Glassfish create domain

Name

• create-domain– creates a domain with the given name

Synopsis

• create-domain  [--user user] [--passwordfile passwordfile]
   {--adminport port_number | --portbase portbase}
   [(--profile developer | cluster | enterprise ] --template domain_template)]
   [--domaindir domain_directory]
   [--instanceport port_number] [--savemasterpassword={false|true}]
   [ --domainproperties  (name=value)[:name=value]*]
   [--keytooloptions (name=value)[:name=value]*]
   [--savelogin={false|true}] [ --terse ={false|true}]
   [ --echo ={false|true}] [ --interactive ={true|false}]
   domain_name
  

Description

• Use the create-domain command to create an administrative domain.

  This command creates the configuration of a domain. A domain is an administrative namespace. Every domain has a configuration, which is stored in a set of files. Any number of domains each of which has a distinct administrative identity can be created in a given installation of application server. A domain can exist independent of other domains. Any user who has access to the asadmin script on a given system can create a domain and store its configuration in a folder of choice. By default, the domain configuration is created in the default directory for domains. You can override this location to store the configuration elsewhere.

  A domain, in addition to being an administrative boundary, is also a fully compliant Java EE Server. This means that you can deploy your Java EE Applications to the domain and run them when the domain is started. A domain provides all the necessary environment and services that are essential to run the applications.

  A domain can be managed by tools such as the Administration GUI or asadmin.

  This command is supported in local mode only.

Options

• --user

  The username of the administrator of the domain.

  -t --terse

  Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.

  -e --echo

  Setting to true will echo the command line statement on the standard output. Default is false.

  -I --interactive

  If set to true (default), only the required password options are prompted.

  --domaindir

  The directory where the domain is to be created. If specified, the path must be accessible in the filesystem. If not specified, the domain is created in the default domain directory.

  --profile

  Do not specify this option. This option is retained for compatibility with other releases. If you specify this option, a syntax error does not occur. Instead, the command runs successfully and the option is silently ignored.

  --template

  Do not specify this option. This option is retained for compatibility with other releases. If you specify this option, a syntax error does not occur. Instead, the command runs successfully and the option is silently ignored.

  --adminport

  The HTTP/S port for administration. This is the port to which you should point your browser (example, http://localhost:this-port) to manage the domain.

  Either the --adminport option or the --portbase option must be specified.

  --portbase

  Determines the number with which the port assignment should start. A domain uses a certain number of ports that are statically assigned. The portbase value determines where the assignment should start. Choose this value judiciously. The values for the ports are calculated as follows: Admin port: portbase + 48, HTTP listener port: portbase + 80, IIOP listener port: portbase + 37, JMX port: portbase + 86. See the output of this command for a complete list of occupied ports, when --portbase option is specified.

  ---

  Note –

  This command uses some ports that are not required. This behavior is retained for compatibility with other releases.

  ---

  Either the --adminport option or the --portbase option must be specified.

  ---

  Note –

  The --portbase option cannot be used with the --adminport or the --instanceport option.

  ---

  --passwordfile

  The file containing the domain application server password associated with the administrative instance. The create-domain command reads values for AS_ADMIN_PASSWORD and AS_ADMIN_MASTERPASSWORD from this file. The password is defined in the following form: AS_ADMIN_PASSWORD=password, where password is the actual administrator password for the domain. This file can contain many other passwords required by the asadmin commands. In adherence to application server security policy, asadmin does not accept clear text passwords on the command line.

  If AS_ADMIN_PASSWORD or AS_ADMIN_MASTERPASSWORD is not in the password file, the create-domain command prompts for admin password and master password.

  -t --terse

  Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.

  --instanceport

  As noted above, the domain provides services so that applications can run when deployed. This (HTTP) port specifies where the web application context roots are available for a Web browser to connect to. This port is a positive integer and must be available at the time of creation of the domain.

  --savemasterpassword

  Setting this option to true allows the masterpassword to be written to the file system. Default is false.

  A master password is really a password for the secure key store. A domain is designed to keep its own certificate (created at the time of domain creation) in a safe place in the configuration location. This certificate is called domain's SSL server certificate. When the domain is contacted by a Web browser over a secure channel (HTTPS), this certificate is presented by the domain. The master password is supposed to protect this store (a file) that contains this certificate. This file is called keystore.jks and is created in the config directory of the domain created. If however, this option is chosen, the master password is saved on the disk in domain's configuration location. The master password is stored in a file called master-password, which is a Java JCEKS type keystore. The only advantage of using this option is in case of unattended system boots, where at the time of start-domain, the master password is not prompted for, because it will be extracted from this file.

  It is best to create a masterpassword when creating a domain, because masterpassword is used by the start-domain command. For security purposes, the default setting should be false, because saving the masterpassword on the disk is an insecure practice, unless file system permissions are properly set. If masterpassword is saved, then start-domain will not prompt for it. Masterpassword gives an extra level of security to the environment.

  --domainproperties

  Setting the optional name/value pairs overrides the default values for the properties of the domain to be created. The list must be separated by the : character. The following properties are available:

  jms.port

  Specifies the port number for JMS. Valid value is 7676.

  domain.jmxPort

  Specifies the port on which the JMX connector is initialized. The valid values are 1-65535.

  orb.listener.port

  Specifies the ORB listener port for IIOP connections on which orb-listener-1 listens.

  http.ssl.port

  Specifies the port number for http-listener-2. Valid values are 1 to 65535. On UNIX, to create sockets that listen on ports 1–1024, you need superuser privileges.

  orb.ssl.port

  Specifies the ORB listener port for IIOP connections on which the IIOP listener called SSL listens.

  orb.mutualauth.port

  Specifies the ORB listener port for IIOP connections on which the IIOP listener called SSL_MUTUALAUTH listens.

  --keytooloptions

  Specifies an optional list of name-value pairs of keytool options for a self-signed server certificate. The certificate is generated during the creation of the domain. Each pair in the list must be separated by the colon character (:).

  Allowed options are as follows:

  CN

  Specifies the common name of the host that is to be used for the self-signed certificate. This option name is case insensitive.

  By default, the name is the fully-qualified name of the machine where the create-domain command is run.

  --savelogin

  Saves the admin user name and password if you set this option to true. The default value is false. The username and password are stored in the .asadminpass file in user's home directory. A domain can only be created locally and hence while using the above option, the host name saved in .asadminpass will always be localhost. If the user has specified default admin port while creating the domain, there is no need to specify --user, --passwordfile, --host, or --port on any of the subsequent asadmin remote commands. These values will be automatically obtained.

  ---

  Note –

  When the same user creates multiple domains having same admin port number on the same or different machines (where the home directory is NFS mounted), the command is not going to prompt whether the password should be overwritten. It will always be overwritten.

  ---

Operands

• domain_name

  The name of the domain to be created.

Examples

• ---

  Example 1 Using the create-domain command

  
  

  The following command creates the domain domain4.

  asadmin>create-domain --adminport 4848 domain4 Please enter the admin user name>admin Please enter the admin password> Please enter the admin password again> Please enter the master password> Please enter the master password again> Using port 4848 for Admin. Using default port 8080 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Distinguished Name of the self-signed X.509 Server Certificate is: [CN=starless,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] Domain domain4 created. Command create-domain executed successfully.

  ---

  ---

  Example 2 Using the create-domain command (domaindir)

  
  

  The following command creates the domain sampleDomain in the /export/domains directory.

  asadmin> create-domain --domaindir /export/domains --adminport 7070 --user admin --instanceport 7071 sampleDomain Please enter the admin password> Please enter the admin password again> Please enter the master password> Please enter the master password again> Using port 7070 for Admin. Using default port 7071 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Distinguished Name of the self-signed X.509 Server Certificate is: [CN=fracture,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] Domain sampleDomain created.

  ---

  ---

  Example 3 Using the create-domain command (savelogin)

  
  

  The following command creates the domain myDomain and saves the administration username and password.

  asadmin> create-domain --adminport 8282 --user admin --savelogin=true myDomain Using port 8282 for Admin. Using default port 8080 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Distinguished Name of the self-signed X.509 Server Certificate is: [CN=exiles,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] Domain myDomain created. Admin login information for host [localhost] and port [8282] is being overwritten with credentials provided. This is because the --savelogin option was used during create-domain command. Login information relevant to admin user name [admin] for this domain [myDomain] stored at [/home/someuser/.asadminpass] successfully. Make sure that this file remains protected. Information stored in this file will be used by asadmin commands to manage this domain. Command create-domain executed successfully.

  ---

  ---

  Example 4 Using the create-domain command (keytool options)

  
  

  The following command creates the domain customdomain. The common name of the host that is to be used for the self-signed certificate is trio.

  asadmin> create-domain --adminport 9898 --user admin --keytooloptions CN=trio customdomain Enter admin password> Enter admin password again> Using port 9898 for Admin. Using default port 8080 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Distinguished Name of the self-signed X.509 Server Certificate is: [CN=trio,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] Domain customdomain created.

  ---

Exit Status

• 0

  command executed successfully

  1

  error in executing the command