SlideShare a Scribd company logo

Pixels_Camp

Nelson Gomes
Nelson Gomes
1 of 51
Download to read offline
Microservices FTW Nelson Gomes / BitSight Technologies
Presentation Topics “Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program.” - Linus Torvalds Server Setup REST APIs Distribute It ● Microservices Introduction ● Setting up Jetty/Jersey ● Database Access ● Caching ● Swagger Introduction ● Swagger File Generation ● Client Generation ● Jackson Behaviour Control ● Circuit Breakers ● Hazelcast Introduction ● Distributed Processing ● Dockerize it
Microservices Introduction Server Setup
80% of S&P 500 had a security event in 2013 Small pieces of software exposed via HTTP/REST Each resource should be a noun (ex: user, company, product) HTTP provides the verbs for CRUD operations: Create = POST Read = GET Update = PUT Delete = DELETE Stateless, Cacheable, Layered system Roy Thomas Fielding dissertation for further reading. Server Setup - Microservices Introduction Microservices refers to a software design architecture where applications are made of independently deployable services.
Server Setup - Microservices Introduction HTTP Response Codes applied to REST: Read about at http://racksburg.com/choosing-an-http-status-code/
80% of S&P 500 had a security event in 2013 Scalable - adding more servers to handle specific REST calls Layered - abstracting what server handles the request Redundant - a server down will have theoretically no impact Stateless - no server side state, each request must provide all information Unique functionality - only one service implements it Server Setup - Microservices Introduction Microservices should not be confused with REST APIs. A Microservice should be:
80% of S&P 500 had a security event in 2013 Server Setup - Microservices Introduction Microservices architecture:
80% of S&P 500 had a security event in 2013 Server Setup - Microservices Introduction Microservices architecture: Usually Y-AXIS scaling is done using hardware load balancers or software load balancers like Nginx or HAProxy. X-AXIS can be hosts, VMs or containers.
80% of S&P 500 had a security event in 2013 Distributed architectures are hard to implement Operational complexity service monitoring control cascading effect problem detection Complexity of cross-service refactoring Service dependency and versioning Server Setup - Microservices Introduction Microservices disadvantages: The very first thing you should have operational is a metrics system to allow global monitoring of the system, otherwise you won’t have any awareness of it’s health.
Setting up Jetty/Jersey Server Setup
80% of S&P 500 had a security event in 2013 Create a java project with war packaging Add maven dependencies (see the github link for this) There are at least two ways to start a jetty server: Start a main class (useful for development), or Use jetty-runner to deploy the project after packaging Server Setup - Setting up Jetty/Jersey Setup steps: $ mvn package $ java -jar jetty-runner.jar application.war
Server Setup - Setting up Jetty/Jersey Jetty is a Java standalone web server and servlet container. Jersey is a framework for RESTful web services. public static void main(String[] args) throws Exception { ServerMain.log.info("Starting jetty version {}", Server.getVersion()); // configure jetty server Server jettyServer = new Server(8080); // setup up access log final NCSARequestLog requestLog = new NCSARequestLog("logs/access-yyyy_mm_dd.log"); requestLog.setAppend(true); requestLog.setExtended(true); requestLog.setLogTimeZone("GMT"); jettyServer.setRequestLog(requestLog); // setup web app final WebAppContext webapp = new WebAppContext(); webapp.setResourceBase("src/main/webapp/"); // pass webapp to jetty jettyServer.setHandler(webapp); // start web server jettyServer.start(); jettyServer.join(); }
80% of S&P 500 had a security event in 2013 Server Setup - Setting up Jetty/Jersey At this point we should have a HTTP server ready to run on port 8080:
80% of S&P 500 had a security event in 2013 Server Setup - Setting up Jetty/Jersey Now let’s configure our web app: Let’s create a WEB-INF/web.xml file in our webapp folder <web-app> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <servlet> <servlet-name>RestApi</servlet-name> <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class> <init-param> <param-name>jersey.config.server.provider.packages</param-name> <param-value> com.msftw.api.v1, com.msftw.api.v2 </param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>RestApi</servlet-name> <url-pattern>/api/*</url-pattern> </servlet-mapping> </web-app> @Path("/v1") public class ApiV1 { @Path("/ping") @GET public String ping() { return "pong"; } }
80% of S&P 500 had a security event in 2013 Server Setup - Setting up Jetty/Jersey At this point we should have a HTTP server responding on/ api/v1/ping and api/v2/ping
Database Access Server Setup
80% of S&P 500 had a security event in 2013 Raw JDBC - avoid it at all cost, because resource management and connection pool are hard to manage Apache DbUtils - very reliable and very fast, my favourite JDBI - reliable, simple to use, but not so fast jOOQ - an ORM engine, gains on relations, loses some performance Hibernate - another ORM engine Sql2o - faster than DbUtils, to monitor in the future Server Setup - Database Access There are a lot of database access layers. You should choose the on that brings you the most benefits: These frameworks usually depend on some other framework for connection pooling like Apache DBCP or HikariCP My favourite combination is DbUtils with HikariCP
Server Setup - Database Access DBUtils is a very fast, lightweight and reliable framework, HikariCP is a high performance JDBC connection pool public class DatabaseHelper implements AutoCloseable { private static Map<String, HikariDataSource> pools = new ConcurrentHashMap<String, HikariDataSource>(); public static DataSource getDataSource(String config) { if (!pools.containsKey(config)) createDataSource(config); return pools.get(config); } private static synchronized void createDataSource(String config) { if (!pools.containsKey(config)) pools.put(config, new HikariDataSource(new HikariConfig(config))); } public void close() throws Exception { pools.clear(); } } QueryRunner runner = new QueryRunner(DatabaseHelper.getDataSource(“config”));
Caching Server Setup
80% of S&P 500 had a security event in 2013 Reactive - cache is generated on first miss, used when the cache domain is too big. Generates race conditions on heavy load. Usually has a TTL and is dropped by LRU algorithm. Proactive - cache domain is limited, can fit in memory and is generated beforehand. Usually this cache won’t have a single miss, and is refreshed periodically or when an event occurs. Server Setup - Caching Caching Paradigms: You should cache as much as you can if you want performance. If it saves you a query, a system call or some communication, cache it even for a short TTL.
80% of S&P 500 had a security event in 2013 Static - cache content for URIs that don’t change often Response - cache responses using call and parameters as key Data - cache data processed by some key Remote - cache remote call responses using call and parameter as key Query - cache query responses using the query and parameters as key Server Setup - Caching Caching Levels:
80% of S&P 500 had a security event in 2013 Caffeine - very fast, Java 8, Guava drop-in replacement ConcurrentLinkedHashMap Google Guava Ehcache - distributed cache Infinispan - distributed cache HazelCast - distributed cache A good option is to combine local cache with a distributed one, improving in speed and reliability. Server Setup - Caching Caching Frameworks: Caching engine should be chosen by application requirements: Speed vs Reliability Read (75%) / Write (25%)
80% of S&P 500 had a security event in 2013 Server Setup - Caching Sample Caching: LoadingCache<Key, Graph> graphs = Caffeine.newBuilder() .maximumSize(10_000) .expireAfterWrite(5, TimeUnit.MINUTES) .refreshAfterWrite(1, TimeUnit.MINUTES) .build(key -> createExpensiveGraph(key)); Cache<Key, Graph> graphs = Caffeine.newBuilder() .maximumSize(1000) .expireAfterWrite(3600, TimeUnit.SECONDS) .build(); Graph graph = graphs.getIfPresent(key); if(graph == null){ // generate graph and cache it graph = createExpensiveGraph(key); graphs.put(key, graph); }
Swagger Introduction REST APIs
80% of S&P 500 had a security event in 2013 Swagger is a simple yet powerful representation of your RESTful API. In today’s presentation we’ll demonstrate three tools: • Swagger file generation in Java • Swagger UI • Swagger Editor Swagger Specification has been donated to the Open API Initiative It’s adoption has several benefits: Interactive documentation Client SDK generation Server generation API discoverability Lots of development goodies REST APIs - Swagger Introduction
