wildfly
Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >7.0.0 < 9.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'puppet-wildfly', '4.0.0'
Learn more about managing modules with a PuppetfileDocumentation
wildfly
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with wildfly
- Upgrade
- Usage - Configuration options and additional functionality
- Wildfly 25.0.0
- Wildfly 23.0.2
- Wildfly 10.1.0
- Wildfly 9.0.2
- Wildfly 8.2.1
- JBoss EAP 6.x (with hiera)
- JBoss EAP 7.0
- Keycloak
- apiman
- Infinispan Server
- Wildfly's Configuration Management
- Patch management
- Unmanaged installation
- Domain Mode
- Java Virtual Machine options
- Deployment
- User management
- Module installation
- Datasources
- HTTPS/SSL
- Management over HTTPS/SSL
- Server reload
- Messaging
- Logging
- Modcluster
- JGroups
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Documentation
Overview
Originally created by Edwin Biemond email biemond at gmail dot com biemond.blogspot.com
Install, configures and manages Wildfly.
Should work on every Redhat or Debian family member, tested with Wildfly 10.1, 10.0, 9.0, 8.2, 8.1 & 8.0 and with JBoss EAP (tested on 6.1/6.2/6.3/6.4 and 7.0). Some defines may work only in certain versions.
Vagrant Fedora 21, Puppet 4.2.1 example with Wildfly 8.2, Apache AJP and PostgreSQL.
Vagrant CentOS Standalone HA + Gossip Router example with two nodes, a gossip router and a load balancer (httpd + mod_cluster).
Vagrant CentOS 7.2 Domain Mode with two nodes (Domain master and slave) and a load balancer.
Module Description
The wildfly module can install, configure and manage - through its HTTP Management API - Wildfly (8/9/10+) and JBoss EAP (6.1+/7.0+).
Setup
What wildfly affects
-
Manage Wildfly user, group and directory.
-
Creates a wildfly service using bundled scripts and manages its installation and resources (using Management API)
-
Installs requisite libaio and wget packages
Setup Requirements
This module requires a JVM ( should already be there ). Just need to be extracted somewhere, no need to update-alternatives, set PATH or anything else, but it also works if you choose to do so.
Three gems are bundled with this module: treetop
(parsing JBoss-CLI commands), polyglot
(treetop's requirement) and net-http-digest_auth
(Management API authentication).
Acceptance tests works with puppetlabs/java in both CentOS and Debian.
This module requires puppetlabs-stdlib
.
It should work on every modern Linux. TO see a list of all tested OSes, please check the metadata.json.
Upgrade
to 1.2.0
wildfly class
The main changes in wildfly
class are below:
class { 'wildfly':
distribution => 'jboss-eap|wildfly',
properties => {
'jboss.bind.address' => $public_bind,
'jboss.bind.address.management' => $mgmt_bind,
'jboss.management.http.port' => $mgmt_http_port,
'jboss.management.https.port' => $mgmt_https_port,
'jboss.http.port' => $public_http_port,
'jboss.https.port' => $public_https_port,
'jboss.ajp.port' => $ajp_port,
},
jboss_opts => '-Dproperty=value'
mgmt_user => { username => $management_user, password => $management_password },
}
distribution
was introduced to provide out of the box support for JBoss EAP and properties
to replace fine-grained parameters for address/port binding like public_bind
, mgmt_bind
and public_http_port
. (Reason: It's easier - and more reliable - to manage a properties file than Wildfly's XML through augeas)
users_mgmt
was replaced by mgmt_user
, and additional users should be managed by wildfly::config::mgtm_user
defined type. The hash format and default value also changed.
New dependency
jethrocarr/initfact
module.
Defined types
All resources from wildfly::util
were moved to wildfly
, hence you need to search and replace them, I suggest you execute these commands in your environment:
find . -name '*.pp' -type f -exec sed -i 's/wildfly::util::exec_cli/wildfly::cli/g' {} +
find . -name '*.pp' -type f -exec sed -i 's/wildfly::util/wildfly/g' {} +
to 2.0.0
This version requires Puppet 4.4+ and heavily uses Puppet 4 new features: data types, epp templates and Ruby 2.1+, but there is no breaking change per se. Meaning that if you're using 1.x version with Puppet 4 you should be able to migrate without any problems.
If you're still using Puppet 3.x with Ruby 1.8.7+ check version 1.2.x (unsupported).
to 2.1.0
This version will no longer stringify values for wildfly_resource
's state or sort arrays values. In other words, you'll have to declare attributes using a type that matches Wildfly's Management Model type and in the same order returned by the API (in case of an array/LIST).
Usage
class { 'wildfly': }
Wildfly 25.0.0
class { 'wildfly':
version => '25.0.0',
install_source => 'https://github.com/wildfly/wildfly/releases/download/25.0.0.Final/wildfly-25.0.0.Final.tar.gz',
install_cache_dir => '/tmp',
java_home => '/usr/lib/jvm/java-17-openjdk-amd64',
}
Wildfly 23.0.2
class { 'wildfly':
version => '23.0.2',
install_source => 'https://download.jboss.org/wildfly/23.0.2.Final/wildfly-23.0.2.Final.tar.gz',
install_cache_dir => '/tmp',
java_home => '/usr/lib/jvm/java-17-openjdk-amd64',
}
Wildfly 10.1.0
class { 'wildfly':
version => '10.1.0',
install_source => 'http://download.jboss.org/wildfly/10.1.0.Final/wildfly-10.1.0.Final.tar.gz',
}
Wildfly 9.0.2
class { 'wildfly':
version => '9.0.2',
install_source => 'http://download.jboss.org/wildfly/9.0.2.Final/wildfly-9.0.2.Final.tar.gz',
}
Wildfly 8.2.1
class { 'wildfly':
version => '8.2.1',
install_source => 'http://download.jboss.org/wildfly/8.2.1.Final/wildfly-8.2.1.Final.tar.gz',
}
JBoss EAP 6.x (with hiera)
include wildfly
wildfly::distribution: 'jboss-eap'
wildfly::version: '6.4'
wildfly::install_source: 'http://mywebserver/jboss-eap-6.4.tar.gz'
wildfly::user: 'jboss-as'
wildfly::group: 'jboss-as'
wildfly::dirname: '/opt/jboss-as'
wildfly::console_log: '/var/log/jboss-as/console.log'
JBoss EAP 7.0
class { 'wildfly':
version => '7.0',
distribution => 'jboss-eap',
install_source => 'http:/mywebserver/jboss-eap-7.0.tar.gz',
user => 'jboss-eap',
group => 'jboss-eap',
dirname => '/opt/jboss-eap',
console_log => '/var/log/jboss-eap/console.log',
}
Keycloak
Keycloak is an open source Identity and Access Management built on top of Wildfly/JBoss platform, therefore you should be able to use this module to install and config it.
class { 'wildfly':
version => '10.1.0',
distribution => 'wildfly',
install_source => 'https://downloads.jboss.org/keycloak/2.5.0.Final/keycloak-2.5.0.Final.tar.gz',
}
NOTE: Just make sure to point to the right version/distribution it was built upon.
Some Keycloak configuration can be managed in the same way as a regular Wildfly/Jboss configuration:
wildfly::datasources::datasource { 'KeycloakDS':
config => {
'driver-name' => 'postgresql',
'password' => 'keycloak',
'user-name' => 'keycloak',
'jndi-name' => 'java:jboss/datasources/KeycloakDS',
'connection-url' => "jdbc:postgresql://192.168.33.20:5432/keycloak",
'background-validation' => true,
'background-validation-millis' => 60000,
'check-valid-connection-sql' => 'SELECT 1',
'flush-strategy' => 'IdleConnections',
}
}
apiman
apiman is an API Manager built on top of Wildfly/JBoss, therefore you should be able to use this module to install and config it.
Currently there aren't no prebuilt packages, but download page provides instruction to build it for Wildfly 10, 9 and EAP 7.
Example
wget http://download.jboss.org/wildfly/10.1.0.Final/wildfly-10.1.0.Final.zip
wget http://downloads.jboss.org/apiman/1.2.9.Final/apiman-distro-wildfly10-1.2.9.Final-overlay.zip
unzip wildfly-10.1.0.Final.zip
unzip -o apiman-distro-wildfly10-1.2.9.Final-overlay.zip -d wildfly-10.1.0.Final
tar czvf apiman-wildfly-10.1.0.Final.tar.gz wildfly-10.1.0.Final
class { 'wildfly':
version => '10.1.0',
distribution => 'wildfly',
config => 'standalone-apiman.xml',
install_source => 'http://10.0.2.2:9090/apiman-wildfly-10.1.0.Final.tar.gz',
}
NOTE: Just make sure to point to the right version/distribution it was built upon.
Infinispan Server
Infinispan Server (or JBoss Data Grid) also work with this module but requires more tweaks.
From Infinispan Server 7 to 9 (including JDG 7.0) you will only need to change install_source
to match the desired version:
class { 'wildfly':
install_source => 'http://10.0.2.2:9090/infinispan-server-8.2.5.Final.tar.gz',
conf_file => '/etc/infinispan-server/infinispan-server.conf',
conf_template => 'wildfly/infinispan-server.conf.erb',
service_file => 'bin/init.d/infinispan-server.sh',
service_name => 'infinispan-server',
}
Limitation: You need to repackage it to a tar.gz file and Infinispan Server 6 and JDG 6.x are not working.
Wildfly's Configuration Management
Wildfly has a Management Model that describes its configuration and there are three main elements that you need to understand in order to use this module: path
, attributes
and operations
This module provides a few defined types built around these concepts using wildfly_resource
and wildfly_cli
(wildfly::messaging::*
, wildfly:datasources::datasource
, wildfly:datasources::driver
) to ease management of most used resources, but they are not guaranteed to work across all versions of JBoss/Wildfly and they represent only a tiny subset of the Management Model.
In order to manage virtually any configuration in the Model Reference (i.e. datasources, https, queues, modcluster) with wildfly::resource
or wildfly::cli
you must understand how declared resources are converted to Management API requests using paths
, attributes
and operations
.
Path/Addresss: The resource address in /node-type=node-name (/node-type=node-name)*
format. (e.g. /subsystem=datasources/datasource=DatasourceName
)
Attributes: key-value pairs that describes the resource. (e.g. driver-name=postgresql
, connection-url=jdbc:postgresql://localhost/postgres
)
Operations: An operation to be performed in a resource. (e.g. read
, write-attribute
, remove
)
With wildfly::cli
you have more control, but you should only use it when you can't manage the resource with wildfly_resource
(e.g. you can't manage enabled
attribute as it is only changed as a result of enable
and disable
operations.):
wildfly::cli { "Enable ADatasource":
command => "/subsystem=datasources/data-source=ADatasource:enable",
unless => "(result == true) of /subsystem=datasources/data-source=ADatasource:read-attribute(name=enabled)",
}
For all other scenarios, wildfly::resource
will be your best friend, from the most simple resource:
wildfly::resource { "/system-property=myproperty":
content => {
'value' => '1234'
},
}
To the most complex:
wildfly::resource { '/subsystem=modcluster/mod-cluster-config=configuration':
recursive => true,
content => {
'advertise' => true,
'connector' => 'ajp',
'excluded-contexts' => 'ROOT,invoker,jbossws,juddi,console',
'proxy-url' => '/',
'sticky-session' => true,
'proxies' => ['192.168.1.1:6666', '192.168.1.2::6666']
'balancer' => 'mybalancer',
'load-balancing-group' => 'mygroup',
'dynamic-load-provider' => {'configuration' => {
'load-metric' => {'busyness' => {
'type' => 'busyness',
}}
}},
}
}
The first thing to note about wildfly::resource
is the absence of an operation, as you will only need to set ensure
with either present or absent, using the first will result in the creation or update of the resource with the declared state/content, whereas the other will remove the resource with all its children.
