Category Archives: Conferences

JavaOne – Docker, Kubernetes & Open Shift

Posted on by
Reply

“Project Jigsaw – Integration with Tools”

Speaker: Marek Jelen & Diogenes Rettori

Sponsored session by RedHat [I didn’t know they had sponsored sessions; I asked if they applied to JavaOne or Oracle Open World and they said neither; they paid. I was curious why they were JavaOne and yet had laptops provided by Oracle. That explains why three sessions of this class were offered.]

For more blog posts from JavaOne, see the table of contents

Can do self paced tutorials in cloud install at https://learn.openshift.com

[Nice assortment of shipping container pictures on the screen as he reviews what Docker/Kubernetes are for and why this matters. A bit of preaching to the choir here…]

“Very diverse community of contributors” The top six contributors are all from Google and RedHat. (except one who move to Microsoft) [sounds more like a strong partnership than a diverse community]

Open Shift and Kubernetes

  • OpenShift is an enterprise version of Kubernetes with extra stuff.
  • OpenShift 3.6 in lab
  • Can use kubectl with Open Shift cluster
  • OpenShift sometimes uses own version of Kubernetes objects and wrap others
  • RHEL (red hat enterprise linux) has master and nodes.
  • Nodes used to be called minions.
  • Works with cloud and non-cloud deployments
  • OpenShift adds Developer CLI,, Admin CLI, web console, REST APIs, creating an image from source, authentication and users/groups from LDAP, Also wrap namespace in a project and more

Workshop

bit.ly/javaoneworkshop

http://content-workshop.apps.javaone3.gce.pixy.io/index.html#/workshop/training/module/install

I’ve read about and played with Kubernetes. I didn’t realize OpenShift was Kubernetes with different commands.

Concepts from lab

  • pod – smallest deployable unit
  • service – group of pods
  • replication controllers – ensure correct number of pods exist
  • deployment configuration – how should be configured
  • horizonal pod auto scaler – monitors CPU and scales. See here
  • route – so external clients can access
  • service account – non-user account, get one by default

Commands in lab

  • oc login url – to login
  • oc get x – basic info
  • oc get x -o yaml – more detail in yaml
  • oc describe service x – even more detail
  • oc scale –replicas=x y – or can click up arrow in UI
  • oc delete pod x – to delete
  • oc expose service x – to create route
  • oc logs x – view logs
  • oc policy add-role-to-user view -z default – grant access to view for default user
  • oc policy add-role-to-user view user1 – grant access to view for user1

In UI

  • Add project > docker
  • Change number of replicas with up/down arrows once expand overview
  • View logs by clicking “…” on overview
  • Add project > catalog > python – use source to image so can go straight from github source code

Real world

  • 18% adults have anxiety problems
  • “not all anxiety is bad” depends on the task; issue on more complex/unfamiliar/difficult tasks
  • 20% of downtime is caused by tech failure or natural disasters. Rest caused by people
  • batch size – amount of features in a release

A/B Deployment demo

  • installed Node.JS app directly from github
  • then created a separate app from github. (so now have two apps in open shift)
  • edit route in open shift console to divide traffic between the two services. can choose percentages/weights
  • changed RAM; did rolling deployment so old one stays up until new one is ready

My take: We immediately had a problem because the laptop was setup differently than the lab; odd. not a big deal to type ./oc instead of oc. But that seems easy for them to have fixed in the VM. then the project we were supposed to switch to we were already on. then it says to login with your email vs the name we were given. I’ll stop commenting on the differences now, but this clearly wasn’t written for or tested for JavaOne. It even refers to “in the morning session” for how you find out what a pod is. I asked and they said this was written to be a full day of training. So glad that I’ve already read about Kubernetes and was able to follow it anyway. I like when they showed how to do the same task in both the UI and at the command line

[I did 9/12 of the labs. It wasn’t that they were bad or long. I was having trouble focusing. It’s 100% self paced and I wasn’t asking any questions. Or learning much. A small percentage of the lab is the UI and the rest I’ve done already with raw Kubernetes. So decided to use the remaining time to check twitter posts about other parts of the conference. I didn’t leave because the last 20 minutes are a demo of something I haven’t seen so wanted to see that.]

JavaOne – Project Jigsaw – Integration with Tools

Posted on by
Reply

“Project Jigsaw – Integration with Tools”

Speaker: Alexandru Jecan (author of Java 9 Modularity Revealed)

For more blog posts from JavaOne, see the table of contents

What expect build tools and IDEs to do

  • Code completion (IDEs only)
  • Make things easier
  • Work with class path and module path

Maven

  • Only Maven 3+ supports Java 9.
  • No changes to Maven core to run on Java 9
  • presence of module-info.java decides if Maven uses module path
  • Need Maven compiler plugin 3.6.1 to compile Java 9 code
  • Discourages using automatic module name
  • GAV not related to module name. Continue to use GAV.
  • Use module name in module-info.java – double work
  • Maven does not generate “requires” clauses for module-info.java
  • Can add <compilerArgs> options for -add-modules or -add-exports
  • New tag <release> which takes precedence over source/target tags. Recomended compiling twice or backward compatbility. once for java 9 modules and once for java 8. [why? isn’t that what multi release ars are for?]
  • maven-exec-plugin – can configure module path
  • taked abut updating maven toolchain file [not clear how this differs than prior versions of java]
  • maven-jdeps-plugin – can automatically generate module descriptor [but said earlier couldn’t]
  • maven-jmod-plugin – new plugin; not yet released. Creates and lists content of jmod files. Merge native code into jar
  • maven-jlink-plugin – new plugin; not yet released. Creates runtime images
  • maven-depdendency-plugin – said lists GAV [not clear how changed

Gradle
No first class support for Java 9 yet. Coming soon. [but said using; puzled?]

