Thursday, September 11, 2014

API Management in WildFly 8.1 with Overlord

I gave a brief introduction about the Overlord project family yesterday. Today it's time to test-drive a bit. The API Management sub-project released a 1.0.0.Alpha1 two days ago and introduces the first set of features according to the 18-Month roadmap.

What is APIMan exactly?
It is an API management system which can either be embedded with existing frameworks or applications or even run as a separate system. So far, so good. But what is API Management and why should you care about it? Fact is, that today's applications grow in size and complexity and get distributed more widely. Add more consumers to the mix like mobile devices, TVs or the whole bunch of upcoming IoT devices and think about how you would implement access control or usage consistently over a whole bunch of applications. A nightmare candidate. But don't worry too much. This is where API Management comes in. APIMan provides a flexible, policy-based runtime governance for your APIs. It allows API providers to offers the same API through multiple plans, allowing different levels of service to different API consumers. Sounds complicated still? Let's give it a try.

The Library REST-Service
Imagine that a public library has a nice RESTful service which lists books. It's running somewhere and usually is not really access restricted. Now someone came up with the idea to build an amazing mobile app which can find out if a book is in the library or not. A next step should be to add the option to reserve a book for a couple of hours, which the old system really can't do for now. Instead of heavily tweaking the older version of the library applications we're going to use APIMan to provide a consistent API to the mobile application and let it manage the authentication for now. The API I'm using here is a simple resteasy example. You can use whatever web-service endpoint you have to play around with.

Getting Started on WildFly 8.1
The project can be built and deployed on a variety of runtime platforms, but if you want to see it in action as quickly as possible you just need to fork and clone the APIMan GitHub repository and simply build it with Maven 3.x. If you use the "run-all-wildfly8" profile, you're ready to instantly test drive it, because it does not only build the project, but also downloads and configures latest WildFly 8.1 and finally starts it for you. It takes a while to build and then start up, so you'd better bring some patience.
So, all you have to do to explore it is to fire up the admin console at http://localhost:8080/apiman-dt-ui/ and use one of the following users to log-in (the "!" is part of the password, btw):
  • admin/admin123!
  • bwayne/bwayne123!
  • ckent/ckent123!
  • dprince/dprince123!

Test-Driving The Quickstart
The documentation is a bit weak for now so I will give you a short walk through the console.
Open the console and log-in with the admin user. Now you can "Create a new Organisation" let's call it "Public Library" for now. The newly created organization shows you some tabs (Applications, Services, Plans, Members). Switch to the services tab and click on the button "New Service". Enter "BookListing" as a name, leave the 1.0 as Version and you might give it a description for informational purpose.
After you click the "Create Service" button you are redirected to the overview page. Switch to the "Implementation" and fill in the final API Endpoint. In my case this would be:http://localhost:9080/jaxb-json/resteasy/library/books/badger (note: it is deployed on a different WildFly instance) Click "Save" when you're done.

If you switch back to the overview page, you see, that the service is in status "Created" and the Publish button is still grayed out. In order to reach this goal, we need to add some more information to APIMan. The next step is to add a so called Plan to the Organisation. Switch back to it and select the Plan tab and click the "New Plan" button. Plans basically allow to group individual policies and assign them to services. Call it "InternetBlackList" and create it by clicking the accompanying button. From the "Plan" overview select "Policies" and "Add Policy" by clicking the button. Define an "IP Blacklist Policy" and enter a potentially malicious IP address you don't want the service to be accessed by.


To be able to publish our service, we need to link the newly created Plan to the BookListing service. Navigate back there and select the Plans tab. Select the "InternetBlackList" plan and click "Save". Reviewing the "Overview" page on the Service now finally shows the "Ready" state and let's us publish it.


Now that it is published, we can actually use it. But we'll take one additional step here and link the service to an application via a contract. Creating a Contract allows you to connect an Application to a Service via a particular Plan offered by the Service. You would want to do this so that your Application can invoke the Service successfully.
Create an application by navigating back to the Public Library Organization and clicking the "New App" button. Call it "Munich", leave the 1.0 as a version and enter a description if you like to; Click "Create Application". The one step left to do is to link the service and the application. This is done via a contract. Select the "Contracts" page and create a "New Contract" with the button. Enter "book" in the "Find a Service" field and search for our BookListing service. Select it. Now you can create the Contract.


The last step is to register the newly created application in the "Overview" page.

That was it. We now have a published service and a registered application. If you navigate to the API page of the application you can see the managed endpoints for the application. If you hover over the service, you get a "copy" button which let's you copy the URL of the managed endpoint funneled through the APIMan gateway.


If you try to access the service through the specified BlackListed IP address, you will now get an error. If not, you get proxied to the service by the gateway.

Notice the apikey query-string? This is the key with which the gateway locates your service and proxies your call to the managed endpoint. If you don't want to sent it as part of the query string you can also use a custom HTTP header called X-API-Key.

What's Next?
That was a very quick and incomplete walk through. But you hopefully got an idea about the basic concepts behind it. APIMan and the other Overlord sub-projects are evolving quickly. They are happy to receive contributions and if you like what you've seen or have other feedback, don't hesitate to get in touch with the project. If you want to see the more API like approach you can also watch and listen to the following screencast. It is a bit outdated, but still helpful.

