Manage your Mongo Databases in RHMAP with Mongo Express

Red Hat Mobile Application Platform (RHMAP) supports an agile approach to developing, integrating, and deploying enterprise mobile applications. Most likely, your mobile apps will include one or more cloud apps which will require persistence support such as a Mongo Database. But managing databases is not always easy, as command line support for this databases is complex and not always available.

To ease this pain, Mongo Express can be used as an database GUI. For the mongo databases in your cloud apps, it is a powerful and intuitive tool which can be used in conjunction or as substitute for the default database browser. The main benefits from using “Mongo Express” instead of “Data Browser” are:

  • Can run complex queries
  • In-depth stats for every view
  • Supports BSON types as TimeStamp() or DBRef()

IMPORTANT: there are some implications when using Mongo Express as a database manager:

  • Mongo Express can only manage the databases in one Cloud App and environment at a time
  • There is no authentication by default when using Mongo Express as explained in this article so take into account all the security issues that this may arise [1]
  • Users running the platform on the RHMAP should upgrade their databases if it was not upgraded before

[1] Check the Annex ‘how to add authentication’ to overcome this issue

Continue reading “Manage your Mongo Databases in RHMAP with Mongo Express”

RHdevelopers brand

Getting Started with Microsoft SQL Server on Red Hat Enterprise Linux

Microsoft announced SQL Server on Linux public preview, so now you can try SQL Server on your Red Hat Enterprise Linux server. I’ll describe how to start SQL Server on RHEL.

Install and connect with CLI on RHEL

Microsoft publishes a step-by-step document how to Install SQL Server on Red Hat Enterprise Linux. It’s only 7 steps to install and run.

# systemctl status mssql-server
● mssql-server.service - Microsoft(R) SQL Server(R) Database Engine
   Loaded: loaded (/usr/lib/systemd/system/mssql-server.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2016-11-16 20:59:33 EST; 1 weeks 1 days ago
 Main PID: 77982 (sqlservr)
   Memory: 753.6M
   CGroup: /system.slice/mssql-server.service
           ├─77982 /opt/mssql/bin/sqlservr
           └─77997 /opt/mssql/bin/sqlservr

Now you can connect to SQL Server on RHEL. At first, let’s connect with sqlcmd. You should have to install SQL Server tools even if you run sqlcmd on the same host as you installed mssql-server package with following the document. First connect to local SQL Server instance.

Continue reading “Getting Started with Microsoft SQL Server on Red Hat Enterprise Linux”

Red Hat JBoss Data Virtualization on OpenShift: Part 3 – Data federation

Welcome to part 3 of Red Hat JBoss Data Virtualization (JDV) running on OpenShift.

JDV is a lean, virtual data integration solution that unlocks trapped data and delivers it as easily consumable, unified, and actionable information. JDV makes data spread across physically diverse systems such as multiple databases, XML files, and Hadoop systems appear as a set of tables in a local database.

When deployed on OpenShift, JDV enables:

  1. Service enabling your data
  2. Bringing data from outside to inside the PaaS
  3. Breaking up monolithic data sources virtually for a microservices architecture

Together with the JDV for OpenShift image, we have made available several OpenShift templates that allow you to test and bootstrap JDV.

Continue reading “Red Hat JBoss Data Virtualization on OpenShift: Part 3 – Data federation”

RHdevelopers brand

Red Hat Releases New Versions of DevStudio, CDK, and DevSuite

As the interest in container application development continues to grow, so does our expansion of development tools and features.

Today, Red Hat released new versions of the following:

Here’s a listing of the new features:

Continue reading “Red Hat Releases New Versions of DevStudio, CDK, and DevSuite”

Securing Fuse 6.3 Fabric Cluster Management Console with SSL/TLS

Introduction

Enabling SSL/TLS in a Fabric is slightly more complex than securing a jetty in a standalone Karaf container. In the following article, we are providing feedback on the overall process. For clarity and simplification, the article will be divided into two parts.

 

Part1: The Management Console

Part2: Securing Web Service:including gateway-http

 

For the purpose of this PoC, the following environment will be used.

