Bluemix

Using Let’s Encrypt to create an SSL certificate for my Bluemix hosted web site

Marky Roden Bluemix, Letsencrypt , , , , ,

In this article I will demonstrate how to secure your custom domain IBM Bluemix web application by creating your own free SSL certificate using the https://letsencrypt.org/ certification authority.

Introduction

Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. In Public Beta” (Feb 2016). Under the covers uses openssl to create SSL certificates and as such there is no “Windows” interface for doing so. I used this opportunity to learn about VirtualBox, Unbuntu and other linux related technologies. I set up a Virtualbox VM for Unbuntu by following the instructions posted here. I then went through a torrid two days of learning how to make Unbuntu work in VirtualBox, changing the resolution of the VM, learning new Linux commands and other weird and wonderful things.

This brought me to the point of being able to create an SSL cert for my Bluemix site.

If you create a website in Bluemix you get a blah.mybluemix.net hosted site as default. http://xominosocket.mybluemix.net is my socket.io chat example I keep running. You can also create your own “route” by  clicking on the icon next to the domain at the top of your application dashboard.

I set an A record in my domain provider so that copper.xomino.com pointed at the bluemix IP address and the site appeared miraculously quickly within a few minutes. The site will work under SSL but the browser whines and complains about it.

l12

The instructions on how to upload your own SSL certificate are posted here – https://developer.ibm.com/bluemix/2014/09/28/ssl-certificates-bluemix-custom-domains/. I followed a similar path and won’t repeat too much as this post is really about Let’s Encrypt

Let’s Encrypt

As I was going through the documentation on how to use Let’s Encrypt the first problem I had was around the auto creation of a certificate. The code reaches out to the internet to check and see if you actually own the domain. When I did this the first time I got the following message telling me that it actually found my site has a certificate already for *.mybluemix.net. That is not surprising at this stage because I haven’t uploaded the correct certificate yet.

l1

So I went the manual route and performed the following:

letsencrypt certonly --manual --email myemailaddress -d copper.xomino.com

This presented me with the following information.

l2

For the manual process to work (to verify that I do in fact own the domain I am claiming to own) I have to make the very specific URL respond with a very specific answer.

To do this is set up a simple route manager in my node code

app.get('/.well-known/acme-challenge/kEEHfqWh8ur-rxYzIF0Ct8cnP_oGvqCXWZweMNDwbX4', function(req, res){
  res.send("kEEHfqWh8ur-rxYzIF0Ct8cnP_oGvqCXWZweMNDwbX4.PQf6X-2A2s213el2HHSOIMzTm2BLIBAtrEdXkFDPGIU");
});

Once checked into the repo and pushed to Bluemix, this then responded appropriately on the web site

l4

I hit Enter on the Unbuntu terminal prompt – et voila !!

l5

As you can see from the above picture I was able to navigate to the folder and find the files. (BTW I had to chmod 777 -R live the folder because permissions were not created correctly when the files were generated by Let’s Encrypt)

Back in Bluemix I am now able to upload the cert.pem and privkey.pem through the manage domains option. As you can see from the image below – there is an insecure icon next to copper.xomino.com

l6

Manage Domains

l7

Once the upload is complete I was able to view the certificate

l9l8

The route for the application now has a secure icon next to it


 l10

Within a few minutes I was then able to access the application using my SSL certificate successfully

l11

Conclusion

Overall this was a relatively painless way of getting a free SSL certificate – and by painless I mean if you know what you are doing with an Unbuntu machine painless. If you don’t, expect a lot of googling. I think it is worth it to learn more about a new (to me) technology and I also have a nefarious docker based reason for learning Unbuntu for the future. This was just the start.

Certificates are only available for 3 months at a time right now – you can read more about the why here (https://community.letsencrypt.org/t/pros-and-cons-of-90-day-certificate-lifetimes/4621).

XPages runtime in Bluemix goes Beta

Marky Roden Bluemix, XPages, XPages in Bluemix

On January 21st IBM announced that the XPages Runtime as entering the beta release phase. The announcement was posted on developerworks By Brian Gleeson – https://developer.ibm.com/bluemix/2016/01/21/announcing-beta-release-ibm-xpages-runtime/ This signifies a very important milestone in the process of becoming a fully fledged member of the Bluemix family of capabilities.

What does Beta mean?

Well first of all the runtime now appears on the main catalog and no longer hidden in the experimental section. You can find it in the main catalog under Runtimes and when you create a new application is part of the list of runtimes available.

b1

b2

Beta also means that there is an expectation of reliability within the cloud. Going through the Beta phase means that although IBM are not fully committed to their SLAs for delivery quite yet, they are basically expecting the runtime to perform as if it was. This means a more reliable availability, and more importantly, IBM cannot just “make changes and take stuff down” as they feel like it. Being experimental means that there is no guarantee of it even being there tomorrow.

Beta means that we can start to talk to customers about it as a real possibility. Once again, Beta means that IBM is expecting people to actually start to create prototype applications which can be used in real discussions for Application Modernization and migration scenarios.

