Recently I worked on making sure that GlassFish 3.1 can use a multihomed server effectively. This article talks about what it takes to configure a GlassFish domain to use multihoming. Unfortunately, this takes some detailed configuration at this point; there is an RFE filed to make this easier.
Briefly, a multihomed server has multiple IP addresses. There are two primary use cases for multihomed servers:
1. Multiple distinct installations and/or domains of GlassFish are being operated on a server, with the intent to have one domain use one network and another use another network. For a particular DAS or instance, all of the ports for that instance are bound to the same host name.
2. A server with multiple networks, e.g., a front-end network for web requests, a back-end administrative network, and a back-end database network. The HTTP/S listeners are bound to the front-end network, while the admin-listener, GMS traffic, etc. is bound to the administrative network. Presumably in this case, the nodes would be defined to use the administrative network.
To configure either of these cases, the “address” attributes for all of the listeners must be configured to use a specific address rather than “0.0.0.0”. The address can either be an IP address or a DNS name. In each case the attribute is called “address”, but for some listeners, the default of “0.0.0.0” doesn’t show up in the domain.xml, so it has to be added. The easiest way to find all of the addresses that need to be set is to search for “port” attributes.
For example, in the default domain.xml file, the “server-config” (which is used for the DAS) as the following entry:
<network-listener port="8080" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool"/>
To configure this to bind to a specific address, such as 192.168.0.1, set this as follows:
<network-listener address="192.168.0.5" port="8080" protocol="http-listener-1" transport="tcp" name="http-listener-1" thread-pool="http-thread-pool"/>
Now, when this domain starts, the http-listener-1 will listen only on the address 192.168.0.5 rather than all addresses. By doing this for all of the ports on which the server listens, either of the use cases above can be supported.
To make this configuration change from the command line, the asadmin command is:
asadmin set configs.config.server-config.network-config. network-listeners.network-listener.http-listener-1.address=192.168.0.5
After making this change, restart the server and you can see that it is only listening on the specified address using the netstat command.
Here is the list of addresses that need to be set in the default configuration:
- JMX System Connector
- JMS Provider
- HTTP Listener
- HTTP/SSL Listener
- Administration Listener
- IIOP Listener
- IIOP/SSL Listener
- IIOP/SSL Mutual Authorization
The Java debugger port and the OSGi Shell port are bound to localhost by default, so typically they do not need to be changed.
The multihomed server support is working in GlassFish 3.1 as of the MS4 build. If you have any interesting experiences to share with using this, please let us know.
10 comments
Comments feed for this article
April 25, 2011 at 8:32 pm
geocode
Hey I’m working on a similar setup, but I am actually running into a problem. Maybe you solved or can help?
The glassfish server is on a linux box with two subnets. The hostname resolves to one of the subnets. But the client applications actually run on the other (a 192.168.x.x). The client applications start by talking to 192.168.x.x and are using java web start and can connect to the jndi lookups. At some point the clients start to try to talk to the other ip address (which fails of course). I know that somehow glassfish is telling them to use the ip address of the hostname (or is sending the hostname), but I cannot figure out how to make it stop. I have tried to force the client to use the 192.168, but it always switches before the lookup completes. In your example above does the hostname resolve to the subnet the client is on? Can you make it be the opposite. You can put a firewall in between to block, or really with the address set to 192.168.x.x then the other subnet will be blocked by glassfish itself.
Do you have a solution? Care to discuss further?
April 26, 2011 at 1:56 pm
Tom Mueller
If you could please post your question to the GlassFish users forum or send it to users@glassfish.java.net, there are people there that are more familiar with the application client and the protocols and servers that are used in that environment. I suspect that this might be related to the IIOP listeners, but you didn’t mention in your comment what protocols your client application is using.
January 20, 2012 at 6:50 am
matteocorti
The asadmin command lacks a ‘=’:
asadmin set configs.config.server-config.network-config.
network-listeners.network-listener.http-listener-1.address=192.168.0.5
January 20, 2012 at 2:15 pm
Tom Mueller
Fixed.
February 6, 2012 at 8:00 am
James
Hi Tom, Here’s what I get when I try to run from command line:
> ./asadmin set configs.config.server-config.network-config.network-listeners.network-listener.http-listener-1.address=123.123.123.123
Remote server does not listen for requests on [localhost:4848]. Is the server up?
Unable to get remote commands.
Closest matching local command(s):
setup-ssh
unset
But when I modify the domain.xml file following your instructions here, GlassFish starts up. Not too sure I modified it correctly though (and I am still experiencing the same issues for which I am seeking a way to start GlassFish on a specific IP address) for the following reason: I added the address attribute to the network listener node and restarted GlassFish. The problem I am facing didn’t go away..