Environment

  • Host  fabric1.example.com  (192.168.56.1),  localhost MacOS

  • Host  fabric2.example.com  (192.168.56.101), RHEL 7.2 Virtual Box VM

  • Host  fabric3.example.com  (192.168.56.102), RHEL 7.2 Virtual Box VM

 

With the following components

  • jboss-fuse-6.3.0.redhat-187
  • jdk1.8.0_102

 

Part1: Put the Management Console in HTTPS in a Fuse Fabric 6.3 Cluster.

 

STEP1: Prepare/Generate a valid certificate/Keystore

If you setup a fabric with three ensemble servers, each ensemble server should trust the two others; the most practical approach to do this is to create a certificate authority to sign all the individual certificates. For the purpose of this demo we are creating a self signed certificate with  all the fabricXX.example.com  in the Subject Alternative section.

 

keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -validity 365 -keystore san.demo.jks -storepass Cluster01# -keypass Cluster01# -dname cn=fabric1.example.com -alias demo

-ext SAN=dns:fabric1.example.com,dns:fabric2.example.com,dns:fabric3.example.com

 

This certificate should be populated on the three hosts in the same folder location, for this demo the file is stored in  /shared/fuse/certs/

 

STEP2: Edit the EXTRA_JAVA_OPTS on all hosts.

<

p class=”p1″>vi $FUSE_HOME/bin/setenv

export EXTRA_JAVA_OPTS="-Djavax.net.ssl.trustStore=/shared/fuse/certs/san.demo.jks -Djavax.net.ssl.trustStorePassword=Cluster01# -Djavax.net.ssl.keyStore=/shared/fuse/certs/san.demo.jks -Djavax.net.ssl.keyStorePassword=Cluster01# "

This will make your certs trusted by client code in fuse also. for debugging purpose you can add the options

  -Djavax.net.debug=ssl to have all the exception trace if any during the SSL handshake process.

  -Djava.rmi.server.logCalls=true , to get all RMI Exceptions

STEP3: Start Fuse and create the Fabric

./fuse

JBossFuse:karaf@fabric1> fabric:create --clean --resolver manualip --global-resolver manualip --manual-ip fabric1.example.com --force

Waiting for container: fabric1

It may take a couple of seconds for the container to provision…

You can use the –wait-for-provisioning option, if you want this command to block until the container is provisioned.

JBossFuse:karaf@fabric1> fabric:wait-for-provisioning

SUCCESS

 

JBossFuse:karaf@fabric1> fabric:info

Fabric Release:            1.2.0.redhat-630187
Web Console:               http://fabric1.example.com:8181/hawtio
Rest API:
Git URL:                   http://fabric1.example.com:8181/git/fabric/
Jolokia URL:               http://fabric1.example.com:8181/jolokia
ZooKeeper URI:             fabric1.example.com:2181
Maven Download URI:        http://fabric1.example.com:8181/maven/download/
Maven Upload URI:          http://fabric1.example.com:8181/maven/upload/

From fabric2.example.com and fabric3.example.com, run the fabric join command

JBossFuse:karaf@fabric2>fabric:join --resolver manualip --manual-ip  fabric2.example.com --force  fabric1.example.com:2181
JBossFuse:karaf@fabric3>fabric:join --resolver manualip --manual-ip  fabric3.example.com --force  fabric1.example.com:2181

 

The –resolver –global-resolver and –manual-ip are very important, if they do not match , certificate validation will failed

 

JBossFuse:karaf@fabric1> container-resolver-list

[id]     [resolver]  [local hostname]        [local ip]      [public hostname]  [public ip]  [manual ip]
fabric1  manualip    fabric1.example.com     192.168.56.1                                    fabric1.example.com
fabric2  manualip    fabric2.example.com     192.168.56.101                                  fabric2.example.com
fabric3  manualip    fabric3.example.com     192.168.56.102                                  fabric3.example.com

 

STEP4: Create the secure SSL profile

Create a secure profile ssl

JBossFuse:karaf@root> profile-create --parent default ssl
profile-edit --pid org.ops4j.pax.web/org.osgi.service.http.enabled=false ssl
profile-edit --pid org.ops4j.pax.web/org.osgi.service.http.secure.enabled=true ssl
profile-edit --pid org.ops4j.pax.web/org.osgi.service.http.port.secure='${port:8443,8543}' ssl
profile-edit --pid org.ops4j.pax.web/org.ops4j.pax.web.ssl.keystore='/shared/fuse/certs/san.demo.jks' ssl
profile-edit --pid org.ops4j.pax.web/org.ops4j.pax.web.ssl.password=Cluster01# ssl
profile-edit --pid org.ops4j.pax.web/org.ops4j.pax.web.ssl.keypassword=Cluster01# ssl

