IBM WebSphere Application Server Liberty Core on OpenShift V3 Tutorial

A. Synopsis

What this is about

This project demonstrates how to use IBM WebSphere Liberty (a lightweight Java EE container comparable with Apache Tomcat) on Red Hat’s leading Platform-as-a-Service (PaaS) solution OpenShift Enterprise V3 (https://enterprise.openshift.com/. Since OpenShift is perfectly suited for running containerized workloads based on the Docker format, we could reuse the officially supported image built by IBM. Additionally we’ve added OpenShifts powerful templating mechanism in order to create a superior developer experience:

  • Self-service based provisioning of new IBM WebSphere Application Server Liberty Core containers
  • Existing, not yet containerized applications can simply be reused
  • No prior experience with Docker needed
  • Automated build & deploy life cycle

The source code can be found here: https://github.com/sebastianfaulhaber/openshift-v3-showcase/tree/master/websphere-liberty

Screenshots

1. Select WebSphere Liberty template

2. Provide details on application

3. Application artifacts successfully created

4. OpenShift automatically builds initial Docker image for application

5. Build and deployment completed successfully

6. IBM WebSphere Liberty startup screen

9. Demo application running

B. Installation

1. Setup OSE Environment

There are multiple ways to spin up a new OpenShift environment:

All-In-One VM

This community provided Vagrant box probably provides the most convenient and fastest way to start your OpenShift developer experience. It features a complete OpenShift installation within one VM that allows you to test all aspects of a container application platform.

See for detailed instructions: http://www.openshift.org/vm/

On premise installation

The instructions for setting up an on premise installation of OpenShift Enterprise V3 can be found here: ([https://docs.openshift.com/enterprise/3.1/install_config/install/index.html]https://docs.openshift.com/enterprise/3.1/install_config/install/index.html).

OpenShift Dedicated

OpenShift Dedicated is a new offering from OpenShift Online. OpenShift Dedicated offers a hosted OpenShift 3 environment to run the containers powering your applications. This offering provides an isolated instance hosted on Amazon Web Services (AWS), providing increased security and management by the OpenShift operations team, so that you have peace of mind about the stability and availability of the platform.

See https://www.openshift.com/dedicated/

2. Enable OpenShift to run Docker images with USER in the Dockerfile

The currently provided version of IBM’s WebSphere Liberty Docker image requires the use of USER in the Dockerfile. Due to the security implications raised by USER statements OpenShift restricts the use by default. In order to make this project work, you will need to relax the security settings as described here: https://docs.openshift.com/enterprise/3.1/admin_guide/manage_scc.html#enable-images-to-run-with-user-in-the-dockerfile.

# Login to your OpenShift master via SSH
su -
oc edit scc restricted
# Change the runAsUser.Type strategy to RunAsAny

3. Import template into your OpenShift environment

wget https://raw.githubusercontent.com/sebastianfaulhaber/openshift-v3-showcase/master/websphere-liberty/websphere-liberty-template.json
oc create -f websphere-liberty-template.json -n openshift

C. User guide

1. How can I access the provided demo application?

This project provides a simple Java EE web application that can be used to verify that the showcase is working. It can be accessed after provisioning via: /Sample1/SimpleServlet (e.g. http://liberty-app-http-route-demo.apps.example.com/Sample1/SimpleServlet).

2. How can I use this showcase in my own OpenShift installation?

  1. Create a fork of the repository in your own GIT environment
  2. Add your applications to the app/ folder. They will be picked up and get deployed automatically.
  3. Specify the URL to the forked project as SOURCE_REPOSITORY_URL when creating a new application.
  4. Done.

3. How can I automate the build & deployment lifecycle

The project template comes with preconfigured OpenShift webhook triggers for Github and a generic system (see https://docs.openshift.com/enterprise/3.1/dev_guide/builds.html#webhook-triggers for more details).

20. Configure webhook triggers

In order to automate the build and deployment lifecycle you simply need to integrate the webhook URLs according to your SCM specific instructions:

4. How can I view the logs of my application?

The logs can be accessed via the OpenShift Enterprise console:
Browse > Pods > YOUR_LIBERTY_POD > Logs. Alternatively you could also use the CLI command oc logs YOUR_LIBERTY_POD (https://docs.openshift.com/enterprise/3.1/cli_reference/basic_cli_operations.html#troubleshooting-and-debugging-cli-operations).

21. View application logs

5. How can I connect to the container instance that is running my application?

You can open a terminal connection to the container via the OpenShift Enterprise console: Browse > Pods > YOUR_LIBERTY_POD > Terminal. Alternatively you could also use the CLI command oc rsh YOUR_LIBERTY_POD (https://docs.openshift.com/enterprise/3.1/cli_reference/basic_cli_operations.html#troubleshooting-and-debugging-cli-operations.

