Post on 06-Apr-2017
1 05/02/2023
InterConnect2017
HAJ-1842 Liberty Deep Dive
Alasdair Nottingham - STSMWAS Liberty Architect @nottycodeErik HochstedtLiberty Dev Lead
2 05/02/2023
• Lightweight• Fit for your purpose• Simple• Zero Migration• 5 years old this year
What is Liberty
3 05/02/2023
Fast & Small Startup
Liberty 16.0.0.4 Tomcat 9 M11 WildFly 10.1 TomEE Plus 1.7.4
0
1
2
3
4
5
6
7
8
9
Startup Time
Liberty 16.0.0.4 Tomcat 9 M11 WildFly 10.1 TomEE Plus 1.7.4
0
50
100
150
200
250
300
Footprint
4 05/02/2023
Excellent Throughput
WAS trad 9.0.0.2 Liberty 16.0.0.4 WildFly 10.1 Jboss EAP 7 Glassfish 4.1.12500
2700
2900
3100
3300
3500
3700
3900
4100
4300
4500
Req/sec
Req/sec
5
Fit-for-purpose server
• You control which features are loaded into each server instance
Kernel
<feature>servlet-3.1</feature>
servlet-3.1
http-1.1 appmgr
<feature>jsf-2.2</feature>
jsp-2.3 jsf-2.2Java EE
zOS
ND
Core
Base
New in 1Q17
New in 4Q16
New in 2Q16
New in 3Q16
Java EE 6 subset
couchdb-1.0mongodb-2.0 wsSecurity-1.1
javaee-7.0
batchManagement-1.0
rtcomm-1.0
rtcommGateway-1.0sipServlet-1.0 wsSecuritySaml-1.1
mediaServerControl-1.0wsAtomicTransaction-1.2cloudant-1.0
scalingController-1.0scalingMember-1.0dynamicRouting-1.0collectiveController-1.0
clusterMember-1.0healthManager-1.0healthAnalyzer-1.0
zosConnect-1.2zosLocalAdapters-1.0 zosSecurity-1.0zosTransaction-1.0 zosWlm-1.0
zosRequestLogging-1.0batchSMFLogging-1.0
Programming Model SecurityProduction
webProfile-6.0
distributedMap-1.0
openid-2.0
openidConnectServer-1.0openidConnectClient-1.0osgiAppIntegration-1.0
spnego-1.0
collectiveMember-1.0restConnector-2.0
sessionDatabase-1.0
ldapRegistry-3.0
webCache-1.0javaMail-1.5
osgiConsole-1.0
json-1.0
timedOperations-1.0
monitor-1.0
oauth-2.0
serverStatus-1.0wab-1.0blueprint-1.0
webProfile-7.0
eventLogging-1.0requestTiming-1.0
adminCenter-1.0
concurrent-1.0 bells-1.0
samlWeb-2.0
httpWhiteboard-1.0
federatedRepository-1.0constrainedDelegation-1.0
osgiBundle-1.0passwordUtilities-1.0
bluemixUtility-1.0
apiDiscovery-1.0
logstashCollector-1.0
scim-1.0microProfile-1.0 jwt-1.0
productInsights-1.0 transportSecurity-1.0
Liberty Features
7
Simple Config
<server> <featureManager> <feature>jsp-2.3</feature> </featureManager>
<webApplication location=“myweb.war” contextRoot=“/” />
<applicationManager autoExpand="true"/></server>
server.xml
-Xmx1g-Dsystem.prop=value
jvm.options
WLP_OUTPUT_DIR=/usr/wlp-out/
server.env
8
Composing Config
<server> <httpEndpoint id=“defaultHttpEndpoint” host=“${host}” httpPort=“${http}” httpsPort=“${https}”/></server>
configDropins/defaults/common-http.xml
<server> <include location="https://myHost/ports.xml”/> <variable name=“host” value=“${my.host}”/> <variable name=“http” value=“${my.host.http}”/> <variable name=“https” value=“${my.host.https}”/></server>
configDropins/overrides/ports.xml
9
Security
• Security by default
• No remotely accessible ports
• Enable admin, enable security
• Enable ssl using ssl-1.0
<feature>restConnector-1.0</feature><quickStartSecurity userName=“admin” userPassword=“{hash}adSDwijgnb==“/>
<feature>transportSecurity-1.0</feature><keyStore password=“{aes}adSDwijgnb==“/>
<httpEndpoint id=“defaultHttpEndpoint” host=“*”/>
10
App Security
• Feature to enable
• Configure security role bindings in server.xml
• Configure registry
<feature>appSecurity-2.0</feature><webApplication location=“myweb.war”> <application-bnd> <security-role name=“user”> <group name=“myGroup”/> </security-role> </application-bnd></webApplication>
<feature>ldapRegistry-3.0</feature>
11
Class Visibility - Parent First
JVM
rt.jar jce.jar jsse.jar
Application Server
runtime.jar libx-1.jar was-util.jar
Web Application
myapp.jar libx-2.jar myutil.jar
1
2
3
✗
✓
• App Server & Application use open source library
• They use different versions• When application loads class in open
source library, the app server copy is found first
✘ Application fails as class is not compatible
12
Class Visibility – Parent Last
JVM
rt.jar jce.jar jsse.jar
Application Server
runtime.jar libx-1.jar was-util.jar
Web Application
myapp.jar libx-2.jar myutil.jar
3
2
1✓ • App Server & Application use open source library
• They use different versions• When application loads class in open
source library, the application copy is found first
✘ If application contains Servlet classes then the container can’t use the Servlet classes so application fails
13
Class Visibility - Liberty
JVM
rt.jar jce.jar jsse.jar
Application Server
runtime.jar libx-1.jar was-util.jar
Web Application
myapp.jar libx-2.jar myutil.jar
1
2✓ • App Server & Application use open source library
• They use different versions• When application loads class in open
source library, only API class loads are delegated to the application server classloader
✔ Application gets the open source class it wants, server and application agree on servlet
14
Zero Migration
• Zero config migration
- Write once, run forever
• Zero migration for apps
- No behavior changes in existing features- New behaviors in new features
• Choose your Java
- Java 8, 7, or 6*- IBM, Oracle, Open JDK
16.0.0.4
17.0.0.1WLP_CONFIG_DIR
app1Svr
app2Svr
15 05/02/2023
Continuous Deploy
TestBuild Package
zip
DeployCode
Script Client
Standalone Server Farms
WAS WAS WAS
IHS, DP, or generic HTTP
Load balancing and session affinity/failover
Operations target individual servers
Web server plugin is a merge of the individual servers’ plugins. Session failover uses DB or session cache.
