Taashee

How to Implement JBoss EAP 7.x in Managed Domain Mode in A Few Easy Steps

How to Implement JBoss EAP 7.x in Managed Domain Mode in A Few Easy Steps

Taashee's photo
Taashee
·

10 min read

JBoss EAP 7.x is a Java Enterprise 7-compliant middleware platform built on open standards, designed to improve startup speed and runtime performance. Its modular structure allows you to enable services only when needed, conserving system resources. The management console and command-line interface (CLI) offer an XML-free editing experience and the ability to script and automate tasks.

JBoss EAP comes in two operating modes: standalone server mode or managed domain mode. If you want to run JBoss EAP as a single server instance, then the standalone server mode is best suited for you. On the other hand, in the managed domain operating mode, you can manage multiple JBoss EAP instances from a consolidated control point.

In this article, we provide a step-by-step look into the implementation of JBoss EAP 7.x in the managed domain mode.

Note: The names and naming conventions used here are for demonstration purposes only, please change them as necessary.

1. Software and Pre-Deployment Scenario

  • JBoss EAP 7.4.0

  • Operating System = RHEL8

  • RAM= 16GB 4 physical core 8vCpu

  • JDK Version = 1.8

2. Java Installation & JBoss Installation

  • For Red Hat Enterprise Linux 8, use the following command.

# subscription-manager repos --enable=jb-eap-EAP_MINOR_VERSION-for-rhel-RHEL_VERSION-ARCH-rpms

  • Install JBoss EAP and JDK 8 using the following command.

# yum groupinstall jboss-eap7

3. JBoss Domain Mode Heap Sizing

  • Go to the directory below for changing parameters.

  • Use the command cd /app01/wildfly/bin, edit domain.conf and change the following.

if [ "x$JAVA_OPTS" = "x" ]; then

JAVA_OPTS="-Xms2048m -Xmx2048m -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true" JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true"

4. JBoss EAP 7 Domain mode IP & PORT configuration.

We have change the IP & port in the cd /etc/opt/rh/eap7/wildfly/domain configuration file.

<interfaces>

<interface name="management"/>

<interface name="private">

<inet-address value="${jboss.bind.address.private:t24jbapp- dev.XXXXX.com.bh}"/>

</interface>

<interface name="public"/>

<interface name="unsecure">

<inet-address value="${jboss.bind.address.unsecure:t24jbapp- dev.XXXXX.com.bh}"/>

</interface>

</interfaces>

  • Host.xml

<interfaces>

<interface name="management">

<inet-address value="${jboss.bind.address.management:t24jbapp-dev.XXXXX.com.bh}"/>

</interface>

<interface name="public">

<inet-address value="${jboss.bind.address:t24jbapp-dev.XXXXX.com.bh}"/>

</interface>

</interfaces>

5. JBoss start command:

Go to the /bin directory of JBoss and create the following start script:

/app01/wildfly/bin./domain.sh

6. Creation of Management User:

JBoss EAP 7.x uses the standard EAP Management Realm configuration as its authentication source.

This means that adding users is a simple matter of using the existing EAP add-user script as follows

[root@pavan]# cd /JBOSS_HOME/bin/

[root@pavan bin ]# ./add-user.sh

What type of user do you wish to add?

a) Management User (mgmt-users.properties)

b) Application User (application-users.properties)

(a): a

Enter the details of the new user to add.

Using realm ' ManagementRealm ' as discovered from the existing property files.

Username : Jbossadm

About to add user 'admin' for realm 'ManagementRealm'

Is this correct yes/no? Yes

Password recommendations are listed below. To modify these restrictions edit the

add-user.properties configuration file.

- The password should be different from the username

- The password should not be one of the following restricted values

{root, admin, administrator}

- The password should contain at least 8 characters, 1 alphabetic character(s),

1 digit(s),

1 non-alphanumeric symbol(s)

Password : (e.g admin@123)

Re-enter Password : ( e .g. admin@123)

What groups do you want this user to belong to? (Please enter a comma separated

list, or leave blank for none)[ ]:

Is this new user going to be used for one AS process to connect to another AS process?

4_e.g. for a slave host controller connecting to the master or

for a Remoting connection for server to server EJB calls.

yes/no? Yes

To represent the user add the following to the server-identities

Definition < secret value="……………" />

7. Create Server Group & server in Domain mode.

Create server group with full High Availability.

