CERN IT-DB group develops a new WebLogic Command Line Interface tool for CERN Java Middleware Services
CERN WebLogic CLI tool is written in Python. A project is being realized in an object oriented way to contribute towards flexibility, modularity and legibility of a solution and the modules of the system are designed to maximize end-user productivity. It is a comprehensive solution using WebLogic RESTful management services and providing a simple way of interacting with a user and possibility of integration with third party systems. The goal of the system is to provide a set of standardized functionality for managing resources shared in a distributed environment composed of hundreds WebLogic servers. Among them there are significant and business-critical applications. The product hides administration mechanisms by removing the complexity of the REST interface and shares user friendly abstraction layer. The system together with Oracle WebLogic Server follows the client- server architectural style.
The power of the REST
REST is an architecture style for designing Web services that focus on a server's resources. It is a lightweight alternative to Web Services (SOAP, WSDL) or RPC. REST interfaces can be used by any programming language. One of the key characteristics of a RESTful service is that communication is stateless. It means that a complete request doesn't require the server to retrieve any kind of application context or state. Each request from any client contains just essential information necessary to service the request, and session state should be held in the client side. Regarding managing Oracle WebLogic Server, REST management API is faster than WebLogic Scripting Tool.
Abstractions in a RESTful system:
- Server resources
- Resource representations
- Actions on server resources
What is a RESTful resource? It is anything that can be accessed within the scope of designed REST service over the Web. Representation of a resource is sent back from server to client as a result of the request. Server resource cannot be sent or received, only its representation can be sent. Representations can be of a various forms, such as JSON, XML or even plain text. Actions are used to operate on server resources. RESTful clients use HTTP requests for all four CRUD (Create / Read / Update / Delete) operations. The key features are presented below.
Figure 1: REST characteristics.
The Good, the Bad, and the Ugly - WebLogic API
Although REST is very simple, lightweight and fast, there are some requests that might make a tremendous burden on WebLogic Server. For instance, if the domain is full of logs, queries for all of them may take longer. Likewise, starting a laden server can put the user's patience to the test. REST lightness needs to be separated from the operation weight. REST requests are hitting the target very quickly, but demanded action may take much more time.
Another downside is an impression that WebLogic REST API is not complete. The API does not address yet full management functionality for WebLogic Server. Let me give an example. It is still impossible to create a domain, a cluster or even a server with the API - here it is still necessary to use a more traditional way, for example Administration Console.
Bringing Asteroids Down To Earth
The CERN REST CLI system will allow integration of Oracle WebLogic Server in the CERN Java Cloud making possible transparent deployment of applications. CERN private cloud brings the full power of the Oracle WebLogic platform to the cloud promoting the delivery of WebLogic resources to clients remotely. This conforms to a PaaS approach which facilitates the on- demand development.
This solution can be applied to the more generic problem of providing a layer responsible for integration with other systems that provide REST API. Oracle Java Cloud is another example of a system providing RESTfulness in its implementation. Giving an open architecture of the tool, it should be relatively easy to integrate with other REST based products like Oracle Public Cloud.
How does it work?
Figure 2: Overview of CERN infrastructure.
A user is making a request using command line to the CERN CLI System for performing operation on server resources. CLI Tool is gathering credentials from the user and sends it to the WebLogic server. Server checks if the user is authenticated and authorized and accomplishes user request or denies due to lack of permission.
Figure 3: Request processing in CERN CLI Tool
Request is parsed and validated against incorrect elements. According to the requested operation, proper strategy objects are created and injected with API data from the dictionary (URL, Curl options). Additional data about the domain (clusters, servers) is collected from the server as REST request. Here it needs to be emphasized that the administration server URL needs to be passed to the CLI as a parameter.
When strategy objects are ready, they are executed and the result is returned to the View module. Result is expected in a JSON format. Built- in parser converts this result to more convenient form and parsed output is displayed to the user.
Figure 4: Comparison of the Curl and the CLI Tool.
Digging into details - functionality
The idea behind creating REST CLI Tool is to provide a single product that allows users to operate Oracle WebLogic Server main business functions without accessing Administration Console. The strategy is to integrate functionality from all REST interfaces provided by Oracle and to deliver remote access management. Here is a quick overview of the features.
