We create virtual machine instances and then use asadmin to create a new domain on them; copy libraries (mostly jdbc drivers) to the domain lib directory; start the domain; configure the domain by running asadmin commands to remove and add (replace) jvm options, disable phone home (we are running on air gapped network), set logging properties and log attributes, set transaction timeout values, add pool and queue resources from xml resource files, create realms, setup certificates (add our certs to key/trust stores, delete all the preconfigure ca certs and only add the ones we explicitly manage), configure thread pool sizes, enable secure admin; restart the domain for some of the settings to apply such as enable secure admin and configuring the jvm options; and then deploy all of our applications to the domain. This is a slow process due to restarting the domain, each asadmin call being a separate process forked and having to establish a new connection to the domain each time, and having to run a separate deploy command for each application we want to deploy. This process also results in several warnings about “Unprocessed event: UnprocessedChangeEvent …” “Addition of: … cannot take effect without server restart” in the domain log. Is there a way to configure settings like jvm options before starting the domain to avoid these warnings in the log and avoid the costly restart? Are there other techniques that people use to speed up this domain setup and deployment process? An important part of our automated creation is for any failures in deployment commands to result in error exit code and stop any further setup processing so that the system knows that creation/deployment failed.
Anybody have an insights into this? Specifically is there any way to create a domain with secure admin already enabled to avoid the costly domain restart?
Hello @bdrx,
I will assume that you are using the standalone (non-Docker) version of Payara Server. There are options to make the deployment more efficient, but I am not sure if it can satisfy everything that you need. On Payara Server and Micro we got the concept of preboot and postboot command files. As the name suggests, the preboot command files will be apply before Payara starts, but not all asadmin commands work there. I can confirm that enable-secure-admin will not work on the preboot. In my experience the preboot command file works well with the set commands, so if you want to modify certain parameters such as logging levels for already existing logging properties, setting connection pool max/min etc.
Postboot commands on the other hand support all the asadmin commands as far as I know. But because they are ran after the booting process ended, they still require a restart at the end to apply certain settings. The postboot command file great for creating new logs, add new connection pools, create realms, enabling secure admin and anything else you can do via the CLI.
The preboot and postboot command files are the recommended options when it comes to configuring Payara Server or Micro easier. You can use the following command if you wanted to start a domain with both preboot and postboot files:
./asadmin start-domain --prebootcommandfile --postbootcommandfile
The second option could be doing this configuration outside the VM and copying the entire domain folder into the Payara Server instance located in the VM at payara6\glassfish\domains\. If you do it once, this should also avoid the restart for each individual VM you are trying to set up.
The third option is not really recommended but you can give it a try: modifying the domain.xml manually before booting up the server, configuring it via the XML options available, creating everything manually. On top of this you will probably have to add the JDBC driver manually at payara6\glassfish\domains\\lib and manually deal with the certificates in keystore and truststore. I personally did modify the domain.xml with no issues for small changes, but I never tried to do a whole server setup this way, so it may not work as expected.
If you are using docker, the process is slightly different but the principles listed above still apply. You can the Dockerizing a Production Environment section of this article: Fine Tuning Payara Server 6 in Production
I hope this helps at least with a part of the issues when it comes to the configuration of multiple VMs with Payara.
Best regards,
Felix Ifrim