Ant
Ant 1.9.8+ support JDK 9 modules for java/javac/junit. [yet Ant doesn’t support JUnit 5]

Loom

  • New build tool for Java 9
  • Uses YAML config. Uses Maaven repo.
  • Supports JUnit 5,

loom.builders

Moditect
Maven plugin that generates module-info.java based on dependencies. Says helps a little but doesn’t do all the work. [how?]

SonarJava
SonarJava 4.11+ recognizes module keywords

Graphviz
Open source visualization software
Reads jdeps input to generate graphical representation of Jigsaw. As can IDES

IDEs

  • NetBeans, Eclipse and IntelliJ all understand modules clauses [if you count pre-release versions]
  • Also offer autocompletion, syntax higlighting, etc
  • NetBeans 9 – not yet released; must build yourself. Showed editing module path, visual of module dependencies, jshell, jlink
  • Eclipse Oxygen with Java 9 support – came out 9/27/17. Ten second demo
  • IntelliJ 2017.1+ – Mark directory as source root so directory name matches module name. Errors on common module errors, Showed module editing, module dependencies and other features

Open source readiness

How to modularize your app

  • Introduce modue-info.java by creating manually or running jdeps to generate
  • Problems: using JDK internal APIs (ignore warning or fix), using odule not availalbe such as xml bindings (add-modules at compile and runtime), cyclic dependencies (can have at runtime but not compile time), split packages (Oracle plans to make change in later version of Java to deal with this)

    • [Note: He recommended renaming packags as a solution to spit packages. That sounds like a horrible idea unless you can guarantee only you call that code]

    My take before session: You know how they say that first impressions matter? The speaker is wearing a suit. 90% of the people in the room are wearing jeans. Two people in the room are wearing a suit The speaker and someone he knows. Then he showed the table of contents. There are 29 points in 45 minutes in the outline. Preparing to have my head spin!

    My take after session: He is in fact technical. The suit was misleading! The pace was way too fast though; drinking from a fire hose. Not enough time to understand/process many of the points. He talks fast (as do I), but key is to *pause* if you talk fast so people can catch up. Also the side transitions were distracting. A cube transition is cute. But if you are reading when it moves, it is disorienting. And due to the speed, there was a good chance of being reading when transitions started. This was good information, but should have been two sessions so split up and a decent pace. And omiting how to migrate your libraries; that’s a talk on its own There is a Maven BOF tonight; maybe folks can discuss more then!

    One minute after the official end time, he asked if there were questions. My head was spinning with questions. [I didn’t even have time to process which was most important]. Another attendee asked if having JUnit tests in a parallel directory with the same package name is a split package. The speaker said yes and went on to say to wait for Java 10 or rename. I interjected at that point. Unless you are distributing a test jar, I don’t think this is a problem. In fact, most IDEs compile both the /src/main/java and /test/main/java directories to the same folder. I stated this and asked the speaker if he agreed. He said yes.

JavaOne – Java Secure Coding Guidelines for Java SE

Posted on by
Reply

“Java Secure Coding Guidelines for Java SE”

Speaker: Andrew Gross

For more blog posts from JavaOne, see the table of contents

This was the first Oracle talk I saw. It had the Oracle disclaimer. I was impressed he only showed it for 5 seconds. “It was there”!

References:

Mutability

  • make copies of data for output/input
  • copy list so know type/order as well
  • equals can be override so don’t trust identity equality
  • Java 8 adds unmodifiable view of list
  • Java 9 actually adds immutable collection with List.of()

Object construction

  • May need to protect if object isn’t completely created but have data to secure
  • Throwing an exception from a constructor does not protect from obtaining if finalize overridden
  • Making final helps
  • Use initialized field and don’t set fields until clean
  • Since Java 6, object guaranteed to be destroyed if exception thrown before super() called

Serialization

  • Avoid if security sensitive and guard sensitive data
  • Adds a hidden constructor
  • Lambdas can be serializiable [how? and they don’t have data anyway?]
  • Do not deserialize untrusted data. ex: microservices
  • Java 9 added a filter that can be invoked during deserialization so can limit based on what is expected

Access Control

  • Confused deputy – you can’t go to bank and ask for a million dollars. But if bank manager does on your behalf, he/she can. Confused deputy is where more privilege code does something on less privileged code’s behalf

Oracle security announcements are going to start including module names so can determine if affected.

My take: I mostly mentally checked out halfway through. This was really dry. I did learn that the Secure Coding Guidelines exist which means I can read it at some point. It didn’t help that he said to hold all questions; that would have broken it up a little and added some perspective.