파일 소유자 및 그룹 변경

실 사용 환경에서 필요한 내용만 정리.

---

Test environment

OS : CentOS 7 3.10.0-957.el7.x86_64

주요 내용

A file's owner can be changed using the chown command.

chown [OPTION]... [OWNER][:[GROUP]] FILE...

• chown 을 이용해서 파일 및 디렉토리 사용자, 그룹 변경

[root@localhost sw]# chown -R root:root *
[root@localhost sw]# ls -alrt
total 8
dr-xr-xr-x. 18 root root 234 Feb  5 01:49 ..
drwxrwxrwx.  2 root root   6 Feb  5 01:49 img
drwx------.  2 root root   6 Feb  5 01:49 was
drwx------.  2 root root   6 Feb  5 01:49 web
drwxr-xr-x.  2 root root   6 Feb  5 01:49 app
drwxr-xr-x.  2 root root   6 Feb  5 01:49 java
drwxr-xr-x.  2 root root   6 Feb  5 01:49 bin
drwxr-xr-x.  2 root root   6 Feb  7 21:26 logs
-rwxr-xr-x.  1 root root 428 Feb  8 01:16 Mem.sh
-rwxr-xr-x.  1 root root 446 Feb  8 06:01 Mem1.sh
drwxr-xr-x.  9 root root 114 Feb  8 06:01 .
[root@localhost sw]# chown wasadm:wasadm img
[root@localhost sw]# chown wasadm:wasadm was
[root@localhost sw]# chown wasadm:wasadm Mem.sh
[root@localhost sw]# ls -alrt
total 8
dr-xr-xr-x. 18 root   root   234 Feb  5 01:49 ..
drwxrwxrwx.  2 wasadm wasadm   6 Feb  5 01:49 img
drwx------.  2 wasadm wasadm   6 Feb  5 01:49 was
drwx------.  2 root   root     6 Feb  5 01:49 web
drwxr-xr-x.  2 root   root     6 Feb  5 01:49 app
drwxr-xr-x.  2 root   root     6 Feb  5 01:49 java
drwxr-xr-x.  2 root   root     6 Feb  5 01:49 bin
drwxr-xr-x.  2 root   root     6 Feb  7 21:26 logs
-rwxr-xr-x.  1 wasadm wasadm 428 Feb  8 01:16 Mem.sh
-rwxr-xr-x.  1 root   root   446 Feb  8 06:01 Mem1.sh
drwxr-xr-x.  9 root   root   114 Feb  8 06:01 .

메모리 사용률 확인

사용 환경에서 필요한 내용만 정리.

시스템 환경

OS : CentOS 7 3.10.0-957.el7.x86_64

실행 명령어

centos 6.x 버전 밑 버전에서 메모리 읽는 방식이 7에서 부터는 변경이 되었다.
(-/+ buffers/cache 부분이 사라졌다.)

메모리 사용량 (%) = 메모리used/(메모리used+메모리free)*100

• 사용 예시

[root@localhost sw]# free -m
              total        used        free      shared  buff/cache   available
Mem:           7803         892        4686         263        2224        6277
Swap:          8064           0        8064

메모리 사용률 계산
$$Memusage=\frac{used}{total}*100
$$

sar -r 1 명령어를 통해서도 사용률 확인 가능 (%memused) 확인

• 초 단위로 버퍼 캐쉬 영역 분리 해서 메모리 확인

[root@localhost sw]# free -mw -s 1
              total        used        free      shared     buffers       cache   available
Mem:           7803         900        4627         308           2        2273        6224
Swap:          8064           0        8064

              total        used        free      shared     buffers       cache   available
Mem:           7803         900        4627         308           2        2273        6224
Swap:          8064           0        8064

Parameters

Parameters
total	총 메모리 크기
used	사용중인 메모리 (free-buff/cache)
free	여유 메모리 (used-buff/cache)
shared	tmpfs, ramfs등에 사용되는 공유 메모리
buffer/cache	커널 버퍼 / 페이지 캐시 slab 메모리
available	swapping 없이 new ps에 할당 가능한 메모리 예상 크기

리눅스에 설치 된 JAVA 경로 확인 방법

사용 환경에서 필요한 내용만 정리.

시스템 환경

OS : CentOS 7 3.10.0-957.el7.x86_64

실행 명령어

사용 명령어 which, readlink

• which : 명령어의 경로를 확인하는 명령어
• readlink : 심볼릭 링크의 원본 위치를 찾는 명령어 (-f : 최종 파일의 절대경로)

ll 명령어를 통해 찾아도 되지만, 심볼릭 링크가 여러번 사용되어 있는 경우 readlink 명령어로 찾는게 편함.

#which 
[wasadm@localhost sw]$ which java
/usr/bin/java

#readlink
[wasadm@localhost sw]$ readlink -f /usr/bin/java
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64/jre/bin/java

#ll
[wasadm@localhost sw]$ ll /usr/bin/java
lrwxrwxrwx. 1 root root 22 Feb  5 01:36 /usr/bin/java -> /etc/alternatives/java
[wasadm@localhost sw]$ ll /etc/alternatives/java
lrwxrwxrwx. 1 root root 71 Feb  5 01:36 /etc/alternatives/java -> /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.181-7.b13.el7.x86_64/jre/bin/java

파일 및 경로 권한 부여 방법

사용 환경에서 필요한 내용만 정리.

시스템 환경

OS : CentOS 7 3.10.0-957.el7.x86_64

사용 방법

Change the mode of each FILE to MODE.

주의 할 점으로 chmod 의 경우 현재 상태의 권한을 변경.

• Permission Change
  
  • 주로 사용 하는 예시

[wasadm@localhost sw]$ chmod -R 700 ./was
[wasadm@localhost sw]$ chmod -R 700 ./web
[wasadm@localhost sw]$ chmod -R 755 ./bin
[wasadm@localhost sw]$ chmod -R 777 ./img

하위 디렉토리 속성 까지 변경

-R, --recursive change files and directories recursively

Options

There are two ways to modify permissions, with numbers or with letters.

1. 문자열 모드

Parameters
u	User (the owner of the file) 소유자
g	group (any member of the file's defined group) 그룹
o	Other (anyone else) 기타 사용자
a	All (equivalent to ugo) ugo 전체 사용자
+	add permission
-	remove permission
=	set permission

2. 숫자 모드 (많이 사용하는 모드)

Parameters	symbol	Permission
1	---	No Permission
2	--x	Execute
3	-w-	Write
4	-wx	Write and Execute
5	r--	Read
6	rw-	Read and Exceute
7	rwx	all

How to encrypt datasource password in JBoss EAP 7.x Case 2

---

Test Environment

• Test Version : JBoss EAP 7.2

---

Set Up a Password Vault

Case 2

Encrypt the data source password.
use below command to encrypt database password,

Case1

#!/bin/sh
echo "####################################"
echo database password changes Encoded
echo -e        " password : \c "
read PASSWORD
echo "####################################"

/SW/was/java1.8/bin/java -cp $JBOSS_HOME/modules/system/layers/base/org/picketbox/main/picketbox-5.0.3.Final-redhat-3.jar:$JBOSS_HOME/modules/system/layers/base/org/jboss/logging/main/jboss-logging-3.3.2.Final-redhat-00001.jar:$CLASSPATH org.picketbox.datasource.security.SecureIdentityLoginModule $PASSWORD 

• Run View
  
  

Case2

#!/bin/sh

# config setting
export JAVA_HOME="/SW/was/java1.8"
export PATH="/SW/was/java1.8/bin":$PATH
JBOSS_HOME="/SW/was/JBoss7.2"
OVERLAY_DIRECTORY="$JBOSS_HOME/modules/system/layers/base/.overlays"

# password 
echo ""
read -p " password : " PASSWORD
echo ""

if [ -d "$OVERLAY_DIRECTORY" ]; then
    PATCH_SUBDIRECTORY=$(ls -dt $OVERLAY_DIRECTORY/* | grep "CP" | head -n 1)   
    echo patch subdirectory is: "$PATCH_SUBDIRECTORY"
    SEARCH_DIRECTORY="$PATCH_SUBDIRECTORY/org/picketbox/main"
else
    SEARCH_DIRECTORY="$JBOSS_HOME/modules/system/layers/base/org/picketbox/main"
fi

export CLASSPATH=$(find $(cd "$SEARCH_DIRECTORY"; pwd) -name "*.jar" -print | tr '\n' ':')$CLASSPATH

echo "####################################################"
java org.picketbox.datasource.security.SecureIdentityLoginModule "$PASSWORD"
echo "####################################################"
echo ""

• Run View
  
  

Security Doamin

• Add Security Doamin
  
  
• Add Authernticatgion Module
  
  
• Module Option(key=value)
  
  
  
  
• Add Datasource > Security > Security Domain
  
  
• Test Connecation
  
  

• Standalone.xml or domain.xml 에서 직접 수정시 아래 내용 참고.

               <datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
                    <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE</connection-url>
                    <driver>h2</driver>
                    <security>
                        <security-domain>encryptedSecurityDB</security-domain>
                    </security>
                </datasource>
.
.
.
                <security-domain name="encryptedSecurityDB" cache-type="default">
                    <authentication>
                        <login-module name="encryptedSecurityDB" code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                            <module-option name="username" value="sa"/>
                            <module-option name="password" value="9fdd42c2a7390d3"/>
                            <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM"/>
                        </login-module>
                    </authentication>
                </security-domain>

JBoss - EAP7.x domain mode

Test Environment

• OS : Windows NT
• Version : JBoss EAP 7.2

---

add-user

• 사용자 계정 추가

F:\app\Redhat\JBoss7.2\bin>add-user.bat

What type of user do you wish to add?
 a) Management User (mgmt-users.properties)
 b) Application User (application-users.properties)
(a): a

Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : admin
User 'admin' already exists and is enabled, would you like to...
 a) Update the existing user password and roles
 b) Disable the existing user
 c) Type a new username
(a): a
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
 - The password should be different from the username
 - The password should not be one of the following restricted values {root, admin, administrator}
 - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]:
Updated user 'admin' to file 'F:\app\Redhat\JBoss7.2\standalone\configuration\mgmt-users.properties'
Updated user 'admin' to file 'F:\app\Redhat\JBoss7.2\domain\configuration\mgmt-users.properties'
Updated user 'admin' with groups  to file 'F:\app\Redhat\JBoss7.2\standalone\configuration\mgmt-groups.properties'
Updated user 'admin' with groups  to file 'F:\app\Redhat\JBoss7.2\domain\configuration\mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret value="YWRtaW4xMiMk" />

domain mode 사용시 <secret value="YWRtaW4xMiMk" /> 값을 저장

Summary

Every host running in a managed domain must have a unique host name. To ease administration and allow for the use of the same host configuration files on multiple hosts, the server uses the following precedence for determining the host name.

1. If set, the host element name attribute in the host.xml configuration file.
2. The value of the jboss.host.name system property.
3. The value that follows the final period (".") character in the jboss.qualified.host.name system property, or the entire value if there is no final period (".") character.
4. The value that follows the period (".") character in the HOSTNAME environment variable for POSIX-based operating systems, the COMPUTERNAME environment variable for Microsoft Windows, or the entire value if there is no final period (".") character.

This topic describes how set the name of the host in the configuration file, using either a system property or a hard-coded name.

1. Edit the host-master.xml or host-slave.xml located in configuration

master

# host name 
<host xmlns="urn:jboss:domain:8.0" name="test-master"> 

slave

# host name
<host xmlns="urn:jboss:domain:8.0" name="slave-node01">

#slave의 jboss.management.http.port port 변경 (one box)
        <management-interfaces>
            <http-interface security-realm="ManagementRealm">
                <http-upgrade enabled="true"/>
                <socket interface="management" port="${jboss.management.http.port:19990}"/>
            </http-interface>
        </management-interfaces>

2. Check the host-master.xml Domain controller

   <domain-controller>
      <local/>
   </domain-controller>

3. Edit the host-slave.xml

   <server-identities>
      <secret value="YWRtaW4xMiMk" />
   </server-identities>

Start domain Windows

master
For example:

F:\app\Redhat\JBoss7.2\bin\domain.bat -Djboss.domain.base.dir="F:\app\Redhat\JBoss7.2\master" -b=192.168.0.6 -bmanagement=192.168.0.6 --host-config=host-master.xml 

slave
For example:

# none01
F:\app\Redhat\JBoss7.2\bin\domain.bat -Djboss.domain.base.dir="F:\app\Redhat\JBoss7.2\node01" -b=192.168.0.6 -bmanagement=192.168.0.6 --host-config=host-slave.xml --master-port=9990 --master-address=192.168.0.6 -Djboss.socket.binding.port-offset=1000 

# none02
F:\app\Redhat\JBoss7.2\bin\domain.bat -Djboss.domain.base.dir="F:\app\Redhat\JBoss7.2\node02" -b=192.168.0.6 -bmanagement=192.168.0.6 --host-config=host-slave.xml --master-port=9990 --master-address=192.168.0.6 -Djboss.socket.binding.port-offset=2000 

JBoss EAP 7.2 documentation Runtime Arguments

구성 화면

sample - A practical script for shutting start or stop a server

options:

/host=HOST_NAME/server-config=SERVER_NAME:stop

/host=HOST_NAME/server-config=SERVER_NAME:start

For example:

# stop
F:\app\Redhat\JBoss7.2\bin>jboss-cli.bat --connect controller=192.168.0.6:9990 /host=slave-node01/server-config=test01:stop
{
    "outcome" => "success",
    "result" => "STOPPING"
}

# start
F:\app\Redhat\JBoss7.2\bin>jboss-cli.bat --connect controller=192.168.0.6:9990 /host=slave-node01/server-config=test01:start
{
    "outcome" => "success",
    "result" => "STARTING"
}

The following exception is raised when obtaining a connection from a non-XA Microsoft SQL Server datasource:

---

Test Environment

• Test Version : JBoss EAP 7.2

---

Issue

... Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The TCP/IP connection to the host localhost, port 1433 has failed. Error: "Connection refused. Verify the connection properties. Make sure that an instance of SQL Server is running on the host and accepting TCP/IP connections at the port. Make sure that TCP connections to the port are not blocked by a firewall."

• When using a datasource-class, the connection-url property is ignored and no JDBC url is supplied, hence the exception.
• non-XA pool 에서 datasource-class를 사용할 경우 connection-url property가 무시되어 해당 Exception 이 발생한다고합니다.

Resolution

• standalone.xml 에 <datasource-class> 설정 라인 삭제 후 jboss 재기동

     <datasource jndi-name="java:/mssql" pool-name="mssqljdbc" statistics-enabled="true">
            <connection-url>jdbc:sqlserver://127.0.0.1:1433;DatabaseName=ucpost</connection-url>
            <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-class>
            <datasource-class>com.microsoft.sqlserver.jdbc.SQLServerDataSource</datasource-class> ==> 해당 부분 삭제

cause

• The issue may be due to specification of a datasource-class when defining a non-XA pool.
• The use of an implementation of javax.sql.DataSource requires significantly different configuration from the standard java.sql.Driver mechanism which is the default for JDBC 4 compliant drivers when creating non-XA connections.
• When using a datasource-class, the connection-url property is ignored and no JDBC url is supplied, hence the exception.

Webservice module crash error during JBoss migration

---

Test Environment

• Test OS : CentOS 7.2
• Test Version : JBoss EAP 6.4
• Test Version : JBoss EAP 7.2

---

How to JBoss EAP 7.x WebService crash

• 제이보스 EOS에 따른 업그레이드 작업중 웹서비스 이용시 발생하는 충돌에 따른 대처 방안 입니다.

Issue

• 근본 이슈는 EAP7 버전의 cxf 버전과 애플리케이션 자체로 구현한 Spring-cxf 사이의 호환 이슈

{"WFLYCTL0080: Failed services" => {"jboss.deployment.unit.\"sso.war\".PARSE" => "WFLYSRV0153: Failed to process phase PARSE of deployment \"sso.war\"
    Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYWS0059: Apache CXF library (cxf-api-2.7.8.jar) detected in ws endpoint deployment; either provide a proper deployment replacing embedded libraries with container module dependencies or disable the webservices subsystem for the current deployment adding a proper jboss-deployment-structure.xml descriptor to it. The former approach is recommended, as the latter approach causes most of the webservices Java EE and any JBossWS specific functionality to be disabled."}}

