Showing posts with label OpenShift. Show all posts
Showing posts with label OpenShift. Show all posts

Sunday, 15 March 2015

Override Java settings on OpenShift

Introduction


With OpenShift, your server instance in the cloud is prepared with a few mouse clicks or with a single command with the rhc tool.
In most of the cases, this is all you need and you can start right away with your freshly created server instance (named gear in OpenShift terminology).
But in other situations, you want to make some changes to the Java environment, like setting system properties or changing the security settings.

In the case of the security settings, in a normal environment, you can update the java.security file in the JRE_HOME/lib/security folder.  But on the OpenShift environment there are some constraints which makes this task a bit more difficult.  This text shows you an easy way to accomplish your goal.

History

We have developed a JSF application which uses OAuth2 as authentication means.  So we are using an SSL connection to the OAuth2 provider to verify the tokens which are presented to the applications.
It was working fine on OpenShift with the latest WildFly 8.2 cartridge. And last week, we created a new gear and our application throw an exception

java.security.NoSuchAlgorithmException: EC AlgorithmParameters not available

When we compared this new instance with the instance we had already running, we found out that the java version was different.  The newest one, is using OpenJDK 8u31.  And searching on the web for the combination of this version and the exception we received, revealed that there is an issue with this version related to Elliptic curve algorithm.

So, the next step was to edit the java.security file to exclude the algorithm which causes problems in our cases.  
The key jdk.tls.disabledAlgorithms in the file, needs to contain the codes of the algorithms we don't want, in our situation EC,ECDHE,ECDH.

But when I opened the java.security file and wanted to change the content, I received the warning that the film is read-only.  And you can't change it and you can't become a super user to overrule it.

And I can understand that you want to secure some parts of the server.  But it is no option for us to rewrite the Web application with Java 7 due to a, hopefully, temporarily issue with the Java which is running on the gear.

Solution

The solution was found when I found the blog of Eyal Lupu which gives a nice example of how you can override the contents of the java.security file (the documentation in the file itself indicate already this possibility but with the example it became clear for me) and the OpenShift user guide.

So we created a file on the gear to override the key jdk.tls.disabledAlgorithms from the java.security file. And by setting a system property using the JAVA_OPTS_EXT environment variable of the gear, we are able to make the application run again without throwing the exception.

Create the file

  •  rhc ssc gearName
  •  cd $OPENSHIFT_DATA_DIR
  •  vi override_security.properties
  •  content is jdk.tls.disabledAlgorithms=EC,ECDHE,ECDH
  •  pwd -> and note down (copy) the full path location of the just created file.
  •  exit

Set the environment variable

  •  rhc env set JAVA_OPTS_EXT=-Djava.security.properties=file:<> -a gearName
Restart your gear/app

  •  rhc app restart -a gearName


The OPENSHIFT_DATA_DIR isn't chosen at random.  It is the only directory which isn't cleared when you push some code to the git repository. So our file is save there and will not be touched by any of the system processes.

Conclusion

The JAVA_OPTS_EXT environment variable is important if you want to change some settings of the Java Environment.  You can add some system properties to configure your application (like setting the JSF project stage) or to override the java.security configuration for instance as explained in this text.


Hope this help you if you have a similar 'issue' with OpenShift.
Posted by at No comments:
Labels: , , ,

Monday, 2 June 2014

Deploy Java EE in the cloud with JBoss OpenShift

Introduction 

In the previous blog post I described how you could create Web Applications using JSF and CDI that are running in the cloud with Google App Engine.
Using a database is also possible but is not available for free on AppEngine and that was the reason I didn’t go into detail about it.
But there exists another possibility to host your Java EE application in the cloud, and it has even more possibilities and is much easier, OpenShift of JBoss.
And best of all, you can run them for free if your requirements are not too high. 

What is it?

OpenShift is a so-called PaaS, platform as a service.  So it is not only limited to a server that you can use or a program, like a web server that is available, it is the complete stack. 
With OpenShift you can use for example a WildFly application server and a database instance to deliver you an environment for the execution of your web application. It has also a unique way of deploying you app using a GIT repository.
In this text I’ll describe the Java EE solution that you can use, but there exists also other possibilities like PHP, Tomcat with Spring, Continuous integration server, and many others.  Have a look on their site about the supported environments.

