Tenant Id - Not Part of URL
by Stefan Negrea
Hello Everybody,
I've been working on a PR for the upcoming Hawkular Metrics release that will remove the tenant id from the end-point URLs. The tenant id will be moved to either a header parameter or a query parameter. The query parameter is in place for cases (such as curl) where setting a header is not possible, difficult, or inconvenient.
Here is an example of the change:
Existing URL:
/{tenantId}/gauge/{metricId}/data
New URL:
/gauge/{metricId}/data
Tenant id set via:
1) header - tenantId
2) query parameter - tenantId
There are two exceptions to this rule, /tenants and /db/{tenantid}/series. The /tenants end-point will be changed into something different in the upcoming releases since it is mostly a management type API that does not belong in the same place with the regular metrics endpoint. And /db/{tenantid}/series end-point is needed in this exact format for compatibility with Influxdb compatible services.
Now, to the merits of this change. The tenant id is volatile, can change any time, and changes to it should be expected; but the rest of the URL is fixed. The second issue is that the tenant id is a security concern. So we were limited in design choices since a security concern was leaking as part of the URL.
So removing the tenant id from the URL will give us permanent & consistent addresses for resources (metrics and metric data points). And we will gain a lot of flexibility on the security side. In the future, users could authenticate with a user/pass combo and the backend would transform that into a tenant id to be used on the request. If the same user later decides to use a tenant id to pass along the request, the URL of the resources would not change. Another expectation is that tenant id is not sufficient, it is typically a combo of id + secret; so we would have resorted to a header or query param for the second piece of information (the secret).
This change will give us the flexibility to adjust the security model (the meaning of tenant ids and ways to validate them) without compromising the URL structure. This will help Hawkular Metrics as it gets integrated into more and more projects and products.
Here are the links to the JIRA and the PR for this change:
https://github.com/hawkular/hawkular-metrics/pull/202
https://issues.jboss.org/browse/HWKMETRICS-68
Thank you,
Stefan Negrea
Software Engineer
1 year, 1 month
New and noteworthy in hawkular-parent 25
by Peter Palaga
Hi *,
hawkular-parent 25 brings the following:
* srcdeps-maven-plugin 0.0.5
* meets the promisses falsely done for 0.0.4:
* less console output
* built without tests
* wildfly-maven-plugin 1.1.0.Alpha4
I have sent PRs to all components repos.
Thanks,
Peter
_______________________________________________
hawkular-dev mailing list
hawkular-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/hawkular-dev
1 year, 1 month
hawkular.org - Redux Initiative
by Stefan Negrea
Hello Everybody,
I would like to kickstart "Redux Initiative" for the Hawkular website. The
goal is to refocus the message and information presented on the website to
core active Hawkular projects and nothing more.
I created a document that outlines the plan ("How" section), the
modifications ("Changes" section), and a visual map of the initial cleanup
stage ("Visual Changes" section). This document was created with feedback
from Hawkular contributors and was triggered by a very insightful
interaction with a manager from Open Innovation Lab.
How to participate? The "How" section of the document outlines the big
plan. First step is to reach consensus on the changes. Please, read the
document, comment on the proposal, and participate in the discussions that
might spark here.
The document:
https://docs.google.com/a/redhat.com/document/d/1XsB_DzMjjG7QjJw-kX41PeuU...
Thank you,
Stefan Negrea
8 years, 4 months
Re: [Hawkular-dev] Dynamic UI PoC Presentation
by Caina Costa
On Mon, Jul 17, 2017 at 9:39 AM, Alissa Bonas <abonas(a)redhat.com> wrote:
> 1. a diagram that shows an example of architecture components and data
> format of entities (json/code/configuration) will help to understand the
> proposal.