A resource attribute behaviors like a Puppet resource property. Therefore, unmanaged attributes behavior like unmanaged properties in puppet resources, meaning: if you don't declare, you don't care.
NOTE: Be careful with the type of declared attribute's value as it should match Management Model type. Valid Management Model types include:
STRING
,INT
,BOOLEAN
,LIST
(i.e. arrays []) andOBJECT
(i.e. hashes {}).
Patch management
Wildfly/JBoss allows you to apply patches to existing installation in order to update it. I suggest you use puppet-archive
or any other archive
module to download patches from remote sources, just be aware that you need to extract patch zip file in order to apply patches to Wildfly, but you'll be able to apply the zip file directly when you're using EAP.
NOTE: Wildfly from versions 8.0.0 to 9.0.1 has a bug in
jboss-cli.sh
WFCORE-160 that makes it report that a patch hasn't been successfuly applied (exit code 2) even when it was. If you're using one of theses versions you better update this file or live with a bad report.
Offline
Offline patching requires the server to be down, but don't leave the server in a restart-required
state.
EAP/Offline example
class { 'wildfly':
distribution => 'jboss-eap',
version => '6.4',
}
archive { '/opt/wildfly/jboss-eap-6.4.8-patch.zip':
ensure => present,
source => 'http://10.0.2.2:9090/jboss-eap-6.4.8-patch.zip',
}
->
wildfly::patch::offline { '6.4.8':
source => '/opt/wildfly/jboss-eap-6.4.8-patch.zip',
}
Online
Online patching requires the server to be up and requires a restart after being applied.
Wildfly/Online example
class { 'wildfly':
version => '10.0.0',
install_source => 'http://download.jboss.org/wildfly/10.0.0.Final/wildfly-10.0.0.Final.tar.gz',
}
archive { '/opt/wildfly/wildfly-10.1.0.Final-update.zip':
ensure => present,
extract => true,
extract_path => '/opt/wildfly',
creates => '/opt/wildfly/wildfly-10.1.0.Final.patch',
source => 'http://download.jboss.org/wildfly/10.1.0.Final/wildfly-10.1.0.Final-update.zip',
user => 'wildfly',
group => 'wildfly',
require => [File['/opt/wildfly'],Package['unzip']],
}
->
wildfly::patch::online { '10.1.0':
source => '/opt/wildfly/wildfly-10.1.0.Final.patch',
override_all => true,
}
Unmanaged installation
If you don't want to use this module to manage your Wildfly/JBoss installation or you don't want to manage your installation with Puppet at all. You still can use this module to manage your configuration using wildfly_resource
, wildfly_cli
, wildfly_deployment
and wildfly_restart
.
Example:
wildfly_resource { "/subsystem=datasources/data-source=MyDS":
ensure => 'present',
username => 'admin',
password => 'password',
host => '192.168.33.10',
port => '9990',
state => {
'driver-name' => 'postgresql',
'connection-url' => 'jdbc:postgresql://localhost/postgres',
'jndi-name' => 'java:jboss/datasources/MyDS',
'user-name' => 'postgres',
'password' => 'postgres',
},
}
Domain Mode
Master (Domain Controller)
class { 'wildfly':
mode => 'domain',
host_config => 'host-master.xml',
properties => {
'jboss.bind.address.management' => '172.17.0.2',
},
}
wildfly::config::mgmt_user { 'slave1':
password => 'wildfly',
}
NOTE: Don't forget to set
target_profile
while managing your domain resources.
Slave (Host Controller)
class { 'wildfly':
mode => 'domain',
host_config => 'host-slave.xml',
properties => {
'jboss.domain.master.address' => '172.17.0.2',
},
secret_value => 'd2lsZGZseQ==', #base64('wildfly'),
}
NOTE: Host Controller name has to match a mgmt user name in Domain Controller, since, by default, HC uses it own name as the username for connecting with DC. You can always set a different one by overriding
remote_username
parameter.
Domain Management
Make sure you remove default resources (server-groups and server-config) if you're not going to use it.
Domain controller:
wildfly::domain::server_group { ['main-server-group', 'other-server-group']:
ensure => absent,
}
Host controller:
wildfly::host::server_config { ['server-one', 'server-two']:
ensure => absent,
hostname => $hostname,
username => $username,
password => $password,
before => Class['wildfly::setup'],
}
You can also use a overlay_class
instead of use before
.
Host controller:
class { 'wildfly':
# ...
overlay_class => 'app::cleanup'
}
class app::cleanup {
wildfly::host::server_config { ['server-one', 'server-two']:
ensure => absent,
hostname => $hostname,
username => $username,
password => $password,
}
}
Username
and password
are the credentials used to connect to domain controller and make the desired changes. In the first provision this resource will be applied with augeas and will not need that, but in the other these parameters will be required to guarantee that the server-configs no longer exists.
After that, start managing your own server-groups
and server-config
with wildfly::domain::server-group
and wildfly::host::server_config
:
Domain controller:
wildfly::domain::server_group { 'app-server-group':
profile => 'full-ha',
socket_binding_group => 'full-ha-sockets',
}
Host controller:
wildfly::host::server_config { 'app':
server_group => 'app-server-group',
hostname => $hostname,
username => $username,
password => $password,
}
Please note that you'll need to enable external facts (wildfly::external_facts
) since wildfly::host::server_config
relies on wildfly_is_running
fact to know if it should use augeas or connect to the domain controller to remove a server-config.
Custom Java options
Domain controller:
class { 'wildfly':
...,
java_opts => ['<java_opt_1>', '<java_opt_2>']
process_controller_java_opts => ['<controller_opt_1>', '<controller_opt_2>']
}
Results in a domain.conf
with:
if [ "x$JAVA_OPTS" = "x" ]; then
JAVA_OPTS=...
JAVA_OPTS="$JAVA_OPTS <java_opt_1> <java_opt_2>"
...
fi
...
if [ "x$PROCESS_CONTROLLER_JAVA_OPTS" = "x" ]; then
PROCESS_CONTROLLER_JAVA_OPTS="$JAVA_OPTS <controller_opt_1>, <controller_opt_2>"
fi
Host controller:
class { 'wildfly':
...,
java_opts => ['<java_opt_1>', '<java_opt_2>']
host_controller_java_opts => ['<managed_opt_1>', '<managed_opt_2>']
}
Results in a domain.conf
with:
if [ "x$JAVA_OPTS" = "x" ]; then
JAVA_OPTS=...
JAVA_OPTS="$JAVA_OPTS <java_opt_1> <java_opt_2>"
...
fi
...
if [ "x$HOST_CONTROLLER_JAVA_OPTS" = "x" ]; then
HOST_CONTROLLER_JAVA_OPTS="$JAVA_OPTS <managed_opt_1> <managed_opt_2>"
fi
Java Virtual Machine options
To adjust JVM heap memory settings, use wildfly
class java_xmx
, java_xms
and/or java_maxmetaspace_size
parameters:
class { 'wildfly':
# ...
java_xms => '<Minimum heap size>',
java_xmx => '<Maximum heap size>',
java_maxmetaspace_size => '<Maximum Metaspace size>',
}
Deployment
From a local or remote source
Source supports these protocols: http://
, ftp://
, puppet://
, file://
wildfly::deployment { 'hawtio.war':
source => 'http://central.maven.org/maven2/io/hawt/hawtio-web/1.4.48/hawtio-web-1.4.48.war',
}
wildfly::deployment { 'hawtio.war':
source => 'puppet:///modules/profile/wildfly/hawtio-web-1.4.48.war',
}
wildfly::deployment { 'hawtio.war':
source => 'file://var/tmp/hawtio-web-1.4.48.war',
}
To a target server-group (domain mode)
wildfly::deployment { 'hawtio.war':
source => 'http://central.maven.org/maven2/io/hawt/hawtio-web/1.4.48/hawtio-web-1.4.48.war',
server_group => 'main-server-group',
}
From nexus
NOTE: This feature was removed to avoid 'archive' name collision, but you can still use archive::nexus to download an artifact and use as an input for
wildfly::deployment
archive::nexus { '/tmp/hawtio.war':
url => 'https://oss.sonatype.org',
gav => 'io.hawt:hawtio-web:1.4.66',
repository => 'releases',
packaging => 'war',
}
~>
wildfly::deployment { 'hawtio.war':
source => '/tmp/hawtio.war'
}
User management
You can add App and Management users (requires server restart).
wildfly::config::mgmt_user { 'mgmtuser':
password => 'mgmtuser'
}
wildfly::config::app_user { 'appuser':
password => 'appuser'
}
And associate groups or roles to them (requires server restart)
wildfly::config::user_groups { 'mgmtuser':
groups => 'admin,mygroup'
}
wildfly::config::user_roles { 'appuser':
roles => 'guest,ejb'
}
Module installation
Install a JAR module from a remote file system, puppet file server or local file system.
wildfly::config::module { 'org.postgresql':
source => 'http://central.maven.org/maven2/org/postgresql/postgresql/9.3-1103-jdbc4/postgresql-9.3-1103-jdbc4.jar',
dependencies => ['javax.api', 'javax.transaction.api']
}
wildfly::config::module { 'org.postgresql':
source => 'puppet:///modules/profiles/wildfly/postgresql-9.3-1103-jdbc4.jar',
dependencies => ['javax.api', 'javax.transaction.api']
}
wildfly::config::module { 'org.postgresql':
source => 'file:///var/tmp/postgresql-9.3-1103-jdbc4.jar',
dependencies => ['javax.api', 'javax.transaction.api']
}
Datasources
Setup a driver and a datasource (for domain mode you need to set target_profile
parameter):
wildfly::datasources::driver { 'Driver postgresql':
driver_name => 'postgresql',
driver_module_name => 'org.postgresql',
driver_xa_datasource_class_name => 'org.postgresql.xa.PGXADataSource'
}
->
wildfly::datasources::datasource { 'DemoDS':
config => {
'driver-name' => 'postgresql',
'connection-url' => 'jdbc:postgresql://localhost/postgres',
'jndi-name' => 'java:jboss/datasources/DemoDS',
'user-name' => 'postgres',
'password' => 'postgres'
}
}
Alternatively, you can install a JDBC driver and module using deployment if your driver is JDBC4 compliant:
wildfly::deployment { 'postgresql-9.3-1103-jdbc4.jar':
source => 'http://central.maven.org/maven2/org/postgresql/postgresql/9.3-1103-jdbc4/postgresql-9.3-1103-jdbc4.jar'
}
->
wildfly::datasources::datasource { 'DemoDS':
config => {
'driver-name' => 'postgresql-9.3-1103-jdbc4.jar',
'connection-url' => 'jdbc:postgresql://localhost/postgres',
'jndi-name' => 'java:jboss/datasources/DemoDS',
'user-name' => 'postgres',
'password' => 'postgres'
}
}
A postgresql normal & XA datasource example
wildfly::config::module { 'org.postgresql':
source => 'http://central.maven.org/maven2/org/postgresql/postgresql/9.3-1103-jdbc4/postgresql-9.3-1103-jdbc4.jar',
dependencies => ['javax.api', 'javax.transaction.api'],
require => Class['wildfly'],
}
->
wildfly::datasources::driver { 'Driver postgresql':
driver_name => 'postgresql',
driver_module_name => 'org.postgresql',
driver_xa_datasource_class_name => 'org.postgresql.xa.PGXADataSource'
}
->
wildfly::datasources::datasource { 'petshop datasource':
name => 'petshopDS',
config => { 'driver-name' => 'postgresql',
'connection-url' => 'jdbc:postgresql://10.10.10.10/petshop',
'jndi-name' => 'java:jboss/datasources/petshopDS',
'user-name' => 'petshop',
'password' => 'password'
}
}
->
wildfly::datasources::xa_datasource { 'petshopDSXa':
config => { 'driver-name' => 'postgresql',
'jndi-name' => 'java:jboss/datasources/petshopDSXa',
'user-name' => 'petshop',
'password' => 'password',
'xa-datasource-class' => 'org.postgresql.xa.PGXADataSource',
'xa-datasource-properties' => {
'url' => {'value' => 'jdbc:postgresql://10.10.10.10/petshop'}
},
}
}
Datasource configuration uses a hash with elements that match JBoss-CLI datasource add elements name.