Wednesday, September 10, 2014

Overlord - The One Place To Rule And Manage your APIs

We're living in a more and more distributed world today. Instead of having individual, departmental projects running on some hardware below a random desk, today's computer systems run at large scale, centralized or even distributed. The needs for monitoring and managing never changed but got far more complex over time. If you'd put all those cross functional features into a bucket it would most likely be called "Governance". This can happen on many levels. People, processes and of course infrastructure components.

What is Overlord?
Overlord is a a set of sub-projects which deal with different aspects of system governance. All four sub-projects are so called "upstream" projects for JBoss Fuse Service Works. But Service Works is even more, so let's just focus on the four for now.

SRAMP
Overlord S-RAMP is a full-featured artifact repository comprised of a common data model, powerful query language, multiple rich interfaces, flexible integration, and useful tools. It aims to provide a full implementation of the OASIS S-RAMP specification.

Developer Links:

DTGov
This component provides the capability to manage the lifecycle of systems from inception through deployment through subsequent change management. A flexible workflow driven approach is used to enable organizations to customize governance to fit the way they work.

Developer Links:

Runtime Government (RTGov)
This component provides the infrastructure to capture service activity information and then correlate, analyse and finally present the information in a form that can be used by a business to police Business/Service Level Agreements, and optimize their business.

Developer Links:

API Management
If you want to centralize the governance of your APIs, this is the project for you! The API Management project provides a rich management layer used to configure the governance policies you want applied to your APIs. Once configured, the API Management runtime Policy Engine can run as part of a standard Gateway or embedded in any application.

Developer Links:

What's going on lately?
Overlord just got a brand new website up and running. Have a look at it and don't forget to give feedback or work on it, as it is also open source you are free to fork it an send a pull request. Make sure to look at the contributor guidelines before.

Monday, September 8, 2014

Developer Interviews (#DI 4) Stan Lewis (@gashcrumb) about #hawtio

Already the fourth edition of my pod- and screencast crossover. Today it was Red Hatter Stan Lewis (@gashcrumb) who took some time to talk about his work and about the hot web-console which is the new front-end for all things JBoss Fabric8/Fuse. He is a Principal Software Engineer at Red Hat and came on board with the Fusesource acquisition end of 2012. As one of the primary developers on the hawtio web console, an AngularJS web application written in Typescript for managing JVMs; he also work closely with the Fabric8 project to develop a poly-container deployment and management platform.

Time to grep a coffee+++ and watch the roughly 20 minute recording. Thank you Stan for taking the time!



If you can't get enough and want to know more, take a look at the recording from this year's DevNation conference, where Stan gave a complete overview about how to extend hawtio.

Tuesday, September 2, 2014

Inside JBoss Data Virtualization - iPaaS Demystified (Part 1)

This is another blog the ongoing series about the Red Hat xPaaS solutions, where I am trying to demystify the acronyms a bit and give you more information about the projects and products composed around it. After the initial overview this post focuses on the first aspect of the iPaaS solution: JBoss Data Virtualization.

What is Data Virtualization and why should I care?
Think of Data Virtualization as of a distinct layer between your business applications and your data-sources. It can also be described as an integration layer for data. So, instead of pulling different datasources into your business application and following a polyglot persistence approach you take advantage of not only the data-access aspects but also get a consistent view on your distributed data-models. All perspectives are encapsulated: data abstraction, federation, integration, transformation, and delivery capabilities to combine data from one or multiple sources into reusable and unified logical data models.



To successfully implement such an approach, you need to follow a three step approach:
  • Connect: Access Data From Multiple Data Sources
  • Compose: Create a Business Friendly Virtual Data Model
  • Consume: Make the Data Model Available to Consumers
Sounds complicated - How Do I Get Started?
There are a couple of different ways to get some first experiences. In no particular order:
The Community Projects
Behind the supported Red Hat solution are:
A short seven minute video introduction by Blaine Mincey:

Web Based SSH Access your OpenShift Applications

I recently came across KeyBox. This is a Apache licensed SSH console for applications in an OpenShift Domain. The cool thing is, that it is completely web-based. And by far cooler: The client is completely written in JavaScript (using term.js) connecting to JSch (Java implementation of SSH2) running as a web-application on the JBoss Enterprise Web Server (EWS 2.0).
This is a quick and easy way to get hand on your machine, if you can't use a native ssh client. And it is a great tool in your xPaaS developer toolbox.

Prerequisites
There's not a hell lot to get started: But you obviously need a free OpenShift account first. After that, install the OpenShift client tools (aka rhc). They require Ruby 1.8.7 or higher. If you want to get the most out of it, make sure to install Git for your system, too.

Installing
Installing is just a one-liner in the terminal:
rhc app create keybox jbossews-2.0 --from-code git://github.com/skavanagh/KeyBox-OpenShift.git
It might take a while, but after the command finished, you can access KeyBox via:
https://keybox-<namespace>.rhcloud.com
All members of the domain can login with their OpenShift account.

Now you can open a SSH session for every application in your domain. KeyBox generates an SSH key pair and associate the public key with the user account for every login.



Make sure to follow Sean Kavanagh on Twitter (@spkavanagh6) and star the KeyBox-OpenShift repository if you like it!