Deploy to Application Container Cloud Service from Oracle Storage Cloud via REST API

As mentioned in my previous post about Application container cloud. We can use two options to upload application archive to ACSS

UI console (Already covered in previous post)
From Stroge cloud service via REST API

In this post, we will talk about upload archive via storage cloud Service using REST API. There is two steps for that

Store archive to Storage Cloud service.
Deploy Archive to ACCS.

tttttt

Information credentials for cloud account should be handy as identity, domain, password for using in REST API. Using cURL scripts to upload your application to the storage service.

Note : cURL is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP.

Store archive to Storage Cloud service

Before uploading in Storage cloud, We need to build container in Storage Cloud Service. Either you can via Storage cloud UI console. Building using UI console is pretty easy and straightforward.

We will create container via curl command.

Below Script will create storage container.

# CREATE STORAGE CONTAINER
curl -i -X PUT \ -u User-Name:Password \ https://hostname/v1/Storage-Identity-Domain/App-Name

Now upload your application archive to the storage container.

# PUT ARCHIVE IN STORAGE CONTAINER
curl -i -X PUT \-u User-Name:Password \ https://hostname/v1/Storage-Identity-Domain/App-Name/Archive-File-Name -T Path-to-local-file/Archive-File-Name

For example use following script to upload it

curl -i -X PUT \ -u sampleUserName:samplePassword \ https://storage.oraclecloud.com/v1/Storagecontainer/DeveloperSkillsApp/SpringBootJpaDev-1.0-dist.zip -T target/SpringBootJpaDev-1.0-dist.zip

After running these script, it is uploaded to Storage cloud container.

Deploy Archive to ACCS –

After uploading archive to Storage cloud servicee, ACC’s deployment procedure can be invoked. We need to provide standard set of information while deploying. Sample schema of script should be as follows

# Mock Deployment Script
url -i -X POST  \
  -u User-Name:Password \
  -H "X-ID-TENANT-NAME:Identity-Domain" \
  -H "Content-Type: multipart/form-data" \
  -F "name=App-Name" \
  -F "runtime=java" \
  -F "subscription=Monthly" \
  -F "[email protected]" \
  -F "archiveURL=App-name/Archive-File-Name" \
  -F "notes=Your Notes here" \
  https://hostname/paas/service/apaas/api/v1.1/apps/Identity-Domain

Trying to upload with following script –

curl -v -u "USERNAME:PASSWORD” -X POST -H "X-ID-TENANT-NAME: IDENTITY_DOMAIN" -H "Content-Type: multipart/form-data" -F "name=Developer-skills-service" -F "runtime=java" -F "subscription=Monthly" -F "archiveURL= Storagecontainer/SpringBootJpaDev-1.0-dist.zip " -F "notes=Developer Skills Service Deployment" https://apaas.REGION.oraclecloud.com/paas/service/apaas/api/v1.1/apps/IDENTITY_DOMAIN

When you deploy your application, you can reference a deployment.json file. Information about deployment like memory , instances etc. can be pass via deployment.json.

You can automate these two process using maven. You can also configured this by maven plugin in Oracle Developer cloud services.

That’s all for now. Happy Oracle Cloud learning.

July 27, 2017July 27, 2017

Fusion Middleware Security – Search user in AD using OPSS

Oracle Platform Security Services (OPSS) provides enterprise product development teams, systems integrators (SIs), and independent software vendors (ISVs) with a standards-based, portable, integrated, enterprise-grade security framework for Java Standard Edition (Java SE) and Java Enterprise Edition (Java EE) applications.

OPSS provides an abstraction layer in the form of standards-based application programming interfaces (APIs) that insulate developers from security and identity management implementation details. With OPSS, developers don’t need to know the details of cryptographic key management or interfaces with user repositories and other identity management infrastructures. Thanks to OPSS, in-house developed applications, third-party applications, and integrated applications benefit from the same, uniform security, identity management, and audit services across the enterprise.

OPSS is the underlying security platform that provides security to Oracle Fusion Middleware including products like WebLogic Server, SOA, WebCenter, ADF, OES to name a few. OPSS is designed from the ground up to be portable to third-party application servers. As a result, developers can use OPSS as the single security framework for both Oracle and third-party environments, thus decreasing application development, administration, and maintenance costs.