Configure Database Property, only works for normal datasources
wildfly::datasources::db_property { 'DemoDbProperty':
value => 'demovalue',
database => 'ExampleDS',
}
HTTPS/SSL
Wildfly 8+
wildfly::undertow::https { 'https':
socket_binding => 'https',
keystore_path => '/vagrant/identitystore.jks',
keystore_password => 'changeit',
key_alias => 'demo',
key_password => 'changeit'
}
JBoss AS7/EAP 6
wildfly::web::connector { 'https':
scheme => 'https',
protocol => 'HTTP/1.1',
socket_binding => 'https',
enable_lookups => false,
secure => true,
}
->
wildfly::web::ssl { 'ssl':
connector => 'https',
protocol => 'TLSv1,TLSv1.1,TLSv1.2',
password => 'changeit',
key_alias => 'demo',
certificate_key_file => '/opt/identitykeystore.jks',
cipher_suite => 'TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA',
}
Sample identity store configuration with puppetlabs-java_ks
java_ks { 'demo:/opt/identitystore.jks':
ensure => latest,
certificate => '/opt/demo.pub.crt',
private_key => '/opt/demo.private.pem',
path => '/usr/java/jdk1.7.0_75/bin/',
password => 'changeit',
}
Management over HTTPS/SSL
This feature is currently implemented for standalone mode only. The default http management console and API can be changed to run over HTTPS/TLS.
Basic use with a self signed certificate
This will generate and use a basic self signed certificate for the Management interface. Requires the puppetlabs/java_ks module:
class { 'wildfly':
secure_mgmt_api => true,
}
Providing your own certificate
The module will create the approprate keystores, truststores, and configuration if given paths to the private key and certificate. Use your favorite method to ensure the key and certificate exist on the endpoint. Requires the puppetlabs/java_ks module:
class { 'wildfly':
secure_mgmt_api => true,
mgmt_ssl_key => '/etc/pki/tls/private/key.pem',
mgmt_ssl_cert => '/etc/pki/tls/certs/cert.pem',
}
Unmanaged keystores
If preferred, the management API can be configured to use keystores/truststores managed outside this module. These will need to exist before running the wildfly class.
Be aware of the following:
- The existing keystore needs to be readable by the wildfly user.
- Truststores need to exist in the home directories for the wildfly user and the root user.
class { 'wildfly':
secure_mgmt_api => true,
mgmt_create_keystores => false,
mgmt_keystore => '/etc/pki/keystores/wf_ks.jks',
mgmt_keystore_pass => 'password',
mgmt_keystore_alias => 'wfmgmt',
}
Server Reload
Some configurations like SSL and modcluster requires a server reload (i.e. server-state = reload-required
), and it can be achieved with the following snippet:
## a_resource_that_requires_reload_when_changed {}
~>
wildfly::reload { 'Reload if necessary':
retries => 2,
wait => 15,
}
Or
wildfly::cli { 'Reload if necessary':
command => ':reload',
onlyif => '(result == reload-required) of :read-attribute(name=server-state)'
}
Even operation-headers can do the trick in some cases:
wildfly::resource { '/some=resource':
operation_headers => {
'allow-resource-service-restart' => true,
}
}
Messaging
NOTE:
full
profiles only
wildfly::messaging::queue { 'DemoQueue':
durable => true,
entries => ['java:/jms/queue/DemoQueue'],
selector => "MessageType = 'AddRequest'"
}
wildfly::messaging::topic { 'DemoTopic':
entries => ['java:/jms/topic/DemoTopic']
}
Wildfly 10/EAP 7+ replaced HornetQ with ActiveMQ and queue/topic management is slightly different:
wildfly::messaging::activemq::queue { 'DemoQueue':
durable => true,
entries => ['java:/jms/queue/DemoQueue'],
selector => "MessageType = 'AddRequest'"
}
wildfly::messaging::activemq::topic { 'DemoTopic':
entries => ['java:/jms/topic/DemoTopic']
}
Logging
wildfly::logging::category { 'DemoCategory':
level => 'DEBUG',
use_parent_handlers => false,
handlers => ['DemoHandler']
}
System Property
wildfly::system::property { 'DemoSysProperty':
value => 'demovalue'
}
Modcluster
NOTE:
full
andha
profiles only
wildfly::modcluster::config { "Modcluster mybalancer":
balancer => 'mybalancer',
load_balancing_group => 'demolb',
proxy_url => '/',
proxy_list => '127.0.0.1:6666'
}
NOTE: For apache/httpd mod_cluster configuration check ::apache::mod::cluster
JGroups
NOTE:
ha
profiles only
wildfly::jgroups::stack::tcpgossip { 'TCPGOSSIP':
initial_hosts => '172.28.128.1[12001]',
num_initial_members => 2
}
wildfly::jgroups::stack::tcpping { 'TCPPING':
initial_hosts => '172.28.128.10[7600],17228.128.20[7600]',
num_initial_members => 2
}
Limitations
Some of this module public defined types (widfly::datasources
, wildfly::messaging
, wildfly::undertow
, etc) were built for Wildfly 8.x and may not work with other versions. When there is a proven alternative for a different version, examples might be provided, otherwise you'll need to build your own abstraction using wildfly_resource
or wildfly::resource
.
One discussed approach would be to generate defined types based on Wildfly's configuration schemas ($WILDFLY_HOME/docs/schema
) or DMR (See Issue 174).
JBoss EAP only works with RHEL-based OS's unless you provide custom scripts.
This bug might also be a problem for standalone-full-ha
users of JBoss EAP < 7.
Development
Testing
This module uses puppet-lint, rubocop, rspec-puppet, beaker and travis-ci. We hope you use them before submitting your PR.
Hopefully, you'll need rvm to get the correct gems installed (and not messing with your computer's Ruby setup). Pls follow official installation instructions, plus:
sudo usermod -aG rvm $USER
echo 'source "/etc/profile.d/rvm.sh"' >> ~/.bashrc
Reboot for all changes to take effect, then install Ruby 2.7:
# Didn't work for installing Ruby 2.7, but looks wise:
rvm autolibs enable
# Ruby 2.7 dependency
rvm pkg install openssl
Beware, 'rvm pkg ...' is deprecated, read about the new autolibs feature: 'rvm help autolibs'.
# Inside this project's root directory:
rvm install ruby-2.7 --with-openssl-dir=/usr/share/rvm/usr
rvm use ruby-2.7
# Validate
ruby -v
ruby 2.7.x (20XX-YY-ZZ revision <Hash>) [x86_64-linux]
gem install bundler --no-document
bundle config set --local without 'development'
bundle install
bundle exec rake syntax
bundle exec rake lint
bundle exec rubocop
bundle exec rake spec
Acceptance tests (Beaker) can be executed using ./acceptance.sh
. There is a 4x6 matrix (Wildfly 8/8.2/9/10 X Centos 6/7, Debian 7/8, Ubuntu 12.04/14.04).
I suggest you create a ~/.vagrant.d/Vagrantfile
file and install vagrant-cachier
plugin with the following content to speed up the execution:
Vagrant.configure(2) do |config|
if Vagrant.has_plugin?('vagrant-cachier')
config.cache.scope = :box
config.cache.enable :yum
config.cache.enable :apt
config.cache.enable :generic, 'wget' => { cache_dir: '/var/cache/wget' }
end
end
It takes ~3 minutes per test.
New features
JBoss/Wildfly configuration management is based on three custom types, wildfly_resource
, wildfly_cli
and wildfly_deployment
. And you can do virtually any configuration that is possible through JBoss-CLI or XML configuration using them.
So, before build your awesome definition to manage a new resource or introduce a new configuration in an existing resource, check wildfly::*
(wildfly::deployment
, wildfly::datasources::*
, wildfly::undertow::*
, wildfly::messaging::*
) for guidance.
If you can't figure out how to achieve your configuration, feel free to open an issue.
Author/Contributors
- Edwin Biemond (biemond at gmail dot com)
- Jairo Junior (junior.jairo1 at gmail dot com)
- More
Documentation
see REFERENCE.md
Transfer Notice
This project was originally authored by biemond. The maintainer preferred that Vox Pupuli take ownership of the project for future improvement and maintenance. Existing pull requests and issues were transferred over, please fork and continue to contribute here instead of biemond-wildlfy.
Reference
Table of Contents
Classes
wildfly
: Main class, includes all other classes.wildfly::external_facts
: Set external wildflty factswildfly::install
: Downloads and installs Wildfly from a remote source or a system package.wildfly::prepare
: Manages Wildfly requirements (user, group, dirs and packages)wildfly::secure_mgmt_api
: Manages secure management apiwildfly::service
: Manages Wildfly service.wildfly::service::systemd
: Wildfly systemd configurationwildfly::setup
: Manages Wildfly configuration required to run in service mode.
