API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Mar 22nd, 2016
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.67 KB | None | 0 0
raw download clone embed print report
  1. Make sure any of your previously used JBoss Fuse instances are stopped.
  2. Create a User Account for Red Hat JBoss Fuse
  3. Red Hat Enterprise Linux allows administrators to create a username and a password associated with a group, similarly to a Windows environment. To achieve this goal,
  4. Create a User Account
  5. Open a Terminal window (Applications → System Tools → Terminal) and execute the following command to create a user account whose login is fuse. The password for the student login is student:
  6. [student@stationX ~]$ sudo adduser -g fuse fuse
  7. Update the User Password
  8. In the Terminal window, execute the following command to update the password for this user:
  9. [student@stationX ~]$ sudo passwd fuse
  10. Use l0ck3d as the password for this user.
  11. Note
  12. This command will raise two Bad password messages (It is based on a dictionary word and It is too simple). You can ignore the message.
  13. The following message will be presented after updating the password:
  14. passwd: all authentication tokens updated successfully.
  15. Install JBoss Fuse Under a Dedicated User Account
  16. Open a terminal and switch user identity to user fuse:
  17. [student@stationX ~]$ su – fuse
  18. Password: l0ck3d
  19. Extract Red Hat JBoss Fuse from the installation archive:
  20. [fuse@stationX ~]$ unzip -q /tmp/jboss-fuse-full-6.1.0.GA.zip
  21. Create the soft link to the directory created to allow simple upgrades:
  22. [fuse@stationX ~] ln -s ~/jboss-fuse-6.1.0.redhat-379 ~/jboss-fuse-6.1.0.GA
  23. Configure the User Account for JBoss Fuse
  24. Using gedit (Applications → Accessories → gedit Text Editor), set the required environment variables to the .bashrc file of user fuse. From the already opened Terminal window, execute the following command:
  25. [fuse@stationX ~]$ gedit ~/.bashrc
  26. Add to the end of this file the following environment variables:
  27. JAVA_HOME=/etc/alternatives/java_sdk_1.7.0
  28. KARAF_BASE=$HOME/jboss-fuse-6.1.0.GA
  29. KARAF_DATA=$HOME/instance-root-data
  30. PATH=$PATH:$KARAF_BASE/bin
  31. export JAVA_HOME KARAF_BASE KARAF_DATA PATH
  32. umask 077
  33. Save the file.
  34. Note
  35. These values can be copied and pasted from the /tmp/security-os/bashrc.contents.
  36. Set Up File System Permissions
  37. Note
  38. The following commands can be copied and pasted from the /tmp/security-os/access.
  39. Enable full access (read, write, and execution) only for the current user to the jboss-fuse-6.1.0.redhat-379 directory and subdirectories:
  40. [fuse@stationX ~]$ find ./jboss-fuse-6.1.0.redhat-379/ -type d -exec chmod 700 {} \;
  41. Enable full access (read, write, and execution) to the scripts responsible to start, stop, and manage Red Hat JBoss Fuse:
  42. [fuse@stationX ~]$ find ./jboss-fuse-6.1.0.redhat-379/ -type f -perm +100 -exec chmod 700 {} \;
  43. Enable only read and write access to the remaining files and directories:
  44. [fuse@stationX ~]$ find ./jboss-fuse-6.1.0.redhat-379/ -type f \! -perm +100 -exec chmod 600 {} \;
  45. Create an instance of the data directory:
  46. [fuse@stationX ~]$ mkdir -m 700 -p instance-root-data/log/
  47. Set Up Resource Limits for the Application
  48. Some system environment variables must be set to limit resources.
  49. Note
  50. The following values can be copied and pasted from the /tmp/security-os/bashrc.contents.
  51. Set Operating System Limits for Fuse
  52. Using the editor of your choice, create the following modifications to the .bashrc file of user fuse:
  53. MAX_FD=2048
  54. export MAX_FD
  55. Set Up Java Virtual Machine Settings
  56. Using the editor of your choice, create the following modifications at the end of the .bashrc file of user fuse:
  57. JAVA_MIN_MEM=256M
  58. JAVA_MAX_MEM=768M
  59. JAVA_PERM_MEM=128M
  60. JAVA_MAX_PERM_MEM=256M
  61. export JAVA_MIN_MEM JAVA_MAX_MEM JAVA_PERM_MEM JAVA_MAX_PERM_MEM
  62. Set Up Operating System Resource Limits
  63. Check the current (soft and hard) operating system resource limits for the fuse user account:
  64. [fuse@stationX ~]$ ulimit -a -S
  65. core file size (blocks, -c) 0
  66. data seg size (kbytes, -d) unlimited
  67. scheduling priority (-e) 0
  68. file size (blocks, -f) unlimited
  69. pending signals (-i) 14865
  70. max locked memory (kbytes, -l) 64
  71. max memory size (kbytes, -m) unlimited
  72. ...
  73. [fuse@stationX ~]$ ulimit -a -H
  74. core file size (blocks, -c) unlimited
  75. data seg size (kbytes, -d) unlimited
  76. scheduling priority (-e) 0
  77. file size (blocks, -f) unlimited
  78. pending signals (-i) 14865
  79. max locked memory (kbytes, -l) 64
  80. max memory size (kbytes, -m) unlimited
  81. ...
