OSGi is a dynamic module system for Java. Wikipedia entry for OSGi is naturally a good place to start. Then tech overview at OSGi.org. Also OSGi in Action is a great book to dive into. Although I’m still in early chapters, looks to be a great treatment of the subject.

If you’re just trying to find a means to and end, then of course you don’t need to dive into the gory details. If you’re trying to hack around existing code, then, look at MANIFEST.MF for the Activator class. If your bundles are written as OSGi declarative services, then your implementation classes are specified in OSGI-INF/serviceComponents.xml file. This happens to be how WSO2 Carbon components are structured. Once you find where execution begins for a bundle it’s easy to follow along what’s happening. More on that later.

I was looking for one of my old blogs today (you know, the things that you write when you’re young and naive) and found out that Microsoft Live Spaces is no more. In fact they’re redirecting to WordPress! Ballsy move M$!

This was tough. Couple of friends were following the GM Diet to the letter. This looked ridiculously hard I didn’t even bother. When you’re used to eat a certain sized portion and when you start eating less you naturally feel hungry. When you’re at it for a couple of days then you run the risk of death by starvation. You food lovers know what I mean! Thousand different reasons cross your mind, “will I faint?”, “am I going to die?!”, “is this what dying feels like?”, “I should eat, NO! I’m on a diet” and so on. It was all too depressing to be around food and not eat the damn thing.

So the next option is to workout. This is relatively easy the first couple of days. So at first I started running followed by a few exercise routines. Running is great but when the weather is bad and when you have to stay indoors for couple of days then it became hard to go back to the routine. Felt lazy and “well .. not today, may be tomorrow” sorta thing where tomorrow never happened.

Next option was to try a gym routine. This is good in many fronts. Now you can eat all you want and burn all the fat! Bad weather, no problem. Again getting into a regular schedule was hard. After about 6 months of irregular gym use there was no real improvement. Spending couple of hours twice a week at the gym gives you that warm feeling of “I’m going to the gym so I must be healthy”, but no measurable results. So any routine should be regular and consistent. Regular usually means daily unless may be you’re into power lifting. Simple act of walking for half an hour a day also yield many benefits as the following video shows,

When you’re at a gym there are many things you can try to complement walking. For couple of days I tried a HIIT routine which involved one minute of fast running followed by a four minute walk for 20 minutes. I quickly lost interest ‘cos it was too hard. I should’ve started with a lower intensity.

Later this turned out to be one day all cardio and next day cardio + circuit training. This routine has worked ok and I found that I could stick to this. Now I’ve been at this stint a little over thirty days. When you’re doing a particular routine regularly I’m finding it’s easy to ramp up the intensity. It doesn’t get too hard too early and not that easy also. Once you find this balance then gradually moving to bigger and heavier things becomes relatively easy. Now where is that six pack? (pun intended!)

Typically, these countries are in a desperate economic situation for one simple reason—the powerful elites within them overreached in good times and took too many risks. Emerging-market governments and their private-sector allies commonly form a tight-knit—and, most of the time, genteel—oligarchy, running the country rather like a profit-seeking company in which they are the controlling shareholders.

Later on Simon writes,

Squeezing the oligarchs, though, is seldom the strategy of choice among emerging-market governments. Quite the contrary: at the outset of the crisis, the oligarchs are usually among the first to get extra help from the government, such as preferential access to foreign currency, or maybe a nice tax break, or—here’s a classic Kremlin bailout technique—the assumption of private debt obligations by the government. Under duress, generosity toward old friends takes many innovative forms. Meanwhile, needing to squeeze someone, most emerging-market governments look first to ordinary working folk—at least until the riots grow too large.

Who said running a country is so hard?!

So, if you’re looking for alternatives there are several other nice projects out there. YAJSW is super easy to configure and use no native code.

You can generate a config file from a running Java process by giving the process ID. Found that it’s easy to start from here and then tweak the system paths according to your setup.

