Platform-as-a-service environment considerations for setting up Liberty

Platform-as-a-service (PaaS) environments, such as IBM® Bluemix®, Pivotal Cloud Foundry, and OpenShift Enterprise, provide management and monitoring of application instances, but they also have some restrictions. Because of the inherent characteristics of PaaS environments, some Liberty features are redundant or behave differently, and they are therefore not supported.

Liberty server management restrictions

Features related to Liberty collectives do not apply to a PaaS environment because all Liberty server JVM instances are started, stopped, and managed by the PaaS infrastructure. The Liberty Admin Center feature is not designed to be used in a PaaS environment, where an application can be scaled to use multiple JVM instances without a collective controller. In this topology, a request to Admin Center could be directed to any of the running instances and have visibility only to the server on which the request runs.

The following administrative features are not supported in a PaaS environment:
  • adminCenter-1.0
  • clusterMember-1.0
  • collectiveController-1.0
  • collectiveMember-1.0
  • dynamicRouting-1.0
  • healthAnalyzer-1.0
  • healthManager-1.0
  • scalingController-1.0
  • scalingMember-1.0

File system restrictions

Most PaaS environments do not provide a persistent local file system to their applications. For Liberty, this impacts both the applications and the components within the server that write data locally and expect it to persist across a server JVM restart.

The Liberty transaction manager writes log files to the local file system when multiple resource managers are involved in the transaction. If the logs are not available after a JVM failure and restart, then transactions cannot be automatically completed and must be manually resolved to unlock data and to make it consistent across resource managers. To avoid this scenario, the Liberty buildpack or cartridge prevents transaction log records from being written and raises an exception to the application to prevent the second resource from enlisting. As a result, although you can still use transactions with a single XA resource, a second transactional resource cannot be enlisted in a transaction. Additionally, Web Services Atomic Transactions cannot be used because they always write log records.

If your PaaS environment provides persistent storage, then you can modify the Liberty buildpack or cartridge to enable two-phase transactions by removing the following Java™ property from the JVM configuration:
-Dcom.ibm.tx.jta.disable2PC=true
The following features depend on persistent local storage:
  • wsAtomicTransaction-1.2
  • Other features that use transactions, depending on the application behavior

Network restrictions

In general, PaaS routers do not support Internet Inter-ORB Protocol (IIOP) traffic, so remote requests to Enterprise JavaBeans (EJB) components cannot be used. The following features depend on IIOP transport:
  • appClientSupport-1.0
  • appSecurityClient-1.0
  • ejbRemote-3.2

In some situations, such as SSL termination at the router, Liberty relies on HTTP headers to describe aspects of the original client request. When you use SSL in a PaaS environment, the headers must be set by the PaaS router. On IBM Bluemix, these headers are already set, so you can use the ssl-1.0 feature and any features that depend on it without changes. To get the expected behavior in other PaaS environments, you might need to configure the router to set these headers as described in NGINX and WebSphere® Application Server.

The following features require the router to set HTTP headers:
  • ssl-1.0
  • Other features that depend on ssl-1.0, as listed in the Features that enable this feature section of Secure Socket Layer

Liberty swagger processor

In a Cloud Foundry environment, the swagger processor in Liberty, including its user interface, checks for the existence of the VCAP_APPLICATION environment variable. It uses the first element of the uris array as the API host.


Icon that indicates the type of topic Concept topic



Timestamp icon Last updated: Monday, 5 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-libcore-mp&topic=cwlp_paas_restrict
File name: cwlp_paas_restrict.html