Patching strategy and versioning for JBoss 6.4 - jboss

We are using JBoss EAP 6.4 as part of a third-party software package we run on our servers. In the installation notes, it states that we have to install in as follows:
Install JBoss 6.4.0
Install JBoss 6.4 Patch 9 (6.4.9)
Install JBoss 6.4 Patch 12 (6.4.12)
There is a specific note that JBoss patching is incremental and therefore we have to patch both 6.4.9 and 6.4.12. In scripts provided by the manufacturer I also found references to those specific two patch versions.
I'm confused. I would have expected either to have an cumultative patch (e.g. install 6.4.0, install patch 12), or incremental patches (install 6.4.0, then patch 1, then patch 2, etc).
I googled and did not managed to find a good explanation for these requirements.
What's the logic behind JBoss (6.4) patching and what's so special about patch 9 to warrant the special inclusion?

The update instructions (as found on the download page) for JBoss EAP 6.4 patch 10 say that you have to apply the update to patch 9 first. This carries forward to future patch updates. There is a knowledgebase article which should mention this (it currently doesn't say that this applies to patch update 10 and later, but this should be fixed).

Related

Easier Approach - Jboss AS Upgrade 6.1 to 6.4 - RedHat Linux

We got farm of Red Hat servers which has Jboss 6.1 in our environments. Now we need to upgrade Jboss AS to 6.4. The easy way is to deploy the new version on the server and copy the config files and modules to the new jboss instance. It requires additional space in the filesystem.
Is there any other way to upgrade to 6.4 without having multiple instances. I am looking something like a patch upgrade on the existing Jboss 6.1 instance in CLI mode.
Please update your valuable thoughts.
Cheers,
Jose
You can use patch in CLI mode, See the guide[1]
[1]https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Installation_Guide/sect-Patching_JBoss_EAP_6.html

Is there a defined product support lifecycle for Wildfly / JBoss AS?

I'm looking for dates until when patches for known vulnerabilities will be delivered for the products mentioned above. I found the same for RedHat's JBoss Enterprise Application Platform, but not for JBoss AS or Wildfly.
Here's an example.
Regarding JBoss Middleware, there is a product update and support policy.
For long-life products, JBoss offers Full support for 4 years, Maintenance support for 3 years and Extended-life support for other 3-6 years.
Although you can imagine JBoss engineers working on the underlying Widlfly software creating patches and solutions for all the time of the Full Support, there is not any guarantee. In addition, note that the version numbers of the JBoss EAP are not the same of the used by Wildfly.
The JBoss EAP v 7.0 (released in 2016, for Java EE 7) uses the Wildfly 9.x (alias "Kenny", released in 2015)
The JBoss EAP v.7.1Beta (released in 2017) uses Wildfly 10.x (released in 2016).
Today (September 6, 2017), reviewing the Issue Tracker for Wildfly, almost all the updated issues in the last week are related to the last versions: 20 are for the version 11.x, 3 for the 12.x-Beta, and 1 for the 8.x. Other 31 do not specify a version. All the resolved issues (9/9) in the last week are related to the version 11.x.
I think you must consider to use one of the last two GA versions of Wildfly. The community is more active in these versions. According to the Wildfly governance page, they deliver a new final major version in around a nine month cycle.
You don't get any guaranteed support for community projects like WildFly and JBoss AS. Commercial support is only available for commercial products like JBoss EAP.

Will application built on RHEL6.4 be able to run on Centos 6.4 unupdatedly

I learn that RHEL and Centos has the exact same source code. So my question here is if one application built for RHEL 6.4, could we just install and make it running on Centos 6.4 without any update?
And another question is RHEL and Centos will always use the same version number for the same source code, right?
Yes, software built on RHEL 6.4 should work as-is on CentOS 6.4 (assuming you don't depend on one of the relatively few RHEL-specific details, mostly to do with branding).
CentOS, except where necessary, uses upstream RHEL sources unmodified. When they need to modify a package they indicate that in the release notes and in the release field of the RPM in question.

Can I use JBoss EAP 6 without a support license?

JBoss Application Platform has 2 distributions, a community and an enterprise release, community releases are like Beta releases of enterprise releases, JBoss 7.0 is then actually EAP 6 beta 1, 7.0.1 is beta 2, 7.1.0 is beta 3 and 7.1.1 is rc 1.
What happens with JBoss AS 7.1.2 and 7.1.3? this is a very informative link: http://henk53.wordpress.com/2013/01/09/the-curious-case-of-jboss-as-7-1-2-and-7-1-3/
So my question is: Can I use JBoss EAP 6 without a support license?
Downloads are available from access.redhat.com/downloads, from which you have to click on "Evaluations and Demos", and then on "JBoss Enterprise Application Platform Evaluation".
I have read that JBoss EAP is still open source and you can use it freely, but only if you compile it from source, which is not an easy task nor they want it to be.
So if I use in production the version I have downloaded from "Evaluations and Demos", is this illegal?
TLDR; yes, you can use without a support subscription, but no, if you just download the latest EAP binary, you're not allowed to use it in production.
Three cases here to consider how you can run JBoss EAP without a support subscription, two of which also allow production use:
1. Development use
You can use any JBoss EAP binary version for development purposes without a paid subscription. You won't get patches or support that way, and you can't run it in production. From "Downloads for Development Use":
To download JBoss EAP you must have an account. You also need to
accept the terms and conditions of the JBoss Developer Program which
provides $0 subscriptions for development use only.
2. EAP 6.x alpha versions
All alpha versions, such as JBoss EAP 6.1 Alpha, are free to use in any way or form, also in production. From this message:
The 6.1 Alpha binary is made available for free (both for development
and production use) to the entire community.
And this thread:
This development restriction, however, does not apply to EAP alpha
releases. EAP alpha releases may be ran in production if you so
desire. As to their quality, 6.1.0.Alpha is of equivalent quality to a
community final release. However, the Alpha is where the extensive
testing and hardening begins, so we recommend GA or later for
production if you are interested in using EAP.
This is also confirmed by entry in JBoss FAQ, saying
Q: If EAP 6.1.0.Alpha is the same as community 7.2.0.Final, why is it
called Alpha? A: EAP has a much more conservative and rigid release
hardening process, including extensive quality testing and partner
certification. Historically every EAP release starts from our most
recent community final, and then releases in stages as this hardening
work is performed. The first EAP stage Alpha is of equivalent, or
better, quality to a community Final release.
Q. Are there any restrictions on how I can use EAP 6.1.0 Alpha? A. No
– it has the same license and terms as AS releases however as it's an
Alpha release we don't recommend using it in production.
And these two redhat knowledgebase articles confirming that EAP 6.3.Alpha is also available for all to run in production (only visible for paid subscribers):
"Red Hat JBoss EAP 6.3 Alpha Availability"
"Using JBoss EAP alpha version in production without support subscription"
Edit: and now John Doyle, Senior Manager responsible for Red Hat JBoss EAP 6, confirmed that
The earlier statements about EAP 6.1 Alpha apply to all EAP 6 Alpha
releases. They can be run in production.
3. Self-compiled versions
EAPs are also available as source distributions, and if you compile them yourself, removing any Red Hat trademarks, it should be legal to run them in production. Of course, you are completely on your own on supporting them. To make compiling easier, there is a script on this github account, and using that script building your own EAP is as easy as
git clone git://github.com/hasalex/eap-build.git
cd eap-build
./build-eap.sh
See the project readme for details. There's also extended discussion on one of its issues about the legal status of the build, which refers to statement by Jason Greene, WildFly project lead, saying one of the ways to legally use the product is
Self build and support EAP - You get some of the benefits of the enterprise releases (e.g. patches to older major versions and so on),
but you have to invest time and energy to build and maintain/verify
your app server distribution bits.
I think the answer is: sort of. You can obtain the binary version of the latest JBoss EAP 6.1.0.Alpha if you agree to a $0 developer license and agree to use it only for development purposes. You do not get patches or support, however.
Also, it's open sourced under the LGPL in which case you don't have to agree to anything beyond the LGPL. But then the trick is getting the source. And you won't be getting the patched source. An important consideration here is that the binary package is configured carefully (e.g. with respect to security defaults) whereas you're on your own if you compile it from available source.
Bottom line: buy a license if you are using it for any important commercial purpose so as not to be at some arbitrary fixed point in the source's evolution.
Red Hatter here. If you use JBOSS binaries, they are Red Hat Intellectual Property. You have to have a Red Hat subscription to use the software which may be $0 cost (developer use only) or more depending on what are your needs and/or subscription compliance (non-developer use like non-production or production).
Please see http://www.jboss.org/terms-and-conditions/ for the details.
Answer to original question "Can I use JBoss EAP 6 without a support license?":
According to official "Subscription Guide for Red Hat JBoss Middleware" dated Sept. 2015 (https://www.redhat.com/en/resources/subscription-guide-red-hat-jboss-middleware) you are allowed to use JBoss EAP 6 without support license only in following cases:
a) Environments only used by one person like a developer, testcase developer, architect
b) Developer desktops/ laptops or
c) Single-user development instances on a server (physical or virtual)
So you have to pay subscription for Test/QA and Production environments.
PS: price for support licence for "EAP Platform" is mentioned in comparison calculator - https://www.redhat.com/en/eap-calculator
PS2: There is a project with scripts custom building of JBoss EAP - https://github.com/hasalex/eap-build

JBoss AS / Wildfly community version corresponding to Red Hat EAP version?

As far as i know the EAP editions of JBoss Application Server (AS) are just a bunch of community edition JBoss projects with some sugar.
So, what is the community edition of the JBoss Application Server that JBoss EAP 4.3.0 corresponds to?
This response is really late but I came across the unanswered question in a Google search and I wanted to make sure there's a correct response. I work for JBoss support so you can consider this a qualified answer.
JBoss EAP is the only commercially supported version of JBoss. It contains JBoss AS and JBoss Seam. EAP diverged (in terms of the svn branch it's built off) from JBoss AS around version 4.2.1 (not exactly, but close enough). EAP has a 5-year lifetime and is tested and certified rigorously. EAP has paid commercial support and patches (called CPs or cumulative patches) that are designed to maintain ABI/API stability over time while allowing for security issues and bugs to be fixed. It is actually against policy to introduce a feature in a CP, but it happens on occasion.
If you're familiar with how Red Hat Enterprise Linux differs from Fedora, you can consider the difference to be quite similar. The JBoss project/product split is much newer, though, so the differences are smaller. Here's the official page describing what I've said.
http://www.jboss.com/products/community-enterprise
Cheers,
Chris
According to JBoss Enterprise Application Platform Component Details, JBoss EAP 4.3 is based on:
JBoss Application Server 4.2.1 with various updates, component upgrades, and bug fixes
The primary difference between EAP and the community release is that EAP is the officially supported configuration of the community edition, with fixed versions of the various components. RedHat was finding it too difficult to support the different component versions used by man+dog, and nailed it down to one set.
As for versioning, the EAP version numbers roughly track the community releases, but with differences:
EAP 4.2 is based on JBossAS 4.2
EAP 4.3 is also based on JBossAS 4.2.1, but with JBossMQ replaced by JBossMessaging, and Java6 support
EAP 5.0 is based on JBossAS 5.1
EAP 5.1 also seems to be based on JBossAS 5.1, with some cumulative patches
Edit:
EAP 6.x is based on JBoss Application Server 7.x
I've been digging into JBoss version information to try and find an answer to a more specific question i'm dealing with, and i thought i'd share my observations. You can get a picture of the names and dates of releases from JBoss's JIRA bug tracker: you can check out the info for the Community and Enterprise editions.
I was interested in the 4.2 branch rather than 4.3. If you hunt back a few years, you'll find that the Community release 4.2.0.GA came out on the 14th of May 2007, and was followed six weeks later by the Enterprise release 4.2.0.GA on the 3rd of July 2007. After that, the numbering diverged: the Community edition shipped point upgrades - 4.2.1.GA, 4.2.2.GA and 4.2.3.GA - every few months after that. The Enterprise edition instead shipped a series of 'cumulated patch' releases based on 4.2.0, starting with 4.2.0.GA_CP01 and hitting 4.2.0.GA_CP06 a few months ago. How do these releases relate to each other? I'm still not sure about this, but i think the theory is that the Enterprise edition doesn't gain any new features (within that branch), only bugfixes, but that those bugfixes are applied to both the Enterprise and Community editions. In fact, i suspect that in the case of my bug10, the fix was developed against the Community edition, and then crossported to the Enterprise edition, although i'm far from sure about that.
Turning back to your actual question, things are less clear. The Enterprise 4.3.0.GA came out on the 7th of January 2008, after the Community 4.2.2.GA, but before 4.2.3.GA. There is no Community 4.3.0, nor is there an Enterprise 4.2.x for any x > 0. Chris says that the Enterprise and Community versions "diverged", and i assume that what he means by that is that the Enterprise version is no longer based on just bugfixing a Community version, but rather is now an entirely separate development stream - presumably taking code drops from the Community edition where that's appropriate.
So, the answer to your question is some combination of: 4.2.2.GA (but only distantly), 4.2.0.GA (plus years of separate development), and mu.
While JBoss AS / Wildfly is really the basis for JBoss EAP, it's definitely not just "some sugar" what is added.
EAP is what went through an extensive testing and many many bug and security issues are fixed.
More, EAP is usually also faster after going though a period of performance tests, soak testing, and code analysis.
Also, EAP artefacts (jars) are all built by Red Hat, i.e. Red Hat is responsible for whatever is in them - i.e. you don't get whatever anyone puts in the central repo or whichever other repo you may have configured in your settings.xml (in case you build your own AS). Many of these third-party libraries are changed - CVE's fixed, performance issues addressed etc.
And lastly, EAP is way better in terms of features. For example, last 7.x release of JBoss AS is 7.1.1, year-and-something old, while EAP 6.1 is about a month old, and is way better in regards of manageability, stability, configurability etc. There is a several hundreds of commits difference between those two.
So, stating that "JBoss EAP X is based on JBoss AS Y" may be true, but at the same time misleading.
Check the EAP 6.1.