>
This is an example of an Entity hierarchy, it shows what kind of entities
we can create, as well as other patterns that we can use. The farther the
key is from Entity, the more specialized it is, which means that the
.applicable? method on those are a lot more picky on what kind of data it
matches to. Views follow the same hierarchy and the engine matches the same
way, and the first defined view is used, so let's say:
If we have a WildflyDomainControllerServer to render, first it will try to
find WildFlyDomainControllerServerView, then WildFlyDomainServerView, then
WildFlyServerView, then WildFlyServerBaseView, then ServerView. That means
that adding new entities are not going to break the views being used.
Also, WildFlyServerBase is an abstract entity, in the sense that it only
provides implementation, and is not to be matched. This can be achieved by
setting .applicable? to return false. Entities are just normal ruby
objects, there is nothing special about them, they just need to answer to
the .applicable? method and receive 1 argument in its initializer.
> What I mean is - which component should define/work with which format for
> the example entities? what should be defined on hawkular side, what is
> fetched and defined in ruby gem, what parts are defined and how they are
> processed in miq ui, what parts in miq server + how does that work (or not
> :)) with persisting objects in miq, etc. Can/should 2 completely different
> entities (such as middleware server and a deployment) use your proposal,
> given that they might have some similar common fields? (for example,
> "name", "status")
>
Entities define the "canonical truth" of the responses from the server, and
views define how to represent them as JSON. They don't tackle how we're
going to present data, and not how to fetch them.
To persist data on MiQ: this PoC does not take any action on persisting
stuff, it only cares about representation. To do that, we just need a new
JSON field on every middleware table, to save the response from the server,
and then we can use it. Something like this:
entity = Entity.constantize(MiddlewareServer.first.data)
render json: View.for(entity)
>
> 2. I noticed that the discussion moved to jbmc list although it originated
> in hawkular-dev. the tech discussion is definitely more suitable in
> hawkular-dev as a continue to the original thread on the topic.
>
>
>
> On Mon, Jul 17, 2017 at 3:27 PM, Caina Costa <cacosta(a)redhat.com> wrote:
>
>> Yes, that's exactly what it does, with some caveats: we have a hierarchy
>> of server types, as in, we first have to implement a generic server type
>> that implements the default attributes to all the servers. From there, we
>> can subclass for more specific server types, and the view/entity runtime
>> takes care of match the hawkular data with the defined entities. So let's
>> say we have a hierarchy like that:
>>
>> MiddlewareServer > WildFlyServer > WildFly11Server
>>
>> For this example, let's say that MiddlewareServer includes only the
>> summary, WildFlyServer includes metrics, and WildFly11Server includes power
>> operations.
>>
>> When matching the data with Entity.constantize(data), we match first the
>> more specialized server, so WildFly11Server, and then WildFlyServer, then
>> the more generic MiddlewareServer. This is automatic on the runtime, and if
>> we add new server types, it will try to match in the reverse of the order
>> provided, first the most specific, then going forward for less specific
>> entities.
>>
>> So, in summary:
>>
>> It does enable us to add new server types with no code change on the
>> ManageIQ side, by providing more generic interfaces that we can match upon,
>> which means that while we might not have all information by default, we
>> will have a representation that makes sense. It also enables us to expand
>> new server types easily with small changes.
>>
>>
>>
>> On Mon, Jul 17, 2017 at 8:31 AM, Thomas Heute <theute(a)redhat.com> wrote:
>>
>>> I just watched the recording, it was not clear to me the benefits it
>>> brings (or if it's just internal).
>>>
>>> I was hoping to see how one can add a new server type with no code
>>> change on the ManageIQ side, maybe I misinterpreted the current work.
>>>
>>> Can you explain ?
>>>
>>> Thomas
>>>
>>> On Thu, Jul 13, 2017 at 6:13 PM, Caina Costa <cacosta(a)redhat.com> wrote:
>>>
>>>> Hello guys,
>>>>
>>>> Thanks you all for joining the presentation, lots of great questions!
>>>> For those of you that could not join, here's the recording:
>>>>
>>>> https://bluejeans.com/s/hnR7@/
>>>>
>>>> And the slides are attached.