Defined types
wildfly::cli
: Executes an arbitrary JBoss-CLI command `[node-type=node-name (/node-type=node-name)*] : operation-name ['('[name=value [, name=value]*]')'wildfly::config::app_user
: Manages an Application User (application-users.properties
) for Wildfly.wildfly::config::mgmt_user
: Manages a Management User (mgmt-users.properties
) for Wildfly.wildfly::config::module
: Manages a Wildfly module ($WILDFLY_HOME/modules
).wildfly::config::user
: Generic Wildfly user management.wildfly::config::user_groups
: Manages groups for a Management User (mgmt-groups.properties
).wildfly::config::user_roles
: Manages roles for an Application User (application-roles.properties
).wildfly::datasources::datasource
: Configures a datasourcewildfly::datasources::db_property
: Configures connection property in a databasewildfly::datasources::driver
: Configures a driverwildfly::datasources::xa_datasource
: Configures a xa_datasourcewildfly::deployment
: Manages a deployment (JAR, EAR, WAR) in Wildfly. This define is a wrapper forwildfly_deployment
that defaults to your local Wildfly instwildfly::domain::server_group
: Manages a domain server group.wildfly::host::server_config
: Manages a host server-config. This defined type should be used at a slave machine (considering domain mode). You can use this resource to remwildfly::jgroups::stack
: Configures jgroups stackswildfly::jgroups::stack::tcp
: Configures jgroups TCP-based stacks.wildfly::jgroups::stack::tcpgossip
: Configures a tcpgossip stack.wildfly::jgroups::stack::tcpping
: Configures a tcpping stack.wildfly::logging::category
: Configures a log categorywildfly::messaging::activemq::connection_factory
: Configures a connection factorywildfly::messaging::activemq::queue
: Configures a queuewildfly::messaging::activemq::topic
: Configures a topicwildfly::messaging::queue
: Configures a queuewildfly::messaging::topic
: Configures a topicwildfly::modcluster::config
: Configures modcluster subsystemwildfly::patch::offline
: Applies patches offline.wildfly::patch::online
: Applies patches online. Requires server restart.wildfly::reload
: Performs a system reload when a reload is requiredserver-state=reload-required
. This define is a wrapper forwildfly_restart
that defawildfly::resource
: Manages a Wildfly configuration resource: e.g/subsystem=datasources/data-source=MyDS or /subsystem=datasources/jdbc-driver=postgresql
. Vwildfly::restart
: Performs a full restart system when a restart is requiredserver-state=restart-required
. This define is a wrapper forwildfly_restart
twildfly::security::domain
: This is a defined resource type for creating a security domain Please also see: https://docs.jboss.org/author/display/WFLY9/Security+subsystewildfly::security::group_role_mapping
wildfly::security::ldap_realm
: This defined resource configures a (opiniated!!) LDAP security realm. Based on (among others): - https://access.redhat.com/documentation/en-wildfly::security::login_module
: This is the login-module configuration for a security domain Multiple login-modules can be specified for a single security domain. [*domain_wildfly::security::user_role_mapping
wildfly::system::property
: Configures a system propertywildfly::undertow::https
: Configures a connectorwildfly::web::connector
wildfly::web::ssl
Resource types
wildfly_cli
: Executes JBoss-CLI commmandswildfly_deployment
: Manages JBoss deploymentwildfly_resource
: Manages JBoss resources like datasources, messaging, ssl, modcluster, etcwildfly_restart
: Manage JBoss restarts.
Functions
os_config
: Default OS configuration for a specific distribution and version.wildfly::objectify
: Converts a LIST of STRINGs and OBJECTs into an OBJECT of OBJECTs.wildfly::patch_args
: Generate args for JBoss-CLIpatch
command.wildfly::profile_path
: Transform a profile name to a JBoss-CLI profile path.wildfly::service_config
: Default service configuration for a specific distribution, version execution mode and initsystem.
Data types
Classes
wildfly
Main class, includes all other classes.
Parameters
The following parameters are available in the wildfly
class:
config
conf_file
conf_template
console_log
custom_init
distribution
dirname
domain_config
external_facts
gid
group
host_config
install_cache_dir
deploy_cache_dir
install_download_timeout
install_source
java_home
java_opts
java_xmx
java_xms
java_maxmetaspace_size
jboss_opts
manage_user
mgmt_user
mgmt_create_keystores
mgmt_keystore
mgmt_keystore_alias
mgmt_keystore_pass
mgmt_ssl_cert
mgmt_ssl_key
mode
mode_template
overlay_class
package_ensure
package_name
package_version
properties
remote_debug
remote_debug_port
remote_username
secret_value
secure_mgmt_api
service_ensure
service_enable
service_file
service_name
service_manage
shutdown_wait
startup_wait
systemd_template
uid
user
user_home
version
process_controller_java_opts
host_controller_java_opts
config
Data type: Wildfly::Config_file
Sets Wildfly configuration file for initialization when you're using 'standalone' mode.
Default value: 'standalone.xml'
conf_file
Data type: Optional[Stdlib::Unixpath]
Sets a file to be used for service configuration.
Default value: undef
conf_template
Data type: Optional[String]
Sets a template file for service configuration.
Default value: undef
console_log
Data type: Stdlib::Unixpath
Configures service log file.
Default value: '/var/log/wildfly/console.log'
custom_init
Data type: Optional[String]
Sets a custom init script.
Default value: undef
distribution
Data type: Wildfly::Distribution
Sets the Wildfly distribution: 'wildfly' or 'jboss-eap'.
Default value: 'wildfly'
dirname
Data type: Stdlib::Unixpath
JBOSS_HOME
. i.e. The directory where your Wildfly will live.
Default value: '/opt/wildfly'
domain_config
Data type: Wildfly::Config_file
Sets Wildfly configuration file for initialization when you're using 'domain' mode.
Default value: 'domain.xml'
external_facts
Data type: Boolean
Whether it should deploy external facts.
Default value: false
gid
Data type: Optional[Integer]
Sets managed group ID.
Default value: undef
group
Data type: String
Group to own JBOSS_HOME
. If manage_user
is true
, this group will be managed.
Default value: 'wildfly'
host_config
Data type: Wildfly::Config_file
Sets Wildfly Host configuration file for initialization when you're using 'domain' mode.
Default value: 'host.xml'
install_cache_dir
Data type: Stdlib::Unixpath
The directory to be used for wget cache.
Default value: '/var/cache/wget'
deploy_cache_dir
Data type: Stdlib::Unixpath
The directory to be used for deployment cache.
Default value: '/opt'
install_download_timeout
Data type: Integer
Sets the timeout for installer download.
Default value: 500
install_source
Data type:
Variant[Pattern[/^file:\/\//],
Pattern[/^puppet:\/\//],
Stdlib::Httpsurl, Stdlib::Httpurl,
Undef
]
Custom source of Wildfly tarball installer. Defaults to standard Wildfly repositories.
Default value: undef
java_home
Data type: Stdlib::Unixpath
Sets the JAVA_HOME
for Wildfly.
Default value: '/usr/java/default'
java_opts
Data type: Variant[Undef, String, Array]
Sets JAVA_OPTS
, allowing to override several Java params, like Xmx
, Xms
and MaxMetaspaceSize
,
Default value: undef
java_xmx
Data type: String
Sets Java's -Xmx
parameter.
Default value: '512m'
java_xms
Data type: String
Sets Java's -Xms
parameter.
Default value: '256m'
java_maxmetaspace_size
Data type: String
Sets Java's -XX:MaxMetaspaceSize
parameter.
Default value: '128m'
jboss_opts
Data type: Optional[String]
Sets JBOSS_OPTS
, allowing to override several JBoss properties. It only works with Wildfly 8.2+.
Default value: undef
manage_user
Data type: Boolean
Whether this module should manage wildfly user and group.
Default value: true
mgmt_user
Data type: Struct[{ username => String, password => String }]
Hash containing a Wildfly's management user to be used internally.
Default value:
{
username => 'puppet',
password => fqdn_rand_string(30),
}
mgmt_create_keystores
Data type: Boolean
Enables or disables the creation of keystores for TLS enabled ManagementRealm.
Default value: true
mgmt_keystore
Data type: Stdlib::Unixpath
Path to a pre-defined keystore to be used for a TLS enabled ManagementRealm.
Default value: "${dirname}/${mode}/configuration/mgmt.jks"
mgmt_keystore_alias
Data type: String
The java keystore 'alias' to be used for a TLS enabled ManagementRealm.
Default value: 'mgmt'
mgmt_keystore_pass
Data type: String
The java keystore password to be used for a TLS enabled ManagementRealm.
Default value: 'changeit'
mgmt_ssl_cert
Data type: Optional[Stdlib::Unixpath]
Path to the certificate used for setting up the ManagementRealm keystore.
Default value: undef
mgmt_ssl_key
Data type: Optional[Stdlib::Unixpath]
Path to the private key used for setting up the ManagementRealm keystore.
Default value: undef
mode
Data type: Wildfly::Mode
Sets Wildfly execution mode will run, 'standalone' or 'domain'.
Default value: 'standalone'
mode_template
Data type: String
Sets epp template for standalone.conf or domain.conf.
Default value: "wildfly/${mode}.conf"
overlay_class
Data type: Optional[String]
Sets a class to be applied between 'install' and 'setup' classes.
Default value: undef
package_ensure
Data type: String
Wheter it should manage required packages.
Default value: 'present'
package_name
Data type: Optional[String]
Sets Wildfly package name.
Default value: undef
package_version
Data type: Optional[String]
Sets Wildfly package version.
Default value: undef
properties
Data type: Hash[Pattern[/^\w*(\.\w*-?\w*)*$/], String]
Sets properties for your service.
Default value:
{
'jboss.bind.address' => '0.0.0.0',
'jboss.bind.address.management' => '127.0.0.1',
'jboss.management.http.port' => '9990',
'jboss.management.https.port' => '9993',
'jboss.http.port' => '8080',
'jboss.https.port' => '8443',
'jboss.ajp.port' => '8009',
}
remote_debug
Data type: Boolean
Whether remote debug should be enabled.
Default value: false
remote_debug_port
Data type: Integer
Sets the port to be used by remote debug.
Default value: 8787
remote_username
Data type: Optional[String]
Sets remote username in host config.
Default value: undef
secret_value
Data type: Optional[String]
Sets the secret value in host config.
Default value: undef
secure_mgmt_api
Data type: Boolean
Setup and use HTTPS calls to the management API.
Default value: false
service_ensure
Data type: Boolean
Sets Wildfly's service 'ensure'.
Default value: true
service_enable
Data type: Boolean
Sets Wildfly's service 'enable'.
Default value: true
service_file
Data type: Optional[Stdlib::Unixpath]
Sets a file to be used for service management.
Default value: undef
service_name
Data type: Optional[String]
Sets Wildfly's service 'name'.
Default value: undef
service_manage
Data type: Boolean
Reload Wildfly's service when changed config.
Default value: true
shutdown_wait
Data type: Integer
Sets the time to wait for the process to be shutdown - sysvinit scripts only.
Default value: 30
startup_wait
Data type: Integer
Sets the time to wait for the process to be up - sysvinit scripts only.
Default value: 30
systemd_template
Data type: Optional[String]
Sets a custom systemd template.
Default value: undef
uid
Data type: Optional[Integer]
Sets managed user ID.
Default value: undef
user
Data type: String
User to own JBOSS_HOME
. If manage_user
is true
, this user will be managed.
Default value: 'wildfly'
user_home
Data type: Stdlib::Unixpath
User home directory. Defaults to '/home/wildfly'
Default value: '/home/wildfly'
version
Data type: Pattern[/^(\d{1,}\.\d{1,}(\.\d{1,})?$)/]
Sets the Wildfly version managed in order to handle small differences among versions.
Default value: '9.0.2'
process_controller_java_opts
Data type: Variant[Undef, String, Array]
Default value: undef
host_controller_java_opts
Data type: Variant[Undef, String, Array]
Default value: undef
wildfly::external_facts
Set external wildflty facts
wildfly::install
Downloads and installs Wildfly from a remote source or a system package.
wildfly::prepare
Manages Wildfly requirements (user, group, dirs and packages)
wildfly::secure_mgmt_api
Manages secure management api
wildfly::service
Manages Wildfly service.
wildfly::service::systemd
Wildfly systemd configuration
wildfly::setup
Manages Wildfly configuration required to run in service mode.