  • Add servers to that server group:

No alt text provided for this image

8. Deploy the Application in Domain mode.

Deploy the application using the admin console.

  • First, go the deployment tab.

No alt text provided for this image

  • Then select the application.war in your local path.

No alt text provided for this image

Deploy the application.

No alt text provided for this image

9. Creation of resource-adapter for application connection in domain.xml.

  • Go to cd /etc/opt/rh/eap7/wildfly/domain in edit domain.xml

  • Go to profile=full-ha and add the following subsystem

<subsystem xmlns="urn:jboss:domain:resource-adapters:6.0">

<resource-adapters>

<resource-adapter id="tocfT24ra-ra.rar">

<archive>

tocfT24ra-ra.rar

</archive>

<transaction-support>XATransaction</transaction-support>

<config-property name="listenPort">0</config-property>

<config-property name="listenHost">0</config-property>

<connection-definitions>

<connection-definition class- name="com.temenos.tocf.t24ra.outbound.T24ManagedConnectionFactory" jndi-name="java:/jca/t24ConnectionFactoryTWS" pool-name="T24 TWS ConnectionFactory">

<config-property name="charset">ISO-8859-1</config-property>

<config-property name="actionTimeout">500</config-property>

<config-property name="compressionThreshold">2048</config-

property>

<config-property

name="envVariables">OFS_SOURCE=GCS</config-property>

<config-property name="hosts">10.1.90.13</config-property>

<config-property name="ports">9021</config-property>

<config-property name="compression">true</config-property>

<config-property name="loadBalancing">false</config-property>

<config-property name="allowInput">true</config-property>

</connection-definition>

</connection-definitions>

</resource-adapter>

</resource-adapters>

</subsystem>

10. Set port offset

We can set port offset in a particular server as described below.

  • Go to cd /etc/opt/rh/eap7/wildfly/domain in edit domain.xml

Go to add below

Go to <socket- binding-group name=”full-ha-sockets

<socket-binding-group name="full-ha-sockets" default-interface="public">

<socket-binding name="ajp" port="${jboss.ajp.port:8009}"/>

<socket-binding name="http" port="${jboss.http.port:7000}"/>

  • Go to console–>runtime–>servergroup–>server then view and set the portoffset to 8

  • Go to console–>severgroups–>server–>upload the deployment war files

11. SSL Configuration

Go through the following steps for configuring the SSL certificate.

jbapps@sapjbbrw01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.190:9990 [domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/key-

store=httpsKS:add(path=XXXXX.jks,relative-to=jbos..{clear- text=qwe333@@},type=JKS)

{"outcome" => "success"}

[domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})

{"outcome" => "success"}

[domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"])

{"outcome" => "success"}<

[domain@10.1.25.190:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"])

{"outcome" => "success"}

[domain@10.1.25.190:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=ssl-context,value=httpsSSC)

{

"outcome" => "success", "result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.190:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-interface,value=management)

{

"outcome" => "success", "result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.190:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-port,value=8443)

{

"outcome" => "success", "result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.190:9990 /] reload --host=master Unable to connect due to unrecognised server certificate

Subject - CN=*.XXXXX.com,O=XXXX.,L=XXX,C=XXX - CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US

Valid From - …..

Valid To - …..

MD5 : ab:b7:3b:44:74:73:f2:59:c9:56:15:41:ca:8f:ff:95

SHA1 : 25:a7:c0:aa:1a:e3:4c:e4:c2:30:c2:28:46:a9:70:f2:5d:02:f7:06

Subject - CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US

Issuer - CN=DigiCert Global Root CA, OU=digicert.com, O=DigiCert Inc, C=US Valid From - ….

Valid To - ….