Products which use OPSS

Oracle WebLogic Server
Oracle ADF
Oracle WebCenter
Oracle SOA
Oracle Entitlement server
Oracle WebService Manager
Java Authorization for Containers (JAAC)

OPSS provides an integrated security platform that supports:

Authentication
Identity assertion
Authorization, based on fine-grained JAAS permissions
The specification and management of application policies
Secure storage and access of system credentials through the Credential Store Framework
Auditing
Role administration and role mappings
The User and Role API
Identity Virtualization
Security configuration and management
SAML and XACML
Oracle Security Developer Tools, including cryptography tools
Policy Management API
Java Authorization for Containers (JAAC)

OPSS Architecture

Now moving further with use of OPSS with ADF/WebCenter application. We have features , so that user can search user from LDAP using name, last name or email. How can we achieve that.

Something like below image.

User click on Search User-This will search in Active directory user mapped with WebLogic security provider.

In Search box, enter Name, Last Name or email and click on Search icon .

Or try with email

So you can add some more custom parameters with that and search it. Now we will focus how we did that.

Following is code to search with parameter in OPSS

    public List<userProfileId> getUserDetails() {
        if (this.userDetails.size() == 0) {

            if (peopleName != null) {
                try {

                    JpsContextFactory ctxFactory = JpsContextFactory.getContextFactory();
                    JpsContext ctx = ctxFactory.getContext();
                    LdapIdentityStore idstoreService =
                        (LdapIdentityStore) ctx.getServiceInstance(IdentityStoreService.class);
                    IdentityStore idmIdentityStore = idstoreService.getIdmStore();
                    //  User user = idmIdentityStore.searchUser(peopleName.getValue().toString());

                    if (peopleName.getValue() != null) {
                        SimpleSearchFilter simpleSearchFilter[] = new SimpleSearchFilter[3];

                        simpleSearchFilter[0] =
                            idmIdentityStore.getSimpleSearchFilter(UserProfile.LAST_NAME, SimpleSearchFilter.TYPE_EQUAL,
                                                                   peopleName.getValue().toString());
                        simpleSearchFilter[1] =
                            idmIdentityStore.getSimpleSearchFilter(UserProfile.BUSINESS_EMAIL,
                                                                   SimpleSearchFilter.TYPE_EQUAL,
                                                                   peopleName.getValue().toString());
                        simpleSearchFilter[2] =
                            idmIdentityStore.getSimpleSearchFilter(UserProfile.NAME, SimpleSearchFilter.TYPE_EQUAL,
                                                                   peopleName.getValue().toString());

                    
                    ComplexSearchFilter cf =
                        idmIdentityStore.getComplexSearchFilter(simpleSearchFilter, ComplexSearchFilter.TYPE_OR);
                    /* Creating Search Parameters with Complex Search Filters */
                    
                    SearchParameters spUser = new SearchParameters(cf, SearchParameters.SEARCH_USERS_ONLY);
                    SearchResponse searchResponse = idmIdentityStore.searchUsers(spUser);
                    while (searchResponse.hasNext()) {
                        System.out.println("Count " + searchResponse.getResultCount());
                        UserProfile up = (UserProfile) searchResponse.next();
                        System.out.println("User Profile:" + up.getPrincipal());
                        name = up.getName();
                        email = up.getBusinessEmail();
                        UserID = up.getLastName();
                        UserName = up.getUserName();
                        userDetails.add(new userProfileId(name, UserID, email, UserName));
                    }
                    }

                    //    uprofile.setUserDetailss(userDetails);
                    /*  UserProfile up = user.getUserProfile();*/

                } catch (JpsException e) {
                    e.printStackTrace();
                    System.out.println(e);

                } catch (IMException e) {
                    System.out.println(e);
                } catch (Exception e) {
                    System.out.println(e);
                }
            }
        }

        return userDetails;
    }

That’s it. You can use this following ocde in pure ADF or WebCenter Portal applications easily. Do let me know your thoughts.
Happy Learning with Techartifact.

June 2, 2017November 8, 2019

Introduction to Docker and Docker Compose

Aim- What is Docker and Docker Compose. I will try to explain about linux container then goes more into Docker and Docker Compose for a beginner.

Now in this cloud buzz world, what developers want –

● Scalability, maintainability, Agility, Portability.
● DevOps tools.
● Improved resource utilization.
● A continuum of abstraction levels.

Linux Containers -contain applications in a way that keep them isolated from the host system that they run on. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. And they are designed to make it easier to provide a consistent experience as developers and system administrators move code from development environments into production in a fast and replicable way.
In a way, containers behave like a virtual machine. To the outside world, they can look like their own complete system. But unlike a virtual machine, rather than creating a whole virtual operating system, containers don’t need to replicate an entire operating system, only the individual components they need in order to operate. This gives a significant performance boost and reduces the size of the application. They also operate much faster, as unlike traditional virtualization the process is essentially running natively on its host, just with an additional layer of protection around it

Linux Containers
● Use Linux kernel isolation features to give a VM like environment.
● Process isolation /Sandboxing.
● Example: Lxc, lmctfy, Docker.

Now, What is Docker –
● An easy to use Linux container technology.
● Docker image format.
● It helps in application packaging and delivery.

Docker is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. This helps enable flexibility and portability on where the application can run, whether on-premises, public cloud, private cloud, bare metal, etc. (Wikipedia)

Docker Vs Virtualization-
– Docker is lighter than virtual machines.
– The size of Docker images is very small compared.
– We can run more Docker container on a reasonably sized host.
– Deploying and scaling is relatively easy.
– Docker has less start up time.

Technologies behind docker
● Control groups:
○ Control Groups are another key component of Linux Containers
○ With Cgroup we can implement resource accounting and limit.
○ Ensure that each container gets its fair share of memory, CPU, disk I/O.
○ Thanks to Cgroup, we can make sure that single container cannot bring the system down by exhausting resources.

● Union file systems: ○ Layered file system so you can have a read only part and a write part, and merge those together. ○ Docker images made up with are layers.

● Namespaces
○ It helps to create an isolated workspace for each process.
○ When you run a container, Docker creates a set of namespaces for that container.
● SELinux
○ SELinux provides secure separation of containers by applying SELinux policy and labels.

What are components of Dockers

● Docker Images – An image is an inert, immutable, file that’s essentially a snapshot of a container. Images are created with the build command, and they’ll produce a container when started with a run. Images are stored in a Docker registry such as registry.hub.docker.com
● Docker containers – is an open source software development platform. Its main benefit is to package applications in “containers,” allowing them to be portable to any system running the Linux operating system
● Docker Hub – is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts
● Docker Registry -is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts
● Docker daemon -This is the part which does rest of the magic and knows how to talk to the kernel, makes the system calls to create, operate and manage containers, which we as users of Docker dont have to worry about.
● Docker client – This is the utility we use when we run any docker commands e.g. docker run (Docker container run), Docker images, docker ps etc. It allows us to run these commands which a human can easily understand.

docker

As you see above screen shot, we have docker client where the user performs build, pull and run operation.The client interacts with a host which contains different container, Docker Daemon and images via Registry.

If you guy reading this line, then you must be getting something about docker now. You know basic components and vocabulary.
Now let’s take an example of real life applications.
● One application consists of multiple containers.
● One container is dependent on another.
● Mutual dependency/ startup order.
● Process involves building containers and then deploy them
● Long docker run commands
● Complexity is proportional to the number of containers involved

dockerwithMultiContainer

Take example of above image, this will look multicontainer docker .The containers include (1) NGINX container, (3) Tomcat containers, (1) MongoDB container, and (1) ELK container. But have’t docker came to help us, This look quite difficult process to manage it all. To rescue us, Docker Compose is there.

Docker Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a Compose file to configure your application’s services. Then, using a single command, you create and start all the services from your configuration.Compose is great for development, testing, and staging environments, as well as CI workflows.

compose

Docker Compose
● Tool for defining and running multi-container Docker application.It is a YML file and compose contains information about how to build the containers and deploy containers. It is integrated with Docker Swarm. It competes with Kubernetes.

Compose is basically a three-step process.

1- Define your app’s environment with a Dockerfile so it can be reproduced anywhere.
2- Define the services that make up your app in docker-compose.yml so they can be run together in an isolated environment.
3- Lastly, run docker-compose up and Compose will start and run your entire app.

docker-yml

You can explore more with Docker Swarm, which I will explain in next post. Till then happy learning with Vinay