Beta means that the end goal initial release is now much clearer. Going through the experimental phase we have seen a large number of improvements and changes to both the runtime and the OpenNTF Extension Library releases support the programmatic interaction with it. IBM’s intention is to support a hybrid model with the release of XPage in Bluemix. Currently, we do not know the future of the XPagesNoSQL service but that is still experimental.

IBM is pressing forward with the release of the runtime and the Hybrid model. For more information on this, check out another post by Brian on YoutTube (https://youtu.be/WsjQ4hjJ10E). The Hybrid model means the ability to run a trusted server in the Bluemix container and having it securely interact with your Domino server(s) back within the corporate environment. This means the data and authentication model does not leave the company, while the runtime can be used to take advantage of all the cloud foundry capabilities like fail-over, multi-instance deployments and much more.

Beta means that this is real people – most of the investment by the XPages development team, under the guidance of Pete Janzen has been in preparing XPages for Bluemix. This is a significant step in the product evolution. I fully expect that more information will be released in the App.Next presentation to be given at Connect 2016. Hopefully the expected deadline for the full release date will be shared.

More announcements coming soon

For those of you going to Connect make sure you check out the sessions on the XPages runtime and Bluemix

1529: IBM Domino App.Next – Broadening Your Horizons with Bluemix

1075: The XPages of Things: Integrate Bluemix with Your XPages Applications for a World of Possibilities

XPages in Bluemix: Creating a searchable REST service

Marky Roden Bluemix, XPages, XPages in Bluemix

In this article I will demonstrate how we can set up a new searchable REST service in an Bluemix XPages environment.

Introduction

This article was driven by a question on Twitter from Paul Ramos (@parf82) who asked how to search a database in Bluemix. The answer is of course, in the same way that you search it not in Bluemix, using an FTSearch. The more pertinent questions is really how to make the XPages runtime find the application to search in the first place.

Creating the base application

If you follow this video by Brian Gleeson you will be able to create your first application in Bluemix. Once you have that you can manipulate the environment to your hearts content. There are multiple, documented, methods for updating your XPages environment in Bluemix, I prefer to create a Git repository. As Toby and I demonstrated in the socialbizug webcast you can download the application design, manipulate it and send it back to Bluemix as one.

Manipulating the boilerplate

I have the initial boilerplate code cloned to my local hard drive.

bl1

First step it to edit the Manifest and get rid of the Boilerplate application. Why, you ask? Well this way you have the manifest and everything else configured for you nicely. You can do this from scratch but I generally find this mentally easier to work through.

bl2

I renames the application from todo_design to xpages_design.

I took a design copy of my extjs database and saved it in the git repo folder. The database can be seen at (http://demo.xomino.com/xomino/extjs.nsf) which is at it’s heart just a modified fakenames.nsf database (http://www.xpagescheatsheet.com) from David Leedy.

The reason I chose this database is that it contains a lot of REST services already in a normal XPages environment.

bl6

I then had to create a copy of the database itself in the Bluemix NoSQL environment.

bl4

bl5

Quick review

We now have the database split into two separate pieces

  1. The data on slaney/bluemix
    1. https://xpages-domino.ng.bluemix.net//bluemix/PSC_Playground/Hybrid/extjs.nsf/ByName-First
  2. The design xpages_design.nsf – currently in my local git repo

Putting the data directly on slaney – very possible and works in a view as expected

bl7

But if we try and access an XPage – it doesn’t work – which is what we would expect.

Accessing the data from the XPages runtime

Back in our xpages_design database we are going to create a normal REST service – but we have to use the new BluemixContext object to find out the path for the service (https://www.ng.bluemix.net/docs/services/XPagesNoSQLDatabase/index.html#xpservice_portexisting).

 

				<xe:restService id="restService3" pathInfo="byFirstNameBlue">
					<xe:this.service>
						<xe:viewJsonService viewName="ByName-First" start="0" count="100" defaultColumns="true" databaseName="#{javascript:bluemixContext.isRunningOnBluemix()? bluemixContext.getDataService().getHost()+'!!' + bluemixContext.getDataService().getRootDir() + 'extjs.nsf' : 'extjs.nsf'}">
						</xe:viewJsonService>
					</xe:this.service>
				</xe:restService>

The bluemixContext values are derived from the VCAP_Services variables made available to the XPages in Bluemix service through Cloud Foundry. An example is shown here – it is available from the Bluemix dashboard for your XPages by clicking on the ^ arrow on your NoSQL database service.

t1

Viewing the result

Once we have pushed the REST service design changes back up to Bluemix we should be able to see them. Once we correctly create the URL to the rest service. In this case “xpages_design.nsf/xRestService.xsp/byFirstNameBlue”

http://xpages.mybluemix.net/xpages_design.nsf/xRestService.xsp/byFirstNameBlue

 

We are able to demonstrate the new searchable REST service by manually modifying the URL and adding search parameters:

http://xpages.mybluemix.net/xpages_design.nsf/xRestService.xsp/byFirstNameBlue?open&search=smith

 

 

Conclusion

In this article we have seen that we are still able to use the XPages out of the box rest service to communicate between the design database and the “data” database. All the out of the box functionality is available as if it were an on premises application. We also saw the usage of the new bluemixContext to find out where the data database resides within Bluemix.