MD5 : e6:7b:58:6f:70:46:bf:e0:aa:51:f6:66:0b:11:9d:d9

SHA1 : 1c:58:a3:a8:51:8e:87:59:bf:07:5b:76:b7:50:d4:f2:df:26:4f:cd

Subject - CN=DigiCert Global Root CA,OU=digicert.com,O=DigiCert Inc,C=US Issuer - CN=DigiCert Global Root CA, OU=digicert.com, O=DigiCert Inc, C=US Valid From - Fri Nov 10 03:00:00 AST 2006

Valid To - Mon Nov 10 03:00:00 AST 2031

MD5 : 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e

SHA1 : a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36

Accept certificate? [N]o, [T]emporarily, [P]ermanently : P

Server Level SSL

[domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=elytron/key-

store=httpsKS:add(path=”/app01/wildfly/domain/configuration/XXXXX.jks”, credential-reference={clear- text=qwe333@@}, type=JKS)

[domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})

[domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"])

[domain@10.1.25.190:9990 /] reload --host=master

[domain@10.1.25.190:9990 /] batch

[domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:undefine-attribute(name=security-realm)

[domain@10.1.25.190:9990 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:write-attribute(name=ssl-context,value=httpsSSC)

[domain@10.1.25.190:9990 /] run-batch

[jbapps@sapjbatm01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.196:9990 [domain@10.1.25.196:9990 /] /host=master/subsystem=elytron/key- store=httpsKS:add(path=XXXXX.jks,relative-to=jbos.. reference={clear-text=qwe333@@},type=JKS)

{"outcome" => "success"}

[domain@10.1.25.196:9990 /] /host=master/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="XXX",credential-reference={clear-text=qwe333@@})

{"outcome" => "success"}

[domain@10.1.25.196:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key- manager=httpsKM,protocols=["TLSv1.2"])

{"outcome" => "success"}

[domain@10.1.25.196:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=ssl-context,value=httpsSSC)

{

"outcome" => "success", "result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.196:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-interface,value=management)

{

"outcome" => "success", "result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.196:9990 /] /host=master/core-service=management/management-interface=http- interface:write-attribute(name=secure-port,value=8443)

{

"outcome" => "success", "result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.196:9990 /] reload --host=master

Unable to connect due to unrecognised server certificate

Subject - CN=*.XXXXX.com,O=XXXXX,L=XXXXX,C=XXXXX - CN=DigiCert TLS RSA

SHA256 2020 CA1, O=DigiCert Inc, C=US

Valid From - Wed Oct 13 03:00:00 AST 2021

Valid To - Mon Nov 14 02:59:59 AST 2022

MD5 : ab:b7:3b:44:74:73:f2:59:c9:56:15:41:ca:8f:ff:95

SHA1 : 25:a7:c0:aa:1a:e3:4c:e4:c2:30:c2:28:46:a9:70:f2:5d:02:f7:06

Subject - CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US

Issuer - CN=DigiCert Global Root CA, OU=digicert.com, O=DigiCert Inc, C=US

Valid From - Wed Apr 14 03:00:00 AST 2021

Valid To - Mon Apr 14 02:59:59 AST 2031

MD5 : e6:7b:58:6f:70:46:bf:e0:aa:51:f6:66:0b:11:9d:d9

SHA1 : 1c:58:a3:a8:51:8e:87:59:bf:07:5b:76:b7:50:d4:f2:df:26:4f:cd

Subject - CN=DigiCert Global Root CA,OU=digicert.com,O=DigiCert Inc,C=US

Issuer - CN=DigiCert Global Root CA, OU=digicert.com, O=DigiCert Inc, C=US

Valid From - Fri Nov 10 03:00:00 AST 2006

Valid To - Mon Nov 10 03:00:00 AST 2031

MD5 : 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e

SHA1 : a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36

Accept certificate? [N]o, [T]emporarily, [P]ermanently : P

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=elytron/key-

store=httpsKS:add(path=”/app01/wildfly/domain/configuration/XXXXX.jks”, credential-

reference={clear-text=qwe333@@}, type=JKS)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined

}

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined

}

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=elytron/server-ssl-

context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined

}

[domain@10.1.25.196:8443 /] reload --host=master

[domain@10.1.25.196:8443 /] exit

[domain@10.1.25.196:8443 /] batch

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:undefine-attribute(name=security-realm)

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https- listener=https:write-attribute(name=ssl-context,value=httpsSSC)

[domain@10.1.25.196:8443 /] run-batch

[jbapps@sapjbint01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.192:9990

[domain@10.1.25.192:9990 /] /host=master/subsystem=elytron/key-

store=httpsKS:add(path=XXXXX.jks,relative-to=jbos..

reference={clear-text=qwe333@@},type=JKS)

{"outcome" => "success"}

[domain@10.1.25.192:9990 /] /host=master/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})

{"outcome" => "success"}

[domain@10.1.25.192:9990 /] /host=master/subsystem=elytron/server-ssl-context=httpsSSC:add(key-

manager=httpsKM,protocols=["TLSv1.2"])

{"outcome" => "success"}

[domain@10.1.25.192:9990 /] /host=master/core-service=management/management-

interface=http-interface:write-attribute(name=ssl-context,value=httpsSSC)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.192:9990 /] /host=master/core-service=management/management-interface=http-

interface:write-attribute(name=secure-interface,value=management)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.192:9990 /] /host=master/core-service=management/management-interface=http-

interface:write-attribute(name=secure-port,value=8443)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined,

"response-headers" => {"process-state" => "reload-required"}

}

[domain@10.1.25.192:9990 /] reload --host=master

Unable to connect due to unrecognised server certificate

Subject - CN=*.XXXXX.com,O=XXXX, L=XXXXX,C=XXXX - CN=DigiCert TLS RSA

SHA256 2020 CA1, O=DigiCert Inc, C=US

Valid From - Wed Oct 13 03:00:00 AST 2021

Valid To - Mon Nov 14 02:59:59 AST 2022

MD5 : ab:b7:3b:44:74:73:f2:59:c9:56:15:41:ca:8f:ff:95

SHA1 : 25:a7:c0:aa:1a:e3:4c:e4:c2:30:c2:28:46:a9:70:f2:5d:02:f7:06

Subject - CN=DigiCert TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US

Issuer - CN=DigiCert Global Root CA, OU=digicert.com, O=DigiCert Inc, C=US

Valid From - Wed Apr 14 03:00:00 AST 2021

Valid To - Mon Apr 14 02:59:59 AST 2031

MD5 : e6:7b:58:6f:70:46:bf:e0:aa:51:f6:66:0b:11:9d:d9

SHA1 : 1c:58:a3:a8:51:8e:87:59:bf:07:5b:76:b7:50:d4:f2:df:26:4f:cd

Subject - CN=DigiCert Global Root CA,OU=digicert.com,O=DigiCert Inc,C=US

Issuer - CN=DigiCert Global Root CA, OU=digicert.com, O=DigiCert Inc, C=US

Valid From - Fri Nov 10 03:00:00 AST 2006

Valid To - Mon Nov 10 03:00:00 AST 2031

MD5 : 79:e4:a9:84:0d:7d:3a:96:d7:c0:4f:e2:43:4c:89:2e

SHA1 : a8:98:5d:3a:65:e5:e5:c4:b2:d7:d6:6d:40:c6:dd:2f:b1:9c:54:36<

Accept certificate? [N]o, [T]emporarily, [P]ermanently : P

[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=elytron/key-

store=httpsKS:add(path=”/app01/wildfly/domain/configuration/XXXXX.jks”, credential-

reference={clear-text=qwe333@@}, type=JKS)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined

}

[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=elytron/key-manager=httpsKM:add(key- store=httpsKS,algorithm="SunX509",credential-reference={clear-text=qwe333@@})

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined

}

[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=elytron/server-ssl-

context=httpsSSC:add(key-manager=httpsKM,protocols=["TLSv1.2"])

{

"outcome" => "success",

"result" => undefined,

"server-groups" => undefined

}

[domain@10.1.25.192:8443 /] reload --host=master

[domain@10.1.25.192:8443 /] batch

[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https-

listener=https:undefine-attribute(name=security-realm)

[domain@10.1.25.192:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/https-

listener=https:write-attribute(name=ssl-context,value=httpsSSC)

[domain@10.1.25.192:8443 /] run-batch

12. Configuring Multicast

Go through the following steps to configure Multicast.

<socket-binding-group name="full-ha-sockets" default-interface="public">

Update “jboss.default.multicast.address” for all three below

<socket-binding name="jgroups-mping" interface="private" multicast-

address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45700"/>

<socket-binding name="jgroups-udp" interface="private" port="55200" multicast- address="${jboss.default.multicast.address:230.0.0.4}" multicast-port="45688"/>

<socket-binding name="modcluster" multicast-

address="${jboss.modcluster.multicast.address:224.0.1.105}" multicast-port="23364"/>

13. Configuring Access Log

In the master host, use the following commands.

