Installing a Glassfish Server for APEX access in Amazon AWS

If you have got to this blog because you are following the configuring of APEX on Amazon RDS then cool, if you got here via Google because you want to get Glassfish working, then welcome 🙂

It is assumed that you have linked from the following blog APEX within the Oracle RDS environment, this includes where to download the APEX software and Listener. If you have not done this already I would head over to the other blog so that you have all the relevant files in the correct place.

Download the server from the Oracle Glassfish site to this directory

mkdir -p /opt/software/glassfish

cd /opt/software/glassfish

unzip  ogs*.zip

cp -r glassfish3 /opt/

mkdir -p /opt/glassfish3/glassfish/domains/domain1/docroot/i

Note: The ‘i’ directory is very important, again not from any notes that I have seen, might have missed this. Got it from a YouTube demo installation.

cd /opt/software/apex/images

cp -r * /opt/glassfish3/glassfish/domains/domain1/docroot/i/

cd /opt/glassfish3/glassfish/bin

./asadmin start-domain

This domain requires an administrative password to be set before
the domain can be started. Please specify an administrative password. 
Enter an admin password for user “admin”> ENTER A SECURE PASSWORD

Enter an admin password for user “admin” again> ENTER A SECURE PASSWORD

You possibly will get the following error

Waiting for domain1 to start …………………………Error starting domain domain1.
The server exited prematurely with exit code 0.
Before it died, it produced the following output:

Launching GlassFish on Felix platform
[#|2012-07-28T16:59:02.488+0000|INFO|oracle-glassfish3.1.2|com.sun.enterprise.server.logging.GFFileHandler|_ThreadID=1;_ThreadName=main;|Running GlassFish Version: Oracle GlassFish Server 3.1.2.2 (build 5)|#]

[#|2012-07-28T16:59:02.777+0000|INFO|oracle-glassfish3.1.2|org.glassfish.ha.store.spi.BackingStoreFactoryRegistry|_ThreadID=10;_ThreadName=main;|Registered org.glassfish.ha.store.adapter.cache.ShoalBackingStoreProxy for persistence-type = replicated in BackingStoreFactoryRegistry|#]

[#|2012-07-28T16:59:03.521+0000|INFO|oracle-glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=11;_ThreadName=Grizzly-kernel-thread(1);|Grizzly Framework 1.9.50 started in: 59ms – bound to [0.0.0.0:4848]|#]

[#|2012-07-28T16:59:03.522+0000|INFO|oracle-glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=12;_ThreadName=Grizzly-kernel-thread(1);|Grizzly Framework 1.9.50 started in: 92ms – bound to [0.0.0.0:8181]|#]

[#|2012-07-28T16:59:03.533+0000|INFO|oracle-glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=13;_ThreadName=Grizzly-kernel-thread(1);|Grizzly Framework 1.9.50 started in: 37ms – bound to [0.0.0.0:3700]|#]

[#|2012-07-28T16:59:03.548+0000|INFO|oracle-glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=14;_ThreadName=Grizzly-kernel-thread(1);|Grizzly Framework 1.9.50 started in: 14ms – bound to [0.0.0.0:7676]|#]

[#|2012-07-28T16:59:10.723+0000|INFO|oracle-glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=10;_ThreadName=main;|Oracle GlassFish Server 3.1.2.2 (5) startup time : Felix (7,610ms), startup services(10,613ms), total(18,223ms)|#]

[#|2012-07-28T16:59:10.724+0000|SEVERE|oracle-glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=10;_ThreadName=main;|Shutting down v3 due to startup exception : No free port within range: 8080=com.sun.enterprise.v3.services.impl.monitor.MonitorableSelectorHandler@68d448a1|#]

[#|2012-07-28T16:59:11.679+0000|INFO|oracle-glassfish3.1.2|javax.enterprise.system.tools.admin.com.sun.enterprise.v3.admin|_ThreadID=15;_ThreadName=Thread-21;|Server shutdown initiated|#]

[#|2012-07-28T16:59:11.685+0000|INFO|oracle-glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=15;_ThreadName=Thread-21;|Already stopped, so just returning|#]

Command start-domain failed.

The following will delete and recreate the domain that is required

./asadmin delete-domain domain1

./asadmin create-domain

Enter the value for the domain_name operand> domain

NOTE that the domain_name is now domain not domain1

Enter admin user name [Enter to accept default “admin” / no password]> admin

Enter the admin password [Enter to accept default of no password]> Enter the password
Enter the admin password again> Enter the password

You will get following style output, don worry if some of the port numbers are different.