So, I went on to add the IP address for for the following nodes in the domain.xml file:
JMX System Connector
JMS Provider
HTTP Listener
HTTP/SSL Listener
Administration Listener
IIOP Listener
IIOP/SSL Listener
IIOP/SSL Mutual Authorization
I had a problem with administration Listener though. There’s no explicit node for Administration Listener..
I restarted GlassFish, but its still not working as expected.
Am I doing something wrong?
Please take a look at this thread of discussion: http://www.java.net/forum/topic/glassfish/glassfish/problems-launching-deployed-applications-glassfish-311-rhe-linux-server
February 6, 2012 at 3:46 pm
Tom Mueller
To run the “asadmin set” command, the DAS must be running. So run “asadmin start-domain” first and then run “asadmin set”.
The node for the administration listener is the network-listener with name=”admin-listener”. (I’d post the XML, but wordpress doesn’t seem to allow that.) Add an address=”123.123.123.123″ to that node.
Can you post your domain.xml to the forum thread that you referenced?
February 6, 2012 at 5:04 pm
James
Hi Tom,
Here’s the content of my modified domain.xml file. I have reverted to the default domain.xml file though, to be able to get GlassFish running again.
But here’s the content of the file I was referring to.
-XX:MaxPermSize=192m
-client
-Djava.awt.headless=true
-Djavax.management.builder.initial=com.sun.enterprise.v3.admin.AppServerMBeanServerBuilder
-XX:+UnlockDiagnosticVMOptions
-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed
-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy
-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf
-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as
-Xmx512m
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks
-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks
-Djava.ext.dirs=${com.sun.aas.javaRoot}/lib/ext${path.separator}${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext
-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver
-DANTLR_USE_DIRECT_CLASS_LOADING=true
-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory
-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.fileinstall
-Dosgi.shell.telnet.port=6666
-Dosgi.shell.telnet.maxconn=1
-Dosgi.shell.telnet.ip=127.0.0.1
-Dgosh.args=–nointeractive
-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/
-Dfelix.fileinstall.poll=5000
-Dfelix.fileinstall.log.level=2
-Dfelix.fileinstall.bundles.new.start=true
-Dfelix.fileinstall.bundles.startTransient=true
-Dfelix.fileinstall.disableConfigSave=false
-XX:NewRatio=2
-XX:MaxPermSize=192m
-server
-Djava.awt.headless=true
-XX:+UnlockDiagnosticVMOptions
-Djava.endorsed.dirs=${com.sun.aas.installRoot}/modules/endorsed${path.separator}${com.sun.aas.installRoot}/lib/endorsed
-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy
-Djava.security.auth.login.config=${com.sun.aas.instanceRoot}/config/login.conf
-Dcom.sun.enterprise.security.httpsOutboundKeyAlias=s1as
-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks
-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks
-Djava.ext.dirs=${com.sun.aas.javaRoot}/lib/ext${path.separator}${com.sun.aas.javaRoot}/jre/lib/ext${path.separator}${com.sun.aas.instanceRoot}/lib/ext
-Djdbc.drivers=org.apache.derby.jdbc.ClientDriver
-DANTLR_USE_DIRECT_CLASS_LOADING=true
-Dcom.sun.enterprise.config.config_environment_factory_class=com.sun.enterprise.config.serverbeans.AppserverConfigEnvironmentFactory
-XX:NewRatio=2
-Xmx512m
-Dorg.glassfish.additionalOSGiBundlesToStart=org.apache.felix.shell,org.apache.felix.gogo.runtime,org.apache.felix.gogo.shell,org.apache.felix.gogo.command,org.apache.felix.fileinstall
-Dosgi.shell.telnet.port=${OSGI_SHELL_TELNET_PORT}
-Dosgi.shell.telnet.maxconn=1
-Dosgi.shell.telnet.ip=127.0.0.1
-Dgosh.args=–noshutdown -c noop=true
-Dfelix.fileinstall.dir=${com.sun.aas.installRoot}/modules/autostart/
-Dfelix.fileinstall.poll=5000
-Dfelix.fileinstall.log.level=3
-Dfelix.fileinstall.bundles.new.start=true
-Dfelix.fileinstall.bundles.startTransient=true
-Dfelix.fileinstall.disableConfigSave=false
February 6, 2012 at 5:06 pm
James
I now see what you mean by wordpress not allowing XML to be posted… sorry
February 6, 2012 at 5:15 pm
James
Hi Tom,
I have pasted the XML in a webpage and you can view it here:
http://bit.ly/wihjum
Thanks.
February 7, 2012 at 5:32 am
James
Hi Tom,
Would you be kind enough to share the domain.xml file in the GlassFish user group on Linkedin?
Thanks.