80% of S&P 500 had a security event in 2013 For our project to generate Swagger information we’ll add annotations to our methods. Annotating Java code is a simple way of maintaining your API The maven plugin will do the rest by reflection and produce documentation and the Swagger file, advantages: Easy update and addition of methods No need to diff generated code with your codebase Technology independent Easier to maintain versions REST APIs - Swagger Introduction
80% of S&P 500 had a security event in 2013 Some common annotations: @Api - to declare an API resource (class level) @ApiModel - provides additional information REST APIs - Swagger Introduction @Api @ApiModel(value = "APIv1", description = "Microservices FTW Methods") @Path("/v1") public class ApiV1 {
80% of S&P 500 had a security event in 2013 Some common annotations: @ApiOperation @ApiResponses REST APIs - Swagger Introduction @GET @Path("/ping") @Produces(MediaType.TEXT_PLAIN) @ApiOperation(value = "Ping method", notes = "Method to check API connectivity.") @ApiResponses(value = { @ApiResponse(code = 200, message = "successful operation", response = String.class) }) public String pingMethod(@Context final HttpServletRequest request) { log.info("Received request for {} from IP {}", request.getRequestURI(), request.getRemoteAddr()); return "pong"; }
80% of S&P 500 had a security event in 2013 Response structures: responseContainerTypes: List, Set and Map REST APIs - Swagger Introduction @Path("/books") @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "List Books method", notes = "Method to get a books list.") @ApiResponses(value = { @ApiResponse(code = 200, message = "successful operation", response = Book.class, responseContainer = "List"), @ApiResponse(code = 500, message = "unsuccessful operation", response = String.class) }) public Response getBooks() {
80% of S&P 500 had a security event in 2013 Some common annotations: @ApiParam @ResponseHeaders REST APIs - Swagger Introduction @POST @Path("/books") @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Create Books method", notes = "Method to create books.") @ApiResponses(value = { @ApiResponse(code = 200, message = "successful operation”, response = Boolean.class, responseContainer = "List"), @ApiResponse(code = 500, message = "unsuccessful operation”, response = String.class, responseHeaders = {@ResponseHeader(name="X-Host", description="hostname that failed")}) }) public Response createBooks( @ApiParam(value="Json array of Books", required = true) final LinkedList<Book> books, @ApiParam(value="sample comment") @QueryParam("comment") String comment) {
80% of S&P 500 had a security event in 2013 Some common annotations: @ApiModelProperty REST APIs - Swagger Introduction public class Book { @ApiModelProperty(value = "Book id", required = false, example = "1") private Integer id; @ApiModelProperty(value = "Book title", required = true, example = "Book Title") private String title; @ApiModelProperty(value = "Book ISBN", required = true, example = "Book ISNTitle") private String isbn; @ApiModelProperty(value = "Book Price", required = true, example = "12.12") private Float price; @ApiModelProperty(value = "Publisher Name", required = true, example = "Publisher") private String publisher; public Integer getId() { return id; } (…)
Swagger File Generation REST APIs
80% of S&P 500 had a security event in 2013 REST APIs - Swagger File Generation We’re going to use Swagger Maven plugin to generate our Swagger file Download latest version and copy folder test/resources/ templates to src/main/ resources Now we just need to hook it to our Maven project Now your Swagger API and file will be updated instantly every time you package your project Download source from http://kongchen.github.io/swagger-maven-plugin/ $ mvn package
80% of S&P 500 had a security event in 2013 REST APIs - Swagger File Generation changes to pom.xml <plugin> <groupId>com.github.kongchen</groupId> <artifactId>swagger-maven-plugin</artifactId> <version>3.1.3</version> <configuration> <apiSources> <apiSource> <springmvc>false</springmvc> <locations><!-- declare packages --> com.msftw.api.v1 </locations> <schemes>http</schemes> <basePath>/api</basePath> <info> (…) </info> <templatePath>(…)/strapdown.html.hbs</templatePath> <outputPath>(…)/webapp/documentation.html</outputPath> <swaggerDirectory>(…)/webapp</swaggerDirectory> <outputFormats>yaml,json</outputFormats> <attachSwaggerArtifact>true</attachSwaggerArtifact> </apiSource> </apiSources> </configuration> (…)
80% of S&P 500 had a security event in 2013 REST APIs - Swagger File Generation At this point we should have documentation generated and an empty Swagger file generated:
80% of S&P 500 had a security event in 2013 REST APIs - Swagger Introduction Now let’s setup Swagger-UI: Go to http://swagger.io/swagger- ui/ for documentation Download latest Swagger UI from https://github.com/swagger- api/swagger-ui/releases Decompress and copy dist folder contents to our project src/main/ webapp folder Reload default webpage to see a sample swagger interface This UI is a very useful tool
Client Generation REST APIs
80% of S&P 500 had a security event in 2013 REST APIs - Client Generation The biggest benefit in using Swagger is the easiness to generate client stubs for almost every language: Go to http://editor.swagger.io/ to generate your client/server Automate code generation into your development cycle
80% of S&P 500 had a security event in 2013 REST APIs - Client Generation
Jackson Behaviour Control REST APIs
80% of S&P 500 had a security event in 2013 REST APIs - Jackson Behaviour Control Jackson handles json parsing but does not handle some special cases: An empty POST gives a 500 error before calling our method This change allows receiving null objects in our methods and handle those errors @Provider public class CustomJsonProvider extends JacksonJaxbJsonProvider { private static ObjectMapper mapper = new ObjectMapper(); static { CustomJsonProvider.mapper.configure( DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT, true); } public CustomJsonProvider() { super(); this.setMapper(CustomJsonProvider.mapper); } }
Circuit Breakers Distribute It
Hystrix is a good framework to help implement circuit breakers Distribute It - Circuit Breakers Circuit Breakers are a very important feature to avoid domino effect when failures occur in chained Microservices https://github.com/Netflix/Hystrix/wiki/How-To-Use#Common-Patterns
80% of S&P 500 had a security event in 2013 Distribute It - Circuit Breakers Hystrix helps alleviate the domino effect than can cause crashes in distributed systems Preventing any single dependency from using up all user threads. Shedding load and failing fast instead of queueing. Providing fallbacks wherever feasible to protect users from failure. Using isolation techniques to limit the impact of any one dependency. Optimizing for time-to-discovery through near real-time metrics, monitoring, and alerting Optimizing for time-to-recovery Protecting against failures in the entire dependency client execution, not just in the network traffic.
Hazelcast Introduction Distribute It
80% of S&P 500 had a security event in 2013 Distribute It - Hazelcast Introduction Hazelcast is a zero configuration cluster framework With Hazelcast you can create a cluster with 1 line of code private static HazelcastInstance clusterNode = Hazelcast.newHazelcastInstance(new Config()); private static ConcurrentMap<String, String> map; static { // initialize our distributed map map = clusterNode.getMap(“my-distributed-map"); } // Concurrent Map methods map.putIfAbsent("somekey", "somevalue"); map.replace("key", "value", "newvalue"); https://hazelcast.org/ https://hazelcast.org/features/
80% of S&P 500 had a security event in 2013 Distribute It - Distributed Processing Microservices are not the answer to everything: If you can process a request later, put it in a queue Parallelise your task if possible Avoid long waits on responses Cache everything you can Your system should be resource aware Avoid multi-request transactions Page your results to avoid large requests Consul can be useful to help managing distributed systems.
Dockerize It Distribute It
80% of S&P 500 had a security event in 2013 Distribute It - Dockerize It Containers are a very useful tool when you want to scale: A single docker image can be replicated to hundreds of machines Tools like Kubernetes, Docker Swarm, Amazon ECS automate this Containers usually have a small footprint and are very fast to deploy Need to test a specific Linux distribution? # Download an ubuntu image docker pull ubuntu # run shell docker run -it ubuntu /bin/bash
Demo Time!!! https://github.com/nelsongomes/microservices-ftw Microservices FTW
For more information: BitSight Technologies 125 CambridgePark Drive, Suite 204 Cambridge, MA 02140 www.bitsighttech.com QUESTIONS? nelson.gomes@bitsighttech.com

