Difference between revisions of "Gyrex/Administrator Guide"

From Eclipsepedia

Jump to: navigation, search
(Cloud)
m (Development Mode)
Line 35: Line 35:
 
The scalable and performant [[Jetty]] web engine is also included with Gyrex. It allows for seamless development and deployment of pure OSGi based, modular and extensible web application. You can start with a single web application using the OSGi HttpService. Additionally, Gyrex provides an OSGi service for deploying and managing many application on different HTTP channels (secure, non-secure, different ports, etc.) on various nodes in your cloud. It's also possible to run multiple instances of the same application for multiple tenants including full separation of HTTP sessions, database connections, etc.
 
The scalable and performant [[Jetty]] web engine is also included with Gyrex. It allows for seamless development and deployment of pure OSGi based, modular and extensible web application. You can start with a single web application using the OSGi HttpService. Additionally, Gyrex provides an OSGi service for deploying and managing many application on different HTTP channels (secure, non-secure, different ports, etc.) on various nodes in your cloud. It's also possible to run multiple instances of the same application for multiple tenants including full separation of HTTP sessions, database connections, etc.
  
== Development Mode ==
+
== Operation Mode ==
Gyrex allows servers to run in development mode. This allows to operate a server either in ''production'' or ''development'' mode. Typically, a fresh server installation initially runs in development mode and must be configured to not run in development mode. Depending on the selected mode, different default settings are applied. For example, a non-development system will user more strict defaults regarding security and may not expose as much information to end users as a development system. In contrast, a development system may run with more convenient defaults which does not require developers to perform a time-consuming system setup procedure.
+
Gyrex servers run using an operation mode. This allows to operate a server either in ''production'' or ''development'' mode. Typically, a fresh server installation initially runs in development mode and must be configured to not run in development mode. Depending on the selected mode, different default settings are applied. For example, a non-development system will user more strict defaults regarding security and may not expose as much information to end users as a development system. In contrast, a development system may run with more convenient defaults which does not require developers to perform a time-consuming system setup procedure.
 
+
  
 
= Configuration =
 
= Configuration =

Revision as of 11:39, 26 September 2011

Gyrex
Website
Download
Community
Mailing ListForumsIRC
Bugzilla
Open
Help Wanted
Bug Day
Contribute
Browse SourceProject Set File
Warning2.png
Draft Content
This page is currently under construction. Community members are encouraged to maintain the page, and make sure the information is accurate.


A guide to deployment and administration of Gyrex based servers.


Contents


Getting Started

Overview

Gyrex is a Java base application. For proper operation it requires a Java Virtual Machine installed on the system (at least Java 6). It comes with a native launcher that is capable for searching for installed Java VMs.

Quick Start

  1. Download Gyrex, unzip and run.
  2. Open Admin Console (by default running on http://localhost:3110/) and perform initial configuration


Concepts & Features

Modularity

Gyrex is based on OSGi/Equinox and completely modular. It consists of components implementing key features which can be mixed at runtime, i.e. components can be installed and activated individually. In addition, components can run in multiple versions.

Provisioning

Gyrex uses p2 for all provisioning operations. Whenever something needs to installed into the system a p2 operation must be performed. Typically, applications (or just individual application components) are published by their maintainers into a repository. An administrator can then cherry-pick at runtime the desired applications from a maintainers repository and install/update them into a server.

Cloud

With Gyrex it's possible to build your own private cloud platform. Gyrex integrates with ZooKeeper in order to allow easy discovery and management of nodes. You'll be able to appoint and retire nodes in your cloud quickly. With the help of tags it's possible to distribute applications and tasks among them.

Web

The scalable and performant Jetty web engine is also included with Gyrex. It allows for seamless development and deployment of pure OSGi based, modular and extensible web application. You can start with a single web application using the OSGi HttpService. Additionally, Gyrex provides an OSGi service for deploying and managing many application on different HTTP channels (secure, non-secure, different ports, etc.) on various nodes in your cloud. It's also possible to run multiple instances of the same application for multiple tenants including full separation of HTTP sessions, database connections, etc.

Operation Mode

Gyrex servers run using an operation mode. This allows to operate a server either in production or development mode. Typically, a fresh server installation initially runs in development mode and must be configured to not run in development mode. Depending on the selected mode, different default settings are applied. For example, a non-development system will user more strict defaults regarding security and may not expose as much information to end users as a development system. In contrast, a development system may run with more convenient defaults which does not require developers to perform a time-consuming system setup procedure.