<host name="default-host" alias="localhost">

<access-log pattern="%h %l %u %t "%r" %s %b "%{i,Referer}" "%{i,User-Agent}" Cookie: "%{i,COOKIE}" Set-Cookie: "%{o,SET- COOKIE}" SessionID: %S Thread: "%I" TimeTaken: %T"/>

</host>

/profile=full-ha /subsystem=undertow/server=default-server/host=default-host/setting=access-

log:add(pattern="%h %l %u %t \"%r\" %s %b \"%{i,Referer}\" \"%{i,User-Agent}\" Cookie:

\"%{i,COOKIE}\" Set-Cookie: \"%{o,SET-COOKIE}\" SessionID: %S Thread: \"%I\" TimeTaken: %T")

/profile=full-ha/subsystem=undertow/server=default-server/http-listener=default:write-

attribute(name=record-request-start-time,value=true)

reload --host=master

---

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default-server/http-

listener=default:write-attribute(name=record-request-start-time,value=true)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => {"T24_ATM" => {"host" => {

"master" => {"T24ATM_1" => {"response" => {

"outcome" => "success",

"response-headers" => {

"operation-requires-reload" => true,

"process-state" => "reload-required"

}

}}},

"slvatm02" => {"T24ATM_2" => {"response" => {

"outcome" => "success",

"result" => undefined,

"response-headers" => {

"operation-requires-reload" => true,

"process-state" => "reload-required"

}

}}}

}}}

}

[domain@10.1.25.196:8443 /] reload --host=master

To change the Log path (on both master and slave nodes) use the following commands.

cd /app01/wildfly/domain/configuration/

mv servers servers_OLD

mkdir -p servers

chmod -R 775 servers

Use the following commands for server log rotation.

<profile name="full-ha">

<subsystem xmlns="urn:jboss:domain:logging:8.0">

<size-rotating-file-handler name="FILE" autoflush="true">

<formatter>

<named-formatter name="PATTERN"/>

</formatter>

<file relative-to="jboss.server.log.dir" path="server.log"/>

<rotate-size value="5k"/>

<append value="true"/>

<suffix value=".yyyy-MM-dd"/>

</size-rotating-file-handler>

Use the following commands for Access log rotation.

/subsystem=logging/pattern-formatter=access-log-formatter:add(pattern="%s%n")

/subsystem=logging/size-rotating-file-handler=access-log:add(autoflush=true, append=true, named-

formatter=access-log-formatter, rotate-size=10m, max-backup-index=10, file={path=access.log,

relative-to=jboss.server.log.dir})

/subsystem=logging/logger=io.undertow.accesslog:add(handlers=[access-.., use-parent-

handlers=false)

/subsystem=undertow/server=default-server/host=default-host/setting=access-log:write-

attribute(name=use-server-log, value=true)

[jbapps@sapjbatm01 bin]$ ./jboss-cli.sh -c --controller=10.1.25.196:9990

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=logging/pattern-formatter=access-log-

formatter:add(pattern="%s%n")

{

"outcome" => "success",

"result" => undefined,

"server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" =>

{"outcome" => "success"}}}}}}

}

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=logging/size-rotating-file-handler=access-

log:add(autoflush=true, append=true, named-formatter=access-log-formatter, rotate-size=10m,

max-backup-index=10, file={path=access.log, relative-to=jboss.server.log.dir})

{

"outcome" => "success",

"result" => undefined,

"server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" =>

{"outcome" => "success"}}}}}}

}

[domain@10.1.25.196:8443 /] /profile=full

full full-ha

[domain@10.1.25.196:8443 /] /profile=full-

ha/subsystem=logging/logger=io.undertow.accesslog:add(handlers=[access-.., use-parent-

handlers=false)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" =>

{"outcome" => "success"}}}}}}

}

[domain@10.1.25.196:8443 /] /profile=full-ha/subsystem=undertow/server=default-

server/host=default-host/setting=access-log:write-attribute(name=use-server-log, value=true)

{

"outcome" => "success",

"result" => undefined,

"server-groups" => {"T24_ATM" => {"host" => {"master" => {"T24ATM_1" => {"response" => {

"outcome" => "success",

"response-headers" => {

"operation-requires-reload" => true,

"process-state" => "reload-required"

}

}}}}}}

}

[domain@10.1.25.196:8443 /] reload --host=master

[domain@10.1.25.196:8443 /] exit

And with that, you should be good to go!

This article was originally published on our company blog.

bossenterpriseconfiguration management