Name | Synopsis | Description | Options | Operands | Examples | Exit Status | See Also
create-domain [--help] [--adminport adminport] [--instanceport instanceport] [--portbase portbase] [--profile profile-name] [--template template-name] [--domaindir domaindir] [--savemasterpassword={false|true}] [--domainproperties (name=value)[:name=value]*] [--keytooloptions (name=value)[:name=value]*] [--savelogin={false|true}] [--checkports={true|false}] [--nopassword={false|true}] domain_name
An Enterprise Server domain is a Java EE-6 compliant administrative namespace. Every domain has a configuration, which is stored in a set of files. Any number of domains, each of which has a distinct administrative identity, can be created in a given installation of Enterprise Server. A domain can exist independent of other domains.
Any user who has access to the asadmin utility on a given system can create a domain and store its configuration in a folder of choice. By default, the domain configuration is created in the default directory for domains. You can override this location to store the configuration elsewhere.
If domain customizers are found in domain.xml file when the create-domain subcommand is run, the customizers are processed.
The create-domain subcommand creates a domain with a single administrative user specified by the asadmin utility option --user. If the --user option is not specified, and the --nopassword option is set to true, the default administrative user, admin, is used. If the --nopassword option is set to false (the default), a username is required. In this case, if you have not specified the user name by using the --user option, you are prompted to do so.
This subcommand is supported in local mode only.
Displays the help text for the subcommand.
The HTTP port or the HTTPS port for administration. This port is the port in the URL that you specify in your web browser to manage the domain, for example, http://localhost:4949. The --adminport option cannot be used with the --portbase option. The default value is 4848.
The domain provides services so that applications can run when deployed. This HTTP port specifies where the web application context roots are available for a web browser to connect to. This port is a positive integer and must be available at the time of domain creation. The --instanceport option cannot be used with the --portbase option. The default value is 8080.
Determines the number with which the port assignment should start. A domain uses a certain number of ports that are statically assigned. The portbase value determines where the assignment should start. Choose this value carefully. The values for the ports are calculated as follows: Admin port: portbase + 48, HTTP listener port: portbase + 80, IIOP listener port: portbase + 37, JMX port: portbase + 86. See the output of this subcommand for a complete list of occupied ports, when --portbase option is specified. The --portbase option cannot be used with the --adminport, --instanceport, or the --domainproperties option.
This subcommand uses some ports that are not required. This behavior is retained for compatibility with other releases.
Do not specify this option. This option is retained for compatibility with other releases. If you specify this option, a syntax error does not occur. Instead, the subcommand runs successfully and the option is silently ignored.
Do not specify this option. This option is retained for compatibility with other releases. If you specify this option, a syntax error does not occur. Instead, the subcommand runs successfully and the option is silently ignored.
The directory where the domain is to be created. If specified, the path must be accessible in the filesystem. If not specified, the domain is created in the default domain directory, as-installglassfish/domains.
Setting this option to true allows the masterpassword to be written to the file system. The default value is false.
A master password is really a password for the secure key store. A domain is designed to keep its own certificate (created at the time of domain creation) in a safe place in the configuration location. This certificate is called the domain's SSL server certificate. When the domain is contacted by a web browser over a secure channel (HTTPS), this certificate is presented by the domain. The master password is supposed to protect the store (a file) that contains this certificate. This file is called keystore.jks and is created in the configuration directory of the domain created. If however, this option is chosen, the master password is saved on the disk in the domain's configuration location. The master password is stored in a file called master-password, which is a Java JCEKS type keystore. The reason for using the --savemasterpassword option is for unattended system boots. In this case, the master password is not prompted for when the domain starts because the password will be extracted from this file.
It is best to create a master password when creating a domain, because the master password is used by the start-domain subcommand. For security purposes, the default setting should be false, because saving the master password on the disk is an insecure practice, unless file system permissions are properly set. If the master password is saved, then start-domain does not prompt for it. The master password gives an extra level of security to the environment.
Setting the optional name/value pairs overrides the default values for the properties of the domain to be created. The list must be separated by the colon (:) character. The --portbase options cannot be used with the --domainproperties option. The following properties are available:
Specifies the port number for JMS. Valid value is 7676.
Specifies the port on which the JMX connector is initialized. The valid values are 1-65535.
Specifies the ORB listener port for IIOP connections on which orb-listener-1 listens.
Specifies the port number for http-listener-2. Valid values are 1 to 65535. On UNIX, to create sockets that listen on ports 1–1024, you need superuser privileges.
Specifies the ORB listener port for IIOP connections on which the IIOP listener called SSL listens.
Specifies the ORB listener port for IIOP connections on which the IIOP listener called SSL_MUTUALAUTH listens.
