Jboss EAP 6 Configuration Management Best Practices

Okay, so what is best practice in a large ‘enterprise’ setting (or any setting) as far as managing JBoss server profiles? This sounds like a seemingly easy question, just include them all? right?

Well that would be an answer, but I’m not convinced it is best. JBoss cli makes it relatively easy to customize a profile and really the only differences between each sample profiles: standalone.xml, standalone-full.xml, standalone-ha.xml, standalone-full-ha.xml are a few minor subsystem additions. Now it is recommended or at least understood that a company is going to use said profiles as a starting point and build upon that and make custom profiles.

Does it make sense for company to have multiple profiles to manage? Yes, if number of servers is small and there isn’t a need for growth, then the sys admin will primarily be monitoring and updating JBoss with any patches; no big deal. However, in a large enterprise setting I would argue not. Difficulties start to arise with maintainability, automating server configurations, security, resources and personal know-how.

I would ballpark that a [knowledgeable] sys admin could monitor 100 custom profile and be busy, but when that number starts to rise it becomes maintainable and more than likely will have to hire someone. If however, amoung the teams find the profile that will be all encompassing and use that. Now instead of managing 100 custom profiles you’re managing only 1 profile.

For example, if I have 90 developer teams and 30 want clustering, 30 want messaging, 30 don’t want messaging or clustering, then I can use the standalone-full-ha.xml profile and meet all there needs. Yes there is slightly larger footprint (however it is small), but the additional subsystems do not do anything unless they are turned on. And now in lieu of the sys admin adding and/or removing subsystems it is all there, so no extra work.

What about security? Good question. It is recommended best practice to trim down the app server to what only is needed to run. Is this the job of the sys admin? No, this is a joint effort between the developer team and the sys admin. The developer team should know which subsystems they are leveraging for there applications and communicate that as part of their code promotion process. This trimming of subsystems is incredibly easy with the JBoss cli tool, easily automated and the amount of experience needed with JBoss cli minimal, which can be seen in my github project.

I added an example of pruning standalone-full-ha.xml to effectively give standalone.xml profile without having to manage 2 profiles. Doing the reverse is a bit more complicated (I think).

https://github.com/jmarley/prune-eap-6-standalone-full-ha-profile

Advertisements

Author: jasonmarley

I have been with Red Hat since 2010 and love it! My day to day is consulting on RHEL/JBoss/OpenShift, but I work on open source projects in my free time. The best part about my job are my awesome colleagues and our community.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s