22. Connecting to the container

D. Reference Information

WebSphere specific

OpenShift specific

E. Credits

Special thanks to Chris Eberle <ceberle@redhat.com>

IBM WebSphere Application Server Liberty Core on OpenShift V2 Tutorial

A. Synopsis

What this is about

We’ve created a IBM WebSphere Application Server Liberty Core cartridge in order to demonstrate the power and flexibility of Red Hat’s Open Hybrid Cloud strategy. Liberty Core provides a lightweight alternative to the classic WebSphere Application Server ND (cartridge available here: https://github.com/juhoffma/openshift-origin-websphere-cartridge) mainly targeting web applications using JEE web profile.

The cartridge currently supports the following features:

  • Provisioning of new IBM WebSphere Application Server Liberty Core instances in seconds (!)
  • Full build & Deploy life cycle (as with JBoss EAP cartridge)
  • Hot Deployment
  • Auto Scaling with web traffic
  • Jenkins Integration
  • Integration into JBoss Developer Studio

The source code can be found here: https://github.com/juhoffma/openshift-origin-liberty-cartridge

Screenshots

1. Create new Gear

2. Select WebSphere Application Server Cartridge

2. Select WebSphere Application Server Cartridge - Scaling

3. Cartridge creation is finished

4. Overview of newly created application

5. View of created sample application

6. HAProxy Scaling demo

B. Installation

1. Setup OSE Environment

You have the following deployment options for this cartridge:

2. Cartridge Installation

This cartridge does not actually ship the Liberty Profile binaries. These
have to be installed manually before this cartridge actually works. The Binaries can
be installed in 2 different ways:

  • OPTION 1 – Install the Liberty Core underneath the versions directory
  • OPTION 2 – Install Liberty Core outside of the cartridge context

The following sections describe the 2 different methods.

Prepare the installation

Download the required IBM WebSphere Application Server Liberty Core Installer from the IBM developer site https://developer.ibm.com/wasdev/downloads/liberty-profile-using-non-eclipse-environments/:

node# cd /opt
node# wget https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/wasdev/downloads/wlp/8.5.5.4/wlp-developers-runtime-8.5.5.4.jar

Clone the cartridge repository:

node# git clone https://github.com/juhoffma/openshift-origin-liberty-cartridge.git

Initialized empty Git repository in /opt/openshift-origin-liberty-cartridge/.git/
remote: Counting objects: 139, done.
remote: Compressing objects: 100% (103/103), done.
Receiving objects: 100% (139/139), 898.18 KiB | 1.33 MiB/s, done.
remote: Total 139 (delta 46), reused 106 (delta 15), pack-reused 0
Resolving deltas: 100% (46/46), done.

OPTION 1 – Install the Liberty Core underneath the versions directory

node# java -jar /opt/wlp-developers-runtime-8.5.5.4.jar --acceptLicense /opt/openshift-origin-liberty-cartridge/versions/8.5.5.4

Before you can use, extract, or install IBM WebSphere Application
Server for Developers V8.5.5, you must accept the terms of
International License Agreement for Non-Warranted Programs and
additional license information. Please read the following license
agreements carefully.


The --acceptLicense argument was found. This indicates that you have
accepted the terms of the license agreement.


Extracting files to /opt/openshift-origin-liberty-cartridge/versions/8.5.5.4/wlp
Successfully extracted all product files.

OPTION 2 – Install Liberty Core outside of the cartridge context

Binary installation

You can also install IBM WebSphere Application Server Liberty Core outside of the cartridge and
define the location using a node level variable like you can do with the full
WebSphere cartridge.

To make this work all you have to do is to create the file
/etc/openshift/env/OPENSHIFT_LIBERTY_INSTALL_DIR and put the installation location into
it. See the Official Documentation for an example on how to configure node level variables.

Customize SELinux Configuration

Since IBM WebSphere Application Server Liberty Core is installed outside of the gear’s sandbox, you need to customize SELinux permission settings in a way that the installation directory “/opt/IBM/” can be accessed with according permissions.

As a workaround and/or for testing purposes you could also temporarily disable SELinux policy enforcement:

setenforce 0

Install and activate the cartridge

node# oo-admin-cartridge --action install -s /opt/openshift-origin-liberty-cartridge --mco


1 / 1
vm.openshift.example.com
   output: install succeeded for /opt/openshift-origin-liberty-cartridge
Finished processing 1 / 1 hosts in 3174.10 ms

broker# oo-admin-ctl-cartridge -c import-node --activate --obsolete --force
Importing cartridges from node 'vm.openshift.example.com'.
Updating 26 cartridges ...
54f62e57e659c5cd31000001 # U mysql-5.5 (active)
54f62e57e659c5cd31000002 # U mysql-5.1 (active)
54f62e57e659c5cd31000003 # U jenkins-1 (active)
54f62e57e659c5cd31000004 # U nodejs-0.10 (active)
54f62e57e659c5cd31000005 # U haproxy-1.4 (active)
54f62e57e659c5cd31000006 # U jbosseap-6 (active)
54f62e57e659c5cd31000007 # U jbossews-2.0 (active)
54f62e57e659c5cd31000008 # U jbossews-1.0 (active)
54f62e57e659c5cd31000009 # U php-5.4 (active)
54f62e57e659c5cd3100000a # U php-5.3 (active)
54f62e57e659c5cd3100000b # U mongodb-2.4 (active)
54f62e57e659c5cd3100000c # U postgresql-9.2 (active)
54f62e57e659c5cd3100000d # U postgresql-8.4 (active)
54f62e57e659c5cd3100000e # U python-3.3 (active)
54f62e57e659c5cd3100000f # U python-2.7 (active)
54f62e57e659c5cd31000010 # U python-2.6 (active)
54f62e57e659c5cd31000011 # U perl-5.10 (active)
54f62e57e659c5cd31000012 # U diy-0.1 (active)
54f62e57e659c5cd31000013 # U jenkins-client-1 (active)
54f62e57e659c5cd31000014 # U ruby-1.8 (active)
54f62e57e659c5cd31000015 # U ruby-1.9 (active)
54f62e57e659c5cd31000016 # U ruby-2.0 (active)
54f62e57e659c5cd31000017 # U amq-6.1.1 (active)
54f62e57e659c5cd31000018 # U cron-1.4 (active)
54f62e57e659c5cd31000019 # U fuse-6.1.1 (active)
54f62e57e659c5cd3100001a # A hoffmann-liberty-8.5.5.4 (active)

Make sure you see the line reporting the cartridge 54f62e57e659c5cd3100001a # A hoffmann-liberty-8.5.5.4 (active)

broker# oo-admin-broker-cache --clear; oo-admin-console-cache --clear

C. Reference Information

WebSphere specific

OpenShift specific

Demonstration of IBM WebSphere Application Server on OpenShift V2

I’ve recorded a small demonstration video showing the OpenShift V2 cartridge:

Cheers,
Sebastian

IBM WebSphere Application Server on OpenShift V2 Tutorial

A. Synopsis

What this is about

We’ve created a IBM WebSphere Application Server cartridge in order to demonstrate the power and flexibility of Red Hat’s Open Hybrid Cloud strategy. The main focus for this cartridge is OpenShift Enterprise (https://www.redhat.com/de/technologies/cloud-computing/openshift.

The cartridge currently supports the following features:

  • Provisioning of new IBM WebSphere Application Server instance in minutes
  • Full build & Deploy life cycle (as with EAP cartridge)
  • Hot Deployment
  • Jenkins Integration
  • Integration into JBoss Developer Studio

The source code can be found here: https://github.com/juhoffma/openshift-origin-websphere-cartridge

Screenshots

1. Create new Gear

2. Select WebSphere Application Server Cartridge

3. Cartridge creation is finished

4. Overview of newly created application

5. View of created sample application

6. Demo of WebSphere Admin Console

7. Integration into JBoss Developer Studio

B. Installation

1. Setup OSE Environment

You have the following deployment options for this cartridge:

2. WebSphere Application Server Installation

IMPORTANT NOTES

In contradiction to the deployment model of other cartridges (that includes all binaries of a certain technology), we’ve decided not to put the installation files into the cartridge. The reasoning behind:

  • IBM WebSphere Application Server Binaries are very large (around 2-3 GB)
  • Installation process for the binaries takes takes a long time (up to 15 minutes according to the computing resources)

Binary Installation

The following steps will take you through the installation steps for IBM WebSphere Application Server for Developers:

# Install Installation Manager + WebSphere Application Server for Developers
unzip DEVELOPERSILAN.agent.installer.linux.gtk.x86_64.zip

# Replace install.xml
# You can find a sample "install.xml" here https://github.com/juhoffma/openshift-origin-websphere-cartridge/tree/master/usr/doc/install.xml

 # Create key files (for connection to IBM download site)
cd tools
touch secureStorage
touch masterPassword
vi masterPassword