Specifies the port for connecting to the Felix shell service that Enterprise Server provides to interact with the OSGi runtime. The default value is 6666.
Specifies an optional list of name-value pairs of keytool options for a self-signed server certificate. The certificate is generated during the creation of the domain. Each pair in the list must be separated by the colon (:) character.
Allowed options are as follows:
Specifies the common name of the host that is to be used for the self-signed certificate. This option name is case insensitive.
By default, the name is the fully-qualified name of the machine where the create-domain subcommand is run.
If set to true, this option saves the admin user name and password. Default value is false. The username and password are stored in the .asadminpass file in user's home directory. A domain can only be created locally. Therefore, when using the --savelogin option, the host name saved in .asadminpass is always localhost. If the user has specified default admin port while creating the domain, there is no need to specify --user, --passwordfile, --host, or --port on any of the subsequent asadmin remote commands. These values will be obtained automatically.
When the same user creates multiple domains having the same admin port number on the same or different machines (where the home directory is NFS mounted), the subcommand does not ask if the password should be overwritten. The password will always be overwritten.
Specifies whether to check for the availability of the Admin, HTTP, JMS, JMX, and IIOP ports. The default value is true.
Specifies whether the administrative user will have a password. If false (the default), the password is specified by the AS_ADMIN_PASSWORD entry in the asadmin password file (set by using the --passwordfile option). If false and the AS_ADMIN_PASSWORD is not set, you are prompted for the password.
If true, the administrative user is created without a password. If a user name for the domain is not specified by using the --user option, and the --nopassword option is set to true, the default user name, admin, is used.
This example creates a domain named domain4.
asadmin>create-domain --adminport 4848 domain4 Enter admin user name [Enter to accept default "admin" / no password]> Using port 4848 for Admin. Using default port 8080 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Using default port 6666 for OSGI_SHELL. Distinguished Name of the self-signed X.509 Server Certificate is: [CN=sr1-usca-22,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] No domain initializers found, bypassing customization step Domain domain4 created. Domain domain4 admin port is 4848. Domain domain4 allows admin login as user "admin" with no password. Command create-domain executed successfully. |
This example creates a domain named sampleDomain in the /home/someuser/domains directory.
asadmin> create-domain --domaindir /home/someuser/domains --adminport 7070 --instanceport 7071 sampleDomain Enter admin user name [Enter to accept default "admin" / no password]> Using port 7070 for Admin. Using port 7071 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Using default port 6666 for OSGI_SHELL. Enterprise ServiceDistinguished Name of the self-signed X.509 Server Certificate is: [CN=sr1-usca-22,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] No domain initializers found, bypassing customization step Domain sampleDomain created. Domain sampleDomain admin port is 7070. Domain sampleDomain allows admin login as user "admin" with no password. Command create-domain executed successfully. |
This example creates a domain named myDomain and saves the administration username and password.
asadmin> create-domain --adminport 8282 --savelogin=true myDomain Enter the admin password [Enter to accept default of no password]> Enter the master password [Enter to accept default password "changeit"]> Using port 8282 for Admin. Using default port 8080 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Using default port 6666 for OSGI_SHELL. Enterprise ServiceDistinguished Name of the self-signed X.509 Server Certificate is: [CN=sr1-usca-22,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] No domain initializers found, bypassing customization step Domain myDomain created. Domain myDomain admin port is 8282. Domain myDomain allows admin login as user "admin" with no password. Login information relevant to admin user name [admin] for this domain [myDomain] stored at [/home/someuser/.asadminpass] successfully. Make sure that this file remains protected. Information stored in this file will be used by asadmin commands to manage this domain. Command create-domain executed successfully. |
This example creates a domain named domain5. The common name of the host that is to be used for the self-signed certificate is trio.
asadmin> create-domain --adminport 9898 --keytooloptions CN=trio domain5 Enter the admin password [Enter to accept default of no password]> Enter the master password [Enter to accept default password "changeit"]> Using port 9898 for Admin. Using default port 8080 for HTTP Instance. Using default port 7676 for JMS. Using default port 3700 for IIOP. Using default port 8181 for HTTP_SSL. Using default port 3820 for IIOP_SSL. Using default port 3920 for IIOP_MUTUALAUTH. Using default port 8686 for JMX_ADMIN. Using default port 6666 for OSGI_SHELL. Distinguished Name of the self-signed X.509 Server Certificate is: [CN=trio,OU=GlassFish,O=Sun Microsystems,L=Santa Clara,ST=California,C=US] No domain initializers found, bypassing customization step Domain domain5 created. Domain domain5 admin port is 9898. Domain domain5 allows admin login as user "admin" with no password. Command create-domain executed successfully. |
Name | Synopsis | Description | Options | Operands | Examples | Exit Status | See Also