Open Source Software Technical Articles

Want the Best of the Wazi Blogs Delivered Directly to your Inbox?

Subscribe to Wazi by Email

Your email:

Connect with Us!

Current Articles | RSS Feed RSS Feed

Troubleshooting GlassFish Installation on CentOS

  
  
  

The instructions for installing GlassFish 3.1, the most recent version of the open source application server, are meant to be straightforward, but the universal Unix installation guide does not cover many Linux – and more specifically CentOS – aspects that prove to be troublesome. Here are some tips for overcoming some of the most common GlassFish installation issues.

For a powerful GlassFish deployment, use CentOS 64-bit architecture with more than 4GB RAM. Avoid 32-bit architectures for fuller RAM utilization; GlassFish and Java as a whole are heavy on memory use, so the default 32-bit architecture memory limit of 4GB will not allow you to use GlassFish to its full potential or reliably serve heavier applications, especially under intensive load.

Don't rely on one server only. GlassFish is designed to work as a distributed, clustered and redundant environment. GlassFish's cluster feature is one of its strengths against the competition in the enterprise Java application server market. Plan to use at least two and preferably three servers. One of them should be the DAS (Domain Admin Server), and the rest subordinated node agents. To avoid hardware failures and ensure redundancy, install the GlassFish servers on different hardware servers, possibly with the help of virtualization.

With CentOS it's essential to put SELinux in permissive mode prior to GlassFish installation. Do this by editing the file /etc/sysconfig/selinux, specifying SELINUX=permissive, and rebooting the system. Later you can inspect the file /var/log/audit/audit.log and see what has to be adjusted in the SELinux configuration to permit GlassFish to run properly with SELinux enforced. For more information about SELinux and server hardening as a whole, check our hardening guide.

Of course, since GlassFish is a Java application server, you'll need a working Java environment, which means that the corresponding JDK packages have to be installed. In CentOS 6 Linux these packages are called java-1.7.0-openjdk java-1.7.0-openjdk-devel, and you can install them from the official repository with yum.

Installation and X Environment Problems

A serious installation problem arises from the fact that the latest GlassFish installation's script is supposed to run in an X Window System environment such as GNOME or KDE. Such graphical environments are not typically installed on production servers because they slow down systems and expose them to additional security vulnerabilities. Other than the obvious solution of installing an X desktop environment, you have a few alternatives to work around this problem.

The first way is to install the minimum required X setup on the server side, connect remotely, and run the self-extracting installation script. This scenario ensures that you can make use of the installation script's customization options and thus perform an installation tailored to your system and needs, yet your server setup is not tainted with a full X environment. To run the self-extracting installation script, follow these steps:

  • On the server, install a minimum X environment by running the command yum install xhost xorg-x11-server-Xorg xorg-x11-xauth dejavu-sans-fonts dejavu-serif-fonts. This resolves various errors from missing X libraries, server, and fonts.
  • Again on the server, set the DISPLAY shell variable so that you can connect remotely by executing the command export DISPLAY=localhost:0. This resolves errors such as This program requires DISPLAY environment variable to be set. Please re-run after assigning an appropriate value to DISPLAY.
  • From your local admin station, presumably Linux, connect by running ssh -X server_ip. The -X argument enables X11 forwarding.

Finally, download the installation script (currently glassfish-3.1.2-unix.sh) and run it. During the installation process you can perform any desired customization, such as specifying the target installation directory. Good choices are /opt or /srv so that GlassFish's installation is separated from the main distribution.

Note: When using the install script you can specify two additional arguments. Using -v specifies verbose output, while -q increases the verbosity of the log level. You can find the log created by execution of the installation script in the /tmp directory under a name similar to install9154237168566371645.log. This log can help you understand any problems that may have arisen and see any exception that was caught.

19a98812-f823-48dc-841e-bf029c63c6d7

A second way of circumventing X problems during GlassFish installation is to perform an automatic installation with an answers file. GlassFish's install script allows you to specify a file containing all the answers to the installation questions using the -a argument – for example, ./glassfish-3.1.2-unix.sh -a auto_install_answers.txt. Of course, this implies that you have already gone through the installation process on an identical server (same Java version, same paths and server setup) but with an X environment, performing a dry run installation by running the installation script with the-n argument. This scenario not only saves you from tainting your server environment with X packages but also makes the process easy, fast, and standardized for larger deployments.

The third installation possibility is to extract a ready-to-use GlassFish installation. On GlassFish's download page you'll find one zip package containing the whole GlassFish installation for Linux and other Unix flavors. Because of Java's interoperability, an all-in-one Unix GlassFish package can be used universally. Without a doubt this is the easiest and fastest way to install GlassFish, but you will be left with a default environment without any customizations. This is convenient for testing purposes, but for larger production deployments, the installation with answers file is more suitable because it saves the time it would take for all the necessary customizations later.

GlassFish and the iptables Firewall

GlassFish requires changes in the default CentOS iptables firewall in order to work. You must add two types of rules, for admin and for external access.

First, allow the rules for admin access. By default, GlassFish's admin interface works at TCP port 4848. The idea is to allow admin access on the DAS from the admin station on one side, and on the other, to allow the DAS to connect and control to the subordinated node.

To demonstrate how this can be done, let's assume we have one DAS with IP 10.0.0.5 and one node with IP 10.0.0.6 subordinated to it. Your admin station's IP address is 10.0.0.7. On the DAS, run:

iptables -I INPUT -s 10.0.0.7 -m state --state NEW -m tcp -p tcp --dport 4848 -j ACCEPT

On the GlassFish node, allow the DAS to connect by executing:

iptables -I INPUT -s 10.0.0.5 -m state --state NEW -m tcp -p tcp --dport 4848 -j ACCEPT

You shouldn't have to connect to the GlassFish node directly because you will control the whole cluster centrally from the DAS. That's why you don't have to allow your admin IP address on the nodes. To save the iptables rules changes you made and make them persistent, execute service iptables save.

Next, make sure that your application's services are accessible from outside. Let's take an example with the default web service running on TCP port 8080 (HTTP) and TCP port 8181 (HTTPS). Run the following iptables commands on the nodes, assuming you are not going to use the DAS for serving external clients, as you should, since the more isolated and protected the DAS, the more stable and secure the whole cluster is:

iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 8080,8181 -j ACCEPT

You may be able to improve the above rule; it's likely that there will be a proxy or application firewall before GlassFish. In such a case, allow only the IP address of the firewall or proxy by using the -s argument. Don't forget to save the rule with service iptables save.

These tips should be enough to help you over many common problems. However, you may see other installation problems, because GlassFish is a complex service and because the environments on which it is supposed to run greatly vary.




This work is licensed under a Creative Commons Attribution 3.0 Unported License
Creative Commons License.


This work is licensed under a Creative Commons Attribution 3.0 Unported License
Creative Commons License.

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics