Search

Freitag, 29. November 2019

Small tips for taking Payara to production


Hi all !
This is a small blog how i prepared my Payara application server for production in the cloud!
This blog post is extension of my other blogs about cloud deployment if you interested read here.

Ok , then lets go about how to prepare Payara for the production.
Ask yourself or the developers if you work in company , what kind of services the app server would be responsible for?
After that, you know which services should run on server and which port must be open and which not and must be closed and services disabled and stopped!
Now look at following slides
Then go trough this Payara blog and make sure you fine tune your server.
When you configure your Payara or Glassfish , always restart after each of the optimization, basically use common sense.
Are you sure that your settings are correct then test it , take your stuff into Docker and test it locally, I won't post my Docker file, because it's consists security relative data, but I strongly recommend to test your stuff first locally before to deploy it into the cloud!

Once you tested your stuff locally in Docker container , only then you can deploy it into cloud and hope that it works without any problems.
Further documentation about the Payara configuration click here

Docker important commands and helpful tipps

docker build -t nameofimage .          //PLEASE NOTE YOU NEED A Dockerfile
docker run -itd --name  nameofcontainer  imagename
docker exec -it containterid  sh                   //Here you log in into your container
docker start containerid
docker stop containerid
docker rmi $(docker images -q)            //Wacht out wiht this it removes all your images! docker logs --follow containerid//Sometimes you need to follow what container doing 


Short info about Docker file:
i prefer to use RUN better then CMD (yes i know that it will be a multilayer sandwich, but you can peal the layer) and at the end you need a ENTRYPOINT or else your container will die , but the real reason its just can hook your sh script believe me i tried!
Instead use at the end of your docker something like this

CMD ["java","-XX:+IgnoreUnrecognizedVMOptions", "-jar", "payara5/glassfish/modules/admin-cli.jar", "start-domain", "-v"]

I must admit the syntax of Dockerfiler is not good , what the purpose of  &&\ ?
Yes just to put one by one command in a row when you use RUN.
Then it means do that &&\ do that too,  its kind of mess for my taste , but still it works.

Expose is not exposE at all! wtf!
Well this is true mind blower so make sure that you provide info for -p like for example 8090:8090 etc, when you run your container!


Docker make the life for java developer not easy, because of the way how Docker runs, one services only its difficult to bypass it you have like 2 process which you need, i wasnt able to do that at all!!!
I was able to start my payara server only , one service only ;)
The concept of the Docker anyway to implement Microservices, so one service per Docker container and they really mean that , if you try to stick two permanent services in one docker container it just quits or "freeze" with last command!


Donnerstag, 28. November 2019

Cloud providers evaluation/comparison matrix ( highly subjective review) ! Case small enterprise moving Oracle ADF to Cloud

This ongoing blog about my experience with major cloud providers read my first blog about cloud, by all means this is not  a conclusive and definitive review of mentioned here cloud providers services! 

Cloud providers are in constant change!
What was in the past can be wrong in the future and vice versa  this is rather subjective review!

For my rating I will use following rating system:
By the question in table its referred to the previous blog.
*   very bad experience, very unproductive
** just bearable experience, takes a lot of time and effort
*** average experience is ok
**** good experience, fast and reliable
***** awesome cool , easy going! ;)


One last thing, I do not consider myself very skilled in cloud stuff it’s a subjective opinion!!! 

I run small business and it can be very different situation in your case , when you run for example big enterprise stuff and kubernetes!

For each of the cloud providers I will add the additional blog post with screenshots of the experience and my comments  what was my thinking process during the whole deployment steps.

The order in the table organized in the order of cloud provider usage!

Q
1
*** *** ***** *****
2
** *** ***** *****
3
** ******** ***
4
*** *** ***** ****
5
*** **** **** *****
6
*** ***** ***** *****
7
*** *** ***** *****
8
*** ***** ***** *****
9
***** *** ***** ****
10
***** ***** *** *****

Docker deployment into Microsoft Azure

Microsoft Azure

Date when this services were used: 10.02.2020

1.   How much does it costs to run the small webapp in the cloud?


But you need to review following:  subscription agreement     prices   privacy statements

Registration experience:

Microsoft requires valid mobile phone and credit card for the registration and it checks if you already registered, so in my case no free subscription stuff , because i previously used Azure services ;)

Lets create costs control


Budget Control
In my case I have cost management base on usage



Ok so basically for my subscription plan there  no budget control, well this kind of odd, pretty average experience i can only say, remember I don’t use free plan, strange, oh well lets proceed further.

2. How fast your app can be deployed into the  cloud?


First look at standard view which you see at your azure home, there I type registry in search input field.
Lets create private registry in Azure


because I don’t have luck with free subscription stuff  I would try to use minimum one, which is “basic sku”.
The registry was created pretty fast, now fun stuff is deployment of my Docker container into the registry.

this what I got before the container deployment.



Now let's look at quick start docu which cool and great and easy accessible, at the azure container registry page.
There, note the access keys and generate password simply by activating the admin user in access key, there you see your credential for working with azure registry.
Here the result of my login which is successful (this actually a proof that its pretty easy to access Microsoft private registry if this admin option activated)


finally my docker image was deployed to private Microsoft azure registry, by the way my docker image only 840 mbs ;)
So how much space left on my container registry then ?

3. How easy the configuration for the deployment in the cloud?


Now lets deploy the docker container into eks ;)


 , so this is what you see first when you search for Kubernetes

Click on kubernetes services


Here you need to specify your cluster name and dns name prefix.
Kubernetes version well I prefer to use default.

Now lets look at more interesting stuff running nodes I picked b2s and I hope its pretty sufficient for my docker container.


so I decide to use  b2s and 1 node

Autoscale? No ;)



next options I leaved as default, then the azure monitor I say I don’t need it.
No tags and then just after review click create.

From this point Azure creates a Kubernetes Cluster with one node .

By the way did you notice the notifications which Azure produced the whole time, I think its pretty cool feature, because its not in your face but still make aware that something happens.

After the Kubernetes cluster was create its time to deploy the docker container to kubernetes
So there exist a kubernetes dashboard here is explanation how to activate it!

in console type: az aks browse --resource-group resourcename  --name kubernetesclustername
or just: kubectl proxy

so log into your kubernetes console

(FOLKS ATTENTION IMPORTANT TUTORIALS BELOW)



Create token trough this tutorial in order to access the kubernetes dashboard


So I finally i get to the dashboard!

Please notice, here is the part how to obtain the address of your private azure private registry?!
Go to your registry click on repository and look for box where yourimagename:latest
Now you need to generate a secret key which you can then you must use during the deployment its described on kubernetes  tutorial how to create a password

Without creating this password and using it in kubernetes dashboard , you wont be “allowed” to deploy into kubernetes

In my opinion its not so great to have such granularity, my experience was kind of average,  again learned a new trick how to deploy into kubernetes so the experience was quite great! ;)

AND IT WORKS!!!! , simply  put ! Was it hard for you? For me it took a while to figure it out (like the whole process less then 1 hour).


4. How can you scale resources in the cloud for your application?

I would recommend to use the kubernetes dashboard its very simple and obvious, well
and there in the Azure exist Node Pools feature (in Kubernetes service) and 
using it a lot of fun. ;)

5. Which additional services provide the cloud provider for extending your app?As usual more storage, security stuff, I say there exist enough of feature to expand and monitor your app


6. How easy it would be to move the webapp to another cloud provider if you find better prices, which other cloud provider offers you?

If you stay truly to “kubernetes way” , there actually only small amount of work (thinking about secret password for private registry) , but overall if you don’t keep yourself to much dependent on external Azure services , you wouldn’t have any pain to change the cloud provider, having said that switching the cloud provider can be very costly even if you don’t depend too much, but you have a lot of data like petabytes and moving all those bits trough secure vpn tunnel cost not only money but the time and I always say to business you should always pick your cloud provider with common sense and understand, that is a strategic decision which should be taken not lightly.

7. What kind of tools you need to know to be able to deploy into the cloud?

As usual CLI and web console, personally I prefer to use web, yeah some old folks say CLI all the way , but having too much devops work couldn’t be the main goal, my main goal is to be productive and spent less time on administrative site and more on development site, anyway Microsoft done good job with Azure I can recommend it.


8. Is there any additional maintenance for you app?


It depends , if you use a lot of databases , there you need to calculate how much it will cost to migrate all your dbs into cloud, its very difficult to decide you need to do performance checks and make sure you have backup plans if failures happens, I say use common sense.

9. What kind of tools does cloud provider give you to analyze the performance of your app?  



For my small project it would be too much, but it looks nice, if I compare of google tools I must say google per default provides monitoring tools , Azure have different monitoring tools, which in my opinion can offer even more clear picture then default google monitoring tools.

10. How secure the cloud environment where i run my app?

In my opinion security will be a blade with both edges with witch you can cut yourself. ;)
So what did Microsoft in Azure security wise, they offer a lot things like authorization and authentication  and if its not enough you can add additionally firewall rules.


One thing people should consider security is very flexible domain, you can do outside protection as long as you wish, but you can be owned indirectly trough bugs or exploits in your web application.

In my short time I wasn’t able to do a lot of security wise tests, but I am sure in enterprise environment with enough security specialist it's possible to make very secure Azure based Webapp, security must be maintained on 24x7 base and even then 0 day exploits will be really a danger. Here I can only think about IAM security policies in AWS, which can be very difficult to understand.


Conclusion:

Microsoft Azure really one of many great cloud providers, great tools and great documentation and even better pricing strategy if you compare my experience with AWS , where I was quite surprised by the invoice which AWS produced, one thing which I think Azure must improve is a Pay-As-You-Go subscription , I was actually able to create the budget , but It did happened only after I started to use kubernetes service its quite interesting observation, but I am not surprised, the price of nodes were quite obvious at the beginning. Here is my page currently online  on azure, i hope when you access it , it will work , if not then just write me the comment or send a message to my twitter 



Docker deployment into Google CLOUD

Google Cloud


Date when this services were used: current , day to day basis!


So here is the review of Google Cloud in regards to what i said in my previous blog.

Google cloud tools: console.cloud.google.com  , very good docu on docker in google cloud.
 
Honorable mentions:

Finally i can answer my 10 important questions about Google cloud:

1.    How much does it costs to run the small webapp in the cloud?
You need to enable the billing first for you project , after that you have (what was in my case)

Or you start without this free trial, which i did  and i paid less then 10 Euro for my site www.javaprofide.de

2. How fast your app can be deployed into the  cloud?
https://cloud.google.com/container-registry/docs/pushing-and-pulling?hl=en_US  gone trough this tutorial and i was pretty fast, when i think about my experience which was great!

3. How easy the configuration for the deployment in the cloud?
Pretty easy ! Awesome actually and you don’t need Kubernetes for that, if you need interesting tipps read here about cloud run!
Google cloud have command line tool for working with google cloud.
I must say it is one of the best experiences which I had working with cloud!
Run `gcloud help config` to learn how to change individual settings

Actually if you need kubernetes you can do that pretty easily!
you need to do some clicks and voila it works  check my site by the way which runs on google!

4. How can you scale resources in the cloud for your application?
Through Google Cloud Kubernetes you can create, delete and scale the size of your cluster and as i mentioned you can use the Google console for this work! The experience was really good!
You can even run your cluster on SSD ! I used the web interface to configure my cluster and all was pretty clear and understandable, the amount of hardware and the availability zones were pretty satisfied. 

5. Which additional services provide the cloud provider for extending your app?
I use Google Cloud DNS for managing my domain name it , this youtube video explain how to setup your Google Cloud DNS  , i didnt used the google docs for that, but the experience overall was not bad, actually good one.

6. How easy it would be to move the webapp to another cloud provider if you find better prices, which other cloud provider offers you?
I think there no problems on my side, my webapp is stateless and i don't use any databases in my app, if you do use database in your app and you already was able to dockerize it, then if it make sense in your case you should evaluate the cost running it in Kubernetes, i still struggling to understand how Kubernetes really works, but i see if you have container with volumes then things like speed, authorization, authentication can impact the overall performance of your application, my best advise build stuff locally and test it, its kind off crazy how many times i see clients which do not test the docker set up locally and then try to configure it in the cloud , i say if you have no resources to test your docker stuff locally , then don't migrate to cloud, otherwise test it before the actual deployment happen !  In my case again, i take out my container from the registry and deploy it to another cloud provider registry , then from there i can deploy the container to the kubernetes of other cloud provider set up load balancer and then later the DNS set up and THAT'S IT! 

7. What kind of tools you need to know to be able to deploy into the cloud?
Docker , Docker and once again Docker! Sure knowing the Kubernetes feature cool too, but i say to get started in the Cloud you need to understand Docker, in my case with Google Cloud it was pretty easy and fun, once again if you have stateful app, then more work into dockerization should be put, but if you use Google Cloud service there no need to work directly with console !
If you need console access it is provided by Google Cloud and i found this as good solution.

8. Is there any additional maintenance for you app?
Well sure if you develop and deploy on daily basis you build new container image and deploy it to registry, then you need to tell Kubernetes to take the new deployed container to update the corresponding pods in Kubernetes , after that it runs pretty fast and awesome, personally i just do dumb stuff delete of current docker container, then go to kubernetes and say delete cluster node and create new one, it takes some time and in the future i just will use kubectl to update the container in kubernetes pods, sure if you have more complex docker setup it probably take more time , but overall my experience running kubernetes in Google Cloud was awesome.

9. What kind of tools does cloud provider give you to analyze the performance of your app?Google Cloud gives you more options all is configurable!



10. How secure the cloud environment where you running your app?
Well i must say its secure enough, but i didn't done any security testing for my webapp, but the amount of open ports to internet is configurable, through load balancer and there on main home view of your google cloud services you can see the amount of error which your app produces, sure big concern of any middle size company is how secure the data stored on google cloud premises, i sincerely can't answer this question, Google has commitment to have stable , fast and reliable data centers and in any point of time i didn't experienced any downtime on my site , one notable thing in Google Cloud after you deploy your container to registry, Google Cloud automatically verify your container for vulnerabilities

So i must say its good enough to trust Google (in regards to cloud services!), but if you want to be sure, you need own security stuff or hire contractor to test your security to make 100% sure that no one can hack into your system!

Conclusion: 
Kubernetes is tool which was developed by Google so it's obvious to me that experience of using this tool in Google Cloud will be most fun and enjoyable, finally what i must say its the speed of deployment if i compare with IBM and Oracle clouds , i must say Google don't ask for credit card in advance , sure you will be billed too , but this is quite different experience in comparison to IBM and Oracle clouds. 
I am still working on review of further cloud providers (IBM, Oracle, Azure, Amazon AWS), but i definitely see that Google wins in regards of speed of deployment and the tools which Google provide to developer  are simply easy and fun to use.

Interested in more reviews?
Lookup following comparison table of other cloud providers.

Docker deployment into Amazon AWS

Amazon AWS

Date when this services were used: 24.12.2019

Hi folks, this time i will blog about my experience deploying my Oracle ADF application into the Amazon AWS Kubernetes.
It's good to know how big the Amazon infrastructure really is , so here is map for current date 24.12.2019 , for more information look up on amazon infrastructure site

As you can see there lots of servers which Amazon provide to their clients. 

Let's do then hands on experience:
Read this tutorial about how to deploy docker containers in AWS
Then the first thing which you should do is to create a repository ECR , read the tutorial how to setup ECR.

Further more read the tutorial get started with ECR.

1.   How much does it costs to run the small webapp in the cloud?



The first 12 month its complete free!  WATCH OUT ITS FREE BUT NOT FOR ANY TYPE OF INSTANCE ,  if you select for EC2 other resources and not the micro instance you will be charged for using such powerful instance!



This then FREE!!!



Notice for my case i wasn't able to run on micro stable, thats why i picked medium machine!

Here is my bill for one month of Kubernetes usage in AWS i did run my site on different instances !


Selecting a plan wont change things a lot , but maybe if you serious enough to go with cloud AWS you have following options:



But you need to set up a budget in AWS and make sure that no wrong bill will be generated! 
Setting of the budget was pretty easy like for my taste, so there would not be any setup hassle in this regards.


2.  How fast your app can be deployed into the  cloud?

First, you need to create a repository!
1. Go to ECR and simply generate your repo , don’t forget to choose the region where you want to store your docker stuff , in my case it was Europe, in your case it will be other region, the experience can be different.
After that you need to install Amazon command line utilities shortcut as cli to your local workstation, as I said in my previous blogs I use RHEL , so lets install and go trough this AWS tutorial  in order to be able to push docker container into AWS registry!

“You need a red card for opening this door”  some random Doom guy......

For further steps your need to obtain your keys!

Tutorial how to get access to keys!!!

Then configure your aws tools on your local machine, oh gosh and I thought that it will be automatic  like in google cloud lol!

Here is example how to configure your AWS CLI

In one of the steps there is mentioned info for retrieving docker login , so do docker login first! Only then you can push it to registry !
now go back to the ECR  in aws cloud where you did created your repo and click on View push commands, there you will see commands where you actually can see how to push your docker image to aws cloud private registry!

Personally I think AWS as cloud provider should put it in bold and underlined and mentioned that you need after installing CLI on your local machine additionally need to configure aws tools, it was not obvious to me, but still I was able to push my docker container to the repo and I happy about it!
Finally , are you read to deploy it into your AWS EKS cluster ? 


Me too , well then do it!  Click on EKS 
Specify cluster name and click next
It takes in some case more the 15 minutes to spin up the cluster, so do something else during this process.


Oh no , I did not specified the IAM role, well go to the IAM roles, you need EKS role and others ECS, because your Kubernetes will be managing your clusters, now was this so hard ?


Let’s see! Not only you need EKS role, but you need Elastic Container Service
Elastic Container Service Autoscale, how I know about this?  well , if you create your new kubernetes cluster AWS need IAM roles , and without this minimum set up it would not allow to create a Kubernetes cluster.
–Then you need to specify your Subnets, AWS need minimum 2 , so there is no other minimum choice that to use only 2. Don’t  forget to activate your security groups too. Logging, well for my small site I don’t need that, but if you have big project well you should definitely do that.

Then you have tags , so basically, one last thing is to deploy from aws registry the docker container into the EKS. It take a while to spin up those pods …..

Now to the fun part where we deploy our container to Kubernetes !!!

Read this tutorial about ECR on EKS

Click on add node group, oh no I forgot that I need IAM Role for create node!!!!!
You need EC2 role !!!! Go back to IAM role and assign it in IAM!

There you need AdministratorAccess (Provides full access to AWS services and resources)


There actually even more roles, lets apply it! EKS – Nodegroup and read again the tutorial 

Well from this point I was puzzled what I need in order to create my worker nods? Which roles I need to create and assign to IAM ?


If you create new nodes aws require that you specify the role for your node!

Ok I figure it out, got to your iam click on role EKS and assign as showed in the following youtube tutorial ! 

It should look like in picture below (after you specified the IAM role in your node creating view! )


In my case i wasn't able to run my site on micro instance but rather on small instance, well then i post here the bill which amazon will charge for running small instance , interesting.

Now lets do the other stuff!

We need to deploy the container into Kubernetes cluster!!!

Read this tutorial how to install web ui for Kubernetes, trough which later we able to deploy the container, there is no obvious need to write yml file like in my case!

One thing to mention that your running the Kubernetes UI via Proxy on your machine, but it's better experience then doing trough yml files via console, because then you don’t need to create deployment yml files at all, i hate doing that manually , do you?!

During the deployment via kubernetes web ui there would be a questions about
Port and target port, I was quite puzzled what it means but, you need to set up port for incoming request and the target port where your server or app configured to response in your docker container!

Its actually pretty easy, you start up your kubernetes web view, then there you will find deployments page , where you need to specify the name of your webapp, url to container image and as i already mentioned the ports (here i do reference for external type of deployment)

Here is a list of useful tutorials about Kubernetes web view, please notice the links below  on kubernetes page will be after some time unavailable so i recommend to save them as pdf files and store in your storage for further reference!


FINALLY HOW TO GET THE PUBLIC ADDRESS: you need to run this command on your local machine , where your kubernetes aws configured: kubectl describe services

3.  How easy the configuration for the deployment in the cloud?

First, you need to be registered in aws, if you use amazon already, use another email address to get the full benefits as new aws user!

After registration you will see the select support plan page, well obviously I select a free plan ;) Then you see following page with 10 Mins Tutorials, which i honestly skipped 

Then you see the aws services !


Most of time i spent understanding how IAM roles apply to the whole Kubernetes setup, and then just setting the stuff up in IAM.

Then there additional maintenance , i executed on both my instances the update command eg sudo yum update, make sure that all of your instance working, i was amazed when i connected to all of my instances and the were in freeze state, then reboot helps.

4. How can you scale resources in the cloud for your application?
When you did configured your local kubernetes cli on your local machine you can directly work with aws , but like for my taste its too much work , using web ui is actually better.

5. Which additional services provide the cloud provider for extending your app?
EC2 and others, they exist but you need always think about IAM , without proper IAM configuration it would not work.

6. How easy it would be to move the webapp to another cloud provider if you find better prices, which other cloud provider offers you?
If you have your stuff only in Docker container, then it would be pretty easy, if you rely on the Amazon cloud provider services, then it probably would not be easy and further time need to be invested to figure it out if another Cloud provider can offer same services.

7. What kind of tools you need to know to be able to deploy into the cloud?
As i mentioned early you need to use the aws cli and the kubernetes kubectl tools, the web ui of AWS is powerful too, but in my case i spent some time configuring the Kubernetes web ui, so that i can deploy my docker container in the simplest way possible.

8. Is there any additional maintenance for you app?
Maybe if you use Amazon Dynamo DB or other services , there would be actual need for maintenance, but in my case once deployed my Docker container it works pretty well.

9.  What kind of tools does cloud provider give you to analyze the performance of your app?
For Kubernetes you need to install web ui , to get a clue how well its running, luckily Amazon provide enough information to run Kubernetes Web UI trough proxy on your machine. Sure it would be better if Amazon would provided default web tools about the state of your kubernetes cluster, but i don't think that's a big no go.

10. How secure the cloud environment where you  running your app?
I think the security is pretty tight, because most of your time, your will spent with working with IAM roles  and understanding them is a must for running your stuff in production.

Conclusion

Amazon AWS is another great Cloud provider i must say even with given short amount of time i was very productive and more then able to deploy my webapp to AWS Cloud.
There maybe some issues with Amazon AWS tooling, i don't like to write yml and work trough console only, i love doing the setup through web ui's, but maybe some senior type AWS cloud engineers would disagree with me and thats ok , speed over quality or quality over speed will be always a challenge in IT field.
Overall my experience with Amazon AWS was great and once again Amazon is one of major leaders in the Cloud services, so definitely try it out for your business!
Here is my page currently offline on aws , i hope when you access it , it will work , if not then just write me the comment or send a message to my twitter 

Interested in more reviews?
Lookup following comparison table of other cloud providers.

Blog-Archiv

Blog readers favorites