Defined types
wildfly::cli
Executes an arbitrary JBoss-CLI command
[node-type=node-name (/node-type=node-name)*] : operation-name ['('[name=value [, name=value]*]')'] [{header (;header)*}]
.
This define is a wrapper for wildfly_cli
that defaults to your local Wildfly installation.
Parameters
The following parameters are available in the wildfly::cli
defined type:
command
Data type: String
The actual command to execute.
Default value: $title
unless
Data type: Optional[String]
If this parameter is set, then this cli
will only run if this command condition is met.
Default value: undef
onlyif
Data type: Optional[String]
If this parameter is set, then this cli
will run unless this command condition is met.
Default value: undef
username
Data type: String
Wildfly's management user to be used internally.
Default value: $wildfly::mgmt_user['username']
password
Data type: String
The password for Wildfly's management user.
Default value: $wildfly::mgmt_user['password']
host
Data type: String
The IP address or FQDN of the JBoss Management service.
Default value: $wildfly::properties['jboss.bind.address.management']
port
Data type: String
The port of the JBoss Management service.
Default value: $wildfly::properties['jboss.management.http.port']
secure
Data type: Boolean
Use https port or http port.
Default value: $wildfly::secure_mgmt_api
refreshonly
Data type: Optional[Boolean]
Default value: undef
wildfly::config::app_user
Manages an Application User (application-users.properties
) for Wildfly.
Parameters
The following parameters are available in the wildfly::config::app_user
defined type:
password
Data type: String
The user password.
wildfly::config::mgmt_user
Manages a Management User (mgmt-users.properties
) for Wildfly.
Parameters
The following parameters are available in the wildfly::config::mgmt_user
defined type:
password
Data type: String
The user password.
wildfly::config::module
Manages a Wildfly module ($WILDFLY_HOME/modules
).
Parameters
The following parameters are available in the wildfly::config::module
defined type:
source
Data type:
Variant[
Pattern[/^\./],
Pattern[/^file:\/\//],
Pattern[/^puppet:\/\//],
Stdlib::Httpsurl,
Stdlib::Httpurl
]
Sets the source for this module, either a local file file://
, a remote one http://
or puppet://
.
template
Data type: String
Sets the EPP template to module.xml file. Default to 'wildfly/module.xml'.
Default value: 'wildfly/module.xml'
dependencies
Data type: Array
Sets the dependencies for this module e.g. javax.transaction
.
Default value: []
system
Data type: Boolean
Whether this is a system (system/layers/base
) module or not.
Default value: true
custom_file
Data type: Optional[String]
Sets a file source for module.xml. If set, template is ignored.
Default value: undef
wildfly::config::user
Generic Wildfly user management.
Parameters
The following parameters are available in the wildfly::config::user
defined type:
password
Data type: String
User password.
file_name
Data type: String
Name of config file.
wildfly::config::user_groups
Manages groups for a Management User (mgmt-groups.properties
).
Parameters
The following parameters are available in the wildfly::config::user_groups
defined type:
groups
Data type: String
List of groups to associate with this user.
wildfly::config::user_roles
Manages roles for an Application User (application-roles.properties
).
Parameters
The following parameters are available in the wildfly::config::user_roles
defined type:
roles
Data type: String
List of roles to associate with this user.
wildfly::datasources::datasource
Configures a datasource
Parameters
The following parameters are available in the wildfly::datasources::datasource
defined type:
config
Data type: Optional[Hash]
datasource config
Default value: undef
target_profile
Data type: Optional[String]
for domain mode you need to set this parameter
Default value: undef
wildfly::datasources::db_property
Configures connection property in a database
Parameters
The following parameters are available in the wildfly::datasources::db_property
defined type:
database
Data type: String
datasource database
value
Data type: Optional[String]
datasource db property value
Default value: undef
target_profile
Data type: Optional[String]
for domain mode you need to set this parameter
Default value: undef
wildfly::datasources::driver
Configures a driver
Parameters
The following parameters are available in the wildfly::datasources::driver
defined type:
driver_name
Data type: String
datasource driver
driver_module_name
Data type: String
datasource driver module name
driver_class_name
Data type: Optional[String]
datasource driver class name
Default value: undef
driver_xa_datasource_class_name
Data type: Optional[String]
datasource driver xa class name
Default value: undef
target_profile
Data type: Optional[String]
for domain mode you need to set this parameter
Default value: undef
wildfly::datasources::xa_datasource
Configures a xa_datasource
Parameters
The following parameters are available in the wildfly::datasources::xa_datasource
defined type:
config
Data type: Optional[Hash]
xa_datasource config
Default value: undef
target_profile
Data type: Optional[String]
for domain mode you need to set this parameter
Default value: undef
wildfly::deployment
Manages a deployment (JAR, EAR, WAR) in Wildfly.
This define is a wrapper for wildfly_deployment
that defaults to your local Wildfly installation.
Parameters
The following parameters are available in the wildfly::deployment
defined type:
ensure
Data type: Enum[present, absent]
Whether the deployment should exist (present
) or not (absent
).
Default value: present
source
Data type:
Variant[
Pattern[/^file:\/\//],
Pattern[/^puppet:\/\//],
Stdlib::Httpsurl,
Stdlib::Httpurl
]
Sets the source for this deployment, either a local file file://
or a remote file http://
.
timeout
Data type: Optional[Integer]
Sets the timeout to deploy this resource.
Default value: undef
server_group
Data type: Optional[String]
Sets the target server-group
for this deployment.
Default value: undef
operation_headers
Data type: Hash
Sets operation-headers (e.g. { 'allow-resource-service-restart' => true, 'rollback-on-runtime-failure' => false, 'blocking-timeout' => 600}
) to be used when creating/destroying this deployment.
Default value: {}
username
Data type: String
Wildfly's management user to be used internally.
Default value: $wildfly::mgmt_user['username']
password
Data type: String
The password for Wildfly's management user.
Default value: $wildfly::mgmt_user['password']
host
Data type: String
The IP address or FQDN of the JBoss Management service.
Default value: $wildfly::properties['jboss.bind.address.management']
port
Data type: String
The port of the JBoss Management service.
Default value: $wildfly::properties['jboss.management.http.port']
secure
Data type: Boolean
Use https port or http port.
Default value: $wildfly::secure_mgmt_api
wildfly::domain::server_group
Manages a domain server group.
Parameters
The following parameters are available in the wildfly::domain::server_group
defined type:
ensure
Data type: Enum[present, absent]
Whether the resource should exist (present
) or not (absent
).
Default value: present
profile
Data type: Optional[String]
Sets profile referenced by the server-group.
Default value: undef
socket_binding_group
Data type: Optional[String]
Sets socket-binding-group referenced by the server-group.
Default value: undef
socket_binding_port_offset
Data type: Integer
Sets socket-binding-port-offset server-config port offset.
Default value: 0
jvm_name
Data type: String
Sets jvm name configured to the server-group.
Default value: 'default'
jvm_config
Data type: Hash
Sets jvm configurations like ,
etc.
Default value: {}
wildfly::host::server_config
Manages a host server-config. This defined type should be used at a slave machine (considering domain mode). You can use this resource to remove default servers server-one and server-two (present at default host-slave.xml). If you removed the default server-groups in the domain controller (main-server-group and other-server-group) you'll need to ensure that the resources are applied after the Wildfly installation and before the module starts to setup Wildfly to enable and run the service (or the host controller service will not run at all because the servers are associated to server-groups that doesn't exist). For this case, use a overlay_class (wildfly::overlay_class param) or the following snippet:
wildfly::host::server_config { ['server-one', 'server-two']: ensure => absent, hostname => $hostname, username => $username, password => $password, require => Class['wildfly::install'], before => Class['wildfly::setup'], }
Parameters
The following parameters are available in the wildfly::host::server_config
defined type:
ensure
server_group
offset
auto_start
wildfly_dir
host_config
hostname
username
password
controller_address
controller_mgmt_port
start_server_after_created
ensure
Data type: Enum[present, absent]
Whether the resource should exist (present
) or not (absent
).
Default value: present
server_group
Data type: Optional[String]
Sets server-group associated to server-config.
Default value: undef
offset
Data type: Integer
Sets server-config port offset.
Default value: 0
auto_start
Data type: Boolean
Sets server to autostart with JBoss Service.
Default value: true
wildfly_dir
Data type: Stdlib::Unixpath
JBOSS_HOME
. i.e. The directory where your Wildfly will live.
Default value: $wildfly::dirname
host_config
Data type: Optional[Wildfly::Config_file]
Sets Wildfly Host configuration file used for initialization in 'domain' mode.
Default value: $wildfly::host_config
hostname
Data type: Optional[String]
Name used to identify host using JBoss CLI (/host=${hostname}).
Default value: undef
username
Data type: Optional[String]
Username to connect to domain controller.
Default value: undef
password
Data type: Optional[String]
Password to connect to domain controller.
Default value: undef
controller_address
Data type: Optional[String]
Domain controller address where the host will connect to configure the server-config.
Default value: $wildfly::properties['jboss.domain.master.address']
controller_mgmt_port
Data type: Integer
Sets domain controller management port.
Default value: 9990
start_server_after_created
Data type: Boolean
Sets if the server should be started right after created.
Default value: true
wildfly::jgroups::stack
Configures jgroups stacks
Parameters
The following parameters are available in the wildfly::jgroups::stack
defined type:
protocols
Data type: Array[Variant[Hash, String]]
List of protocols to use
transport
Data type: Hash
Transport config hash.
wildfly::jgroups::stack::tcp
Configures jgroups TCP-based stacks.
Parameters
The following parameters are available in the wildfly::jgroups::stack::tcp
defined type:
properties
Data type: Hash
TCP properties hash.
wildfly::jgroups::stack::tcpgossip
Configures a tcpgossip stack.
Parameters
The following parameters are available in the wildfly::jgroups::stack::tcpgossip
defined type:
initial_hosts
Data type: String
Comma delimited list of hosts to be contacted for initial membership.
num_initial_members
Data type: Integer
Number of initial members.
timeout
Data type: Integer
Max time for socket creation. Default is 3000 msec.
Default value: 3000
wildfly::jgroups::stack::tcpping
Configures a tcpping stack.
Parameters
The following parameters are available in the wildfly::jgroups::stack::tcpping
defined type:
initial_hosts
Data type: String
Comma delimited list of hosts to be contacted for initial membership.
num_initial_members
Data type: Integer
Number of initial members.
timeout
Data type: Integer
Max time for socket creation. Default is 3000 msec.
Default value: 3000
port_range
Data type: Integer
Number of additional ports to be probed for membership. A port_range of 0 does not probe additional ports. Example: initial_hosts=A[7800] port_range=0 probes A:7800, port_range=1 probes A:7800 and A:7801.