Using default port 4848 for Admin.
Default port 8080 for HTTP Instance is in use. Using 37339
Using default port 7676 for JMS.
Using default port 3700 for IIOP.
Using default port 8181 for HTTP_SSL.
Using default port 3820 for IIOP_SSL.
Using default port 3920 for IIOP_MUTUALAUTH.
Using default port 8686 for JMX_ADMIN.
Using default port 6666 for OSGI_SHELL.
Using default port 9009 for JAVA_DEBUGGER.
Distinguished Name of the self-signed X.509 Server Certificate is:
[CN=ip-10-248-83-138.eu-west-1.compute.internal,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US]
Distinguished Name of the self-signed X.509 Server Certificate is:
[CN=ip-10-248-83-138.eu-west-1.compute.internal-instance,OU=GlassFish,O=Oracle Corporation,L=Santa Clara,ST=California,C=US]
No domain initializers found, bypassing customization step
Domain domain created.
Domain domain admin port is 4848.
Domain domain admin user is “admin”.
Command create-domain executed successfully.

You need to recreate the directory and copy the files again

mkdir -p /opt/glassfish3/glassfish/domains/domain/docroot/i

cp -r /opt/software/apex/images/* /opt/glassfish3/glassfish/domains/domain/docroot/i/

cd /opt/glassfish3/glassfish/bin

./asadmin start-domain

Waiting for domain to start …………
Successfully started the domain : domain
domain Location: /opt/glassfish3/glassfish/domains/domain
Log File: /opt/glassfish3/glassfish/domains/domain/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.

You now have a working Glassfish server ready for the listener and Apex to be deployed.

Configure Glassfish

Navigate to

http://FQDN:4848 (where FQDN is your server name)

Login with the credentials that you specified when creating the domain

You will probably get this error Secure Admin must be enabled to access the DAS remotely.

cd /opt/glassfish3/bin

To get the asadmin prompt

./asadmin

asadmin> get secure-admin.enabled

Enter admin user name> admin
Enter admin password for user “admin”>  enter a secure password
secure-admin.enabled=false
Command get executed successfully.

asadmin> enable-secure-admin

Enter admin user name> admin
Enter admin password for user “admin”>   enter a secure password

You must restart all running servers for the change in secure admin to take effect.
Command enable-secure-admin executed successfully.

asadmin> stop-domain
Waiting for the domain to stop ….
Command stop-domain executed successfully.

asadmin> start-domain

Waiting for domain to start …………………
Successfully started the domain : domain
domain Location: /opt/glassfish3/glassfish/domains/domain
Log File: /opt/glassfish3/glassfish/domains/domain/logs/server.log
Admin Port: 4848
Command start-domain executed successfully.

asadmin> get secure-admin.enabled
secure-admin.enabled=true
Command get executed successfully.

You may get a certificate appear and the prompt

Do you trust the above certificate [y|N] –> y

You should now be able to log on to the server via

http://FQDN:4848

It now time to configure the server

From the left hand pain pick server-config

When the security screen is displayed

Select the check box next to Default Principal to Role Mapping.

Don’t forget to press the save button

The following is from the Apex install guide

From the web console.

Select the realm to which to add your user (for example, file).

The Edit Realm page appears.

On the Edit Realm page, click the Manage Users button.

The File Users page appears.

On the File Users page, click New.

The New File Realm User page appears.

On the New File Realm User page, create an Admin user:

User ID – Enter the name of the Oracle Application Express Listener administrator:

User ID: adminlistener

Group List – Enter the role to which the user belong:

Group List: Admin

New Password – Enter a unique password.

Confirm New Password – Enter the password again.

Click OK.

Repeat the previous steps and create another user for the Oracle Application Express Listener manager, by specifying the following:

User ID: managerlistener

Group List: Manager

Click OK.

APEX Listener installation and configuration

We now need to install the apex listner that you should have downloaded

On the navigation tree, click the Application node.

The Applications page displays.

Click the Deploy button.

The Deploy Applications or Modules page displays.

Choose the  ”Local Packaged File or Directory That Is Accessible from GlassFish Server”  and enter the location of the apex.war file

I have assumed that you have followed the earlier instructions, therefore the location will be

/opt/apex_listener/apex.war

This will upload the war file and deploy it in the server.

There seems to be some additional security in 11g version of Oracle, so from the installation guide from Oracle

Enable Network Services in Oracle Database 11g
By default, the ability to interact with network services is disabled in Oracle Database
11g release 1 or 2. Therefore, if you are running Oracle Application Express with
Oracle Database 11g release 1 or 2, you must use the new DBMS_NETWORK_ACL_
ADMIN package to grant connect privileges to any host for the APEX_040100 database
user.”

mkdir -p /opt/glassfish3/configpackage

cd /opt/glassfish3/configpackage

vi createpackages.sql

Paste the following in to the file

DECLARE
ACL_PATH VARCHAR2(4000);
BEGIN
— Look for the ACL currently assigned to ‘*’ and give APEX_040100
— the “connect” privilege if APEX_040100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = ‘*’ AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, ‘APEX_040100’,
‘connect’) IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
‘APEX_040100’, TRUE, ‘connect’);
END IF;
EXCEPTION
— When no ACL has been assigned to ‘*’.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(‘power_users.xml’,
‘ACL that lets power users to connect to everywhere’,
‘APEX_040100’, TRUE, ‘connect’);
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(‘power_users.xml’,’*’);