Configuration

Logging

Gyrex provides a logging infrastructure based on SLF4J and Logback. This also includes support for capturing Apache Commons Logging and LOG4J log events. The default configuration logs all messages to the console in development mode. In product mode an rotating error log is created in the instance area logs location. However, it's possible to supply your own custom Logback configuration file in order to customize logging.

If you are new to Logback please have a look at the Logback manual.

Using Logback System Property

The first option is using the system property logback.configurationFile. This will instruct Logback to read the configuration from the specified file.

Example:

gyrex [...] -vmargs [...] -Dlogback.configurationFile=/path/to/config.xml

Note, this can also be set via gyrex.ini or configuration/config.ini.

Using Workspace Log Configuration

Another option is placing a configuration file into your runtime workspace location (aka. OSGi instance directory, Eclipse workspace). The configuration file must be <runtime-workspace>/etc/logback.xml and will be read at Gyrex start to configure Logback. The file is only read at start, though. However, once initialized you can use Logback capabilities to have Logback monitor the file for updates/changes to the configuration at runtime.

The benefit of using this method is that a substitution property gyrex.instance.area.logs will be provided which expands to the full path (includinding trailing slash) of the workspace logs directory. This allows to create configuration files without hard coded path names which can be reused across multiple workspaces.

Example:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>

  <!-- console logger -->
  <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>

  <!-- application log file -->
  <appender name="applog" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
    <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
      <level>INFO</level>
    </filter>
    <file>${gyrex.instance.area.logs:-logs/}application.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
      <!-- daily rollover -->
      <fileNamePattern>${gyrex.instance.area.logs:-logs/}application.%d{yyyy-MM-dd}.log</fileNamePattern>
      <!-- keep 30 days' worth of history -->
      <maxHistory>30</maxHistory>
    </rollingPolicy>
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>

  <!-- query log file -->
  <appender name="querylog" class="ch.qos.logback.core.rolling.RollingFileAppender">
    <file>${gyrex.instance.area.logs:-logs/}queries.log</file>
    <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
      <!-- daily rollover -->
      <fileNamePattern>${gyrex.instance.area.logs:-logs/}queries.%d{yyyy-MM-dd}.log</fileNamePattern>
      <!-- keep 30 days' worth of history -->
      <maxHistory>30</maxHistory>
    </rollingPolicy>
    <encoder>
      <pattern>%d{HH:mm:ss.SSS} %logger{36} - %msg%n</pattern>
    </encoder>
  </appender>

  <!-- enable logging for interested packages -->
  <logger name="org.eclipse.gyrex.examples.bugsearch" level="DEBUG">
    <!-- log to console -->
    <appender-ref ref="console" />
  </logger>

  <!-- configure query logging -->
  <logger name="bugsearch.querylog" level="INFO" additivity="false">
    <appender-ref ref="querylog" />
  </logger>

  <!-- configure default logging (children can override) -->
  <root level="WARN">
    <appender-ref ref="applog" />
  </root>

</configuration>

Cloud

The Gyrex cloud functionality is implemented based on ZooKeeper. When running in development mode, an embedded ZooKeeper server is started automatically so you don't have to configure anything at all. For production environments we highly recommend running a standalone ZooKeeper ensemble. Please have a look at the ZooKeeper Administrator's Guide for details on how to setup your own ensemble.

Connect to ZooKeeper

The first step is to connect each node with the ZooKeeper cluster. This can be done using the OSGi console or the Gyrex Admin UI.

Connect a node to ZooKeeper:

osgi> cloud setConnectString <zookeeper-connect-string>
...
osgi>

The zookeeper-connect-string can be any valid ZooKeeper connection string. In its simplest it's just a hostname or IP address.

Node Management

An essential part of a cloud is node membership. Node membership in Gyrex is implemented by explicit approval of nodes. Each node has a unique identifier. Upon first start a new one is generated. It's also possible to manually set node ids. However, you need to ensure that node ids are unique. No two nodes with the same identifier are allows to join the cloud.

After a new node joins a cloud it will be registered with a pending state. In this state the node is not allowed to participate in any cloud activity other than node registration. An administrator need to explicitly approve the node first. Once the node has been approved it will become online.

Tags may be assigned to nodes. They will play an important role when distributing functionality and responsibilities within your cloud.

Console Commands

Two commands are available in the Equinox OSGi console for managing and analyzing the cloud. They both come with a small syntax help

osgi> help
[...]
---CloudConsoleCommands---
	cloud <cmd> [args]
		approve <NODEID> - approves a node
		ls pending|approved|online - list nodes
		retire <NODEID> - retires a node
		setConnectString <CONNECTSTRING> - sets the connect string for the local node
		setOffline - sets the current node offline
		setOnline - sets the current node on-line
		setTags <nodeId> [-t <tag> [-t <tag>]] - set tags for a node
---ZooKeeperConsoleCommands---
	zk <cmd> [args]
		create <PATH> - creates a path in ZK
		get <PATH> - prints the content of the node at the specified path as a string
		ls <PATH> [-r] - lists the specified path
		reconnect - reconnects the ZooKeeper gate
		rm <PATH> [-r] - removes the specified path
		set <PATH> - sets the content of the node at the specified path as a string
		stat <PATH> - prints ZK stats of the specified path
		sync <PATH> - performs ZK sync on the specified path
[...]
osgi>

List pending (unapproved) nodes:

osgi> cloud ls pending
[nodeId] (hostname)
...
osgi>

Approve a node:

osgi> cloud approve <nodeId>

Jetty

Jetty is an integral part of the Gyrex stack. It's responsible for serving OSGi HTTP applications. A key feature of Jetty administration in Gyrex is it's deep integration with the cloud. You no longer configure nodes individually. Instead the administration is cloud global. Filters are available to target a set of nodes (for example a specific region or a group of dedicated web nodes) or even an individual node.

Connectors

In Jetty connectors are responsible for accepting HTTP connections. Several connector types are available. The administration capabilities in Gyrex expose two types of Jetty connectors- one for unencrypted traffic and one for SSL encrypted traffic. Under the covers, Jetty's non-blocking IO connectors will be used. You can configure as many connectors as necessary on various different ports.

Certificates

Certificates are required by SSL connectors. Each certificate will be stored in its own encrypted key-store protected by passwords. It's possible to import an SSL certificate including the fill certificate chain and the private key from JKS or PKCS12 containers.

Using the Console

In the OSGi console a jetty command is available which allows to perform a basic administration of Jetty.

osgi> help
[...]
---Jetty Commands---
  jetty <cmd> [args]
    addConnector <connectorId> <port> [<secure> <certificateId>] - adds a connector
    importCertificate <certificateId> <keystorePath> <keystoreType> [<keystorePassword> [<keyPassword>]] - imports a certificate
    ls  connectors|certificates [filterString] 	 - list all channels
    removeCertificate <certificateId>	 - removes a certificate
    removeConnector <connectorId>	 - removes a connector
[...]
osgi>

Create a HTTP connector on port 8080:
This will create a non-secure connector which accepts connections on port 8080.

osgi> jetty addConnector http 8080
Connector http has been added!

osgi>

Import a SSL certificate from a PKCS12 file:
Jetty requires the private key and the signed certificate in a single container. Gyrex provides a convenient command for importing a PKCS12 file (as generated by OpenSSL or Windows tools) or JKS file (Java standard) which usually contains both. We recommend including the complete certificate chain in case some intermediate CAs were involved.

osgi> jetty importCertificate localhost d:\localhost.p12 PKCS12 password
Processing entry: localhost
Loading key for entry: localhost
Loading certificate chain for entry: localhost
Found certificate:
[.lot of keystore details..]
Imported certificate localhost!

osgi> 

It's possible to verify the import using the jetty ls command.

osgi> jetty ls certificates
localhost [localhost, valid till 2014-02-02]

osgi> 


Create a HTTPS connector on port 8443:
This will use the certificate imported above and create a connector which accepts secure connections.

osgi> jetty addConnector default-https 8443 true localhost
Connector default-https has been added!

osgi> 

When restarting the Jetty engine you can monitor the log output in order to varify the connectors are used correctly.

[...] INFO  org.eclipse.jetty.util.log - jetty-7.2.2.v20101205
[...] INFO  org.eclipse.jetty.util.log - Started SelectChannelConnector@0.0.0.0:8080
[...] INFO  org.eclipse.jetty.util.log - Started CertificateSslConnector@0.0.0.0:8443