The first main element of service investigated in the study was domain management. Managing servers and clusters as part of a WebLogic domain administration presents unique challenges that need to be addressed differently from the client system. REST CLI tool makes it possible to start, stop, restart, suspend or resume a single server, all cluster or the whole domain. There are also a lot of metrics that you can look at during checking servers status.
Another key aspect is deployed applications and libraries management. This solution provides the ability of extended control of the deployment (you can deploy a target from admin server file system as well as remotely deploy from client file system), updating or redeploying, removing and monitoring deployments status. It is also possible to start or stop deployed application or check the condition and state.
Now let's take a more detailed look at what is involved in using monitoring functionality. Having easy access to server and domain logs is a great feature. In case of any trouble, user would have to know what specific services are impacted by some problem and be able to drill down to fundamental information. Having an access to logs or jobs enables him to observe and act on critical situation. In the past user had to sign in to the proper machine that carries the server and go to the folder with logs to check it. REST makes it extra simple. All you need is just a simple request to the CLI Tool.
Finally, usability and user interaction is also one of the most important areas. CERN CLI Tool allows flexibility in the way content is retrieved and presented. There are a few options that can customize the amount of displayed information and the level of details. If something goes wrong during processing request, there is proper information presented to the user, as well as status code of the requested operation.
Some functionality sketch is given below.
Figure 5: Overview of the CLI Tool functionality.
Every piece of software needs to provide benefits or we would not use it.
REST CLI Tool has majority integration of Oracle WebLogic RESTful management API. This has tremendous effect of increasing speed of individual actions in comparison to the WebLogic Scripting Tool.
Tool is characterized by an emphasis on ease of integration. Due to simple interface it can be integrated with third- party systems and therefore it allows applying a PaaS approach.
- Ease of installation and maintenance
REST CLI Tool requires only Python installed on a client machine and started Administration Server and can be executed from everywhere, also remotely outside the domain machine. It doesn't require any JVM or WebLogic installation.
- Ease of domain management
Useful debugging facility in case of an error. WebLogic REST response includes a well- formed information with details of operation failure. CERN CLI Tool tests server response against any unsuccessful states and returns status code.
Tool may guarantee (on user request) secure connection and data transfer to/from Oracle WebLogic Server.
Since the advent of the internet, security threats have grown exponentially. Why is security aspect so important? It helps protect your customer data and reduces the risk of legal action from data theft. Therefore businesses must protect their critical assets.
Two main security steps for REST CLI Tool:
- HTTP Basic authentication
- Authorization on the server side
For being authenticated, user sends encoded (Base64) username and password pair in the HTTP header. Base64 encoding can be easily decoded, therefore all communication can be taken over SSL. If the user has proper permission to access requested resource, server authorize the user and allows him to perform demanded operation.
In fact, the REST interface has no built-in security features, encryption or session management. Therefore all security work must be done on the client and server sides. Even though REST is stateless by definition, I have noticed that the WebLogic Server maintains Java session and generates a unique cookie for further communication. The user can use this token for further communication with the server instead of typing his/her credentials with every request.There are two policies of using CERN CLI Tool:
Not using WebLogic Server cookies
If the user decide that he cannot afford or just don't want to keep cookies on the filesystem, he can still choose an option of passing his credentials with every request. To make this less oppressive, CERN CLI can accept a netrc file as a parameter. Afterwards CLI Tool can read credentials from the file without asking for them.
Using WebLogic Server cookies
Cookies are handled on the basis of the operating system security mechanisms. Therefore security concept assumes, that every user has his own account in the operating system. Cookies are stored in user's home directory, thus no one except for the owner can have an access.
The authorization procedure aims to assure that the risk of data compromise is minimized. Oracle WebLogic Server can authenticate user against an LDAP directory. This LDAP directory can be either local or network. This configuration, with CLI Tool security policy contribute to safety in the workspace.
This article introduced the CERN CLI REST Tool as well as REST architectural style and the potential of the WebLogic REST interface. The CERN CLI Tool provides a set of prerequisite facilities that emphasizes functionality of components, generality of interfaces, enforce security, and encapsulate functional modules. At IT-DB we strongly count on integration of Oracle WebLogic Server with the CERN Java Cloud, which will apply PaaS approach and on- demand development.
Konrad Kaczkowski (IT-DB-IMS)