Resolution

EAP 7.x webserverice 비활성화를 통해 내부 Spring module 과 org.apache.cxf modules의 로딩을 위해서 애플리케이션 modules 내부적으로 dependency을 설정

<?xml version="1.0" encoding="UTF-8"?>                                                                                                     <jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.2">           
   <deployment>                                                                   
        <exclude-subsystems>                                                      
             <subsystem name="webservices" />                                     
             <subsystem name="jaxrs" />                                           
        </exclude-subsystems>                                                     
        <dependencies>
           <module name="javax.xml.ws.api"/>   
           <module name="javax.jws.api"/>
        </dependencies>
   </deployment>
</jboss-deployment-structure>

How to register with JBoss EAP 7.2 Windows Service

---

Test Environment

• Test OS : Windows NT
• Test Version : JBoss EAP 7.2

---

참고

https://access.redhat.com/solutions/3015541

사전 준비

사전 준비물 다운로드

• Download JBoss EAP 7 release (either jar installer or zip installer) from Red Hat customer portal Software Downloads page.
• Download any JBoss EAP 7.x.y cumulative patch that you want to install on top of EAP 7.x from this Patches page.
• Download Apache Jsvc from this Apache Jsvc download page.

시스템 환경 변수 등록

• Check article Supported Configurations and make sure supported / tested infrastructure (Windows OS, and Java versions, etc.) are used.
  As instructed in Installation Guide, JAVA_HOME and NOPAUSE=1 system environment variables need to be present.

서비스 등록 명령

service.bat install /name "JBoss7-Server01" /controller "localhost:9990" /config "standalone-ha.xml" /jbossuser "admin" /jbosspass "admin1@34" /logpath "E:\app\Redhat\waslog\testsvr01"

** password 특수문자 인식이 안되는 경우 발생 **

같은 NT 장비에 추가적인 서버을 등록을 위해서는 아래와 같은 작업 수행
서비스 등록전에 port-offset 값 standalone.xml 파일에서 수정 (bat에 넣어줄 경우 service.bat에서 인식이 제대로 안됨 )

    <socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:100}">

rem jbcs-jsvc 파일 경로 수정 필요

set PRUNSRV=
if exist "%JBOSS_HOME%\..\test01-jbcs-jsvc-1.1\sbin\prunsrv.exe" (
  set PRUNSRV="%JBOSS_HOME%\..\test01-jbcs-jsvc-1.1\sbin\prunsrv.exe"
) else if exist "%JBOSS_HOME%\bin\prunsrv.exe" (
  set PRUNSRV="%JBOSS_HOME%\bin\prunsrv.exe"
) else (
  echo Please install native utilities into expected location %JBOSS_HOME%\..\test01-jbcs-jsvc-1.1
  goto cmdEnd
)

서비스 추가 등록

service.bat install /name "JBoss7-Server02" /controller "localhost:10090" /config "standalone-ha.xml" /jbossuser "admin" /jbosspass "admin1@34" /logpath "E:\app\Redhat\waslog\testsvr02"

서비스 등록 해제

service.bat uninstall /name "JBoss7-Server11"

How to change the default value of JSESSIONID in EAP7

---

Test Environment

• Test OS : CentOS 7.2
• Test Version : JBoss EAP 6.4
• Test Version : JBoss EAP 7.2

---

How to change the default value of JSESSIONID in EAP7

JBoss EAP JSESSIONID 기본값 변경 확인 사항

Issue

JBoss EAP 6.x
In Standalone mode default JSESSIONID is appending machine host name after cookie value

JBoss EAP 7.x
In 7.x mode default JSESSIONID is appending EAP host name and servergroup name after cookie value

Resolution

기존의 standalone 모드의 경우 JSESSIONID만 사용되나 EAP7.X 의 경우 undertow의 io.undertow.server.JvmRouteHandler 가 session id 뒤에 JVM route 값(.instance-id)를 붙이도록 동작하며 instance-id 값은 null 또는 disable 될 수 없으며, 기본 길이 값도 변경이 되어 관련 해서 애플리케이션 조치가 필요.