Default value: 0
wildfly::logging::category
Configures a log category
Parameters
The following parameters are available in the wildfly::logging::category
defined type:
level
Data type: Enum['DEBUG', 'INFO', 'ERROR']
Log level
Default value: 'INFO'
use_parent_handlers
Data type: Boolean
Wheter to use parent handlers or not
Default value: false
handlers
Data type: Optional[Array[String[1]]]
List of log handlers to use
Default value: undef
target_profile
Data type: Optional[String]
For domain mode you need to set this parameter
Default value: undef
wildfly::messaging::activemq::connection_factory
Configures a connection factory
Parameters
The following parameters are available in the wildfly::messaging::activemq::connection_factory
defined type:
entries
Data type: Any
Default value: undef
connectors
Data type: Any
Default value: undef
target_profile
Data type: Any
Default value: undef
wildfly::messaging::activemq::queue
Configures a queue
Parameters
The following parameters are available in the wildfly::messaging::activemq::queue
defined type:
entries
Data type: Any
Default value: undef
durable
Data type: Any
Default value: undef
selector
Data type: Any
Default value: undef
target_profile
Data type: Any
Default value: undef
wildfly::messaging::activemq::topic
Configures a topic
Parameters
The following parameters are available in the wildfly::messaging::activemq::topic
defined type:
entries
Data type: Any
target_profile
Data type: Any
Default value: undef
wildfly::messaging::queue
Configures a queue
Parameters
The following parameters are available in the wildfly::messaging::queue
defined type:
entries
Data type: Any
Default value: undef
durable
Data type: Any
Default value: undef
selector
Data type: Any
Default value: undef
target_profile
Data type: Any
Default value: undef
wildfly::messaging::topic
Configures a topic
Parameters
The following parameters are available in the wildfly::messaging::topic
defined type:
entries
Data type: Any
target_profile
Data type: Any
Default value: undef
wildfly::modcluster::config
Configures modcluster subsystem
Parameters
The following parameters are available in the wildfly::modcluster::config
defined type:
advertise_socket
connector
type
excluded_contexts
balancer
load_balancing_group
proxy_list
proxies
proxy_url
sticky_session
target_profile
advertise_socket
Data type: Any
Default value: 'modcluster'
connector
Data type: Any
Default value: 'ajp'
type
Data type: Any
Default value: 'busyness'
excluded_contexts
Data type: Any
Default value: undef
balancer
Data type: Any
Default value: undef
load_balancing_group
Data type: Any
Default value: undef
proxy_list
Data type: Any
Default value: undef
proxies
Data type: Any
Default value: undef
proxy_url
Data type: Any
Default value: undef
sticky_session
Data type: Any
Default value: undef
target_profile
Data type: Any
Default value: undef
wildfly::patch::offline
Applies patches offline.
Parameters
The following parameters are available in the wildfly::patch::offline
defined type:
source
Data type: Stdlib::Unixpath
path to patch file.
override_all
Data type: Boolean
Whether it should solve all conflicts by overriding current files.
Default value: false
override
Data type: Array
List of files to be overridden.
Default value: []
preserve
Data type: Array
List of files to be preserved.
Default value: []
wildfly::patch::online
Applies patches online. Requires server restart.
Parameters
The following parameters are available in the wildfly::patch::online
defined type:
source
Data type: Stdlib::Unixpath
path to patch file.
override_all
Data type: Boolean
Whether it should solve all conflicts by overriding current files.
Default value: false
override
Data type: Array
List of files to be overridden.
Default value: []
preserve
Data type: Array
List of files to be preserved.
Default value: []
wildfly::reload
Performs a system reload when a reload is required server-state=reload-required
.
This define is a wrapper for wildfly_restart
that defaults to your local Wildfly installation.
It is commonly used as a subscriber of a resource that requires reload.
Parameters
The following parameters are available in the wildfly::reload
defined type:
retries
Data type: Integer
Sets the number of retries to check if service is available.
Default value: 3
wait
Data type: Integer
Sets the amount of time in seconds that this resource will wait for the service to be available before a attempt.
Default value: 10
username
Data type: String
Wildfly's management user to be used internally.
Default value: $wildfly::mgmt_user['username']
password
Data type: String
The password for Wildfly's management user.
Default value: $wildfly::mgmt_user['password']
host
Data type: String
The IP address or FQDN of the JBoss Management service.
Default value: $wildfly::properties['jboss.bind.address.management']
port
Data type: String
The port of the JBoss Management service.
Default value: $wildfly::properties['jboss.management.http.port']
secure
Data type: Boolean
Use https port or http port.
Default value: $wildfly::secure_mgmt_api
wildfly::resource
Manages a Wildfly configuration resource: e.g /subsystem=datasources/data-source=MyDS or /subsystem=datasources/jdbc-driver=postgresql
.
Virtually anything in your configuration XML file that can be manipulated using JBoss-CLI could be managed by this defined type.
This define is a wrapper for wildfly_resource
that defaults to your local Wildfly installation.
Parameters
The following parameters are available in the wildfly::resource
defined type:
ensure
recursive
undefine_attributes
content
operation_headers
profile
username
password
host
port
secure
ensure
Data type: Enum[present, absent]
Whether the resource should exist (present
) or not (absent
).
Default value: present
recursive
Data type: Boolean
Whether it should manage the resource recursively or not.
Default value: false
undefine_attributes
Data type: Boolean
Whether it should undefine attributes with undef value.
Default value: false
content
Data type: Hash
Sets the content/state of the target resource.
Default value: {}
operation_headers
Data type: Hash
Sets operation-headers (e.g. { 'allow-resource-service-restart' => true, 'rollback-on-runtime-failure' => false, 'blocking-timeout' => 600}
) to be used when creating/destroying this resource.
Default value: {}
profile
Data type: Optional[String]
Sets the target profile to prefix resource name. Requires domain mode.
Default value: undef
username
Data type: String
Wildfly's management user to be used internally.
Default value: $wildfly::mgmt_user['username']
password
Data type: String
The password for Wildfly's management user.
Default value: $wildfly::mgmt_user['password']
host
Data type: String
The IP address or FQDN of the JBoss Management service.
Default value: $wildfly::properties['jboss.bind.address.management']
port
Data type: String
The port of the JBoss Management service.
Default value: $wildfly::properties['jboss.management.http.port']
secure
Data type: Boolean
Use https port or http port.
Default value: $wildfly::secure_mgmt_api
wildfly::restart
Performs a full restart system when a restart is required server-state=restart-required
.
This define is a wrapper for wildfly_restart
that defaults to your local Wildfly installation.
It is commonly used as a subscriber of a resource that requires restart.
Parameters
The following parameters are available in the wildfly::restart
defined type:
retries
Data type: Integer
Sets the number of retries to check if service is available.
Default value: 3
wait
Data type: Integer
Sets the amount of time in seconds that this resource will wait for the service to be available before a attempt.
Default value: 20
username
Data type: String
Wildfly's management user to be used internally.
Default value: $wildfly::mgmt_user['username']
password
Data type: String
The password for Wildfly's management user.
Default value: $wildfly::mgmt_user['password']
host
Data type: String
The IP address or FQDN of the JBoss Management service.
Default value: $wildfly::properties['jboss.bind.address.management']
port
Data type: String
The port of the JBoss Management service.
Default value: $wildfly::properties['jboss.management.http.port']
secure
Data type: Boolean
Use https port or http port.
Default value: $wildfly::secure_mgmt_api
wildfly::security::domain
This is a defined resource type for creating a security domain Please also see: https://docs.jboss.org/author/display/WFLY9/Security+subsystem+configuration
[domain_name] Name of the security domain to be created on the Wildfly server.
[login_modules]
A hash with a specification of all login-modules to add to the domain.
Also see the documentation of wildfly::security::login_module
Example:
{ 'login-module-1' => {
domain_name => 'my-security-domain',
code => 'DirectDomain',
flag => 'required',
module_options => { realm => 'my-security-realm' }
},
'login-module-2' => {
...
}
}
Parameters
The following parameters are available in the wildfly::security::domain
defined type:
domain_name
Data type: String
Default value: $title
login_modules
Data type: Hash
Default value: {}
wildfly::security::group_role_mapping
The wildfly::security::group_role_mapping class.
Parameters
The following parameters are available in the wildfly::security::group_role_mapping
defined type:
role
Data type: Any
group
Data type: Any
Default value: $title
realm
Data type: Any
Default value: undef
wildfly::security::ldap_realm
This defined resource configures a (opiniated!!) LDAP security realm.
Based on (among others):
-
https://docs.jboss.org/author/display/WFLY9/The+native+management+API
-
https://docs.jboss.org/author/display/WFLY9/Security+subsystem+configuration
-
http://wildscribe.github.io/Wildfly/9.0.0.Final/core-service/management/security-realm/index.html
The realm created is a security realm that can be associated with a management interface and used to control access to the management and/or application services. This LDAP security realm uses LDAP as the user repository to determine who is trying to log in (authentication). The authorization in this LDAP realm performs a group search in the LDAP server, where the group entry contains an attribute referencing it's members (
member
attribute). A simple filter configuration to identify the users distinguished name from their username is then used to create the mapping between user and LDAP groups. This configuration assumes the 'group-to-principal' and 'username-filter' to be used. Future versions of this type might also allow 'principal-to-group' and 'advanced-filter'/'username-is-dn'. It does not at this time. Also this module assumes the same type of cache to be used for both group and username searches.When using this security realm, you should also create group mappings in order to map LDAP group names to the default Wildfly roles. See:
wildfly_wrapper::ldap_group_mapping
.
[ldap_url] URL to connect to the LDAP server. E.g.: 'ldap://ldap.my.org:389'
[ldap_search_dn] DN to use to connect to LDAP. E.g. 'uid=appserver,cn=users,ou=services,o=my,c=org'
[ldap_search_credential] Password (plain text) to use to connect to LDAP. This is the password for the user specified in ldap_search_dn.
[ldap_user_base_dn] The context from where to start searching users. E.g. 'cn=users,ou=services,o=my,c=org'
[authorization_group_base_dn] The context from where to start searching for groups. E.g. 'cn=groups,ou=services,o=my,c=org'
[realm_name] The name of this LDAP Security Realm. Default: $title of this resource
[authentication_user_dn]
The name of the attribute which is the user's distinguished name. Default: dn
[authentication_username_attribute] The name of the attribute to search for the user. This filter will then perform a simple search where the username entered by the user matches the attribute specified here.
[authentication_username_load]
The name of the attribute that should be loaded from the authenticated users LDAP entry to
replace the username that they supplied, e.g. convert an e-mail address to an ID or correct
the case entered. Default: undef
[authentication_recursive]
Whether the search should be recursive. Default: false
[authentication_allow_empty_passwords]
Should empty passwords be accepted from the user being authenticated. Default: false
[authorization_group_name]
An enumeration to identify if groups should be referenced using a simple name or
their distinguished name. Defalt value: SIMPLE
[authorization_group_name_attribute]
Which attribute on a group entry is it's simple name. Default: cn
When setting to undef
the Wildfly default is used, which is: uid
[authorization_group_dn_attribute]
Which attribute on a group entry is it's distinguished name. Default: dn
[authorization_group_search_by]
Should searches be performed using simple names or distinguished names?
Default: DISTINGUISHED_NAME
[authorization_principal_attribute]
The attribute on the group entry that references the principal.
Default value: member
[authorization_group_recursive]
Should levels below the starting point be recursively searched?
Default: true
. When setting to undef
the Wildfly default will
be used which is: false
[authorization_group_iterative]
Should further searches be performed to identify groups that the groups identified
are a member of (groups of groups)? Default: false
[authorization_prefer_original_conn]
After following a referral should subsequent searches prefer the original connection
or use the connection of the last referral. Default: true
[authorization_user_name_attribute]
The attribute on the user entry that is their username. Default: uid
[authorization_user_dn_attribute]
The attribute on the user entry that contains their distinguished name.
Default value: dn
[authorization_user_force]
Authentication may have already converted the username to a distinguished name,
force this to occur again before loading groups. Default: false
[authorization_user_recursive]
Should levels below the starting point be recursively searched (e.g. sub ou's)?
Default: false
[apply_to_management_interface]
Apply the created security realm to the Wildfly management interface?
Default: false
[cache_type]
Defines which type of cache to use for previous username-filter results.
Valid values: by-search-time
or by-access-time
. Default: by-access-time
.
[max_cache_size]
The maximum size of the cache before the oldest items are removed to make room
for new entries. Default: 1000
When setting to undef
the Wildfly default will be used which is 0
(unlimited)
[cache_eviction_time]
The time in seconds until an entry should be evicted from the cache. Default: 900
[cache_failures]
Should failures be cached? Default: false
Parameters
The following parameters are available in the wildfly::security::ldap_realm
defined type:
ldap_url
ldap_search_dn
ldap_search_credential
ldap_user_base_dn
authorization_group_base_dn
realm_name
authentication_username_attribute
authentication_recursive
authentication_allow_empty_passwords
authorization_group_name
authorization_group_name_attribute
authorization_group_dn_attribute
authorization_group_search_by
authorization_principal_attribute
authorization_group_recursive
authorization_group_iterative
authorization_prefer_original_conn
authorization_user_name_attribute
authorization_user_dn_attribute
authorization_user_force
authorization_user_recursive
apply_to_management_interface
cache_type
max_cache_size
cache_eviction_time
cache_failures
authentication_user_dn
authentication_username_load
ldap_url
Data type: String
ldap_search_dn
Data type: String
ldap_search_credential
Data type: String
ldap_user_base_dn
Data type: String
authorization_group_base_dn
Data type: String
realm_name
Data type: String
Default value: $title
authentication_username_attribute
Data type: String
Default value: 'uid'
authentication_recursive
Data type: Boolean
Default value: true
authentication_allow_empty_passwords
Data type: Boolean
Default value: false
authorization_group_name
Data type: String
Default value: 'SIMPLE'
authorization_group_name_attribute
Data type: String
Default value: 'cn'
authorization_group_dn_attribute
Data type: String
Default value: 'dn'
authorization_group_search_by
Data type: String
Default value: 'DISTINGUISHED_NAME'
authorization_principal_attribute
Data type: String
Default value: 'member'
authorization_group_recursive
Data type: Boolean
Default value: true
authorization_group_iterative
Data type: Boolean
Default value: false
authorization_prefer_original_conn
Data type: Boolean
Default value: true
authorization_user_name_attribute
Data type: String
Default value: 'uid'
authorization_user_dn_attribute
Data type: String
Default value: 'dn'
authorization_user_force
Data type: Boolean
Default value: false
authorization_user_recursive
Data type: Boolean
Default value: false
apply_to_management_interface
Data type: Boolean
Default value: false
cache_type
Data type: Enum['by-search-time', 'by-access-time']
Default value: 'by-access-time'
max_cache_size
Data type: Integer[0]
Default value: 1000
cache_eviction_time
Data type: Integer[0]
Default value: 900
cache_failures
Data type: Boolean
Default value: false
authentication_user_dn
Data type: Optional[String]
Default value: undef
authentication_username_load
Data type: Optional[String]
Default value: undef
wildfly::security::login_module
This is the login-module configuration for a security domain Multiple login-modules can be specified for a single security domain.
[domain_name] Name of the security domain to be created on the Wildfly server.
[code] Login module code to use. See: https://docs.jboss.org/author/display/WFLY9/Authentication+Modules
[flag]
The flag controls how the module participates in the overall procedure. Allowed values are:
requisite
, required
, sufficient
or optional
. Default: required
.
[module_options]
A hash of module options containing name/value pairs. E.g.:
{ 'name1' => 'value1', 'name2' => 'value2' }
or in Hiera:
module_options:
name1: value1
name2: value2
Parameters
The following parameters are available in the wildfly::security::login_module
defined type:
code
Data type: String
domain_name
Data type: String
Default value: $title
flag
Data type: Enum['requisite', 'required', 'sufficient', 'optional']
Default value: 'required'
module_options
Data type: Hash
Default value: {}
wildfly::security::user_role_mapping
The wildfly::security::user_role_mapping class.
Parameters
The following parameters are available in the wildfly::security::user_role_mapping
defined type:
role
Data type: Any
username
Data type: Any
Default value: $title
realm
Data type: Any
Default value: undef
wildfly::system::property
Configures a system property
Parameters
The following parameters are available in the wildfly::system::property
defined type:
value
Data type: Any
Default value: undef
target_profile
Data type: Any
Default value: undef
wildfly::undertow::https
Configures a connector
Parameters
The following parameters are available in the wildfly::undertow::https
defined type:
socket_binding
keystore_path
keystore_relative_to
keystore_password
key_alias
key_password
target_profile
enabled_protocols
enabled_cipher_suites
socket_binding
Data type: Any
Default value: undef
keystore_path
Data type: Any
Default value: undef
keystore_relative_to
Data type: Any
Default value: undef
keystore_password
Data type: Any
Default value: undef
key_alias
Data type: Any
Default value: undef
key_password
Data type: Any
Default value: undef
target_profile
Data type: Any
Default value: undef
enabled_protocols
Data type: Any
Default value: undef
enabled_cipher_suites
Data type: Any
Default value: undef
wildfly::web::connector
The wildfly::web::connector class.
Parameters
The following parameters are available in the wildfly::web::connector
defined type:
scheme
Data type: Any
protocol
Data type: Any
socket_binding
Data type: Any
enable_lookups
Data type: Any
secure
Data type: Any
wildfly::web::ssl
The wildfly::web::ssl class.
Parameters
The following parameters are available in the wildfly::web::ssl
defined type:
connector
Data type: Any
password
Data type: Any
protocol
Data type: Any
cipher_suite
Data type: Any
key_alias
Data type: Any
certificate_key_file
Data type: Any
ca_certificate_file
Data type: Any
Default value: undef
Resource types
wildfly_cli
Executes JBoss-CLI commmands
Properties
The following properties are available in the wildfly_cli
type.
executed
Whether the command should be executed or not
Default value: true
Parameters
The following parameters are available in the wildfly_cli
type.
command
The actual commmand to execute
host
Host of Management API. Defaults to 127.0.0.1
Default value: 127.0.0.1
onlyif
If this parameter is set, then CLI command will only run if this command returns false
password
JBoss Management User Password
port
Management port. Defaults to 9990
Default value: 9990
provider
The specific backend to use for this wildfly_cli
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
refreshonly
Valid values: true
, false
, yes
, no
If this parameter is set, then CLI command will only run if the resource was notified
Default value: false
secure
Use TLS to connect with the management API
Default value: false
skip_absent
Valid values: true
, false
, yes
, no
If this parameter is set, then CLI command will only run if resource is present
Default value: false
unless
If this parameter is set, then CLI command will only run if this command returns true
username
JBoss Management User
wildfly_deployment
Manages JBoss deployment
Properties
The following properties are available in the wildfly_deployment
type.
content
SHA1 of deployed content
Default value: ''
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
Parameters
The following parameters are available in the wildfly_deployment
type.
host
Host of Management API. Defaults to 127.0.0.1
Default value: 127.0.0.1
name
namevar
Deployable name
operation_headers
Operation headers.
password
JBoss Management User Password
port
Management port. Defaults to 9990
Default value: 9990
provider
The specific backend to use for this wildfly_deployment
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
secure
Use TLS to connect with the management API
Default value: false
server_group
Deployment target server-group. Domain mode only.
source
Deployment source file. (e.g. /tmp/file.war)
timeout
Operation timeout. Defaults to 120
Default value: 300
username
JBoss Management User
wildfly_resource
Manages JBoss resources like datasources, messaging, ssl, modcluster, etc
Properties
The following properties are available in the wildfly_resource
type.
ensure
Valid values: present
, absent
The basic property that the resource should be in.
Default value: present
state
Resource state
Parameters
The following parameters are available in the wildfly_resource
type.
host
namevar
Host of Management API. Defaults to 127.0.0.1
Default value: 127.0.0.1
operation_headers
Operation headers.
password
JBoss Management User Password
path
namevar
JBoss Resource Path
port
namevar
Management port. Defaults to 9990
Default value: 9990
provider
The specific backend to use for this wildfly_resource
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
recursive
Recursively manage resource. Defaults to false
Default value: false
secure
Use TLS to connect with the management API
Default value: false
username
JBoss Management User
wildfly_restart
Manage JBoss restarts.
Properties
The following properties are available in the wildfly_restart
type.
pending
Whether the restart should be executed or not
Default value: true
Parameters
The following parameters are available in the wildfly_restart
type.
host
Host of Management API. Defaults to 127.0.0.1
Default value: 127.0.0.1
name
namevar
Informational name
password
JBoss Management User Password
port
Management port. Defaults to 9990
Default value: 9990
provider
The specific backend to use for this wildfly_restart
resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
reload
Whether the server should only reload instead of restarting.
Default value: false
retries
Number of times it will check if server is running after a restart
Default value: 3
secure
Use TLS to connect with the management API
Default value: false
username
JBoss Management User
wait
Amount of time (in seconds) that it will wait before next attempt
Default value: 10
Functions
os_config
Type: Puppet Language
Default OS configuration for a specific distribution and version.
os_config(String $distribution, String $version)
Default OS configuration for a specific distribution and version.
Returns: Hash[String, String]
OS configuration: user, group, dirname and console_log.
distribution
Data type: String
Wildfly distribution: 'wildfly' or 'jboss-eap'.
version
Data type: String
Wildfly version.
wildfly::objectify
Type: Ruby 4.x API
Converts a LIST of STRINGs and OBJECTs into an OBJECT of OBJECTs.
wildfly::objectify(Array[Variant[String, Hash[String, Any]]] $input_list)
Converts a LIST of STRINGs and OBJECTs into an OBJECT of OBJECTs.
Returns: Hash
input_list
Data type: Array[Variant[String, Hash[String, Any]]]
wildfly::patch_args
Type: Puppet Language
Generate args for JBoss-CLI patch
command.
wildfly::patch_args(Stdlib::Unixpath $source, Boolean $override_all, Array $override, Array $preserve)
Generate args for JBoss-CLI patch
command.
Returns: String
args for patch command.
source
Data type: Stdlib::Unixpath
path to patch file.
override_all
Data type: Boolean
Whether it should solve all conflicts by overriding current files.
override
Data type: Array
List of files to be overridden.
preserve
Data type: Array
List of files to be preserved.
wildfly::profile_path
Type: Puppet Language
Transform a profile name to a JBoss-CLI profile path.
wildfly::profile_path(Optional[String] $profile)
Transform a profile name to a JBoss-CLI profile path.
Returns: String
a profile path or an empty path.
profile
Data type: Optional[String]
name of the profile (e.g. full, full-ha, ha)
wildfly::service_config
Type: Puppet Language
Default service configuration for a specific distribution, version execution mode and initsystem.
wildfly::service_config(String $distribution, String $version, String $mode)
Default service configuration for a specific distribution, version execution mode and initsystem.