>>>>
>>>> As always, if you have any questions, please do not hesitate to get in
>>>> touch. I'm available on IRC and e-mail.
>>>>
>>>
>>>
>>
>
8 years, 4 months
New Hawkular Blog Post: OpenTracing EJB instrumentation
by Thomas Heute
New Hawkular blog post from noreply(a)hawkular.org (Juraci Paixão Kröhling): http://ift.tt/2u3KYMP
OpenTracing features more and more framework integrations, allowing for transparent instrumentation of applications with minimal effort. This blog post will show how to use the EJB instrumentation to automatically trace EJB invocations.
For this demo, we’ll generate a project using the Wildfly Swarm project generator, which allows us to have a seed project with the appropriate OpenTracing support in place. The concrete OpenTracing solution we will use is provided by the Jaeger project, which is also provided as a Wildfly Swarm Fraction.
With that, we’ll create a simple JAX-RS endpoint with an EJB facet, invoking a set of EJB services in different ways to demonstrate all the features of this integration.
Our application has one endpoint called /order, responsible for receiving requests to place orders in our system. When we call this endpoint, we also call some other EJB services, like
AccountService to send a notification that an order has been placed
OrderService to effectively place the order
InventoryService to change our inventory
InventoryNotificationService, to notify other backend systems.
As we are only interested in the tracing parts, we’ll not implement the business code itself, only the scaffolding.
Our demo project is heavily based on the opentracing-ejb-example from the repository opentracing-contrib/java-ejb. We have also prepared an archive with the final outcome of this demo, which you can use as reference.
The seed project
To generate the seed project, open the Wildfly Swarm generator and create a project with the "Group ID" io.opentracing.contrib.ejb and "Artifact ID" demo-example. Add the dependencies EJB, CDI, JAX-RS, OpenTracing, and Jaeger.
Make sure to select all listed dependencies and confirm that they are shown in the "Selected dependencies" section, otherwise, you might not have all the required fractions for this demo.
Click on Generate Project and you’ll get a ZIP file with the seed project. Uncompress it and add the following dependency to the pom.xml, within the dependencies node and after the WildFly Swarm Fractions dependencies:
<dependency>
<groupId>io.opentracing.contrib</groupId>
<artifactId>opentracing-ejb</artifactId>
<version>0.0.2</version>
</dependency>
It’s now a good time to perform a sanity build, to make sure everything is in place. The first build might take a few minutes:
$ mvn wildfly-swarm:run
...
...
2017-07-26 12:02:19,154 INFO [org.wildfly.swarm] (main) WFSWARM99999: WildFly Swarm is Ready
If it looks good, stop the server with Ctrl+C and let’s start coding our application!
The application
Let’s start by defining a JAX-RS endpoint that also acts as a stateless EJB. This is a common trick to get JAX-RS endpoints to be managed as EJBs, so that they can be invoked via JMX or get monitoring features. Or, in our case, to get traced via EJB interceptors.
This endpoint is where we get our HTTP requests from and where our transaction starts, from the tracing perspective. Once we receive an HTTP request, we call the AccountService#sendNotification method and then the OrderService#processOrderPlacement.
Note that we annotate the class with @Interceptors(OpenTracingInterceptor.class), which means that all methods on this class are to be traced.
src/main/java/io/opentracing/contrib/ejb/demoexample/Endpoint.java:
package io.opentracing.contrib.ejb.demoexample;
import io.opentracing.contrib.ejb.OpenTracingInterceptor;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.interceptor.Interceptors;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import java.util.logging.Logger;
/**
* This is a regular JAX-RS endpoint with EJB capabilities. We use the EJB capability to specify an interceptor,
* so that every method on this class is wrapped on its own span. If the OpenTracing JAX-RS integration is being used,
* it would be a good idea to not have the interceptor at this level, to avoid having too much "noise".
*
* @author Juraci Paixão Kröhling
*/
@Path("/order")
@Stateless
@Interceptors(OpenTracingInterceptor.class)
public class Endpoint {
private static final Logger log = Logger.getLogger(Endpoint.class.getName());
@Inject
AccountService accountService;
@Inject
OrderService orderService;
@POST
@Path("/")
public String placeOrder() {
log.info("Request received to place an order");
accountService.sendNotification();
orderService.processOrderPlacement();
return "Order placed";
}
}
Our AccountService is a simple stateless EJB, responsible for sending a notification about the new order to the owner of the account. Here, we could call another service, or send an email, SMS or any other form of message.
As this is a regular EJB, we are able to automatically join the span context from the JAX-RS endpoint, making this call a child span of the main transaction. This is all transparent to you as developer.
Note again that we annotate the bean with @Interceptors(OpenTracingInterceptor.class). As our interceptor is just like any other EJB interceptor, you could use a ejb-jar.xml to automatically use this inteceptor on all available beans. Whether or not to trace all beans is a per-deployment decision, so, no ejb-jar.xml is provided by the integration.
src/main/java/io/opentracing/contrib/ejb/demoexample/AccountService.java:
package io.opentracing.contrib.ejb.demoexample;
import io.opentracing.contrib.ejb.OpenTracingInterceptor;
import javax.ejb.Stateless;
import javax.interceptor.Interceptors;
import java.util.logging.Logger;
/**
* This is a simple synchronous EJB, without any knowledge about span context or other OpenTracing semantics. All it
* does is specify an interceptor and it's shown as the child of a parent span.
*
* @author Juraci Paixão Kröhling
*/
@Stateless
@Interceptors(OpenTracingInterceptor.class)
public class AccountService {
private static final Logger log = Logger.getLogger(AccountService.class.getName());
public void sendNotification() {
log.info("Notifying the account owner about a new order");
}
}
Our OrderService is responsible for actually placing the order: it’s where the business knowledge resides. We’ll later look into details at the InventoryService, but for now, we need to know that this service requires a SpanContext to be explicitly passed. We can get this context from the EJBContext, stored under a context data entry that can be retrieved with the constant io.opentracing.contrib.ejb.OpenTracingInterceptor.SPAN_CONTEXT.
src/main/java/io/opentracing/contrib/ejb/demoexample/OrderService.java:
package io.opentracing.contrib.ejb.demoexample;
import io.opentracing.SpanContext;
import io.opentracing.contrib.ejb.OpenTracingInterceptor;
import javax.annotation.Resource;
import javax.ejb.EJBContext;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.interceptor.Interceptors;
import java.util.logging.Logger;
import static io.opentracing.contrib.ejb.OpenTracingInterceptor.SPAN_CONTEXT;
/**
* This is a regular synchronous stateless EJB. It demonstrates how to get the span context for the span it's wrapped
* on. This can be used to pass down the call chain, create child spans or add baggage items.
*
* @author Juraci Paixão Kröhling
*/
@Stateless
@Interceptors(OpenTracingInterceptor.class)
public class OrderService {
private static final Logger log = Logger.getLogger(OrderService.class.getName());
@Resource
EJBContext ctx;
@Inject
InventoryService inventoryService;
public void processOrderPlacement() {
log.info("Placing order");
Object ctxParentSpan = ctx.getContextData().get(SPAN_CONTEXT);
if (ctxParentSpan instanceof SpanContext) {
inventoryService.changeInventory((SpanContext) ctxParentSpan);
return;
}
inventoryService.changeInventory(null);
}
}
Our InventoryService is responsible for interfacing with backend systems dealing with inventory control. We don’t want to block the parent transaction while interacting with those systems, so, we make this an asynchronous EJB. When dealing with asynchronous objects, it’s a good idea to be explicit about the span context, as there are potential concurrency issues when sharing a context between a synchronous and an asynchronous bean.
The OpenTracing EJB integration is able to intercept the method call and detect if there is a span context among the parameters, which is the case of the changeInventory(SpanContext) method. In this situation, the following happens behind the scenes:
The caller makes a method call, passing the SpanContext
The interceptor is activated, creating a new child span using the SpanContext as the parent
The interceptor replaces the original SpanContext with this new child span on the method call
The intercepted method is finally invoked, wrapped by the new child span.
Note that the SpanContext passed by the OrderService is not the same as the one received by InventoryService. While this might cause some confusion, we believe this is the right semantic for this use case, as it allows for a complete tracing picture, without any explicit tracing code, apart from passing the context around.
src/main/java/io/opentracing/contrib/ejb/demoexample/InventoryService.java
package io.opentracing.contrib.ejb.demoexample;
import io.opentracing.SpanContext;
import io.opentracing.contrib.ejb.OpenTracingInterceptor;
import javax.ejb.Asynchronous;
import javax.ejb.Stateless;
import javax.inject.Inject;
import javax.interceptor.Interceptors;
import java.util.logging.Logger;
/**
* This is an asynchronous stateless EJB with spans created automatically by the interceptor. Note that the span context
* that this method sees is <b>not</b> the same as the span context sent by the caller: the interceptor wraps this
* method call on its own span, and replaces the span context by the context of this new span. This is done so that this
* span context can be passed along to the next service "as is".
*
* @author Juraci Paixão Kröhling
*/
@Asynchronous
@Stateless
@Interceptors({OpenTracingInterceptor.class})
public class InventoryService {
private static final Logger log = Logger.getLogger(InventoryService.class.getName());
@Inject
InventoryNotificationService inventoryNotificationService;
public void changeInventory(SpanContext context) {
log.info("Changing the inventory");
inventoryNotificationService.sendNotification(context);
}
}
And finally, our last service, InventoryNotificationService: in this case, we notify another set of backend systems that a new order has been placed. Again, this is an asynchronous EJB and works like the one above, but additionally, we wanted to manually create a "business span", called sendNotification. This method could send several notifications, wrapping each one into a span of its own. As we manually started it, we manually finish it as well.
src/main/java/io/opentracing/contrib/ejb/demoexample/InventoryNotificationService.java
package io.opentracing.contrib.ejb.demoexample;
import io.opentracing.Span;
import io.opentracing.SpanContext;
import io.opentracing.util.GlobalTracer;
import javax.ejb.Asynchronous;
import javax.ejb.Stateless;
import java.util.logging.Logger;
/**
* This is the final call in the chain. This is an asynchronous stateless EJB, which obtains the span context
* via a method parameter. This bean is not intercepted in any way by us, so, the span context received is exactly
* the same as what was sent by the caller.
*
* @author Juraci Paixão Kröhling
*/
@Stateless
@Asynchronous
public class InventoryNotificationService {
private static final Logger log = Logger.getLogger(InventoryNotificationService.class.getName());
public void sendNotification(SpanContext context) {
Span span = GlobalTracer.get().buildSpan("sendNotification").asChildOf(context).startManual();
log.info("Sending an inventory change notification");
span.finish();
}
}
Now, let’s do a final sanity check and see if everything is in the right place: mvn wildfly-swarm:run . As before, the final message should be WildFly Swarm is Ready. Hit Ctrl+C and let’s setup our tracing backend.
The tracing backend
Instrumenting our code is one part of the story. The other part is to plug in an actual OpenTracing implementation that is capable of capturing the spans and submitting them to a backend service. For our demo, we’ll use Jaeger. If you don’t have a Jaeger server running yet, one can be started via Docker as follows:
docker run \
--rm \
-p5775:5775/udp \
-p6831:6831/udp \
-p6832:6832/udp \
-p5778:5778 \
-p16686:16686 \
-p14268:14268 \
--name jaeger \
jaegertracing/all-in-one:latest
Tying everything together
Now that we have our code ready and a tracing backend, let’s start Wildfly Swarm passing a service name, which is the only property required by the Jaeger client. By default, Jaeger’s Java tracer will attempt to send traces via UDP to a Jaeger Agent located on the local machine. If you are using a different architecture, refer to the Jaeger’s documentation on how to use environment variables to configure the client, or refer to the Jaeger’s fraction for Wildfly Swarm.