# Insert your own IBM ID
./imutilsc saveCredential -passportAdvantage -userName <IBMID_USERNAME> -userPassword <IBMID_PASSWORD> -secureStorageFile ./secureStorage -masterPasswordFile ./masterPassword

# Start installation (you must be root)
su -
./installc -log /tmp/ibm_installation_manager.log -acceptLicense -masterPasswordFile ./tools/masterPassword -secureStorageFile ./tools/secureStorage

Non-Root permissions

In order to create profiles by non-root users, special file permission settings have to be set on your WebSphere installation. Please follow the steps described here: http://www-01.ibm.com/support/knowledgecenter/SS7JFU_8.5.5/com.ibm.websphere.express.doc/ae/tpro_nonrootpro.html?lang=en

Installation Result

After successfully executing the above steps you have installed the following components:

  • IBM Installation Manager – /opt/IBM/InstallationManager
  • WebSphere Application Server – /opt/IBM/WebSphere/AppServer

3. Customize SELinux Configuration

Since IBM WebSphere Application is installed outside of the gear’s sandbox, you need to customize SELinux permission settings in a way that the installation directory “/opt/IBM/WebSphere/AppServer” can be accessed with read/write.

As a workaround and/or for testing purposes you could also temporarily disable SELinux policy enforcement:

setenforce 0

4. Cartridge Installation

The cartridge can be installed as any other OSE cartridge. However, you MUST have to make sure that WebSphere Application Server has been installed before (as described in the preceding sections):

On each OpenShift node execute the following commands:

cd /usr/libexec/openshift/cartridges
git clone https://github.com/juhoffma/openshift-origin-websphere-cartridge.git
oo-admin-cartridge --action install --recursive --source /usr/libexec/openshift/cartridges
oo-admin-ctl-cartridge --activate -c import-node --obsolete
oo-admin-broker-cache --clear && oo-admin-console-cache --clear

B. Administration and configuration

Configure a custom installation location for IBM WebSphere Application Server

This cartridge needs an existing installation of the WebSpehere Application Server on each of your nodes. You need to define the location of the installation through a system wide environment variable

echo "/opt/IBM/WebSphere/AppServer" > /etc/openshift/env/OPENSHIFT_WEBSPHERE_INSTALL_LOCATION

this will make sure that the cartridge finds the necessary components.

Configure non-root file permissions

The file permissions of your WebSphere installation must be set to allow non-root profile creation (see official IBM documentation: http://www-01.ibm.com/support/knowledgecenter/SS7JFU_8.5.5/com.ibm.websphere.express.doc/ae/tpro_nonrootpro.html?lang=en). This has to be done once per binary installation. You can use the following script as a basis for automating this: “usr/setWebSpherePermissionsForNonRootProfileCreation.sh”

How profile creation works

This cartridge will call ${OPENSHIFT_WEBSPHERE_DIR}/install/bin/manageprofiles.sh and create a profile with the name ${OPENSHIFT_APP_NAME}. The profile will be created underneath the profile directory inside your gears data directory.

The profile will have security enabled. An admin username and a password are generated at the time of creation and the PerfTuningSetting will be set to development.

Access to WebSphere Admin Console

PREFFERED – Option 1) After you have created your gear, do a rhc port-forward <GEAR_NAME> and open a browser with the following URL https://<YOUR_LOCAL_IP>:9043/ibm/console.

Option 2) The Admin Console is also exposed via a separate external port that can be determined as follows:

rhc ssh <GEAR_NAME>
export | grep WC_ADMINHOST_SECURE_PROXY_PORT

Now point your browser to the following URL: https://<GEAR_DNS>:<WC_ADMINHOST_SECURE_PROXY_PORT>/ibm/console/logon.jsp and enter your credentials. Unfortunately the Admin Console tries to redirect us to the local port 9043. That is why we have to enter the following URL manually: https://<GEAR_DNS>:<WC_ADMINHOST_SECURE_PROXY_PORT>/ibm/console/login.do?action=secure.

Hot Deployment

Hot Deployment is accomplished by using WebSphere’s “Monitored Directory Deployment” feature (see official documentation here: http://www-01.ibm.com/support/knowledgecenter/SS7JFU_8.5.5/com.ibm.websphere.express.doc/ae/urun_app_global_deployment.html?lang=en). In order to deploy an EAR just put it in the following directory: app-root/data/profile/monitoredDeployableApps/servers/server1.

In addition to this you can also Jenkins as a build server for your application. Just login to your OpenShift Console, select your WebSphere application and click Enable Jenkins. This will create a new Jenkins job for your application that will be triggered after each GIT push to your OpenShift instance.

C. Reference Information

WebSphere specific

OpenShift specific