Returns: Hash[String, String]
service configuration: name, configuration file and template and bundled init scripts.
distribution
Data type: String
Wildfly distribution: 'wildfly' or 'jboss-eap'.
version
Data type: String
Wildfly version.
mode
Data type: String
Wildfly execution mode will run, 'standalone' or 'domain'.
Data types
Wildfly::Config_file
The Wildfly::Config_file data type.
Alias of Pattern[/^\w*(-?\w*)*\.xml$/]
Wildfly::Distribution
The Wildfly::Distribution data type.
Alias of Enum['wildfly', 'jboss-eap']
Wildfly::Mode
The Wildfly::Mode data type.
Alias of Enum['standalone', 'domain']
Changelog
All notable changes to this project will be documented in this file. Each new release typically also includes the latest modulesync defaults. These should not affect the functionality of the module.
v4.0.0 (2024-10-29)
The v3.2.1 release was done by accident. It contained breaking changes. v4.0.0 is a relrelease . We deleted the v3.2.1 release from the forge.
Breaking changes:
- Drop EoL CentOS 8 support #335 (bastelfreak)
Implemented enhancements:
Fixed bugs:
- Missing template when using jboss-eap as distribution #337
Merged pull requests:
v3.2.1 (2024-10-28)
Breaking changes:
- Drop support for non-systemd #330 (bastelfreak)
- Drop EoL Ubuntu 18.04 support #329 (bastelfreak)
- Drop EoL Debian 10 support #328 (bastelfreak)
- Drop EoL EL7/Scientific Linux support #327 (bastelfreak)
Fixed bugs:
v3.2.0 (2024-08-26)
Implemented enhancements:
Fixed bugs:
wildfly::host::server_config
withensure => absent
in already absent server tries to stop it and fails with timeout #292- Use correct download URLs for Wildfly version >= 25 #316 (EmersonPrado)
- Don't try to stop absent servers in
wildfly::host::server_config
#313 (EmersonPrado) - Create missing
$wildfly::install_cache_dir
directory #310 (EmersonPrado)
Merged pull requests:
v3.1.0 (2023-11-03)
Implemented enhancements:
v3.0.0 (2023-10-27)
Breaking changes:
Implemented enhancements:
- Puppet unable to manage wildfly behind a secured connection #207
- Initial install fails because /var/cache/wget does not exist. #191
- (#288) Add parameter to set JAVA_OPTS option MaxMetaspaceSize #291 (EmersonPrado)
- (#287) Add parameters for (PROCESS|HOST)_CONTROLLER_JAVA_OPTS in domain.conf #290 (EmersonPrado)
- Allow domain management using wildfly::domain::server_group and wildfly::host::server_config #270 (thiagomarinho)
- add StandardOutput to systemd #268 (bc-bjoern)
- Add new
refreshonly
parameter to wildfly_cli and wrapper #267 (alexjfisher) - Setup and use HTTPS/TLS on the Management API #223 (frozen3)
Fixed bugs:
- Fix wildfly_cli.rb property
executed
#269 (thiagomarinho)
Merged pull requests:
- Update Readme code examples and rubocop_todos #301 (rwaffen)
- disable beaker acceptance testing #299 (rwaffen)
- fix spec tests #297 (rwaffen)
- Fix linter #295 (rwaffen)
- Use rvm and Ruby 2.7 in README test setup section #285 (EmersonPrado)
- Update bundle install commands in README test setup section #282 (EmersonPrado)
- Code content quality #281 (Joris29)
- Remove obsolete java parameter #280 (Joris29)
v2.3.2 (2018-08-18)
- Fixes to CLI parser
- Improve init paramters
v2.3.1
- Fix install_source validation
v2.3.0
- Override wildfly user home
- Support for overlays installation
- Fixes for EL7 systemd unit file
- Parameterized username, password, host and port on resource wrappers
v2.2.0
- Fix title patterns.
- Fix unauthorized race condition.
- Fix systemd service permissions
- JMS Connection Factory
v2.1.0
- Fix class containment in init.pp
- Fix undefined comparison for wildfly::cli
- Remove string comparison support.
- Remove sorting of array elements.
- Remove data obfuscation for sensitive values.
- Refactor wildfly_resource to use Puppet::Property subclass.
v2.0.3
- Introduce data types.
- Remove unnecessary v1 code.
- Introduce external facts.
- Fix patch::online
v2.0.2
- Fix wildfly_resource's with array of hashes values.
- Allow custom templates or file for module.xml.
- Support for jgroups stacks
- Rewrite functions in Puppet language.
v2.0.1
- Bring cache_dir back.
- Introduce deployment cache dir.
- Remove WILDFLY_HOME management with package installation in order to proper support packages.
v2.0.0
- Introduce Puppet 4 features (epp, data types and etc)
- Introduce puppet-strings
- Small fixes fori JBoss-CLI Parser.
v1.2.8
- Fix summary
- Improve CLI parser error message
v1.2.7
- Keep compatibility with Ruby 1.8.7 (necessary while claiming compatibility with 2.7/3.8)
v1.2.6
- Major wildfly_resource refactor
- Recursively stringify array values to avoid non-idempotent behavior
- Allow resources with special characters in its name using quotes
v1.2.5
- Fix for deployment in domain mode
- Fix custom types docs.
v1.2.4
- Fix for wildfly 10 with systemd
v1.2.3
- Use composite namevar for wildfly_resource to allow management of multiple instance from a single node.
- EAP7 topics and queues.
- Infinispan/JDG template.
v1.2.2
- Update supported OS's list and add propert suport for upstart through sysvinit
- Introduce remote_user parameter
v1.2.1
- Use a unique name for service resource with different name attribute value.
v1.2.0
- Installation from system packages
- Bundle gems with the module
v1.1.0
- Introduce patch management feature
- Move providers dependencies to a single place
v1.0.1
- Fix for Wildfly 10 with systemd.
v1.0.0
- Improve domain support
- Out of the box support for a wide range of versions (EAP 6.1+/EAP7, Wildfly 8/9/10)
- Better tests/code coverage, both unit and acceptance (version X OS matrix).
- Use properties file instead of Augeas to manage port/address binding.
- Introduce a proper CLI parser.
- Lots of minor issues fixes.
- Support for operation-headers in wildfly_resource and wildfly_deployment.
- Move things from wildfly::util to wildfly.
- Major refactoring of custom types/providers and puppet_x namespace.
v0.5.7
- Replace each_with_object (193) with inject (187)
v0.5.6
- Fix wildfly_resource when non managed properties are a hash
v0.5.5
- Fix non idempotent behavior in wildfly_resource when resource contains a nested hash.
- Obfuscate sensitive data in wildfly_resource change_to_s.
v0.5.4
- Fix for digest authentication in Wildfly 10.
- Fix wildfly_cli should_execute? condition
- Excluded-contexts for modcluster configuration.
- HTTPS support for AS7/EAP6.
v0.5.3
- Fix for true/false comparison in custom types.
- Improved wildfly::modcluster::config.
- Fix version comparison.
- SSL for Wildfly 9+
- Still support Ruby 1.8.7.
v0.5.2
- Support file and puppet protocol for module/deployment installation
- Download timeout parameter
- Login module management
- Optional package dependencies management
- wildfly_reload custom type/provider
- Fix wildfly service in EL7
- Fix wildfly_resource when HTTP API return numbers
- Support digest authentication
- Ignore HTTP Proxy in net/http
- Improve acceptance tests
v0.5.1
- Support datasource database properties
- Support logging::category, only for full profiles
- Support system property, only for full profiles
- Be able to provide your own service wildfly initd script
- Wildfy Service enable & ensure parameters
- Fix module installation
v0.5.0
- Removed nanliu-archive dependency
- Removed nexus deployment support
- Rename deploy to deployment
- Simplify user management
v0.4.3
- Allow setting the uid/gid for the wildfly user and group
- Uses JBOSS_OPTS to configure socket binding and bind address. (Operation mode independent)
- Improve Domain mode support. (Easy master/slave setup)
- User management defined types name refactor. (Breaking change)
- Non destructive update initial support.
v0.4.2
- Adds timeout parameter for wildfly_deploy custom type.
v0.4.1
- Template fixes so it also works for puppet 4.2.1
- Standalone mode also works with an empty java_opts
v0.4.0
- Unified deploy for domain/standalone modes (wildfly::deploy)
- Removed wildfly::standalone namespace since domain and standalone configurations share the same defitions
- Fix wildfly service to detect profile changes
- Remove params of private classes. init.pp is suposed to be the only public class.
v0.3.7
- Update README.md content and format to follow recommended guidelines
- Add acceptance test for Wildfly 9
v0.3.6
- Service needs to restart if we change anything in the standalone.conf
- Several fixes for domain mode
- Support escaped slashes in resource names
- Support ensure parameter in resource util
- Support installing non-system modules
- Update definitions optional parameters.
- CLI, Support for 'has' operator to check if item is in array
v0.3.5
- Changes to allow wildfly module to deploy jboss EAP
- java_opts parameters which will override the default
- puppet 4 templates path fix
- XA datasource support
v0.3.4
- deploy from nexus
- manage_user parameter for controling the default creation of the wildfly user/group
v0.3.3
- Beaker unit tests for CentOS 6.6, 7.0 and Debian 7
- fix debian wildlfy configuration file /etc/default/wildfly
v0.3.2
- More improvements
v0.3.1
- Code quality improvement and support for onlyif in wildfly_cli
v0.3.0
- Introducing custom types/providers in replacement of cli-wrapper and jboss-cli.sh. These custom types/providers use HTTP API instead of JBoss-CLI. It maks it 5-10x faster and easier to maintain. More info here: cpitman/puppet-jboss_admin#68
- Using archive in replacement of wget cause it's faster and incredible simple.
- Removing nexus deployment support since cescoffier/puppet-nexus is not in forge and not being active developed, I'll try to work on a PR for archive (some sort of archive::nexus) and have a single define for deployment that accepts multiple formats of deployment.
- Users still can download from Nexus outside deploy and pass file URL as a parameter.
v0.2.4
- Debian fix so wildfly-init-debian.sh will be used instead of redhat
v0.2.3
- update readme
v0.2.2
- Configure wildfly log with console_log parameter
- Deployment option
- User management
- Module installation
- Datasource configuration
- HTTPS/SSL & Identity store
- Modcluster (Only for HA profiles)
- Messaging Queue or Topics
v0.2.1
- All port & interface sed actions has been replaced by augeas
v0.2.0
- Major re-factoring by Jairo Junior
- Extracted some resources to new manifests in order to avoid excessive relationships (require, notify, before, after, etc).
- Created new manifests to express new concepts (wildfly user management).
- Removed shell script templates in order to use package script (wildfly/bin/init.d).
- Using only class { 'wildfly' } instead of class { 'wildfly:install' } cause it gives the impression that i am able to instantiate multiple instances*, like tomcat module (https://forge.puppetlabs.com/puppetlabs/tomcat).
- Removing $install_file parameter cause it can be inferred (file_name_from_url.rb).
- The wildfly management user password is declared in plain text and hash is performed internally (password_hash.rb).
- Introduced new dependencies (wget and stdlib)
v0.1.9
- some exec executed on every puppet run
v0.1.8
- Added license
- Support for Wildfly 8.2
- Removed the password on the wildfly user
v0.1.7
- fix for updating user mgmt file
v0.1.6
- Fix for Debian, Ubuntu
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs/stdlib (>=4.13.1 < 10.0.0)
Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.