About Me

My photo
Rohit is an investor, startup advisor and an Application Modernization Scale Specialist working at Google.

Friday, October 13, 2017

Pushing WebSphere Application Sever Applications to Cloud Foundry with Open Liberty

Thanks to a  friendly nudge and significant contributions from Michael Wright, I have had the opportunity to reacquaint myself with an old friend - the WebSphere Liberty Profile Buildpack. In case you missed it, in a bold move IBM open sourced the WebSphere Liberty Profile their lightweight application server.  Open Liberty as it is called now is an excellent landing spot for ALL current WebSphere Application Server classic apps. 

To get them running with the least amount of changes WebSphere apps should typically be pushed with the WebSphere Liberty Profile Buildpack. The Liberty buildpack has myriad ways of configuring it with lots of environment variables to control the set of features and WebSphere server configuration and so on ... Here are some best practices to follow a repeatable and simple process of migrating your apps using Open Liberty to Cloud Foundry: 

1. It’s OK to develop on STS or Eclipse, but don’t rely on Eclipse to package the application inside the server configuration.

2. Develop your application with Open Liberty's maven plugin. If you have an existing project convert it to Open Liberty by cloning and copying the build pom.xml from one of the guides.  This is a very similar to a spring boot like experience for JavaEE/EE4J.  An alternate way of developing is to configure the server.xml for your server and then keep copying the app to the dropins folder. 

3. After your application runs locally package a Liberty server with your application in the dropins folder and the right server configuration in the usr directory. This is akin to packaging a fat jar for your WebSphere app. Creating a server package avoids the headache of configuring the buildpack with the right set of environment variables when pushing the app. 
server package defaultServer --include=usr 

4. When the application does run in Cloud Foundry play special attention to this message 2017-10-12T22:59:27.80-0400 [APP/PROC/WEB/0] OUT [AUDIT] CWWKT0016I: Web application available (default_host): http://9e1d0c1c-a318-46eb-7760-0302:8080/war-with-resource/
This informational message reveals your context-root for your application. Context root determination for an app is a multi-step evaluation based multiple files.

The context-root attribute specifies the entry point of the deployed application. The entry point of a deployed application is determined in the following precedence:
- context-root in the server.xml file
- application.xml, if an EAR application
- ibm-web-ext.xml, if a web application
- name of the application in the server.xml file, if a web application
- Directory name or the file name relative to the drop-ins directory of Liberty
My rule of the thumb is NEVER to set a context root and manage the public URL via a Cloud  Foundry route. By default the buildpack set context root for an ear file is "/".

Notes of Caution 
  1. Your application does not need to be cloud native to run on Cloud Foundry. You can push zero factor apps to CF no problem. If the application does not function correctly look under the hood by cf ssh'ing into the container and examine the final server.xml. If your EE resources are not being served or recognized by the container check your list of features and corresponding configuration in server.xml
  2. WebSphere Liberty Profile Buildpack provisions the DEV licensed WebSphere Liberty Profile runtime and NOT the Open Liberty runtime. To avoid licensing headaches you should fork the Liberty Profile Buildpack to provision the Open Liberty runtime instead of the DEV only licensed WebSphere Liberty Profile runtime.

In Closing

If you want to completely avoid the IBM apple cart, an excellent alternative is the TomEE buildpack which also runs JavaEE7 Full , Web and micro-profiles  ear, war,  fat and skinny jar apps. For more on this topic read a previous post yes-we-can.

Replatforming  is just the first phase of your multi-step journey to Cloud Native.  Your ideal end-state is to make the app cloud native and therefore vendor and platform agnostic leveraging the app  dialtone based on the contracts established by the  platform API. 

The Cost Curve of Application Replatforming

Tuesday, October 10, 2017

PCF Is the best place to run Spring Apps

Forgot to mention the auto patching of vulnerabilities by the buildpack. Instead of the developer managing all the middle layers the CF buildpack  curates and maintains this list. 

Sunday, October 8, 2017

Emergent Systems and the need for Chaos Architecture

The ideas below are an amalgamation of key signals from Adrian Cockcroft, Neal Ford, Matt Stine, Russ Miles, Michael Nygard and the rockstar engineers of Netflix who have pioneered Chaos Engineering.

For the long term survival of your microservices system some key concepts have now come together chiefly: anti-fragilitycontinuos partial failure  and evolutionary architecture

Since all of us seem to building networks of distributed microservices there is no way to test the emergent behavior of these systems in test. We HAVE to run controlled experiments in production. Chaos engineering and a chaos friendly architecture is critical for enterprises to maintain availability of their applications and survive breaches.  Adrian Cockcroft in his recent Cloud Native London keynote espoused four layers, two teams and an attitude.

Chaos Engineering is the discipline of experimenting on a distributed system
in order to build confidence in the system’s capability
to withstand turbulent conditions in production.

Chaos engineering is the best continuously holistic function to evaluate a distributed system to withstand impact and external perturbation. So what are the different levels at which chaos engineering

Layer-1: Infrastructure: Lay out the infra. so that there is no SPOF. Multiple zones, regions. app is distributed enough times and enough ways - diversity in the infrastructure

Layer-2: Switching and interconnect. Strategy for interconnecting. NO SPOF => data in more than one place. This will require data to be replicated in a different side of the world. Data needs be more than one disk - in  a different building. Routing needs to transparently handle failover across datacenters. Unfortunately DR routing/failover is the Least well tested set of components in the system. Usually all error handling code explodes at impact. Once the fallen datacenter comes up there is a need to Re-route and re-synchronize - introduce anti-entropy people back into the system. It is critical to regularly test Failover regularly to the backup datacenter. Test HA/DR across data-centers  properly instead of availability theater.

Layer-3: Application Layer: What does app do when it  experiences data loss , n/w connectivity failures, timeouts, error returns, slow responses, network partitions - app hangup - goes 100% busy
Single functions and microservices can be tested to one thing. Lambda is easy to develop for. Unit of testing and deployment. Monoliths lead to combination testing. Lot of variations

Layer 4 People: When machines  mis-behave people really screw it up. Usually folks made it worse. There are countless stories of systems that were thrashed by the operators due to a comedy of errors. It is super-important to practice gamedays similar to how children in kindergarten practice a fire drill.  Chernobyl.  Reboot may be the wrong thing to do when you have services. Play out fire-drills so that when there is an actual fire people take the right action - disaster preparedness.  Practice, Practice, Practice. ... Fire drills

Tools that attack the different layers.
  1. Game Days - exercise outage. Right way everyone is to behave. folks on a call. how to find the dashboards etc. as well digging into details
  2. Simian army- Tests once a month
  3. FIT - Deep injection of failures. CHAP. Chaos automation platform
  4. Gremlin Inc. -  Auto mates chaos engineering scenarios and gamedays.  Undo button. Safer with automation.
  5. There is an excellent catalog tools at the end of the chaos engineering eBook
Two Teams
  1. Security Blue Team/Security Red Team(Break into your site)
  2. Chaos Engineering Team/SRE Team

Companies offer services to make System secure and resilient.
  • AttackIQ
  • Safebreach
  • Spear fishing

Attitude - Improve your chaos posture
- OReilly book - Chap and the Chaos Maturity Model gives a roadmap to improve your chaos game.
- Chaos engineering community day coming up - London this is becoming a thing

If you want to create a system with 99999/99999999 availability it is important to establish  a Chaos Engineering Practice that keeps the team safe, and whole stack reliable.


Go run a gameday. People experienced in simulating outages. easy cleanup.
Start at top and work your way down.