Wednesday, November 26, 2014

Developer Interview (#DI 8) - The Red Hat Devoxx Keynote Demo Team explains it all

The last blog post about Devoxx and what happened there. Promised. But I really wanted to do this very special developer interview with the team behind the Demo. You already know everything about the technical details behind it and now it it time to let those speak, who actually implemented it.

Sit back, relax and get a #Coffee+++! Thanks to the team for taking the time!



Sebastien Blanc (@sebi2706) - Red Hat, Mobile, AeroGear, Unified Push Server
Erik Jan De-Witt (@edewit) - Red Hat, JavaScript, Node.js, AeroGear
John Frizelle (@johnfriz) - Feedhenry by Red Hat, Architect
Arun Gupta (@arungupta) - Director of Developer Advocacy at Red Hat
Ben Pares (@bparees) - Red Hat, OpenShift, Lead for xPaaS

Tuesday, November 25, 2014

JMS with JBoss A-MQ on OpenShift. Lessons learned about remote Clients and Encryption.

OpenShift is the "open hybrid cloud application platform by Red Hat". It comes in different flavors and the most interesting part for most of the things you want to do is the public cloud application development and hosting platform "OpenShift Online". You can easily try it out because using OpenShift Online in the cloud is free and it's easy. All it takes is an email address. The free offering allows for up to three basic small gears and host up to three applications from a variety of different languages and frameworks. If you need more, you can upgrade your plan to a paid version. For more details look at the online feature comparison website.

JBoss A-MQ on OpenShift
The Java Message Service is an effective method for cross-system communication, even among non-Java applications. By basing itself on open source technologies and strong standards, RedHat OpenShift allows developers to easily move their JMS applications to the cloud or write new systems that leverage JMS messages with encrypted internet connectivity.
This post will cover the means for using two major applications: WildFly 8 for hosting web applications, and JBoss A-MQ for asynchronous messaging. Both applications can run on gears within the free tier of OpenShift.

Creating an A-MQ Gear
By deploying A-MQ to the OpenShift cloud, your gear will receive several publicly accessible ports. Client systems can then use these remote ports to connect to your A-MQ service. The endpoints require encryption, so no JMS message will ever be sent in plain-text across the internet.
The first step in creating your A-MQ gear is to clone the existing JBoss Fuse A-MQ cartridge. For those interested in cartridge management, you can view full details on this cartridge. (Note: If you are looking for an upstream cartridge with ActiveMQ, take a look at this blog.)
rhc create-app amq http://is.gd/Q5ihum
Upon creating, the gear provides three important pieces of information:
1. The administrative password that you will use to log in to JBoss Fuse, for managing A-MQ.
2. A new public key that clients must have in order to communicate with A-MQ. This
information looks like
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
3. A list of public ports A-MQ is using for remote connections.

Managing the encryption on OpenShift
The difference between clients and your OpenShift gear is that OpenShift needs the private key. If you need to change the keys, the keystore file is FILENAME. If you change keys, clients must have the public key before they will trust it. If you change the keys, you must restart the gear. If you forgot to copy your certificate during gear creation of you changed the keystore and need to extract is, use the following commands:
keytool -list -keystore ~/jboss-amq/jboss-a-mq-6.1.0.redhat-378/etc/keystore.jks
keytool -exportcert -alias (whatever it says) -keystore -file openshiftamq.cer
Download the openshiftamq.cer file using an SFTP client and configure clients.

Managing the encryption on clients 
1. Copy the text of your key into a file called amqpublic.cer. Copy each line, inclusive of the BEGIN and END lines.
2. Import the public certificate into a trust store that your clients will use.
keytool -importcert -alias openshiftamq -file openshiftamq.cer openshiftamq.jks
3. Put the openshiftamq.jks file as a classpath resource of your application or somewhere memorable. You won’t need the .cer file anymore but can still keep it around.
4. Within client code, configure this trust store to be used with A-MQ connections. If you do not do this step, clients will not trust the server.

private ConnectionFactory connection(String url) {
    ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
    try {
        connectionFactory.setTrustStore("openshiftamq.jks"); //or file if not in classpath root
    } catch (Exception ex) {
        Logger.getLogger(getClass().getName()).log(Level.SEVERE, "Unable to load trust store.", ex);
    }
    connectionFactory.setTrustStorePassword("put your password here");
    return connectionFactory;
}

Remote communication from clients
One benefit of using the OpenShift Fuse A-MQ gear is that is exposes several external ports. As a result, your A-MQ service is available without requiring the rhc port-forward command. The URL for your A-MQ clients will look like this:
ssl://gearname-YourDomain.rhcloud.com:PORT
  • Gearname – the name of your gear within the administrative console.
  • YourDomain – Your standard OpenShift domain.
  • PORT – the numeric port number provided when you created the cartridge.
Configure clients using the ConnectionFactory code from above.