Recommended

Guide - Migrating from Heroku to AWS using CloudFormation
Guide - Migrating from Heroku to AWS using CloudFormationGuide - Migrating from Heroku to AWS using CloudFormation
Guide - Migrating from Heroku to AWS using CloudFormationRob Linton
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...Geir Høydalsvik
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinVietnam Open Infrastructure User Group
 
Why NBC Universal Migrated to MongoDB Atlas
Why NBC Universal Migrated to MongoDB AtlasWhy NBC Universal Migrated to MongoDB Atlas
Why NBC Universal Migrated to MongoDB AtlasDatavail
 
Extending and Automating Cloudera Manager via API
Extending and Automating Cloudera Manager via APIExtending and Automating Cloudera Manager via API
Extending and Automating Cloudera Manager via APIClouderaUserGroups
 
Cloudera User Group SF - Cloudera Manager: APIs & Extensibility
Cloudera User Group SF - Cloudera Manager: APIs & ExtensibilityCloudera User Group SF - Cloudera Manager: APIs & Extensibility
Cloudera User Group SF - Cloudera Manager: APIs & ExtensibilityClouderaUserGroups
 

Recommended

Guide - Migrating from Heroku to AWS using CloudFormation
Guide - Migrating from Heroku to AWS using CloudFormationGuide - Migrating from Heroku to AWS using CloudFormation
Guide - Migrating from Heroku to AWS using CloudFormationRob Linton
 
How to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureHow to implement a gdpr solution in a cloudera architecture
How to implement a gdpr solution in a cloudera architectureTiago Simões
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...Geir Høydalsvik
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
Ansible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinAnsible Automation - Enterprise Use Cases | Juncheng Anthony Lin
Ansible Automation - Enterprise Use Cases | Juncheng Anthony LinVietnam Open Infrastructure User Group
 
Why NBC Universal Migrated to MongoDB Atlas
Why NBC Universal Migrated to MongoDB AtlasWhy NBC Universal Migrated to MongoDB Atlas
Why NBC Universal Migrated to MongoDB AtlasDatavail
 
Extending and Automating Cloudera Manager via API
Extending and Automating Cloudera Manager via APIExtending and Automating Cloudera Manager via API
Extending and Automating Cloudera Manager via APIClouderaUserGroups
 
Cloudera User Group SF - Cloudera Manager: APIs & Extensibility
Cloudera User Group SF - Cloudera Manager: APIs & ExtensibilityCloudera User Group SF - Cloudera Manager: APIs & Extensibility
Cloudera User Group SF - Cloudera Manager: APIs & ExtensibilityClouderaUserGroups
 
Azure powershell management
Azure powershell managementAzure powershell management
Azure powershell managementChristian Toinard
 
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 201910 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019Matt Raible
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconMario-Leander Reimer
 
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityCloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityClouderaUserGroups
 
UCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerToolUCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerToolCisco Canada
 
WebSphere Technical University: Introduction to the Java Diagnostic Tools
WebSphere Technical University: Introduction to the Java Diagnostic ToolsWebSphere Technical University: Introduction to the Java Diagnostic Tools
WebSphere Technical University: Introduction to the Java Diagnostic ToolsChris Bailey
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Cloudera cluster setup and configuration
Cloudera cluster setup and configurationCloudera cluster setup and configuration
Cloudera cluster setup and configurationSudheer Kondla
 
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, GcpPriyanka Aash
 
UK Azure Users Group
UK Azure Users Group UK Azure Users Group
UK Azure Users Group Richard Conway
 
Session 2 - CloudStack Usage and Application (2013.Q3)
Session 2 - CloudStack Usage and Application (2013.Q3)Session 2 - CloudStack Usage and Application (2013.Q3)
Session 2 - CloudStack Usage and Application (2013.Q3)tcloudcomputing-tw
 
Running your Java EE 6 applications in the cloud
Running your Java EE 6 applications in the cloudRunning your Java EE 6 applications in the cloud
Running your Java EE 6 applications in the cloudArun Gupta
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIsJoe Cropper
 
Proxy SQL 2.0 with PXC
Proxy SQL 2.0 with PXCProxy SQL 2.0 with PXC
Proxy SQL 2.0 with PXCVinicius M Grippa
 
Session 3 - CloudStack Test Automation and CI
Session 3 - CloudStack Test Automation and CISession 3 - CloudStack Test Automation and CI
Session 3 - CloudStack Test Automation and CItcloudcomputing-tw
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
Provisioning with OSGi Subsystems and Repository using Apache Aries and Felix
Provisioning with OSGi Subsystems and Repository using Apache Aries and FelixProvisioning with OSGi Subsystems and Repository using Apache Aries and Felix
Provisioning with OSGi Subsystems and Repository using Apache Aries and FelixDavid Bosschaert
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailPuma Security, LLC
 
MySQL Group Replication - Ready For Production? (2018-04)
MySQL Group Replication - Ready For Production? (2018-04)MySQL Group Replication - Ready For Production? (2018-04)
MySQL Group Replication - Ready For Production? (2018-04)Kenny Gryp
 
Komunikasyon
KomunikasyonKomunikasyon
KomunikasyonPaul Mitchell Chua
 
全球增溫
全球增溫全球增溫
全球增溫mrmak2011
 

More Related Content

What's hot

10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 201910 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019Matt Raible
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconMario-Leander Reimer
 
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityCloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityClouderaUserGroups
 
UCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerToolUCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerToolCisco Canada
 
WebSphere Technical University: Introduction to the Java Diagnostic Tools
WebSphere Technical University: Introduction to the Java Diagnostic ToolsWebSphere Technical University: Introduction to the Java Diagnostic Tools
WebSphere Technical University: Introduction to the Java Diagnostic ToolsChris Bailey
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Cloudera cluster setup and configuration
Cloudera cluster setup and configurationCloudera cluster setup and configuration
Cloudera cluster setup and configurationSudheer Kondla
 
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, GcpPriyanka Aash
 
Session 2 - CloudStack Usage and Application (2013.Q3)
Session 2 - CloudStack Usage and Application (2013.Q3)Session 2 - CloudStack Usage and Application (2013.Q3)
Session 2 - CloudStack Usage and Application (2013.Q3)tcloudcomputing-tw
 
Running your Java EE 6 applications in the cloud
Running your Java EE 6 applications in the cloudRunning your Java EE 6 applications in the cloud
Running your Java EE 6 applications in the cloudArun Gupta
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIsJoe Cropper
 
Session 3 - CloudStack Test Automation and CI
Session 3 - CloudStack Test Automation and CISession 3 - CloudStack Test Automation and CI
Session 3 - CloudStack Test Automation and CItcloudcomputing-tw
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - SecurityMark Swarbrick
 
Provisioning with OSGi Subsystems and Repository using Apache Aries and Felix
Provisioning with OSGi Subsystems and Repository using Apache Aries and FelixProvisioning with OSGi Subsystems and Repository using Apache Aries and Felix
Provisioning with OSGi Subsystems and Repository using Apache Aries and FelixDavid Bosschaert
 
MySQL Group Replication - Ready For Production? (2018-04)
MySQL Group Replication - Ready For Production? (2018-04)MySQL Group Replication - Ready For Production? (2018-04)
MySQL Group Replication - Ready For Production? (2018-04)Kenny Gryp
 

What's hot (20)

Azure powershell management
Azure powershell managementAzure powershell management
Azure powershell management
 
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 201910 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Morocco 2019
 
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAconCloud-native .NET-Microservices mit Kubernetes @BASTAcon
Cloud-native .NET-Microservices mit Kubernetes @BASTAcon
 
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & ExtensibilityCloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
Cloudera User Group Chicago - Cloudera Manager: APIs & Extensibility
 
UCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerToolUCS Automation through the use of API's and UCS PowerTool
UCS Automation through the use of API's and UCS PowerTool
 
WebSphere Technical University: Introduction to the Java Diagnostic Tools
WebSphere Technical University: Introduction to the Java Diagnostic ToolsWebSphere Technical University: Introduction to the Java Diagnostic Tools
WebSphere Technical University: Introduction to the Java Diagnostic Tools
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise Monitor
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
 
Cloudera cluster setup and configuration
Cloudera cluster setup and configurationCloudera cluster setup and configuration
Cloudera cluster setup and configuration
 
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
(SACON) Madhu Akula - Automated Defense Using Cloud Service Aws, Azure, Gcp
 
UK Azure Users Group
UK Azure Users Group UK Azure Users Group
UK Azure Users Group
 
Session 2 - CloudStack Usage and Application (2013.Q3)
Session 2 - CloudStack Usage and Application (2013.Q3)Session 2 - CloudStack Usage and Application (2013.Q3)
Session 2 - CloudStack Usage and Application (2013.Q3)
 
Running your Java EE 6 applications in the cloud
Running your Java EE 6 applications in the cloudRunning your Java EE 6 applications in the cloud
Running your Java EE 6 applications in the cloud
 
Working with PowerVC via its REST APIs
Working with PowerVC via its REST APIsWorking with PowerVC via its REST APIs
Working with PowerVC via its REST APIs
 
Proxy SQL 2.0 with PXC
Proxy SQL 2.0 with PXCProxy SQL 2.0 with PXC
Proxy SQL 2.0 with PXC
 
Session 3 - CloudStack Test Automation and CI
Session 3 - CloudStack Test Automation and CISession 3 - CloudStack Test Automation and CI
Session 3 - CloudStack Test Automation and CI
 
