Tag: Database

Application Monitoring using MongoDB Monitoring Service (MMS) on Openshift

Hi,

In this article we will discuss about monitoring the appliation which are deployed over Openshift. We will use MongoDB Monitoring Service (MMS) to achieve this. Application monitoring is very important for developers before and after deploying the applications in production, let that be performance measurement, some tuning or random health checks.

The MongoDB Monitoring Service (MMS) is a cloud-based monitoring service, designed by 10gen, to monitor the health of MongoDB deployments. MMS provides an agent that runs on MongoDB servers, and this agent reports information such as opcounters, memory information, number of connections, network I/O, database storage size, and more. All of this information is available in customizable charts that are displayed in your web browser.

Openshift provides us a cartridge that can be used for monitoring the MongoDB apps. Ofcourse you would need to add a MongoDB cartridge as well, but this doesn’t mean that you can not use any other databse. 🙂

I tried a sample app that uses mysql database and I was still able to get the monitoring set up for that. 🙂

Below are the steps that you need to follow to have MMS setup :

Step-1: Create a test application (in this example a java app) :

$ rhc app create -a monitoringDemo -t jbossas-7

Step-2 : Add MongoDB cartridge to above application :

$ rhc app cartridge add -a monitoringDemo -c mongodb-2.0

Step-3 : Login to https://mms.10gen.com and create an account.

Step-4 : Once done download the mms agent by clicking on “download the agent” link on the Hosts page. Extract the zip file, you will get a dir as “mms-agent”.

Step-5 : Open a terminal and navigate to your project directory, from where you executed Step-1.

Step-6 : You will see a directory created as “monitoringDemo”, move upto “.openshift” inside it :

..
[userone@userone monitoringDemo]$ ls -ltra
total 44
-rw-rw-r--.  1 userone userone    7 Jul 25 18:58 .gitignore
drwxrwxr-x.  3 userone userone 4096 Jul 25 18:58 src
-rw-rw-r--.  1 userone userone 1695 Jul 25 18:58 pom.xml
-rw-rw-r--.  1 userone userone   56 Jul 25 19:01 README.md
-rwxrwxr-x.  1 userone userone    0 Jul 25 19:09 .gitkeep
-rwxrwxr-x.  1 userone userone    0 Jul 25 19:09 mysql-connector-java-5.1.13-bin.jar.dodeploy
-rw-rw-r--.  1 userone userone 7629 Jul 25 19:09 README
drwxrwxr-x.  4 userone userone 4096 Jul 25 19:10 deployments
drwxr-xr-x.  6 userone userone 4096 Jul 25 19:10 .
drwxrwxrwx. 24 userone userone 4096 Aug  2 19:41 ..
drwxrwxr-x.  7 userone userone 4096 Aug  7 14:54 .openshift
drwxrwxr-x.  8 userone userone 4096 Aug  7 14:56 .git
[userone@userone monitoringDemo]$ pwd
/myProjDir/monitoringDemo
[userone@userone monitoringDemo]$ cd .openshift/
..

Step-7 : Create a new directory as “mms” :

..
[userone@userone .openshift]$ mkdir mms
[userone@userone .openshift]$ ls -ltra
total 28
drwxrwxr-x. 7 userone userone 4096 Jul 25 18:58 cron
drwxrwxr-x. 3 userone userone 4096 Jul 25 18:58 config
drwxrwxr-x. 2 userone userone 4096 Jul 25 18:58 action_hooks
drwxrwxr-x. 2 userone userone 4096 Jul 25 18:58 markers
drwxr-xr-x. 6 userone userone 4096 Jul 25 19:10 ..
drwxrwxr-x. 7 userone userone 4096 Aug  7 14:54 .
drwxrwxr-x. 2 userone userone 4096 Aug  7 14:55 mms
[userone@userone monitoringDemo]$ pwd
/myProjDir/monitoringDemo/.openshift
..

Step-8 : After step-4 you would have got a directory as “mms-agent” navigate inside it and copy “settings.py” file to “/myProjDir/monitoringDemo/.openshift/mms”

Note : Make sure you do that, or else MMS won’t work.

Step-9 : Navigate back to project directory add the changes to git repo, commit those changes and then push:

$ cd /myProjDir/monitoringDemo/

$ git add .openshift/mms/

$ git commit -a -m “some commit message”

$ git push

Step-10 : Now add the MMS agent cartridge to your application :

$ rhc app cartridge add -a monitoringDemo -c 10gen-mms-agent-0.1

Phewww setup is almost done, now lets make it work 🙂

Step-11 : ssh to your application :

$ ssh UUID@applicationname-namespace.rhcloud.com

for eg :

ssh 90497856323c4122a11602485445c7b2@monitoringDemo-userone.rhcloud.com

and run below command :

..
$ echo $OPENSHIFT_NOSQL_DB_URL
mongodb://admin:ABCD8YrgQth2@10.10.10.10:27017/
..

here:

* admin = MongoDB username
* ABCD8YrgQth = password
* 10.10.10.10 = IP address of your MongoDB host/node

Step-12 : Navigate to https://mms.10gen.com and click the Hosts + button at the top of the page and add all the details from the output of Step-11.

Step-13 : Click the name of the host that you want to monitor to view the available data collection streams. First time it will take some time as it needs to schedule the checks.

This is not over yet, you can also configure multiple alerts and can can customize your view according to your requirement. Pretty simple,easy, open-source monitoring 🙂

Regards,
Middlewaremagic Team


Management User Authentication using Encrypted Passwords with Database LoginModule AS7

Hi,

We have seen that using “$JBOSS_HOME/bin/add-user.sh” script we can create Management & Application Users. Using “add-user.sh” script when we create users then the credentials of Management user is stored inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” and inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” file. Even though the passwords are encrypted in these properties file still many administrators like to store their management credentials inside the Database rather than storing them inside the Database.

In our previous Demo we saw how to Authenticate Management Users based on the “DatabaseServerLoginModule” http://middlewaremagic.com/jboss/?p=2187 But the problem with that approach is we can see the Cleartext passwords present inside the Database as following:

mysql> select * from PRINCIPLES;
+--------------+----------+
| principal_id | password |
+--------------+----------+
| adminUser    | admin123 |
+--------------+----------+
1 row in set (0.00 sec)

But in this Current Demo we will see how we can store the Encrypted (MD5 + hex) password in the Database so that it will be safe. This can be simply achieved by adding the following two module options in the “security-domain”


    <module-option name="hashAlgorithm" value="MD5"/>
    <module-option name="hashEncoding" value="hex"/>

We will see it in more details so first we will proceed with creating the Hashed Password. Here we will write a simple program in order to Encrypt the Management User’s password.

Program to Encrypt Management User’s Password

Step1). Write the following program “EncryptPassword.java” inside your file system somewhere.

import java.security.MessageDigest;
import java.math.BigInteger;
import org.jboss.crypto.CryptoUtil;

public class EncryptPassword
  {
    public static void main(String ar[]) throws Exception
     {
       /*
       You will need the following JAFRs in your classpath in order to compile & run this program 
       export CLASSPATH=$JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.7.Final.jar:$JBOSS_HOME/bin/client/jboss-client.jar:$CLASSPATH:.:
       */

       //String clearTextPassword=ar[0]+":ManagementRealm:"+ar[1];     //---> This is how JBoss Encrypts password

       String clearTextPassword=ar[0];
       String hashedPassword=CryptoUtil.createPasswordHash("MD5", "hex", null, null, clearTextPassword);
       System.out.println("clearTextPassword: "+clearTextPassword);
       System.out.println("hashedPassword: "+hashedPassword);
     }
  }

Step2). Now Open a terminal/Command prompt then set the PATH to include the JDK “bin” directory in it. Also we will set the CLASSPATH by including the “picketbox-4.0.7.Final.jar” and “jboss-client.jar” jar, which are required in order to compile and run the program. As soon as we will run the following program we will see the HashedPassword which we need to insert in the database “PRINCIPLES” table.


export JBOSS_HOME=/home/userone/jboss-as-7.1.1.Final

export CLASSPATH=$JBOSS_HOME/modules/org/picketbox/main/picketbox-4.0.7.Final.jar:$JBOSS_HOME/bin/client/jboss-client.jar:$CLASSPATH:.:

javac EncryptPassword.java 

java EncryptPassword admin123

_________

OUTPUT
_________

clearTextPassword: admin123
hashedPassword: 0192023a7bbd73250516f069df18b500

MySQL Database & Datasource configuration

First of all we will see what all configurations are needed at the Database end and the Datasource configuration.
Step3). Start the MySQL database and then create the following Tables with the required Data as mentioned:

CREATE TABLE PRINCIPLES ( principal_id VARCHAR(64) primary key,password VARCHAR(64));
CREATE TABLE ROLES ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));

Insert into PRINCIPLES values('adminUser','0192023a7bbd73250516f069df18b500');
Insert into ROLES values('adminUser','admin','admin');

You can insert more records in your database based on your requirement. I created only one Admin User.

mysql> select * from PRINCIPLES;
+--------------+----------------------------------+
| principal_id | password                         |
+--------------+----------------------------------+
| adminUser    | ec28e69f42b23f2e524572c4f263263d |
+--------------+----------------------------------+
1 row in set (0.00 sec)

***NOTE*** As you can see that actually the password for user “adminUser” is “admin123” but we entered the Encrypted password (0192023a7bbd73250516f069df18b500) for this user inside the Database not the Clear Text Password.

JBossAS7 side configuration

Step4). Place the MySQL database driver “mysql-connector-java-5.1.13-bin.jar” inside the “$JBOSS_HOME/standalone/deployments” directory.

Step5). Now start your JBossAS7 standalone profile as following:

[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml -bmanagement 10.10.10.10 -b 20.20.20.20

NOTE: You can start your Server in localhost address as well. Here i started the JBoss Management interface at 10.10.10.10 Address where as the public interface on “20.20.20.20”.

Step6). It’s time to create a DataSource. So lets start the JBossAS7.1.1.Final and then open the JBoss CLI utility “$JBOSS_HOME/bin/jboss-cli.sh” then run the following command in order to create MySQL DataSource as following:

 [userone@localhost bin]$ ./jboss-cli.sh --connect --controller=10.10.10.10:9999

 [standalone@10.10.10.10:9999 /] /subsystem=datasources/data-source="java:jboss/MySqlDS":add(jndi-name="java:jboss/MySqlDS",pool-name="MySqlPool",driver-name="mysql-connector-java-5.1.13-bin.jar",connection-url="jdbc:mysql://localhost:3306/testDB",user-name="root",password="redhat")

Once the above command executes successfully executes you will see the following kind of entry inside your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file (Inside the “[subsystem xmlns=”urn:jboss:domain:datasources:1.0″]” subsystem):

   <datasource jndi-name="java:jboss/MySqlDS" pool-name="java:jboss/MySqlDS">
       <connection-url>jdbc:mysql://localhost:3306/testDB</connection-url>
       <driver>mysql-connector-java-5.1.13-bin.jar</driver>
       <security>
          <user-name>root</user-name>
          <password>redhat</password>
       </security>
   </datasource>

Step7). Now we will create a Security-Domain inside the “[subsystem xmlns=”urn:jboss:domain:security:1.1″]” subsystem of your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as following:

  <security-domain name="DBAuthTest">
      <authentication>
         <login-module code="Database" flag="required">
            <module-option name="dsJndiName" value="java:jboss/MySqlDS"/>
            <module-option name="principalsQuery" value="select password from  PRINCIPLES where principal_id=?"/>
            <module-option name="rolesQuery" value="select user_role, 'Roles' from  ROLES where  principal_id=?"/>
            <module-option name="password-stacking" value="useFirstPass"/>

            <!-- Encryption Related module-options -->
            <module-option name="hashAlgorithm" value="MD5"/>
            <module-option name="hashEncoding" value="hex"/>

         </login-module>
         <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
            <module-option name="rolesProperties" value="${jboss.server.config.dir}/test-roles.properties"/>
            <module-option name="replaceRole" value="false"/>
         </login-module>
     </authentication>
   </security-domain>

Step8). As you can see above that in the “RoleMappingLoginModule” configuration we passed a file “test-roles.properties” for mapping the database user to the authorization role. So we will need to now create a file with name “test-roles.properties” inside the following location
“$JBOSS_HOME/standalone/configuration/test-roles.properties”
and
“$JBOSS_HOME/domain/configuration/test-roles.properties”

#username=RoleName
adminUser=admin

Step9). The Most important part now. We will edit the “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as well as “$JBOSS_HOME/domain/configuration/domain.xml” file <management> <security-realms> section as following sothat our custom security “DBAuthTest” can be associated with this ManagementRealm:

    <security-realm name="ManagementRealm">
        <authentication>
             <jaas name="DBAuthTest"/>
        </authentication>
    </security-realm>

Step10). Restart your JBossAS7 profile and then try to access the JBoss Console “http://10.10.10.10:9990/console” with the database table credential like
username: adminUser
password: admin123

.
.
Thanks 🙂
MiddlewareMagic Team


Configuring JBossAS7 ManagementRealm with the Database LoginModule

Hi,
Hi,
We have seen that using “$JBOSS_HOME/bin/add-user.sh” script we can create Management & Application Users. Using “add-user.sh” script when we create users then the credentials of Management user is stored inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” and inside the “$JBOSS_HOME/standalone/configuration/mgmt-users.properties” file. Even though the passwords are encrypted still many administrators like to store their management credentials inside the Database rather than storing them inside the Database.

So here as part of this Demo we will see how to create a Database authentication “security-domain” and how to associate the “ManagementRealm” with the “DBAuthTest” security-domain. We will need to follow the below mentioned steps in order to achieve the same.

MySQL Database & Datasource configuration

First of all we will see what all configurations are needed at the Database end and the Datasource configuration.
Step1). Start the MySQL database and then create the following Tables with the required Data as mentioned:

CREATE TABLE PRINCIPLES ( principal_id VARCHAR(64) primary key,password VARCHAR(64));
CREATE TABLE ROLES ( principal_id VARCHAR(64),user_role VARCHAR(64),role_group VARCHAR(64));

Insert into PRINCIPLES values('adminUser','admin123');
Insert into ROLES values('adminUser','admin','admin');

You can insert more records in your database based on your requirement. I created only one Admin User.

JBossAS7 side configuration

Step2). Place the MySQL database driver “mysql-connector-java-5.1.13-bin.jar” inside the “$JBOSS_HOME/standalone/deployments” directory.

Step3). Now start your JBossAS7 standalone profile as following:

[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml -bmanagement 10.10.10.10 -b 20.20.20.20

NOTE: You can start your Server in localhost address as well. Here i started the JBoss Management interface at 10.10.10.10 Address where as the public interface on “20.20.20.20”.

Step4). It’s time to create a DataSource. So lets start the JBossAS7.1.1.Final and then open the JBoss CLI utility “$JBOSS_HOME/bin/jboss-cli.sh” then run the following command in order to create MySQL DataSource as following:

 [userone@localhost bin]$ ./jboss-cli.sh --connect --controller=10.10.10.10:9999

 [standalone@10.10.10.10:9999 /] /subsystem=datasources/data-source="java:jboss/MySqlDS":add(jndi-name="java:jboss/MySqlDS",pool-name="MySqlPool",driver-name="mysql-connector-java-5.1.13-bin.jar",connection-url="jdbc:mysql://localhost:3306/testDB",user-name="root",password="redhat")

Once the above command executes successfully executes you will see the following kind of entry inside your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file (Inside the “[subsystem xmlns=”urn:jboss:domain:datasources:1.0″]” subsystem):

   <datasource jndi-name="java:jboss/MySqlDS" pool-name="java:jboss/MySqlDS">
       <connection-url>jdbc:mysql://localhost:3306/testDB</connection-url>
       <driver>mysql-connector-java-5.1.13-bin.jar</driver>
       <security>
          <user-name>root</user-name>
          <password>redhat</password>
       </security>
   </datasource>

Step5). Now we will create a Security-Domain inside the “[subsystem xmlns=”urn:jboss:domain:security:1.1″]” subsystem of your “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as following:

   <security-domain name="DBAuthTest">
       <authentication>
           <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
               <module-option name="dsJndiName" value="java:jboss/MySqlDS"/>
               <module-option name="principalsQuery" value="select password from  PRINCIPLES where principal_id=?"/>
               <module-option name="rolesQuery" value="select user_role, 'Roles' from  ROLES where  principal_id=?"/>
           </login-module>
           <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
               <module-option name="rolesProperties" value="${jboss.server.config.dir}/test-roles.properties"/>
               <module-option name="replaceRole" value="false"/>
           </login-module>
       </authentication>
   </security-domain>

Step6). As you can see above that in the “RoleMappingLoginModule” configuration we passed a file “test-roles.properties” for mapping the database user to the authorization role. So we will need to now create a file with name “test-roles.properties” inside the following location
“$JBOSS_HOME/standalone/configuration/test-roles.properties”
and
“$JBOSS_HOME/domain/configuration/test-roles.properties”

#username=RoleName
adminUser=admin

Step7). The Most important part now. We will edit the “$JBOSS_HOME/standalone/configuration/standalone-full.xml” file as well as “$JBOSS_HOME/domain/configuration/domain.xml” file <management> <security-realms> section as following sothat our custom security “DBAuthTest” can be associated with this ManagementRealm:

    <security-realm name="ManagementRealm">
        <authentication>
             <jaas name="DBAuthTest"/>
        </authentication>
    </security-realm>

Step8). Restart your JBossAS7 profile and then try to access the JBoss Console “http://10.10.10.10:9990/console” with the database table credential like

[userone@localhost bin]$ ./standalone.sh -c standalone-full.xml -bmanagement 10.10.10.10 -b 20.20.20.20

username: adminUser
password: admin123

.
.
Thanks
MiddlewareMagic Team


Copyright © 2010-2012 Middleware Magic. All rights reserved. |