Creating an application

You first start by creating a domain.  The domain will hold one or more of your applications.  The domain name is also reflected in the URL. The structure is as follows
%application%-%domain%.rhcloud.com
You can assign it an alias if you supply this URL to your DNS provider.

Creating a domain is nothing spectacular, you just have to specify the name for it.

Once you have the domain, you can create the web application in it.
And the first thing you have to do when you create an application is to specify which type of application you want.

In my case, I want to have a Java EE environment in the cloud, so I took the WildFly 8 possibility.  As said there are a lot of possibilities and maybe one that I want to mention here also is CapeDwarf. It implements fully the Google AppEngine API’s so that you can migrate easily from Google to the JBoss cloud.

In the next step you have to give some configuration options, like the application name, as said part of the URL, and if you want to have scaling and thus a load balancer for your application.

The creation of the application takes some time, as it is preparing a machine for you with all the software you need.
But when it is finished, you can already go the to URL and see the welcome page of your application, which you want to customise of course.

The overview page also gives some very important information that you need to be able to deploy and use the application.
In the case of WildFly, it gives the username and password you need to be able to log on in the console of the application server. 
It also states the GIT URL that you can use to clone the source of the application locally and start developing your application.
More on those later. 

Database

Since my test application needs some database to store information, I can create it also on the OpenShift platform.

The idea is that you can add additional ‘cartridges’ that have certain functionality and allows you to create the ideal server for your application.
A database is the most common cartridge, but there exists also others like for example a cartridge to execute some scheduled jobs (CRON like)

Regarding the databases, you can choose between MySQL and PostGreSQL but you have also the possibility of using MongoDB.
Configuration is not needed, you add the cartridge and you receive the URL, username and password for the database to access it.
In case of MySQL, the access is through phpMyAdmin that needs to be added if you want console access directly to your database. 

Web application

I talked a lot about setting everything up, because creating your web application is very easy.
If you clone the GIT repository that was indicated on the site, you see that it is maven based. So any maven based Java EE application can be used.
No special configuration needed, no adjustments like with AppEngine. If it runs on your machine, it runs on OpenShift.

Database access

The only thing that took a little bit of research was the URL to my MySQL database that was created.

I found this knowledge base article,  where it is clearly described.

You first have to create a datasource for WildFly in the configuration files.  You can find the standalone.xml file in the .openshift/config/ directory when you have checkout the GIT repository.
You have to leave the placeholders, like ${env.OPENSHIFT_MYSQL_DB_HOST} in the configuration file so that it can properly be resolved at deployment time.

Once you have defined it there, you can define the datasource in your persistence XML file and the application is able to connect to it. 
        java:jboss/datasources/MySQLDS

Deploy

When you push the changes to the remote GIT repository, a lot of things are happening.
First your application and WildFly server are stopped.  Then it is running the mvn package on your new code. And then the server is started again with your new version of the application deployed.  So it can take a minute or more before your push ends due to these tasks.

Client tool

Besides the option to push the code, you also have the RHC client tools. It is a ruby based tool that allows you to connect to your server. You can perform various operations which this tool which are also possible online.
These include things like
Getting started, like creating domain, applications and adding cartridges.
Working with your app as looking at your log, port forwarding so that you can open the WildFly console from your browser, etc
Account management like setting up ssh connections, authorisation, key generation etc..

Cost

OpenShift can be used free of charge.  They work with the concept of gears. Each feature uses one or more gears, categorised in small, medium and large size. 
A WildFly instance takes only 1 small gear and you get 1 GB of space with it. The space calculation takes into account the code and log size and also the database size.
So the database isn’t taking up any additional gear, a load balancer counts also for 1 small gear.
Since you have 3 small gears for free, you can run up to 3 applications with a database on their platform.

Conclusion


With OpenShift it becomes very easily to deploy your Java EE application in the cloud. JBoss made it possible to use a Maven based application that runs on WildFly to deploy it on their cloud infrastructure. No changes needed, only some slight modification for the datasource to access your database also hosted on their PaaS.
Posted by at No comments:
Labels: , ,
Subscribe to: Comments (Atom)