  82. Log out from the fuse user account session.
  83. [fuse@stationX ~]$ exit
  84. Using sudo and gedit, create a new operating system limit configuration file in /etc/security/limits.d:
  85. [student@stationX ~]$ sudo gedit /etc/security/limits.d/fuse.conf
  86. Add the following content to the file:
  87. fuse hard core 0 # no core dumps
  88. fuse hard nofile 2048 # incl. sockets!
  89. fuse hard rss 1572864 # 1.5 GB (ignored!)
  90. fuse hard nproc 1024 # incl. threads!
  91. fuse hard as 3145728 # 3 GB VM max (32-bit)
  92. fuse hard maxlogins 1 # only one login allowed
  93. fuse hard priority 0 # run with normal prio
  94. fuse hard nice -5 # max. nice priority
  95. fuse hard rtprio 0 # do not allow RTPRIO
  96. Note
  97. The contents can be copied and pasted from the /home/student/JB435/labs/security-os/fuse.conf
  98. Save the file and exit gedit.
  99. This configuration will allow only a single login for the fuse user.
  100. Test Operating System Limits
  101. Open two new Terminal windows and log in as fuse in both windows:
  102. ssh fuse@localhost
  103. When using the password l0ck3d
  104. from two windows–what happens?
  105. Try logging in as fuse using su - with one established SSH session–what happens? Why?
  106. Try logging in as fuse using su - from two Terminal windows–what happens? Why?
  107. Use the ulimit command as user fuse to verify that the limits are set accordingly.
  108. Log out from this SSH session:
  109. [fuse@stationX ~]$ exit
  110. Configure the Container Instance for Operation
  111. Update Fuse Network Configuration Files
  112. In a Terminal window, log into the fuse user account:
  113. [student@stationX ~]$ su - fuse
  114. Enter the password l0ck3d.
  115. Open gedit from the fuse login:
  116. [fuse@stationX ~]$ gedit $KARAF_BASE/etc/org.apache.karaf.shell.cfg
  117. To enable access using an SSH session from the 127.0.0.1 (localhost) port 11101, change the following lines in this file to:
  118. sshPort=11101
  119. sshHost=127.0.0.1
  120. Save the changes.
  121. Open gedit from the fuse login:
  122. [fuse@stationX ~]$ gedit $KARAF_BASE/etc/org.apache.karaf.management.cfg
  123. To enable remote access for the management console using 127.0.0.1 (localhost) port 11099, change the following lines in this file to:
  124. rmiRegistryPort = 11099
  125. rmiRegistryHost = 127.0.0.1
  126. rmiServerPort = 11444
  127. Configure the Service
  128. Start the container and connect to it remotely using SSH:
  129. Start the JBoss Fuse container in the background.
  130. [fuse@stationX ~]$ $KARAF_BASE/bin/fuse server > instance-root-data/log/server.out 2>&1 &
  131. Wait for a couple of seconds to give the instance a chance to fully start. You can check instance startup status in many ways, but one of the simplest ways to verify it is by looking at the last line of the server.out file, which we redirected console output to:
  132. [fuse@stationX ~]$ tail -n1 instance-root-data/log/server.out
  133. 100% [========================================================================]
  134. The output signifies that the container instance has successfully started and is ready to use.
  135. Verify that the instance is using the preconfigured settings:
  136. [fuse@stationX ~]$ pgrep -fl org.apache.karaf.main.Main
  137. It should generate the following output:
  138. [PID] /etc/alternatives/java_sdk/bin/java -server -Xms256M -Xmx768M -XX:
  139. +UnlockDiagnosticVMOptions -XX:+UnsyncloadClass -XX:PermSize=128M
  140. -XX:MaxPermSize=256M -Dcom.sun.management.jmxremote
  141. -Djava.endorsed.dirs=/etc/alternatives/java_sdk/jre/lib/endorsed:/etc/alternatives/
  142. java_sdk/lib/endorsed:/home/fuse/jboss-fuse-6.1.0.redhat-379/lib/endorsed
  143. -Djava.ext.dirs=/etc/alternatives/java_sdk/jre/lib/ext:/etc/alternatives/java_sdk/lib/ext:
  144. /home/fuse/jboss-fuse-6.1.0.redhat-379/lib/ext
  145. -Dkaraf.instances=/home/fuse/jboss-fuse-6.1.0.redhat-379/instances
  146. -Dkaraf.home=/home/fuse/jboss-fuse-6.1.0.redhat-379
  147. -Dkaraf.base=/home/fuse/jbossfuse- 6.1.0.redhat-379
  148. -Dkaraf.data=/home/fuse/instance-root-data
  149. -Djava.io.tmpdir=/home/fuse/instance-root-data/tmp
  150. -Djava.util.logging.config.file=/home/fuse/jboss-fuse-6.1.0.redhat-379/etc/java.util.logging.properties
  151. -Dkaraf.startLocalConsole=false
  152. -Dkaraf.startRemoteShell=true
  153. -classpath /home/fuse/jboss-fuse-6.1.0.redhat-379/lib/karaf-jaas-boot.jar:
  154. /home/fuse/jboss-fuse-6.1.0.redhat-379/lib/karaf.jar
  155. org.apache.karaf.main.Main
  156. Shut down the fuse instance, executing the following command:
  157. [fuse@stationX ~]$ $KARAF_BASE/bin/stop
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!