Check the created profile
JBossFuse:karaf@fabric1> profile-display ssl

Profile id: ssl

Version   : 1.0

Attributes:

  parents: default

Containers:

Container settings

—————————-

Configuration details

—————————-

PID: org.ops4j.pax.web   org.ops4j.pax.web.ssl.password Cluster01#   org.osgi.service.http.enabled false   org.ops4j.pax.web.ssl.keypassword Cluster01#   org.osgi.service.http.secure.enabled true   org.osgi.service.http.port.secure ${port:8443,8543}   org.ops4j.pax.web.ssl.keystore /shared/fuse/certs/san.demo.jks

Other resources

—————————-

STEP5: Put the fabric in HTTPS

By adding the ssl profile to the fabric1, for example, the fabric turns in https. You can repeat the operation for fabric2 and fabric3.

 

JBossFuse:karaf@fabric1> container-add-profile fabric1 ssl

JBossFuse:karaf@fabric1> container-add-profile fabric2 ssl

JBossFuse:karaf@fabric1> container-add-profile fabric3 ssl

 

JBossFuse:karaf@fabric1> log:tail | grep “Pax Web available”

2016-11-15 11:29:59,802 | INFO  | onfig-1-thread-3 | JettyServerImpl                  | 117 – org.ops4j.pax.web.pax-web-jetty – 4.3.0 | Pax Web available at [0.0.0.0]:[8443]

 

JBossFuse:karaf@fabric1> fabric:info
Fabric Release:                1.2.0.redhat-630187
Web Console:                   https://fabric1.example.com:8443/hawtio
Rest API:
Git URL:                       https://fabric1.example.com:8443/git/fabric/
Jolokia URL:                   https://fabric1.example.com:8443/jolokia
ZooKeeper URI:                 fabric1.example.com:2181
Maven Download URI:            https://fabric1.example.com:8443/maven/download/
Maven Upload URI:              https://fabric1.example.com:8443/maven/upload/

 

console

STEP 6: Creating Child containers

Connections from child containers also need to be trusted (e.g. Maven proxy, communication with fabric ensemble.) To create a child container with the ssl profile follow the following steps:

  • create the child container with ssl profile  container-create-child –profile ssl fabric1 node1
  • edit the child container JVM Options : pass the trustStore file and password
container-edit-jvm-options node1 '-Djavax.net.ssl.trustStore=/shared/fuse/certs/san.demo.jks -Djavax.net.ssl.trustStorePassword=Cluster01#'
  • restart the container 
      container-stop node1

       container-start node1

 

More Information

https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/pdf/Security_Guide/JBoss_Enterprise_Application_Platform-6.3-Security_Guide-en-US.pdf

 

Spring Cloud for Microservices Compared to Kubernetes

Spring Cloud and Kubernetes both claim to be the best environment for developing and running Microservices, but they are both very different in nature and address different concerns. In this article we will look at how each platform is helping in delivering Microservice based architectures (MSA), in which areas they are good at, and how to take best of both worlds in order to succeed in the Microservices journey.

Background Story

Recently I read a great article about building Microservice Architectures With Spring Cloud and Docker by A. Lukyanchikov. If you haven’t read it, you should, as it gives a comprehensive overview of what it takes to create a simple Microservices based system using Spring Cloud. In order to build a scalable and resilient Microservices system that could grow to tens or hundreds of services, it must be centrally managed and governed with the help of a tool set that has extensive build time and run time capabilities. With Spring Cloud, that involves implementing both functional services (such as statistics service, account service and notification service) and supporting infrastructure services (such as log analysis, configuration server, service discovery, auth service). A diagram describing such a MSA using Spring Cloud is below:

365c0d94-eefa-11e5-90ad-9d74804ca412-2
MSA with Spring Cloud (by A. Lukyanchikov)

Continue reading “Spring Cloud for Microservices Compared to Kubernetes”