Following wrapper.conf file can be used to start any WSO2 Carbon product as a service in Windows. In the following configuration I’ve hard coded the working dir but that can easily be set to take from an environment variable just like the JVM path. I’ve removed comments from wrapper.conf for brevity.

wrapper.working.dir=C:\\test\\wso2greg-4.1.1

wrapper.java.app.mainclass= org.wso2.carbon.bootstrap.Bootstrap

wrapper.console.loglevel=INFO

wrapper.console.title="WSO2 G-Reg"

wrapper.ntservice.name="WSO2GREG"

wrapper.ntservice.displayname="WSO2 GREG"

wrapper.ntservice.description="Governance Registry"

wrapper.daemon.run_level_dir=${if (new File('\/etc\/rc0.d').exists()) return '\/etc\/rcX.d' else return '\/etc\/init.d\/rcX.d'}

wrapper.tray = true

wrapper.tray.port = 15002

wrapper.on_exit.0=SHUTDOWN
wrapper.on_exit.default=RESTART

wrapper.filter.trigger.0=Exception
wrapper.filter.script.0=scripts\/trayMessage.gv
wrapper.filter.script.0.args=Exception

placeHolderSoGenPropsComeHere=
wrapper.java.command = ${JAVA_HOME}\\bin\\java
wrapper.java.classpath.1 = .\\lib
wrapper.java.classpath.2 = ${JAVA_HOME}\\lib\\tools.jar
wrapper.java.classpath.3 = .\\bin\\org.wso2.carbon.bootstrap-3.2.2.jar
wrapper.java.classpath.4 = .\\lib\\endorsed
wrapper.app.parameter.1 = RUN
wrapper.app.parameter.2 = -Dcarbon.registry.root=\/
wrapper.app.parameter.3 = -Dcarbon.home=c:\\test\\wso2greg-4.1.1
wrapper.app.parameter.4 = -Dwso2.server.standalone=true
wrapper.app.parameter.5 = -Djava.command=${JAVA_HOME}\\bin\\java
wrapper.app.parameter.8 = -Dcarbon.xbootclasspath=;.\\lib\\xboot\\org.wso2.carbon.xboot-3.2.0.jar
wrapper.app.parameter.9 = -Djava.io.tmpdir=.\\bin\\..\\tmp
wrapper.app.parameter.10 = -Dwso2.carbon.xml=.\\bin\\..\\repository\\conf\\carbon.xml
wrapper.app.parameter.11 = -Dwso2.registry.xml=.\\bin\\..\\repository\\conf\\registry.xml
wrapper.app.parameter.12 = -Dwso2.user.mgt.xml=.\\bin\\..\\repository\\conf\\user-mgt.xml
wrapper.app.parameter.13 = -Dwso2.transports.xml=.\\bin\\..\\repository\\conf\\mgt-transports.xml
wrapper.app.parameter.14 = -Djava.util.logging.config.file=.\\bin\\..\\lib\\log4j.properties
wrapper.app.parameter.15 = -Dcarbon.config.dir.path=.\\bin\\..\\repository\\conf
wrapper.app.parameter.16 = -Dcarbon.logs.path=.\\bin\\..\\repository\\logs
wrapper.app.parameter.17 = -Dcomponents.repo=.\\bin\\..\\repository\\components
wrapper.app.parameter.18 = -Dcom.atomikos.icatch.file=.\\bin\\..\\lib\\transactions.properties
wrapper.app.parameter.19 = -Dcom.atomikos.icatch.hide_init_file_path=true
wrapper.app.parameter.20 = -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
wrapper.app.parameter.21 = -Dcom.sun.jndi.ldap.connect.pool.authentication=simple
wrapper.app.parameter.22 = -Dcom.sun.jndi.ldap.connect.pool.timeout=3000
wrapper.app.parameter.23 = -Dcarbon.classpath=.\\lib;${JAVA_HOME}\\lib\\tools.jar;;.\\bin\\org.wso2.carbon.bootstrap-3.2.2.jar;
wrapper.java.additional.1 = -Xbootclasspath\/a:;.\\lib\\xboot\\org.wso2.carbon.xboot-3.2.0.jar
wrapper.java.additional.2 = -Xms256m
wrapper.java.additional.3 = -Xmx512m
wrapper.java.additional.4 = -XX:MaxPermSize=256m
wrapper.java.additional.5 = -Dimpl.prefix=Carbon
wrapper.java.additional.6 = -Dcom.sun.management.jmxremote
wrapper.java.additional.7 = -Djava.endorsed.dirs=.\\lib\\endorsed;

My setup was,

• Cassandra running in a VirtualBox VM with default parameters. Only the data directories were changed
• VM was running Kubuntu 11.04
• JDK 1.6.0_27
• JVM was not warmed up before carrying out the test. I started Cassandra with an empty keyspace for each case
• I was testing the code hosted here

Here’s how the three column families look like.

