...
| Code Block | ||
|---|---|---|
| ||
<!-- this is to prevent the java.lang.OutOfMemoryError: PermGen space during deployment--> <jvm-options>-XX:MaxPermSize=256m</jvm-options> <!-- --> <!-- additional jvm options to fix file descriptor leak due to sockets not being closed (bug#:6321777) --> <jvm-options>-server</jvm-options> <jvm-options>-Dcom.sun.enterprise.web.connector.grizzly.useKeepAliveAlgorithm=true</jvm-options> <jvm-options>-Dcom.sun.enterprise.web.connector.grizzly.socketSoTimeout=30000</jvm-options> <jvm-options>-Dcom.sun.enterprise.web.connector.grizzly.maxKeepAliveRequests=250</jvm-options> <jvm-options>-Dcom.sun.enterprise.server.ss.ASQuickStartup=false</jvm-options> <!-- end of additional jvm options --> |
Security Setup
Need keys etc.
| Code Block |
|---|
[terapaths@terapaths ~]$ export PATH=$PATH:/usr/java/jdk1.5.0_13/bin/
|
| Code Block |
|---|
[terapaths@terapaths ~]$ keytool -list -keystore /home/terapaths/SUNWappserver/domains/domain1/config/keystore.jks
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
s1as, Nov 8, 2007, keyEntry,
Certificate fingerprint (MD5): F1:C4:86:53:BD:35:41:33:CC:3B:41:32:A7:E2:6C:EE
|
Add DOE Cert and ESnet
| Code Block |
|---|
[terapaths@terapaths ~]$ keytool -import -noprompt -trustcacerts -alias DOECertAlias -file /home/terapaths/installation/DOE-01.25.13.pem -keystore /home/terapaths/SUNWappserver/domains/domain1/config/cacerts.jks -storepass changeit
Certificate was added to keystore
[terapaths@terapaths ~]$ keytool -import -noprompt -trustcacerts -alias ESnetAlias -file /home/terapaths/installation/ESnet-10.26.22.pem -keystore /home/terapaths/SUNWappserver/domains/domain1/config/cacerts.jks -storepass changeit
Certificate was added to keystore
[terapaths@terapaths config]$ pwd
/home/terapaths/SUNWappserver/domains/domain1/config
[terapaths@terapaths config]$ keytool -list -keystore /home/terapaths/SUNWappserver/domains/domain1/config/cacerts.jks
Enter keystore password: changeit
Keystore type: jks
Keystore provider: SUN
Your keystore contains 13 entries
verisignc1g3, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): B1:47:BC:18:57:D1:18:A0:78:2D:EC:71:E8:2A:95:73
verisignc1g2, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): DB:23:3D:F9:69:FA:4B:B9:95:80:44:73:5E:7D:41:83
esnetalias, Nov 9, 2007, trustedCertEntry,
Certificate fingerprint (MD5): 32:AC:21:5D:DE:43:73:E9:3A:EE:90:BC:17:C4:8F:36
verisignc1g1, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): 97:60:E8:57:5F:D3:50:47:E5:43:0C:94:36:8A:B0:62
verisignc2g3, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): F8:BE:C4:63:22:C9:A8:46:74:8B:B8:1D:1E:4A:2B:F6
verisignc2g2, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
verisignc2g1, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): B3:9C:25:B1:C3:2E:32:53:80:15:30:9D:4D:02:77:3E
doecertalias, Nov 9, 2007, trustedCertEntry,
Certificate fingerprint (MD5): F3:76:00:EC:D0:8E:DB:20:BC:2B:E0:06:60:24:C4:9F
verisignc3g3, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09
verisignc3g2, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): A2:33:9B:4C:74:78:73:D4:6C:E7:C1:F3:8D:CB:5C:E9
verisignc3g1, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): 10:FC:63:5D:F6:26:3E:0D:F3:25:BE:5F:79:CD:67:67
s1as, Nov 8, 2007, trustedCertEntry,
Certificate fingerprint (MD5): F1:C4:86:53:BD:35:41:33:CC:3B:41:32:A7:E2:6C:EE
verisignsecureserver, Apr 8, 2004, trustedCertEntry,
Certificate fingerprint (MD5): 74:7B:82:03:43:F0:00:9E:6B:B3:EC:47:BF:85:A5:93
|
Make sure server works properly:
| Code Block |
|---|
[terapaths@terapaths bin]$ pwd
/home/terapaths/SUNWappserver/bin
[terapaths@terapaths bin]$ ./asadmin start-domain --debug=true domain1
Nov 9, 2007 5:36:27 PM com.sun.enterprise.util.ASenvPropertyReader setSystemProperties
SEVERE: property_reader.unknownHost
java.net.UnknownHostException: terapaths: terapaths
at java.net.InetAddress.getLocalHost(InetAddress.java:1346)
at com.sun.enterprise.util.net.NetUtils.getCanonicalHostName(NetUtils.java:66)
at com.sun.enterprise.util.ASenvPropertyReader.setSystemProperties(ASenvPropertyReader.java:161)
at com.sun.enterprise.cli.framework.CLIMain.invokeCommand(CLIMain.java:87)
at com.sun.enterprise.cli.framework.CLIMain.main(CLIMain.java:46)
Starting Domain domain1, please wait.
Log redirected to /home/terapaths/SUNWappserver/domains/domain1/logs/server.log.
Domain domain1 failed to startup. Please check the server log for more details.
CLI156 Could not start the domain domain1.
|
Add local dns (no dns server is configured on these machines)
| Code Block | ||
|---|---|---|
| ||
127.0.0.1 terapaths
192.124.59.130 terapaths
|
Fixes the startup problem:
| Code Block |
|---|
[terapaths@terapaths bin]$ ./asadmin start-domain --debug=true domain1
Starting Domain domain1, please wait.
Log redirected to /home/terapaths/SUNWappserver/domains/domain1/logs/server.log.
Domain domain1 is ready to receive client requests. Additional services are being started in background.
|
Listening ports
| Code Block |
|---|
yee@terapaths ~]$ netstat -nlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:9009 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:946 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 0 :::48580 :::* LISTEN -
tcp 0 0 :::3820 :::* LISTEN -
tcp 0 0 ::ffff:127.0.0.1:32876 :::* LISTEN -
tcp 0 0 :::8686 :::* LISTEN -
tcp 0 0 :::3920 :::* LISTEN -
tcp 0 0 :::3700 :::* LISTEN -
tcp 0 0 :::32884 :::* LISTEN -
tcp 0 0 :::32885 :::* LISTEN -
tcp 0 0 :::22 :::* LISTEN -
tcp 0 0 :::32887 :::* LISTEN -
tcp 0 0 :::40860 :::* LISTEN -
tcp 0 0 :::7676 :::* LISTEN -
tcp 0 0 :::53470 :::* LISTEN -
udp 0 0 0.0.0.0:514 0.0.0.0:* -
udp 0 0 0.0.0.0:2055 0.0.0.0:* -
udp 0 0 0.0.0.0:940 0.0.0.0:* -
udp 0 0 0.0.0.0:943 0.0.0.0:* -
udp 0 0 0.0.0.0:7001 0.0.0.0:* -
udp 0 0 0.0.0.0:111 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp 0 0 192.124.59.130:123 0.0.0.0:* -
udp 0 0 127.0.0.1:123 0.0.0.0:* -
udp 0 0 0.0.0.0:123 0.0.0.0:* -
udp 0 0 :::123 :::* -
|
MySQL
...