firewall rules. It is also interrogated by other systems when they are
setting up their firewalls or creating connections to their particular
web services. All the rest of it I prefer to go straight to the raw
underlying configuration rather than trying to have an abstraction
layer (that may be leaky) on the underlying tool.
>
If you myself and Andrea could find the time to chat I think it would
>
be very beneficial to all of us.
>
>
I am on irc from 07:00 - 18:00 CET most days and will be coding this
>
weekend on the tomcat cookbook. Both Andrea and I are on CET. Peter, u
>
r in Australia?
I am in Australia but currently I have next to no net due to moving
house ;( Though hopefully in the next month I can look at some of this
away from my work desk.
--
Cheers,
Peter Donald
Archive powered by MHonArc 2.6.16.