REGData column family,

PropertyIndex column family,

TagIndex column family,

Here are the results,

The graphs looks very similar. However Cassandra 1.0.2 is has faster write speeds. Here are the raw data. T in the graph represent number of tags and P number of properties.

Sudden spike in write speed increase is a bit scary. That can be due to I/O bottleneck in the machine. At that point my disk started grinding heavily. During the time of the tests, I didn’t do any other disk intensive tasks. On server grade hardware with a few fast disks results might be different. Radically even.

1. Certificates. We’ll be using two certificates for signing. We’ll create a private/public keypair in the client side and import the client’s public key to server. Likewise, we’ll import server’s public key to the machine running the client.
2. First let’s create a key pair to be used in the client,

   makecert -r -pe -n "CN=mycert" -sky exchange -sv mycert.pvk mycert.cer
   

   This will create a private and public key pair. Next we need to import this into Windows certificate store. In order to do that we need to convert our key pair to PFX format which includes both the private and the public key,

   pvk2pfx -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx
   

   Now, run mmc and add a certificate snap-in for the Local Computer. Browse into Trusted People and import mycert.pfx. Just click next when it asks for the private key password.

3. We have set the certificates for the client. Next we have to extract server’s public key and import it into Windows certificate store. Since I’m going to use WSO2 ESB for the server side, we need to extract the public key from the Java keystore that’s being used by the ESB. Browse to <ESB HOME>\repository\resources\security and give the following command. Java needs to be in your PATH. When prompted type “wso2carbon” as the keystore password.

   keytool -keystore wso2carbon.jks -export -alias localhost -file localhost.cer
   

   Import localhost.cer into Trusted People just like before.

4. Now we need to import the client’s public key to the server. Start the ESB by double clicking wso2server.bat. Browse into https://localhost:9443 and login with admin/admin. Click Configure -> Key Stores.

   

   Click Import Cert

   

   and browse and select mycert.cer we just created and click Import.

   

5. We’re done setting up certificates. Let’s create a simple secure service. Luckily ESB ships an echo service which when you send a message, echoes it back. Click Main -> List (under Web Services).

   

   Here you see a list of web services. In front of the echo service you’ll see a link saying “Unsecured”.

   

   Click it and select “yes” from the drop down to apply security for the echo service.

   

   Here you’ll see a list of pre-configured security scenarios. We’ll be using number 2, Non-Repudiation under Basic Scenarios. Select it and click Next.

   

   Select wso2carbon.jks as a trusted keystore and click Finish. Echo service is secured now.

   

6. We created and setup certificates and now have a secured service. Open up Visual Studio and create a new console application. You can create any kind of project but I’d prefer to create console apps for testing these type of scenarios.
7. Add a Service Reference to your project. WSDL file for the service is located at http://localhost:8280/services/echo?wsdl
8. For the binding that you’ll be using you have to configure security,

   <security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificateDuplex"
       requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="true"
       keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt"
       messageSecurityVersion="Default" requireSignatureConfirmation="false">
   <localClientSettings cacheCookies="true" detectReplays="true"
       replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
       replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
       sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
       timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
   <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
       maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
       negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
       sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
       reconnectTransportOnFailure="true" maxPendingSessions="128"
       maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
   <secureConversationBootstrap />
   </security>
   

9. Your actual service should looks like this,

   static void Main(string[] args)
   {
       svc.echoPortTypeClient echo = new svc.echoPortTypeClient("echoHttpSoap11Endpoint");
   
       echo.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
          System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
          System.Security.Cryptography.X509Certificates.StoreName.TrustedPeople,
          System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "localhost");
   
       echo.ClientCredentials.ClientCertificate.SetCertificate(
           System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
           System.Security.Cryptography.X509Certificates.StoreName.TrustedPeople,
           System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "mycert");
   
       System.Console.WriteLine(echo.echoString("hello"));
       System.Console.ReadLine();
   }
   

   Note that we set the correct service and client certificates. As you can see I’m using an HTTP endpoint. This is useful to test the messages going through a tool like TCPMon. When you have the scenario working you can just switch to the HTTPS endpoint.

Useful references,

• Various ways to create private/public keypairs – http://code.google.com/apis/apps/articles/sso-keygen.html
• Makecert reference – http://msdn.microsoft.com/en-us/library/bfsktky3%28v=VS.100%29.aspx
• SecurityBindingElement Authentication Modes – http://msdn.microsoft.com/en-us/library/aa751836.aspx

1. Java Paas : Building your first app
2. Java PaaS : Handling authentication in your web apps

Before proceeding further let me clarify some terms that we’ll be using . It has become a bit cloudy (no pun intended) since many people mean different things for the same word.

Multitenancy – In the context of Stratos, I’m using the word multitenancy to mean as defined in Wikipedia.

Multitenancy refers to a principle in software architecture where a single instance of the software runs on a server, serving multiple client organizations (tenants).

When you register and get an account in Stratos, that’s a tenant. An organization. Your data will be isolated from other tenants/organizations in the system. When you sign up, you’ll be creating the administrator account for your tenant. Which we naturally refer to as the tenant admin. Tenant admin can add users to your domain, turn off/on various Stratos services such as the ESB, App Server, Data Services Server etc… Monitor data and bandwidth usage of your users, grant/revoke permissions to users.

Let’s me take a little step back here. When you talk about Stratos, there are two major deployment scenarios. One that’s hosted by WSO2. That’s available to users as a service, you sign up, you get an account, your data is hosted on hardware that we manage. This version is called StratosLive. Other scenario, you setup Stratos on your hardware in your private data center, you control everything it’s not accessible to anyone else.

2 scenarios. StratosLive vs Stratos on your private cloud.

Now, coming back to multitenancy, there’s one user we called the super tenant. This acts as an admin account for all the tenants in Stratos. It’s configured at the time of setting up Stratos. In StratosLive scenario, super tenant is WSO2. In the other scenario, super tenant is you. You can do stuff which will affect to all the tenants across the system. Why would you need this? It’s necessary when you’re developing SaaS applications. You’re providing a service which all the tenants can use.

In Stratos, to make your applications SaaSify you need to add a context parameter to your deployment descriptor.

<context-param>
    <param-name>carbon.enable.saas</param-name>
    <param-value>true</param-value>
</context-param>

Authentication mechanism will be the standard form based authentication that we configured in the Jwitter app we developed earlier. This however, does not mean that this is the only thing that you need to build SaaS applications, nor does it allow you to take any existing web app out their and magically turn it to a multitenanted app. For that you need to have a multitenant data architecture for you application.

When you add the context parameter and deploy the web application as the super tenant, Stratos will authenticate against any user account in the system that has sufficient permissions. When you call request.getPrincipal().getName(), user account will appear in the format foo@example.com. From this point on it’s upto you to move to the bits of your application.

In WSO2 data center, we run the entire platform on UEC which ships Eucalyptus and we haven’t seen any of the problems we faced with EC2. Ok, private cloud – very important.

As a platform as a service, it’s important to be able to run on top of many IaaS vendors. Same goes for private cloud solutions. So, if Stratos is to be run on OpenStack the auto scaling code should be working. Stratos auto scales on Amazon EC2 that’s the API that’s been implemented. It’s always a pain to support a different API. OpenStack is said to have an EC2 SOAP API but I couldn’t find the extent to which operations are supported. I’ll definitely have a definitive answer if I contact one of the devs. This post however was not about that.

Mark Shuttleworth wrote an excellent blog about some concerns over OpenStack. As Mark correctly observes, it’s not the right thing to innovate at the API level. As eternal perfectionists it’s very easy to get into having cleaner and powerful APIs. Then again from a pragmatic perspective it’s energy that’s better put into where it matters.

WSO2 Stratos already have a working implementation that is tested. Effort of implementing and testing for another API is going to be time consuming. Whether it’s a bad or a good API when we have to get it running we’ll implement it nevertheless.

There are many concerns that needs more attention than having a good API. Higher IO and network throughput comes to the top of the list ‘cos that’s what it matters from a user’s perspective. It’s great that people debating this issue and looking to make a difference!

As a result of Amazon EC2 issues, mainly relating to unacceptable I/O and network delays hosted version of Stratos which we call StratosLive was so damn slow. Now it’s hosted on real hardware and the site is way way faster!

In the long run, enterprise-wide software are better off running on real hardware. Investing in more powerful machines. Or horizontally scale with a number of cheap machines. I can see Amazon’s appeal for a very short term computing problems. Or as Azeez mentioned, cloud bursting for one. Problems like this infamous article about Amazon EC2 trying to solve. Value you gain for paying exuberant bills for Amazon EC2 is very little at the end of the month. Specially when you’re running it long term.

IMO, this is one reason why a reliable private cloud infrastructure matters. In my experience open source private cloud software has a lot to improve. The free stuff by VMware is good for playing around. When you need I/O and network performance + provisioning, you have to pay big bucks.