END;

/
COMMIT;

DECLARE
ACL_PATH VARCHAR2(4000);
BEGIN
— Look for the ACL currently assigned to ‘localhost’ and give APEX_040100
— the “connect” privilege if APEX_040100 does not have the privilege yet.
SELECT ACL INTO ACL_PATH FROM DBA_NETWORK_ACLS
WHERE HOST = ‘localhost’ AND LOWER_PORT IS NULL AND UPPER_PORT IS NULL;
IF DBMS_NETWORK_ACL_ADMIN.CHECK_PRIVILEGE(ACL_PATH, ‘APEX_040100’,
‘connect’) IS NULL THEN
DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL_PATH,
‘APEX_040100’, TRUE, ‘connect’);
END IF;
EXCEPTION
—- When no ACL has been assigned to ‘localhost’.
WHEN NO_DATA_FOUND THEN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(‘local-access-users.xml’,
‘ACL that lets users to connect to localhost’,
‘APEX_040100’, TRUE, ‘connect’);
DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(‘local-access-users.xml’,’localhost’);
END;
/
COMMIT;

Again you will see general as per the config all the way through, you make this anything you like. Also remember to run the set_env if you have

cd /opt/glassfish3/configpackage

sqlplus username@general

@createpackages.sql

Access Oracle Application Express Listener Administration

Once you have completed the above steps and uploaded the apex.war file you can now launch the application.

Navigate to the Applications section in the navigation tree. You will see the apex line with “Launch | Redeploy | Reload”

Click on Launch, a new window will open giving you two URL’s that you will access the apex application on.

These ports may alter depending on your server

http://FQDN:54828/apex

https://FQDN:8181/apex

To access Oracle Application Express Listener Administration, in your Web browser go to:

https://FQDN:8181/apex/listenerConfigure

Some other URL’s that are helpful are

https://FQDN:8181/apex/listenerAdmin

https://FQDN:8181/apex/listenerStatus

Answers in a comment on how you get the listenerStatus working

The user name is adminlisterner and the password is per the password set earlier. listernAdmin is interesting and you will probably need this later on.

You will need to have ensured that the TNS_ADMIN variable is set. You will have done this is you linked from the original APEX within the Oracle RDS environment post. If you have not, make sure you look this part up.

You could use the basic setting and not the TNS names, but be careful as there is a character limit to the hostname and my FQDN was too long.

You should now have a URL address of

https://FQDN/apex/f?p=4550:1:1558478370665401

You now have an APEX environment, more on how to use it and configure the workspace at Configuring the APEX workspace

Once your workspace is configured then you can log on, and start developing 🙂

If you get the dreaded

HTTP Status 403 – Requested url http://:8181/apex/wwv_flow.accept is not allowed.

then the chances are it has something to do with this setting. I did not get this, but just in case :).

The following are the settings that I used to get it up and running, if you find any more documentation around this subject please drop me a line.

Log in to

https://FQDN:8181/apex/listenerAdmin

Security Tab

Allowed procedures

wwv_flow_file*,www_flow_file*, p, n, cust*, apex*, f, wwv*,www*

As soon as you press the Apply button you should see the APEX screen. There are many sources, but there is not one definitive source that I have found. Hopefully this information will add to what is already out there and help others.

The last piece in the puzzle is how to auto start the Glassfish server

Its not that hard, well it is a little hard 🙂

cd /opt/glassfish3/bin

 ./asadmin create-service domain

This creates the service Glassfish_domain in /etc/init.d

vi /etc/ini.d/Glassfish_domain

At the top of the file insert after the #!/bin/sh line

# chkconfig: 235 99 10
# description: Start or stop the Glassfish server
#
### BEGIN INIT INFO
# Provides:
# Default-Start: 2 3 5
# Default-Stop: 0 1 6
# Description: Start or stop the Glassfish server
### END INIT INFO

Once the file has been edited

Please note that there are 2 dashes in front of add, the editor only display one long one

chkconfig –add Glassfish_domain

chkconfig Glassfish_domain on

OK now you are up and running, the only problem is that Glassfish is running as root privileges and there is little security on the domain etc…

The next trick will be securing the server environment, this though will be good enough for a test environment not exposed to the outside world.

, ,

  1. #1 by Hector on November 30, 2012 - 8:57 pm

    Dude, I spent 2 days looking for a solution to the glassfish “Command start-domain failed” error… Thanks!

  2. #2 by SutoCom on October 24, 2012 - 3:59 pm

  1. Amazon Web Services (AWS) tips n Tricks
  2. Configuring the APEX workspace « The Survival Guides's Blog
  3. APEX within the Oracle RDS environment « Amazon AWS tips n Tricks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

ifssoftware.wordpress.com/

Helping you achieve more

The Survival Guides's Blog

How to Survive IT and Holidays

WordPress.com

WordPress.com is the best place for your personal blog or business site.

%d bloggers like this: