websphere application server liberty profile and docker
TRANSCRIPT
David [email protected] @dcurrie
WebSphere Application Server Liberty Profile and Docker
©2015 IBM Corporation2 May 1, 2023
Agenda
Overview of Docker Docker and IBM WebSphere Application Server and Docker
Overview of Docker
©2015 IBM Corporation4 May 1, 2023
Docker timeline
Jan 2013 First commit
March 2013 Docker 0.1.0 released
April 2014 Docker Governance Advisory Board announced with representation from IBM
June 2014 Docker 1.0 released
December 2014 Docker announces Machine, Swarm and Compose
December 2014 Docker and IBM announce strategic partnership
April 2015 $95 million investment round
August 2015 Docker 1.8 released
©2015 IBM Corporation5 May 1, 2023
Docker popularity
1200+ contributors
100,000+ images on Docker Hub
3-4 million developers using Docker
300,000,000+ image downloads
32,000+ Docker related projects on GitHub
10,000+ orgs on Docker Hub
©2015 IBM Corporation6 May 1, 2023
Why Docker?
Reduction in virtualization £££ Consistency across environments Faster build and deploy Security and resilience through isolation Higher server density Separation of concerns
©2015 IBM Corporation7 May 1, 2023
It works for me!
David’s Desktop
Ian’s Laptop
Test Staging Data Center
Cloud VM
Web Server ? ? ? ? ? ?
App Server ? ? ? ? ? ?
Database ? ? ? ? ? ?
Messaging ? ? ? ? ? ?
©2015 IBM Corporation8 May 1, 2023
Consistency across environments
David’s Desktop
Ian’s Laptop
Test Staging Data Center
Cloud VM
Web Server
App Server
Database
Messaging
©2015 IBM Corporation9 May 1, 2023
Speed of deployment
Obtain within…
Manual deployment takes…
Automated deployment takes…
Starts in…
Bare Metal Days Hours Minutes Minutes
VM Minutes Minutes Seconds < Minute
Container Seconds Minutes Seconds Seconds
©2015 IBM Corporation10 May 1, 2023
Building Docker images
Dockerfile: build script that defines:– an existing image as the starting point– a set of instructions to augment that image– meta-data such as the ports exposed– the command to execute when the image is run
FROM ubuntu:14.04RUN … # download and install JRERUN … # download and install LibertyEXPOSE 9080 9443CMD ["server", "run“]COPY app.war /opt/ibm/wlp/usr/servers/defaultServer/dropins
Docker build executes the build script creating a layer in the file system for each instruction and saving the resultant image in a local registry
– docker build -t app . Layers are cached and only rebuilt when needed
ubuntu:14.04
IBM JRE
WebSphere Liberty
app.war
©2015 IBM Corporation11 May 1, 2023
Sharing images via a registry
docker push can be used to place the built images in to a shared registry e.g. Docker Hub, Docker Trusted Registry or IBM Containers registry
docker pull can subsequent be used to retrieve an image from the shared registry Layers are pushed/pulled in parallel and only if they do not already exist
f25aff3c52d8
7c66bfc43ad9
5126fa9711d2
app 763c8826de92
ubuntu:14.04
©2015 IBM Corporation12 May 1, 2023
Running a Docker image
docker run creates a running instance of an image: a container– Mounts the layers in the image read-only plus a read-write layer for the container– Defines Linux namespaces for process, the network stack and filesystem– Executes the command defines in the image meta-data as a process isolated via
those namespaces Ability to restrict resource usage (CPU and memory) through Linux control groups Dependency only on Kernel APIs gives portability across Linux distributions Consistent management and monitoring APIs across disparate container content
bootfs (Kernel)
ubuntu:14.04 debian:wheezy
ibm-jre:8.0
websphere-liberty:webProfile6 websphere-liberty:javaee7
app-a app-b app-c app-eapp-d
c1 c2 c3 c4 c5 c6
mongo:latest
c7 c8
= container
= image
©2015 IBM Corporation13 May 1, 2023
Near bare-metal performance
http://domino.research.ibm.com/library/cyberdig.nsf/papers/0929052195DD819C85257D2300681E7B/$File/rc25482.pdf
©2015 IBM Corporation14 May 1, 2023
Separation of concerns: Dev vs OpsD
EV
OP
S• Code• Libraries• Configuration• Server runtime• OS
• Logging• Remote access• Network configuration• Monitoring
©2015 IBM Corporation15 May 1, 2023
Separation of concerns: the enterprise reality
• Code• Libraries• Configuration• Server runtime• OS
DE
VO
PS
EN
G
• Logging• Remote access• Network configuration• Monitoring
Docker and IBM
©2015 IBM Corporation17 May 1, 2023
Docker and IBM
Member of the Governance Advisory Board Contributors on Docker projects Strategic partnership with Docker
– IBM will deliver Docker Trusted Registry (previously Docker Hub Enterprise) as an on-premise solution
Docker ports to Linux on Power and System z– http://www.ibm.com/developerworks/linux/linux390/docker.html– https://www.ibm.com/developerworks/library/d-docker-on-power-linux-platform/
Exploitation by IBM products and services
©2015 IBM Corporation18 May 1, 2023
IBM Container Runtime on Bluemix
Automate the build of Docker images
Manage and distribute Docker images in private image registries
Easily host containers in the cloud
Scale and auto-recovery built-in
Logging and Monitoring built-in
Now in US & EU
©2015 IBM Corporation19 May 1, 2023
Continuous integration of docker images using IBM UrbanCode Build
Deploy and manage multi-platform/multi-container application environments with IBM UrbanCode Deploy to
IBM Container Service via Bluemix Docker hosts on hybrid-clouds IBM SoftLayer and others (e.g. OpenStack, AWS, VMWare) Mobile, Traditional/Virtualized
UrbanCode Deploy supports Docker to provide an enterprise solution for DevOps
What’s newIBM UrbanCode enables automated deployment and management of multi-
platform & multi-container environments to hybrid cloud
Enabling multi-platform & multi-container deployments to Hybrid Clouds
other platforms
IBM UrbanCode solution for Docker Containers
©2015 IBM Corporation20 May 1, 2023
1. Build, deploy and run Patterns with Docker containers on PureApplication System, Service and Software
2. PureApplication brings Enterprise-grade lifecycle management to Docker
3. Included private Docker registry Pattern deployable as a shared service
+Enterprise Strength Docker
Improved Performance• Faster application deployment, start-up and scaling 92% faster vs. VM deploy• Higher density deployments 7.8X more containers vs. VMs on same HW
Portability, Hybrid Cloud, Open Ecosystem, Productivity• More seamless workload movement in hybrid & borderless cloud scenarios• Access thousands of pre-built applications on DockerHub
Docker and Patterns: Better Together
Patterns
©2015 IBM Corporation May 1, 202321
©2015 IBM Corporation22 May 1, 2023
Containerized IBM software
WebSphere Application Server and Docker
©2015 IBM Corporation24 May 1, 2023
WebSphere Application Server and Docker
Support for WebSphere Application Server Liberty Profile and Full Profile running under Docker
WAS Liberty images on Docker Hub for Development use– Latest WAS V8.5.5 Liberty driver
Kernel, Java EE 6 Web Profile, and Java EE 7 Web and Full Profile images– WAS Liberty V9 Beta with Java EE 7
Dockerfiles on WASdev GitHub to:– Upgrade the Docker Hub image with Liberty Base or ND commercial license– Build your own Docker image for Liberty (Core, Base or ND)
kernel common webProfile7 javaee7
webProfile6beta
©2015 IBM Corporation30 May 1, 2023
Docker Quick Start
Linux – run natively e.g. on Ubuntu– sudo apt-get install docker.io # From distribution repo– curl -sSL https://get.docker.com/ubuntu/ | sudo sh– sudo apt-get install docker-engine # NEW: from apt.dockerproject.org/repo
Windows/Mac – run in VM (based on Tiny Core Linux) under VirtualBox – http://boot2docker.io/
Docker Machine (https://github.com/docker/machine)– Create VM with Docker installed
docker-machine -d virtualbox dev docker-machine -d openstack … test docker-machine -d softlayer … prod
– Set environment variables to configure docker CLI to use machine eval $(docker-machine env dev)
©2015 IBM Corporation31 May 1, 2023
Running a Liberty server under Docker
$ docker run -it -e LICENSE=accept websphere-liberty
Unable to find image 'websphere-liberty:latest' locally
websphere-liberty:latest: The image you are pulling has been verified
1982456d9ebb: Pull complete
068e3636b930: Pull complete
16b920ee3a3f: Pull complete
…
Status: Downloaded newer image for websphere-liberty:latest
Launching defaultServer (WebSphere Application Server 8.5.5.5/wlp-1.0.8.cl50520150305-2202) on IBM J9 VM, version pxa6470_27sr1fp1-20140708_01 (SR1 FP1) (en_US)
[AUDIT ] CWWKE0001I: The server defaultServer has been launched.
…
©2015 IBM Corporation32 May 1, 2023
Useful Docker commands
Run in the background with a port exposed on the host– docker run -e LICENSE=accept -p 80:9080 -d --name wlp websphere-liberty– docker logs --tail=all -f wlp
Or allow Docker to allocate ports if running multiple containers– C=$(docker run -e LICENSE=accept -P -d websphere-liberty)– docker port $C 9080– docker logs --tail=all -f $C
And when you’re done– docker stop $C– docker rm $C
©2015 IBM Corporation33 May 1, 2023
Mounting a local volume for development
docker run -d -e LICENSE=accept -p 9080:9080 -v /tmp/app.war:/opt/ibm/wlp/usr/servers/defaultServer/dropins/app.war websphere-liberty
Updates from the host are now reflected in the container It really is a mount – not a copy of the file Fine for development, but to ensure we can recreate across environments we don’t want
to be dependent on configuration of the host
.war
©2015 IBM Corporation34 May 1, 2023
Deploying an application: option 1
Build a layer on top of the image containing the application Dockerfile
FROM websphere-libertyADD app.war /opt/ibm/wlp/usr/servers/defaultServer/dropins/ ENV LICENSE accept
docker build -t app . docker run -d -p 80:9080 -p 443:9443 app
Modifying the application requires rebuilding and redeploying just the application layer
.war
©2015 IBM Corporation35 May 1, 2023
Deploying an application: option 2
Put the application in a separate data volume container
Dockerfile
FROM ubuntuADD app.war /opt/ibm/wlp/usr/servers/defaultServer/dropins/ ENV LICENSE accept
docker build -t appimage .
docker run -v /opt/ibm/wlp/usr/servers/defaultServer/dropins --name app appimage true
docker run -d -e LICENSE=accept -p 80:9080 --volumes-from app websphere-liberty
Modifying the application requires rebuilding and redeploying just the application container AND it doesn’t need to be rebuilt if the application server container is updated
.war
©2015 IBM Corporation36 May 1, 2023
Data volumes for consolidated logging
Update Liberty config to log to directory based on hostname– server.xml
…<logging logDirectory="/logs/${env.HOSTNAME}" />…
– DockerfileFROM websphere-libertyADD server.xml /opt/ibm/wlp/usr/servers/defaultServer/ENV LICENSE accept
– docker build -t wlp-log . Create a data volume container for logs
– docker run --name logs -v /logs wlp-log true Run one or more Liberty instances
– docker run -d --volumes-from logs wlp-log Access consolidated log files
– docker run --volumes-from logs -v `pwd`:/backup ubuntu sh -c 'tar –czf /backup/backup.tar.gz /logs'
/logs
©2015 IBM Corporation37 May 1, 2023
Adding Liberty features
The websphere-liberty image on Docker Hub only contains the contents of the runtime install JAR
Additional features can be added via installUtility and the online repository Example to create an image with the MongoDB feature
Dockerfile
FROM websphere-libertyRUN installUtility install --acceptLicense mongodb-2.0
docker build -t websphere-liberty:mongodb .mongodb
©2015 IBM Corporation38 May 1, 2023
Container linking
Linking provides a mechanism to make containers awareof one another
For example, start a container running MongoDB:– docker run -d --name mongodb dockerfile/mongodb
Then link it to another container with the alias ‘db’– docker run -d --link mongodb:db -p 80:9080 app
/etc/hosts will be updated in the second container to resolve ‘db’ to the correct IP address for the first container
Configuration in this container can therefore make use of this alias host name– server.xml
<mongo libraryRef="lib" hostNames="db" ports="27017"/>
db
mongodb
©2015 IBM Corporation39 May 1, 2023
Cross-host dependencies
Container linking only works on a single host Two options for dependencies across hosts:
1. Ambassador pattern– Link to a local container that acts
as a port forwarder to a remote service– Enables changing the backend service
by only restarting the ambassador
2. Environment variables– Pass the details of the remote service
as environment variables
– For example: docker run -e DB=192.0.2.0 -d app server.xml
<mongo libraryRef="lib" hostNames=“${env.DB}" ports="27017"/>
mongodb
fwd db
mongodb
-e
©2015 IBM Corporation40 May 1, 2023
Building a ‘right size’ image
The default (‘latest’) Docker Hub image corresponds to the ‘javaee7’ tagged image containing the Java EE7 full profile feature set
Tags are also available for ‘webProfile6’ and ‘webProfile7’ It is also possible to build an image that contains just the features required by the
application by starting with the ‘kernel’ image and using installUtility to provision features from the online repository based on those listed in server.xml
FROM websphere-liberty:kernelCOPY server.xml /opt/ibm/wlp/usr/servers/defaultServer/ RUN installUtility install --acceptLicense defaultServer
©2015 IBM Corporation41 May 1, 2023
Obtaining a production licensed image
Two options:
1. Obtain JRE and Liberty binaries from Passport Advantage/developerWorks and build your own Docker imagehttps://github.com/WASdev/ci.docker/tree/master/websphere-liberty/8.5.5/production-install
2. Upgrade the Liberty image from Docker Hub using executable license JARs obtained from Passport Advantagehttps://github.com/WASdev/ci.docker/tree/master/websphere-liberty/8.5.5/production-upgrade
©2015 IBM Corporation43 May 1, 2023
Performance – Liberty vs Tomcat
Liberty performs 2.4x better than Tomcat 8 with a 4 Docker Container topology
Single host – 4 CPUs assigned across 1, 2 or 4 containers
©2015 IBM Corporation44 May 1, 2023
Performance – Liberty vs Wildfly
DayTrader 7 workload contains few features of Java EE 7 like Servlet 3.1, Web Sockets
Liberty outperforms Wildfly by greater than x2 running Docker topologies
©2015 IBM Corporation45 May 1, 2023
Liberty collectives and Docker
Multi-host Liberty collectives work out-of-the-box with Docker with the use of host-level networking (--net=host) or a network overlay across Docker hosts (e.g. Weave)
Work in progress (see September beta)– Make collective controller Docker aware (understand port and host mapping)– Extend auto-scaling to work with Docker images in addition to existing Liberty
server packages
Controller .war.war.war
.war.war.war
.war.war.war
.war.war.warController
Controller
.war
©2015 IBM Corporation46 May 1, 2023
©2015 IBM Corporation47 May 1, 2023
Summary
Overview of Docker Docker and IBM WebSphere Application Server and Docker
©2015 IBM Corporation
©2015 IBM Corporation49 May 1, 2023
Notices and DisclaimersCopyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law.
©2015 IBM Corporation50 May 1, 2023
Notices and Disclaimers (con’t)
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com, Bluemix, Blueworks Live, CICS, Clearcase, DOORS®, Enterprise Document Management System™, Global Business Services ®, Global Technology Services ®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, SoDA, SPSS, StoredIQ, Tivoli®, Trusteer®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.