Additional ActiveMQ Configurations in your OpenShift Gear
Many configuration options from a standard A-MQ instance are available within your OpenShift instance. The configuration file for this is

~/jboss-amq/jboss-a-mq-6.1.0.redhat-78/etc/activemq.xml

with a few caveats. Namely, you can change the protocol of a <transportConnector /> but must not change the IP or port. The ports are controlled by your OpenShift Gear and are the only ones actually allowed from external areas.

Prevent accidental Gear idling
OpenShift is designed as a resource sharing system, and idle resources will essentially be put to sleep until accessed. JMS poses a particular problem on OpenShift in that if it is idle, connections will not function and new clients cannot connect.
To prevent this behavior, automate a script that periodically interacts with the JBoss Fuse web console or always keep at least one client connected to your A-MQ.

Wednesday, November 19, 2014

Infinite Possibilities - Trip Report Devoxx Belgium 2014

Just a short few days back I was at Devoxx Belgium. For those not in the know. Devoxx Belgium is the premier European java conference and is often referred to as the Java One of Europe. It's a developer centric conference. The folks in attendance are generally language geeks, jvm junkies, performance nuts and general java enthusiasts. We, Red Hat, have been sponsoring the event for a few years now and had a premier stand along with a keynote slot at this years event.

Infinite Possibilities with JBoss, xPaaS and OpenShift
This was a very special Devoxx for me, because I had the opportunity to be part of the official Red Hat keynote. The demo which was part of it came together over a couple of weeks with a lot of engagement by many many peers. I already did post a complete technical rundown of what the audience was able to see. The slides used by Mike are published to slideshare in the meantime (embedded below) and we're looking forward to the recording which should go out to parleys.com soon.

(Source: BJUG Flickr Devoxx Album)
Red Hat at Devoxx
We had a very blue booth this year. It was fun to take part in the team who build all around it and it was just incredibly satisfying to see it all come together. James did the artwork and design, I helped with many tiny things and Karen-Jo held all the loose ends together. Ray, Arun, Karin and many many more also took part in shaping every detail around it.

(Source: BJUG Flickr Devoxx Album)
Red Hatters at Devoxx
From Red Hat's side there were a few folks from engineering, the BU, pre-sales, consulting and marketing. There's been plenty of speakers and sessions by Red Hatters. A complete list is available via jboss.org (Speakers/Sessions) and it was an endless resource of great presentations around all the things that move JBoss and middleware in Red Hat.


Friday, November 14, 2014

The 2014 Guide to Enterprise Integration is available

DZone made it again. Another one of their famous guides got published yesterday. This time it is all about Enterprise Integration. It contains articles by industry experts and the complete result from a survey of over 500 practitioners and developers which is probably the most interesting part. So, looking at the distribution of the different integration solutions:

"Out of all integration frameworks (EIP), ESBs, and
integration suites, Spring Integration is the most popular (42%) and Apache Camel is a close second (38%). [...]
Overall, 63% of respondents use an integration framework (e.g. Spring Integration, Camel) and 53% use an ESB or Integration Suite (e.g. Mule ESB, Biztalk), while 18% say they use neither. Note that 69% of respondents are from large organizations, where bigger integration scenarios would be more common."
(Source: DZone 2014 Guide to EI)

There is still some way to go to make Apache Camel and the JBoss Fuse offerings even more attractive to users, but we are listening and I would be happy to hear what you need or would like us to do to further foster adoption of the integration bits (either upstream or productized). Reach out to me via email or in comments to this blog post.

Find a brief introduction to Fuse by Sameer Parulkar (@sparulkar) on page 21. And I nearly forgot to mention, that I had the pleasure to contribute an article about "The Future of Developing & Integrating Applications" which can be found on page 22. Here is a short teaser:

"Think about how far software development has come in just the past five years. It’s hard to believe  that there was a time when generations of developers spent months or years setting up infrastructures
and integrating different applications and backends with each other."
(Source: DZone 2014 Guide to EI)

Get your version for free today!

On Java EE and Community - Voxxed Interview

Devoxx is nearly a wrap. Beside the general awesomeness, Stephan and his team launched a new content website to be the number one stop for all topics related to technologies which are relevant for Devoxx attendees. While I've been at GeeCon, Lucy asked me for an interview which I happily gave. So we get to chat about WildFly development and explains why the Java EE needs you. And about  JBUGs (http://www.jboss.org/usergroups) and the Virtual JBoss User Group.