Jboss EAP 6 Configuration Management Best Practices

Okay, so what is best practice in a large ‘enterprise’ setting (or any setting) as far as managing JBoss server profiles? This sounds like a seemingly easy question, just include them all? right?

Well that would be an answer, but I’m not convinced it is best. JBoss cli makes it relatively easy to customize a profile and really the only differences between each sample profiles: standalone.xml, standalone-full.xml, standalone-ha.xml, standalone-full-ha.xml are a few minor subsystem additions. Now it is recommended or at least understood that a company is going to use said profiles as a starting point and build upon that and make custom profiles.

Does it make sense for company to have multiple profiles to manage? Yes, if number of servers is small and there isn’t a need for growth, then the sys admin will primarily be monitoring and updating JBoss with any patches; no big deal. However, in a large enterprise setting I would argue not. Difficulties start to arise with maintainability, automating server configurations, security, resources and personal know-how.

I would ballpark that a [knowledgeable] sys admin could monitor 100 custom profile and be busy, but when that number starts to rise it becomes maintainable and more than likely will have to hire someone. If however, amoung the teams find the profile that will be all encompassing and use that. Now instead of managing 100 custom profiles you’re managing only 1 profile.

For example, if I have 90 developer teams and 30 want clustering, 30 want messaging, 30 don’t want messaging or clustering, then I can use the standalone-full-ha.xml profile and meet all there needs. Yes there is slightly larger footprint (however it is small), but the additional subsystems do not do anything unless they are turned on. And now in lieu of the sys admin adding and/or removing subsystems it is all there, so no extra work.

What about security? Good question. It is recommended best practice to trim down the app server to what only is needed to run. Is this the job of the sys admin? No, this is a joint effort between the developer team and the sys admin. The developer team should know which subsystems they are leveraging for there applications and communicate that as part of their code promotion process. This trimming of subsystems is incredibly easy with the JBoss cli tool, easily automated and the amount of experience needed with JBoss cli minimal, which can be seen in my github project.

I added an example of pruning standalone-full-ha.xml to effectively give standalone.xml profile without having to manage 2 profiles. Doing the reverse is a bit more complicated (I think).



python + ssh (paramiko) + N servers + M commands

Recently I was asked by a client to basically run a block of commands on 100+ servers. All the servers had the same commands to be executed as well as my user account was the same for all the boxes, which is convenient.

Anyways, when they asked me to do this they had no automated scripts to do this ( we’re modernizing their environment 🙂 ) and I’m thinking to myself, ‘there is no way I’m going to manually log into these boxes to run these commands’. Then I briefly contemplated whether or not I wanted to write a bash script to do the job… And I was like no thanks. Basically it was for the same reasons why I avoid bash at all costs (clunky, cryptic and touchy), no offense my bash brethren.

Python, from my perspective is amazing. It is easy to use, easy to understand, Python has a huge library (modules), user community is vast, and to do complicated sys admin or development you don’t need be a wizard. I have a slew of colleagues who swear by ruby and I have used it briefly, but it just doesn’t have the same feel and intuitiveness that Python does. WTS, I bet once I learned the syntax better I’d probably like it equally was well, but eh, for now Python and it does everything I want/need, quickly!

Backkkk to my post about python + ssh (paramiko), okay whilst reading Python for Unix and Linux System Administration by Noah Gift and Jeremy Jones (great book, highly recommend) on SSH tools I came across Paramiko. And wow, what a great simple way to extend ssh tooling to Python.

Using Paramiko I was able to set up a script that churned through all 100+ servers with a list of commands and log the results in a matter of minutes. Of course this doesn’t include testing, because I didn’t want to test on live systems at least not if I wanted to keep my contract 🙂 .

Check out my code on github, it is extremly straightforward (assuming you are familiar with the basic tenants of SSH and remote administration).


Happy coding!