MySQL Manchester TT - Security
MySQL Manchester TT - SecurityMySQL Manchester TT - Security
MySQL Manchester TT - Security
 
Provisioning with OSGi Subsystems and Repository using Apache Aries and Felix
Provisioning with OSGi Subsystems and Repository using Apache Aries and FelixProvisioning with OSGi Subsystems and Repository using Apache Aries and Felix
Provisioning with OSGi Subsystems and Repository using Apache Aries and Felix
 
Secure DevOps: A Puma's Tail
Secure DevOps: A Puma's TailSecure DevOps: A Puma's Tail
Secure DevOps: A Puma's Tail
 
MySQL Group Replication - Ready For Production? (2018-04)
MySQL Group Replication - Ready For Production? (2018-04)MySQL Group Replication - Ready For Production? (2018-04)
MySQL Group Replication - Ready For Production? (2018-04)
 

Viewers also liked

全球增溫
全球增溫全球增溫
全球增溫mrmak2011
 
ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会
ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会
ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会Yoshinori Kobayashi
 
Codebits 2012 - Fast relational web site construction.
Codebits 2012 - Fast relational web site construction.Codebits 2012 - Fast relational web site construction.
Codebits 2012 - Fast relational web site construction.Nelson Gomes
 
Askep hepatitis
Askep hepatitisAskep hepatitis
Askep hepatitisZoni Apiko
 
RTCG - Patent Publication
RTCG - Patent PublicationRTCG - Patent Publication
RTCG - Patent PublicationEitan Keren
 
Cloud final
Cloud finalCloud final
Cloud finalLeo Fan
 
Logo moselectro concepts, 1-t version
Logo moselectro concepts, 1-t versionLogo moselectro concepts, 1-t version
Logo moselectro concepts, 1-t versionsandro2001
 
De Dieu Butler App for dummies
De Dieu Butler App for dummiesDe Dieu Butler App for dummies
De Dieu Butler App for dummiesTom Hes
 
Logo moselectro concepts, 2-d version
Logo moselectro concepts, 2-d versionLogo moselectro concepts, 2-d version
Logo moselectro concepts, 2-d versionsandro2001
 

Viewers also liked (20)

Komunikasyon
KomunikasyonKomunikasyon
Komunikasyon
 
全球增溫
全球增溫全球增溫
全球增溫
 
Ia tppt
Ia tpptIa tppt
Ia tppt
 
Vero moda præsentation
Vero moda præsentationVero moda præsentation
Vero moda præsentation
 
Sistemes opertaius Romà
Sistemes opertaius RomàSistemes opertaius Romà
Sistemes opertaius Romà
 
ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会
ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会
ロリポップと簡単インストールについて|ゼロから始めるWordPress勉強会
 
Codebits 2012 - Fast relational web site construction.
Codebits 2012 - Fast relational web site construction.Codebits 2012 - Fast relational web site construction.
Codebits 2012 - Fast relational web site construction.
 
Mafalda
MafaldaMafalda
Mafalda
 
Askep hepatitis
Askep hepatitisAskep hepatitis
Askep hepatitis
 
Zakat pembersih harta
Zakat pembersih hartaZakat pembersih harta
Zakat pembersih harta
 
RTCG - Patent Publication
RTCG - Patent PublicationRTCG - Patent Publication
RTCG - Patent Publication
 
Vision sesion-12-okey
Vision sesion-12-okeyVision sesion-12-okey
Vision sesion-12-okey
 
Cloud final
Cloud finalCloud final
Cloud final
 
Loyalcation
LoyalcationLoyalcation
Loyalcation
 
Logo moselectro concepts, 1-t version
Logo moselectro concepts, 1-t versionLogo moselectro concepts, 1-t version
Logo moselectro concepts, 1-t version
 
simple gift
simple giftsimple gift
simple gift
 
De Dieu Butler App for dummies
De Dieu Butler App for dummiesDe Dieu Butler App for dummies
De Dieu Butler App for dummies
 
Portfolio yoshinori kobayashi
Portfolio yoshinori kobayashiPortfolio yoshinori kobayashi
Portfolio yoshinori kobayashi
 
Mafalda
MafaldaMafalda
Mafalda
 
Logo moselectro concepts, 2-d version
Logo moselectro concepts, 2-d versionLogo moselectro concepts, 2-d version
Logo moselectro concepts, 2-d version
 

Similar to Pixels_Camp

TDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring CloudTDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring Cloudtdc-globalcode
 
Ingesting streaming data for analysis in apache ignite (stream sets theme)
Ingesting streaming data for analysis in apache ignite (stream sets theme)Ingesting streaming data for analysis in apache ignite (stream sets theme)
Ingesting streaming data for analysis in apache ignite (stream sets theme)Tom Diederich
 
Ten Battle-Tested Tips for Atlassian Connect Add-ons
Ten Battle-Tested Tips for Atlassian Connect Add-onsTen Battle-Tested Tips for Atlassian Connect Add-ons
Ten Battle-Tested Tips for Atlassian Connect Add-onsAtlassian
 
Java Web Programming on Google Cloud Platform [1/3] : Google App Engine
Java Web Programming on Google Cloud Platform [1/3] : Google App EngineJava Web Programming on Google Cloud Platform [1/3] : Google App Engine
Java Web Programming on Google Cloud Platform [1/3] : Google App EngineIMC Institute
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaMark Leith
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMalcolm Duncanson, CISSP
 
Troubleshooting Apache Cloudstack
Troubleshooting Apache CloudstackTroubleshooting Apache Cloudstack
Troubleshooting Apache CloudstackRadhika Puthiyetath
 
Building microservices sample application
Building microservices sample applicationBuilding microservices sample application
Building microservices sample applicationAnil Allewar
 
ServerTemplate Deep Dive
ServerTemplate Deep DiveServerTemplate Deep Dive
ServerTemplate Deep DiveRightScale
 
Pyramid Deployment and Maintenance
Pyramid Deployment and MaintenancePyramid Deployment and Maintenance
Pyramid Deployment and MaintenanceJazkarta, Inc.
 
Trouble shooting apachecloudstack
Trouble shooting apachecloudstackTrouble shooting apachecloudstack
Trouble shooting apachecloudstackSailaja Sunil
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaArvind Kumar G.S
 
Agile integration workshop Seattle
Agile integration workshop SeattleAgile integration workshop Seattle
Agile integration workshop SeattleJudy Breedlove
 
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...Leighton Nelson
 

Similar to Pixels_Camp (20)

Pyramid deployment
Pyramid deploymentPyramid deployment
Pyramid deployment
 
TDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring CloudTDC2016SP - Construindo Microserviços usando Spring Cloud
TDC2016SP - Construindo Microserviços usando Spring Cloud
 
Ingesting streaming data for analysis in apache ignite (stream sets theme)
Ingesting streaming data for analysis in apache ignite (stream sets theme)Ingesting streaming data for analysis in apache ignite (stream sets theme)
Ingesting streaming data for analysis in apache ignite (stream sets theme)
 
Ten Battle-Tested Tips for Atlassian Connect Add-ons
Ten Battle-Tested Tips for Atlassian Connect Add-onsTen Battle-Tested Tips for Atlassian Connect Add-ons
Ten Battle-Tested Tips for Atlassian Connect Add-ons
 
TDC 2016 - Arquitetura Java - Spring Cloud
TDC 2016 - Arquitetura Java - Spring CloudTDC 2016 - Arquitetura Java - Spring Cloud
TDC 2016 - Arquitetura Java - Spring Cloud
 
Java Web Programming on Google Cloud Platform [1/3] : Google App Engine
Java Web Programming on Google Cloud Platform [1/3] : Google App EngineJava Web Programming on Google Cloud Platform [1/3] : Google App Engine
Java Web Programming on Google Cloud Platform [1/3] : Google App Engine
 
QSpiders - Installation and Brief Dose of Load Runner
QSpiders - Installation and Brief Dose of Load RunnerQSpiders - Installation and Brief Dose of Load Runner
QSpiders - Installation and Brief Dose of Load Runner
 
Con4445 jesus
Con4445 jesusCon4445 jesus
Con4445 jesus
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance Schema
 
Masterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM RolesMasterless Puppet Using AWS S3 Buckets and IAM Roles
Masterless Puppet Using AWS S3 Buckets and IAM Roles
 
Troubleshooting Apache Cloudstack
Troubleshooting Apache CloudstackTroubleshooting Apache Cloudstack
Troubleshooting Apache Cloudstack
 
Building microservices sample application
Building microservices sample applicationBuilding microservices sample application
Building microservices sample application
 
ServerTemplate Deep Dive
ServerTemplate Deep DiveServerTemplate Deep Dive
ServerTemplate Deep Dive
 
Pyramid Deployment and Maintenance
Pyramid Deployment and MaintenancePyramid Deployment and Maintenance
Pyramid Deployment and Maintenance
 
Trouble shooting apachecloudstack
Trouble shooting apachecloudstackTrouble shooting apachecloudstack
Trouble shooting apachecloudstack
 
Power ai image-pipeline
Power ai image-pipelinePower ai image-pipeline
Power ai image-pipeline
 
Monitoring using Prometheus and Grafana
Monitoring using Prometheus and GrafanaMonitoring using Prometheus and Grafana
Monitoring using Prometheus and Grafana
 
Agile integration workshop Seattle
Agile integration workshop SeattleAgile integration workshop Seattle
Agile integration workshop Seattle
 
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 

Pixels_Camp

  • 1. Microservices FTW Nelson Gomes / BitSight Technologies
  • 2. Presentation Topics “Most good programmers do programming not because they expect to get paid or get adulation by the public, but because it is fun to program.” - Linus Torvalds Server Setup REST APIs Distribute It ● Microservices Introduction ● Setting up Jetty/Jersey ● Database Access ● Caching ● Swagger Introduction ● Swagger File Generation ● Client Generation ● Jackson Behaviour Control ● Circuit Breakers ● Hazelcast Introduction ● Distributed Processing ● Dockerize it
  • 4. 80% of S&P 500 had a security event in 2013 Small pieces of software exposed via HTTP/REST Each resource should be a noun (ex: user, company, product) HTTP provides the verbs for CRUD operations: Create = POST Read = GET Update = PUT Delete = DELETE Stateless, Cacheable, Layered system Roy Thomas Fielding dissertation for further reading. Server Setup - Microservices Introduction Microservices refers to a software design architecture where applications are made of independently deployable services.
  • 5. Server Setup - Microservices Introduction HTTP Response Codes applied to REST: Read about at http://racksburg.com/choosing-an-http-status-code/
  • 6. 80% of S&P 500 had a security event in 2013 Scalable - adding more servers to handle specific REST calls Layered - abstracting what server handles the request Redundant - a server down will have theoretically no impact Stateless - no server side state, each request must provide all information Unique functionality - only one service implements it Server Setup - Microservices Introduction Microservices should not be confused with REST APIs. A Microservice should be:
  • 7. 80% of S&P 500 had a security event in 2013 Server Setup - Microservices Introduction Microservices architecture:
  • 8. 80% of S&P 500 had a security event in 2013 Server Setup - Microservices Introduction Microservices architecture: Usually Y-AXIS scaling is done using hardware load balancers or software load balancers like Nginx or HAProxy. X-AXIS can be hosts, VMs or containers.
  • 9. 80% of S&P 500 had a security event in 2013 Distributed architectures are hard to implement Operational complexity service monitoring control cascading effect problem detection Complexity of cross-service refactoring Service dependency and versioning Server Setup - Microservices Introduction Microservices disadvantages: The very first thing you should have operational is a metrics system to allow global monitoring of the system, otherwise you won’t have any awareness of it’s health.
  • 11. 80% of S&P 500 had a security event in 2013 Create a java project with war packaging Add maven dependencies (see the github link for this) There are at least two ways to start a jetty server: Start a main class (useful for development), or Use jetty-runner to deploy the project after packaging Server Setup - Setting up Jetty/Jersey Setup steps: $ mvn package $ java -jar jetty-runner.jar application.war
  • 12. Server Setup - Setting up Jetty/Jersey Jetty is a Java standalone web server and servlet container. Jersey is a framework for RESTful web services. public static void main(String[] args) throws Exception { ServerMain.log.info("Starting jetty version {}", Server.getVersion()); // configure jetty server Server jettyServer = new Server(8080); // setup up access log final NCSARequestLog requestLog = new NCSARequestLog("logs/access-yyyy_mm_dd.log"); requestLog.setAppend(true); requestLog.setExtended(true); requestLog.setLogTimeZone("GMT"); jettyServer.setRequestLog(requestLog); // setup web app final WebAppContext webapp = new WebAppContext(); webapp.setResourceBase("src/main/webapp/"); // pass webapp to jetty jettyServer.setHandler(webapp); // start web server jettyServer.start(); jettyServer.join(); }
  • 13. 80% of S&P 500 had a security event in 2013 Server Setup - Setting up Jetty/Jersey At this point we should have a HTTP server ready to run on port 8080:
  • 14. 80% of S&P 500 had a security event in 2013 Server Setup - Setting up Jetty/Jersey Now let’s configure our web app: Let’s create a WEB-INF/web.xml file in our webapp folder <web-app> <welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <servlet> <servlet-name>RestApi</servlet-name> <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class> <init-param> <param-name>jersey.config.server.provider.packages</param-name> <param-value> com.msftw.api.v1, com.msftw.api.v2 </param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>RestApi</servlet-name> <url-pattern>/api/*</url-pattern> </servlet-mapping> </web-app> @Path("/v1") public class ApiV1 { @Path("/ping") @GET public String ping() { return "pong"; } }
  • 15. 80% of S&P 500 had a security event in 2013 Server Setup - Setting up Jetty/Jersey At this point we should have a HTTP server responding on/ api/v1/ping and api/v2/ping
  • 17. 80% of S&P 500 had a security event in 2013 Raw JDBC - avoid it at all cost, because resource management and connection pool are hard to manage Apache DbUtils - very reliable and very fast, my favourite JDBI - reliable, simple to use, but not so fast jOOQ - an ORM engine, gains on relations, loses some performance Hibernate - another ORM engine Sql2o - faster than DbUtils, to monitor in the future Server Setup - Database Access There are a lot of database access layers. You should choose the on that brings you the most benefits: These frameworks usually depend on some other framework for connection pooling like Apache DBCP or HikariCP My favourite combination is DbUtils with HikariCP
  • 18. Server Setup - Database Access DBUtils is a very fast, lightweight and reliable framework, HikariCP is a high performance JDBC connection pool public class DatabaseHelper implements AutoCloseable { private static Map<String, HikariDataSource> pools = new ConcurrentHashMap<String, HikariDataSource>(); public static DataSource getDataSource(String config) { if (!pools.containsKey(config)) createDataSource(config); return pools.get(config); } private static synchronized void createDataSource(String config) { if (!pools.containsKey(config)) pools.put(config, new HikariDataSource(new HikariConfig(config))); } public void close() throws Exception { pools.clear(); } } QueryRunner runner = new QueryRunner(DatabaseHelper.getDataSource(“config”));
  • 20. 80% of S&P 500 had a security event in 2013 Reactive - cache is generated on first miss, used when the cache domain is too big. Generates race conditions on heavy load. Usually has a TTL and is dropped by LRU algorithm. Proactive - cache domain is limited, can fit in memory and is generated beforehand. Usually this cache won’t have a single miss, and is refreshed periodically or when an event occurs. Server Setup - Caching Caching Paradigms: You should cache as much as you can if you want performance. If it saves you a query, a system call or some communication, cache it even for a short TTL.
  • 21. 80% of S&P 500 had a security event in 2013 Static - cache content for URIs that don’t change often Response - cache responses using call and parameters as key Data - cache data processed by some key Remote - cache remote call responses using call and parameter as key Query - cache query responses using the query and parameters as key Server Setup - Caching Caching Levels:
  • 22. 80% of S&P 500 had a security event in 2013 Caffeine - very fast, Java 8, Guava drop-in replacement ConcurrentLinkedHashMap Google Guava Ehcache - distributed cache Infinispan - distributed cache HazelCast - distributed cache A good option is to combine local cache with a distributed one, improving in speed and reliability. Server Setup - Caching Caching Frameworks: Caching engine should be chosen by application requirements: Speed vs Reliability Read (75%) / Write (25%)
  • 23. 80% of S&P 500 had a security event in 2013 Server Setup - Caching Sample Caching: LoadingCache<Key, Graph> graphs = Caffeine.newBuilder() .maximumSize(10_000) .expireAfterWrite(5, TimeUnit.MINUTES) .refreshAfterWrite(1, TimeUnit.MINUTES) .build(key -> createExpensiveGraph(key)); Cache<Key, Graph> graphs = Caffeine.newBuilder() .maximumSize(1000) .expireAfterWrite(3600, TimeUnit.SECONDS) .build(); Graph graph = graphs.getIfPresent(key); if(graph == null){ // generate graph and cache it graph = createExpensiveGraph(key); graphs.put(key, graph); }
  • 25. 80% of S&P 500 had a security event in 2013 Swagger is a simple yet powerful representation of your RESTful API. In today’s presentation we’ll demonstrate three tools: • Swagger file generation in Java • Swagger UI • Swagger Editor Swagger Specification has been donated to the Open API Initiative It’s adoption has several benefits: Interactive documentation Client SDK generation Server generation API discoverability Lots of development goodies REST APIs - Swagger Introduction
  • 26. 80% of S&P 500 had a security event in 2013 For our project to generate Swagger information we’ll add annotations to our methods. Annotating Java code is a simple way of maintaining your API The maven plugin will do the rest by reflection and produce documentation and the Swagger file, advantages: Easy update and addition of methods No need to diff generated code with your codebase Technology independent Easier to maintain versions REST APIs - Swagger Introduction
  • 27. 80% of S&P 500 had a security event in 2013 Some common annotations: @Api - to declare an API resource (class level) @ApiModel - provides additional information REST APIs - Swagger Introduction @Api @ApiModel(value = "APIv1", description = "Microservices FTW Methods") @Path("/v1") public class ApiV1 {
  • 28. 80% of S&P 500 had a security event in 2013 Some common annotations: @ApiOperation @ApiResponses REST APIs - Swagger Introduction @GET @Path("/ping") @Produces(MediaType.TEXT_PLAIN) @ApiOperation(value = "Ping method", notes = "Method to check API connectivity.") @ApiResponses(value = { @ApiResponse(code = 200, message = "successful operation", response = String.class) }) public String pingMethod(@Context final HttpServletRequest request) { log.info("Received request for {} from IP {}", request.getRequestURI(), request.getRemoteAddr()); return "pong"; }
  • 29. 80% of S&P 500 had a security event in 2013 Response structures: responseContainerTypes: List, Set and Map REST APIs - Swagger Introduction @Path("/books") @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "List Books method", notes = "Method to get a books list.") @ApiResponses(value = { @ApiResponse(code = 200, message = "successful operation", response = Book.class, responseContainer = "List"), @ApiResponse(code = 500, message = "unsuccessful operation", response = String.class) }) public Response getBooks() {
  • 30. 80% of S&P 500 had a security event in 2013 Some common annotations: @ApiParam @ResponseHeaders REST APIs - Swagger Introduction @POST @Path("/books") @Produces(MediaType.APPLICATION_JSON) @ApiOperation(value = "Create Books method", notes = "Method to create books.") @ApiResponses(value = { @ApiResponse(code = 200, message = "successful operation”, response = Boolean.class, responseContainer = "List"), @ApiResponse(code = 500, message = "unsuccessful operation”, response = String.class, responseHeaders = {@ResponseHeader(name="X-Host", description="hostname that failed")}) }) public Response createBooks( @ApiParam(value="Json array of Books", required = true) final LinkedList<Book> books, @ApiParam(value="sample comment") @QueryParam("comment") String comment) {
  • 31. 80% of S&P 500 had a security event in 2013 Some common annotations: @ApiModelProperty REST APIs - Swagger Introduction public class Book { @ApiModelProperty(value = "Book id", required = false, example = "1") private Integer id; @ApiModelProperty(value = "Book title", required = true, example = "Book Title") private String title; @ApiModelProperty(value = "Book ISBN", required = true, example = "Book ISNTitle") private String isbn; @ApiModelProperty(value = "Book Price", required = true, example = "12.12") private Float price; @ApiModelProperty(value = "Publisher Name", required = true, example = "Publisher") private String publisher; public Integer getId() { return id; } (…)
  • 33. 80% of S&P 500 had a security event in 2013 REST APIs - Swagger File Generation We’re going to use Swagger Maven plugin to generate our Swagger file Download latest version and copy folder test/resources/ templates to src/main/ resources Now we just need to hook it to our Maven project Now your Swagger API and file will be updated instantly every time you package your project Download source from http://kongchen.github.io/swagger-maven-plugin/ $ mvn package
  • 34. 80% of S&P 500 had a security event in 2013 REST APIs - Swagger File Generation changes to pom.xml <plugin> <groupId>com.github.kongchen</groupId> <artifactId>swagger-maven-plugin</artifactId> <version>3.1.3</version> <configuration> <apiSources> <apiSource> <springmvc>false</springmvc> <locations><!-- declare packages --> com.msftw.api.v1 </locations> <schemes>http</schemes> <basePath>/api</basePath> <info> (…) </info> <templatePath>(…)/strapdown.html.hbs</templatePath> <outputPath>(…)/webapp/documentation.html</outputPath> <swaggerDirectory>(…)/webapp</swaggerDirectory> <outputFormats>yaml,json</outputFormats> <attachSwaggerArtifact>true</attachSwaggerArtifact> </apiSource> </apiSources> </configuration> (…)
  • 35. 80% of S&P 500 had a security event in 2013 REST APIs - Swagger File Generation At this point we should have documentation generated and an empty Swagger file generated:
  • 36. 80% of S&P 500 had a security event in 2013 REST APIs - Swagger Introduction Now let’s setup Swagger-UI: Go to http://swagger.io/swagger- ui/ for documentation Download latest Swagger UI from https://github.com/swagger- api/swagger-ui/releases Decompress and copy dist folder contents to our project src/main/ webapp folder Reload default webpage to see a sample swagger interface This UI is a very useful tool
  • 38. 80% of S&P 500 had a security event in 2013 REST APIs - Client Generation The biggest benefit in using Swagger is the easiness to generate client stubs for almost every language: Go to http://editor.swagger.io/ to generate your client/server Automate code generation into your development cycle
  • 39. 80% of S&P 500 had a security event in 2013 REST APIs - Client Generation
  • 41. 80% of S&P 500 had a security event in 2013 REST APIs - Jackson Behaviour Control Jackson handles json parsing but does not handle some special cases: An empty POST gives a 500 error before calling our method This change allows receiving null objects in our methods and handle those errors @Provider public class CustomJsonProvider extends JacksonJaxbJsonProvider { private static ObjectMapper mapper = new ObjectMapper(); static { CustomJsonProvider.mapper.configure( DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT, true); } public CustomJsonProvider() { super(); this.setMapper(CustomJsonProvider.mapper); } }
  • 43. Hystrix is a good framework to help implement circuit breakers Distribute It - Circuit Breakers Circuit Breakers are a very important feature to avoid domino effect when failures occur in chained Microservices https://github.com/Netflix/Hystrix/wiki/How-To-Use#Common-Patterns
  • 44. 80% of S&P 500 had a security event in 2013 Distribute It - Circuit Breakers Hystrix helps alleviate the domino effect than can cause crashes in distributed systems Preventing any single dependency from using up all user threads. Shedding load and failing fast instead of queueing. Providing fallbacks wherever feasible to protect users from failure. Using isolation techniques to limit the impact of any one dependency. Optimizing for time-to-discovery through near real-time metrics, monitoring, and alerting Optimizing for time-to-recovery Protecting against failures in the entire dependency client execution, not just in the network traffic.
  • 46. 80% of S&P 500 had a security event in 2013 Distribute It - Hazelcast Introduction Hazelcast is a zero configuration cluster framework With Hazelcast you can create a cluster with 1 line of code private static HazelcastInstance clusterNode = Hazelcast.newHazelcastInstance(new Config()); private static ConcurrentMap<String, String> map; static { // initialize our distributed map map = clusterNode.getMap(“my-distributed-map"); } // Concurrent Map methods map.putIfAbsent("somekey", "somevalue"); map.replace("key", "value", "newvalue"); https://hazelcast.org/ https://hazelcast.org/features/
  • 47. 80% of S&P 500 had a security event in 2013 Distribute It - Distributed Processing Microservices are not the answer to everything: If you can process a request later, put it in a queue Parallelise your task if possible Avoid long waits on responses Cache everything you can Your system should be resource aware Avoid multi-request transactions Page your results to avoid large requests Consul can be useful to help managing distributed systems.
  • 49. 80% of S&P 500 had a security event in 2013 Distribute It - Dockerize It Containers are a very useful tool when you want to scale: A single docker image can be replicated to hundreds of machines Tools like Kubernetes, Docker Swarm, Amazon ECS automate this Containers usually have a small footprint and are very fast to deploy Need to test a specific Linux distribution? # Download an ubuntu image docker pull ubuntu # run shell docker run -it ubuntu /bin/bash
  • 51. For more information: BitSight Technologies 125 CambridgePark Drive, Suite 204 Cambridge, MA 02140 www.bitsighttech.com QUESTIONS? nelson.gomes@bitsighttech.com