For our demo, we’ll use a property that is recognized by the Jaeger’s Wildfly Swarm Fraction. The other two properties are telling Jaeger that every request should be sampled.
mvn wildfly-swarm:run -Dswarm.jaeger.service-name=order-processing -Dswarm.jaeger.sampler-type=const -Dswarm.jaeger.sampler-parameter=1
Watch the logs for an entry containing com.uber.jaeger.Configuration: if everything is correctly set, it should show the complete configuration of the Jaeger client, like this:
2017-07-26 12:03:09,139 INFO [com.uber.jaeger.Configuration] (ServerService Thread Pool -- 6) Initialized tracer=Tracer(version=Java-0.20.0, serviceName=order-processing, reporter=RemoteReporter(queueProcessor=RemoteReporter.QueueProcessor(open=true), sender=UdpSender(udpTransport=ThriftUdpTransport(socket=java.net.DatagramSocket@7270de22, receiveBuf=null, receiveOffSet=-1, receiveLength=0)), maxQueueSize=100, closeEnqueueTimeout=1000), sampler=ConstSampler(decision=true, tags={sampler.type=const, sampler.param=true}), ipv4=-1062731153, tags={hostname=carambola, jaeger.version=Java-0.20.0, ip=192.168.2.111}, zipkinSharedRpcSpan=false)
Once the message WildFly Swarm is Ready is seen, we can start making requests to our endpoint:
$ curl -X POST localhost:8080/order
Order placed
And this can be seen on the server’s log:
2017-07-26 12:03:19,302 INFO [io.opentracing.contrib.ejb.demoexample.Endpoint] (default task-2) Request received to place an order
2017-07-26 12:03:19,304 INFO [io.opentracing.contrib.ejb.demoexample.AccountService] (default task-2) Notifying the account owner about a new order
2017-07-26 12:03:19,307 INFO [io.opentracing.contrib.ejb.demoexample.OrderService] (default task-2) Placing order
2017-07-26 12:03:19,314 INFO [io.opentracing.contrib.ejb.demoexample.InventoryService] (EJB default - 1) Changing the inventory
2017-07-26 12:03:19,322 INFO [io.opentracing.contrib.ejb.demoexample.InventoryNotificationService] (EJB default - 2) Sending an inventory change notification
At this point, the complete trace with its 6 spans can be seen on Jaeger’s UI, located at http://localhost:16686/search , if you are using the Docker command we listed before.
Conclusion
EJBs are a very important part of Java EE and we expect the OpenTracing EJB framework integration to complement the other Java EE related integrations, like the Servlet and JAX-RS. In this blog post, we’ve shown how tracing EJBs can be accomplished by transparently tracing synchronous stateless EJBs, intercepting span contexts in asynchronous EJBs and by exposing the span context via EJB contexts, as well as manually starting spans to include specific business logic into the trace.
from Hawkular Blog
8 years, 4 months
some of the new hAlerts UI
by John Mazzitelli
Just wanted to give a quick update of the new hAlerts 2.0 UI that is under construction. I know folks are hearing about hAlerts but haven't seen it. Below is what Lucas, Jay, and myself have been working on the past two weeks or so. Still a work in progress, but this is what we've got so far.
The first is the dashboard that shows you an overview of what alerts are in the system - some graphs, timelines, and counters - all using Patternfly styles.
The second is the alerts list that utilizes the Patternfly Compound Expansion List . You can filter on date, severity (critical, high, etc), status (open, acked, resolved); it shows you details about alerts including lifecycle info (who acknowledged and resolved them), users' notes about the alerts, what conditions caused the alerts to fire, etc. etc. You can ack, resolve, and delete alerts.
Other parts of the UI not shown here are the triggers and actions pages (let's you define triggers and actions). But the snapshots below are the more colorful and pretty pages - I'm all about sharing eye candy :)
8 years, 4 months