HTTP/S
WAS WAS WAS
WAS
Liberty Collectives
liberty liberty liberty
liberty
controllers
liberty liberty liberty
IHS/DP
collective
Script Client
Operations target individual servers or clusters
HTTP/S Load balancing and session affinity/failover
libertylibertyliberty
Liberty Dynamic Routing
liberty liberty liberty
liberty
controllers
liberty liberty liberty
IHS/DP
collective
Script Client
Operations target individual servers or clusters
HTTP/S Load balancing and session affinity/failover
libertylibertyliberty
get dynamictopology
AutoScaling & Dynamic Routing
<scalingPolicy name=”policy1” min=”3”> <metric name=”heap” max=”80”/> <bind clusters=”cluster1”/></scalingPolicy>
Administratively defined policyliberty liberty liberty
liberty
controllers
liberty liberty liberty
IHS/DP
dynamicstart/stop
get dynamictopology
collective
Script Client
Operations target individual servers or clusters
HTTP/S
clustermembers
Load balancing and session affinity/failover
libertylibertyliberty
• Policy bound to app clusters• Automatic start/stop of JVMs to scale up/down capacity.• Dynamic routing• Health management
Liberty and Docker
app and config
liberty and java
docker
+
+os config
+ =
portable container
Private IaaSWAS PatternsPure App System
Local Docker host
Third-party PaaSOpenShift
CloudFoundry
ApprendaPublic IaaS IBM Softlayer
MS AzureAmazon AWS
Last Year
21
16.0.0.22Q16
17.0.0.11Q17
16.0.0.33Q16
16.0.0.44Q16
oauth token propagationdefault map role to groupenhanced password utilsjaxrs SAML tokensapiDiscovery enhancedzosRequestLoggingjaxws policy attachmentsdashDB service plugin collective docker & nodewdt docker dev enhancedwdt swagger enhancedmigration tools enhancedinstall consolidationserver pckge file perms
json web token issue & acceptvmm custom adapter spijsse helper apicollective user cert docplugin config auto generation restConnector-2.0 featurez/os local adapter for imsasync tcpip for zosunwrapped jdbc vendor apissqlj for db2java batch logs from native clibatchSMFLogging-1.0 featurejava batch events to jmsjava batch multi-files prop/parmwdt custom p/w encryptwdt jax-rs gen from swaggercloudant-1.0 featuremicroProfile-1.0 featurenode.js in docker + autoscale
Plugin config util for clustersmerge jvm.options fileslogstashCollector w/binary logz/OS angel management +arbitrary SQL at connection initDB conn validation/pretestMS SQL 2016 certificationbatch events at timer intervalsAdmin Center Batch tooljwt-1.0 & enhancementsWindows serviceWAMT skeleton server.xml genWAMT pre-deploy app analysisWDT docker workspace appsWDT fine-grained auto featureWDT apiTypeVisibilty
Override deployment descriptors in configurationIBM Cloud Product Insights integrationDynamic Routing support for routing rulesRoute to same app in multiple collectivesApi discovery works without authentication.Customize swagger UI cssAdminCenter batch job stop/restartOutbound SSL config independent from inboundLog dates in ISO formatPause HTTP traffic
22
Customer Requirements• Please, create and vote on Requests For Enhancement
https://www.ibm.com/developerworks/rfe/execute?use_case=submitRfe• Also: lab advocates, workshops, WASdev forum and others• Are we delivering?
16.0.0.3
SQLJ 19
Plugin merge tool 18
Batch CLI restart 6
Batch CLI param files 5
16.0.0.4
Windows service 51
DB test on connect 47
CMD-line plugin generation 12
17.0.0.1
Outbound SSL (partial) 55
API explorer fixes 21
Batch SMF records 16
Custom DN in routing cert. 14
Pause/Resume HTTP 12
OIDC Cluster support 9
ISO data format 5
Raw kerberos token 5
Routing rules 4
Binding overrides 4
Liberty Top 10
Outbound SSL 55
OAuth PKCE 31
Custom roles 28
HTTP 2.0* 27
Admin/App traffic 27
Config merge view 26
HTTP method restrictions 24
IIOP Txn propagation 24
Collective bulk update 15
Collective cert. SAF 14
23
WASdev.net
24 05/02/2023
Notices and disclaimersCopyright © 2017 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.”
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented
as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
25 05/02/2023
Notices and disclaimers continuedInformation concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular, purpose.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services®,Global Technology Services®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli® Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
26 05/02/2023
InterConnect2017