weblogic at cern now and in the future 13.05.2014 soug2 swiss oracle user group artur wiecek...
TRANSCRIPT
SOUG 2
Weblogic at CERN now and in the future
13.05.2014
Swiss Oracle User Group
Artur WiecekInfrastructure and Middleware ServicesCERN IT Department
SOUG 3
Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION
13.05.2014
Accelerating Science and Innovation
The Mission of CERN
Push back the frontiers of knowledgeE.g. the secrets of the Big Bang …what was the matter like within the first moments of the Universe’s existence?
Develop new technologies for accelerators and detectorsInformation technology - the Web and the GRIDMedicine - diagnosis and therapy
Train scientists and engineers of tomorrow
Unite people from different countries and cultures
6
CERN was founded 1954: 12 European States “Science for Peace”
Today: 21 Member States
Member States: Austria, Belgium, Bulgaria, the Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Israel, Italy, the Netherlands, Norway, Poland, Portugal, Slovakia, Spain, Sweden, Switzerland and the United Kingdom
Candidate for Accession: Romania
Associate Member in Pre-Stage to Membership: Serbia
Applicant States for Membership or Associate Membership:Brazil, Cyprus, Pakistan, Russia, Slovenia, Turkey, Ukraine
Observers to Council: India, Japan, Russia, Turkey, United States of America; European Commission and UNESCO
~ 2300 staff ~ 1600 other paid personnel ~ 10500 users Budget (2014) ~1000 MCHF
Science is getting more and more global
SOUG 8
Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION
13.05.2014
CERN IT culture• Specific factors
• Research/creative environment• Technology fashion
Role• Mission
• Provide best possible/cost effective environment for deployment of JEE applications
• Focus• Architecture• Availability
IT as Service
Physical infrastructure (HW)Delivers: installed, connected, tested hardware
Internal customers only
IAASDelivers: configured VMs/physical CPU, storage
Internal & external customers
PAASDelivers: platform services
Internal & external customers
Special infrastructure
(for e.g. Oracle)
Special HW
SAASDelivers: complex services,
Internal & external customers
Meta-service (?)(may be just a SAAS)
Manage horizontally to ensure can remove
special needs eventually
Standard model: where we want to be
Databasesjee
Service infrastructure
Storage infrastructure
DB/Java on demand
App servers
Agile infrastructure • Virtualisation everywhere• OpenStack -> target 100000s• Hyper-V, OVM 2.2 -> phasing out• KVM is in place, OVM3.3 is in beta….
SOUG 13
Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION
13.05.2014
Java app servers@CERN• 2 platforms:
• Tomcat (Java Public Service - JPS) (6 years)• Weblogic
• Areas:• Business Side/Administration• Engineering• Accelerator (ADF)
• Middleware products (forms, reports)• APEX
WLS Deployment 1/2• Started 4 years ago• RHES 5.x, 6.x, Apache 2.2• Kerberos/SSH node manager• CERN CC managed with Puppet• Everything is RPM.
Java app servers@CERN• 2 platforms:
• Tomcat (Java Public Service - JPS) (6 years)• Weblogic
• Areas:• Business Side/Administration• Engineering• Accelerator (ADF)
• Middleware products (forms, reports)• APEX
WLS Deployment 2/2• Weblogic 12.1.1/ Jrockit• All customisations in WLST scripts / LDAP• Fully certified stack (constantly updated,
PSU/CPU)• 200 clusters, 2 people
SOUG 18
Provisioning
13.05.2014
LDAP CONFIGURATION
SERVER
ADMIN SERVER
PUPPET AGENT
WLST SCRIPTS
MANAGED SERVERPUPPET AGENT
WLST SCRIPTS
MANAGED SERVERPUPPET AGENT
WLST SCRIPTS
SOUG 19
ADMIN SERVERS
Application Deployment
13.05.2014
WLS CLUSTER-
11
SSH WLS SSH GATEWAY
WLS CLUSTER-
21
WLS CLUSTER-
31
DOMAINADMIN-1
DOMAINADMIN-N
SOUG 20
Typical WLS Cluster
13.05.2014
HTTPDWLS
CLUSTER
DB appRDBMS
SSO
LDAP (AD)
SAML2(ADFS)
DNS MOD_WLS
SOUG 21
Patching
13.05.2014
WLS SERVER 1
RPM REPOSITORY
BUILD SERVER
BASE WLS INSTALLATION
APPLY ALL PATCHES
BUILD RPM
WLS SERVER 2
WLS SERVER 3
Monitoring• EM 12c
• Huge progress compare to 11g• 1 agent per domain• Driven by emcli• Issues:
• status• historical data
• Wily Introscope
Major upgrades• iAS 10.3.5 - OC4J gone
• 11g -> 12c migration• Weblogic 12.1.1 everywhere• Worked fine
CERN SSO
24
SSO
25
• It works! Some figures: ~31000 “signins” per day ~5000 “signouts”
• The hard work: Workaround the SAML2 & WLS constraints Fit the requirements of the legacy systems
• WLS does not provide the SLO: CERN saml2slo OpenSource (coming soon, hopefully) Very complicated to put in place/automate
SAML2 Issues• %20 spaces – wlsproxy servlet• Single security per domain• RDBMS Security Store• Fixed context /saml2• Artefact binding blocked
Issues and Concerns• Deployment
• app-1 app-2 after redeployment• Broken apps can break admin server & the
whole domain (XML parsers)• Developers
• Admin server vs. WLST, not always coherent• New WLS installer based on universal
installer – scary prospect.
SOUG 28
Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION
13.05.2014
SOUG 29
Java Services today…
Scope• Java EE
was(J2EE) Clients• AIS• EDMS• CS• ACC• J2EEPS
Deployment• Private• Public• 400 applications• 70 servers
Technologies• Weblogic• iAS (OC4J)• Tomcat• RHEL/SLC
Staff• 2 FTE
13.05.2014
SOUG 30
Java Services today…
REQUESTS
CAPACITY
13.05.2014
SOUG 31
One Platform to Rule Them All
Experience
DB in Demand
Technologies•Openstack
•Puppet•SSO
•IAS->Weblogic
Common Setup
For all clients
… and in the future.
13.05.2014
SOUG 3213.05.2014
Java Platform as a Service• On-Demand Provisioning• Self Management & Configuration• Scalability• Security (Systems, Data, SSO)• Improved redundancy• Higher productivity
SOUG 33Agile Infrastructure
SOUG 33
Java PaaS Services Stack
Website
Website
Java Java Java
App App
SSO
DB
Storage
Monitoring
DNS
Management
Web Services
Deployement
App App
13.05.2014
SOUG 34
Java PaaS Infrastructure• Support for any host
• Openstack VMs• Physical Servers and Virtual Machines
• Machine Pools• System configuration managed by Puppet• Multiple Java technologies
• Apache Tomcat • Oracle Weblogic• Designed to provide other Java environments
like JBoss, Glassfish, etc…
13.05.2014
SOUG 35
Java PaaS User Experience• More control for the users
• Self selection of Software type and versions• Self allocation of resources• Configuration management (Runtime properties,
logging properties, server-side libraries…)• SSO Management (ADFS Groups,
External/lightweight accounts, …)• Applications & configuration versioning• Management of Administrators and Authors
13.05.2014
SOUG 36
Java PaaS Architecture
Java MWDB
Java MWManager
Create Jobs
DaemonRead Jobs
ServicesRepository
Register services
ManagedHostManaged
HostManagedHostManaged
Host
ManagedHostManaged
HostManagedHostManaged
HostProvisioning & Management
tools
Dispatch Jobs
ManagedHostManaged
Host
DeployConfigureOperate
CERN Web
Services
CERN SSO
Register website
Admins
Users
DNSLB
Configure
ConfigureOperate
13.05.2014
SOUG 37
Front - End
● Java Web Application● User Interface: ZK Framework
– Java + Jquery + MVC– IT-DB standard
● Data Access: Hibernate– Object Relational Mapping– Easy to use
● Notifications: REST (Jersey)– Simple, easy
● Orchestration: Quartz13.05.2014
SOUG 38
Back – End
● On Demand Daemon● It looks for pending jobs● jobs & parameters → Execute Command
● It Works!
● Service Configuration Repository (LDAP)● Container, virtual host, mount points...● CReate Update Delete (CRUD API)
● Common actions across cloud:● Start/stop/deploy/undeploy● Apache configuration (mod_jk, shibboleth management
13.05.2014
SOUG 39
The Result
● Prototype is working● https://mysite01.web.cern.ch/mysite01
● Registration in the CERN Web Services● Apache Front End configuration● Creation of the default container● Deployment of the sample application
13.05.2014
SOUG 40
Agenda• CERN• IT ENVIRONMENT• WEBLOGIC• FUTURE DEVELOPMENT• CONCLUSION
13.05.2014
Weblogic Challanges• WLS Swiss army knife for JEE• New remote data centre• Change deployment model• Do something with Admin server• So far so good but
• Oracle, please, don’t mess it up• Developer productivity• Keep it simple <-> Fusion?
SOUG 42
Java Platform
• Problem:• Growing demand/Limited resources
• Answer:• OnDemand model• One platform
• What made it possible?• Agile Infrastructure• Java technologies• Integration with IT services
13.05.2014
SOUG 43
Thank You
13.05.2014