 

 

The coolest XPages demo ever – revealed

Marky Roden Bluemix, XPages

 

During the AD105 presentation at MWLUG this afternoon, Ryan Baxter and I demonstrated how you can use an XPages application to control a Drone.

We were able to make it take off, take a picture and then land, all from an XPage application interface.

 

 

For more on how this works check out Ryan’s Video 🙂

MWLUG 2015 – IBM Bluemix: Expand Your Horizons – Coolest demo ever !

Marky Roden Bluemix, MWLUG, XPages, XPages in Bluemix

In two weeks time Ryan Baxter and I will be taking the stage to talk about IBM Bluemix and how Domino/XPages developers have a whole new vista of opportunities open to this in IBM Bluemix.

I look forward to seeing many old friends and new faces there – please stick around to the end for what will hopefully be,

The coolest demonstration in the history of MWLUG

When?

Thursday August 20th – 4:00pm AD105: IBM Bluemix: Expand Your Horizons

Abstract

As a developer, you always need to add new tools to your developer tool belt.  Bluemix gives you many options to take what you already know and build upon it, allowing you to continuously reinvent yourself and your apps. Whether you are an XPages developer looking to leverage new technologies like Watson or Docker, or you want to start exploring new languages and frameworks like the MEAN stack, Bluemix has something to offer you.  Using the powerful deployment models and integration services in Bluemix, it is also easy to build solutions that combine the new with the old making it easy to build upon the work you have already done.  Expand your horizons, improve yourself and join us for a whirlwind tour of what Bluemix has to offer you!

 

Be there – or hear about it from your friends……….

An introduction to creating applications in the Bluemix environment – now available

Marky Roden Bluemix, SocialBizUg, XPages, XPages in Bluemix

socbizug

An introduction to creating applications in the Bluemix environment

If you missed our recent webcast, “An introduction to creating Domino applications in the Bluemix environment”, don’t worry – it’s now available on-demand. You can view both the video replay and presentation easily right from your desk.

Watch this webcast and learn how to:

  • Easily get Bluemix up and running and how to create you own XPages applications quickly
  • Integrate with the other services available within the Bluemix ecosystem
  • Maximize the new and exciting possibilities this integration opens up to the Domino community            
   
unnamed

 

XPages in Bluemix (experimental) is live

Marky Roden Bluemix, XPages, XPages in Bluemix

XPages is now available as an experimental release in Bluemix. As of July 2015, anyone can sign up for a free Bluemix account and try out the new XPages in the cloud capability.

What does Experimental mean?

Within Bluemix there are three levels of capability “completeness”. Experimental, Beta and Production ready. Experimental has no Service Level Agreement, no promise of availability and the code base can change at any time without notice. The reason IBM uses this level of completeness is to test drive an application’s capabilities and to elicit feedback from users. They understand that XPages in Bluemix is different than what we are used to on premesis. There is some getting used to the difference in coding patterns when we want to to “@DbName()” for example is now – bluemixContext.getDataService().findDBName().

So experimental means is that it is not production ready and IBM is honest and open about it. For me, it is better to have something than nothing and exciting to thing that in some small way I might be able to help drive the direction of the platform in this manner. Don’t forget – so can you !

Capabilities

The current version of XPages release on day 1 does not have all the same features as an on premises installation. For one, as a developer you do not have direct access to the server, you do not have programmatic access to the server. Your code will run as a designer, but never as an administrator. You cannot have multiple databases on the same application route. This means that many on premises application cannot just be ported straight to Bluemix. Notes client applications will not run in Bluemix (oh well eh……..)

And at the same time there are features and capabilities within Bluemix that are not available  on premises. Some examples are:

  • Scaling you application and running it on multiple instances
  • Automatic failure and restart if the application crashes (which is does, this is experimental after all)
  • Integration with a multitude of services that do not exist on premises
  • Git source control integration at the click of a button
  • Devops capabilities like:
    • Automatic Build and deploy
    • Monitoring and Diagnostics
    • API Monitoring tools
  • Hybrid capabilities
    • The ability to run an XPage application securely, in the cloud, while accessing data securely through an encrypted tunnel back inside the enterprise.
  • and the list goes on……
  • Watson
  • Twitter
  • and on…..

Feedback for IBM

If you have any questions and or would like to get more information on XPages in Bluemix there are a number of ways you can do that:

So how can I get started?

  • Go to http://www.bluemix,net
  • Sign up for a 30 day free trial
  • Follow the instructions and guides shown below
  • Watch videos, read blogs and learn

I started using Bluemix so that I could prepare for XPages arrival, but also so that I could learn new technologies like nodejs and cloudant. As I mentioned before, I strongly recommend you take this as an opportunity to broaden your horizons and learn something new.

Resources

To get you going here are some resources to check out for more information

Enjoy

 

Bluemix Monitoring and Analysis – Diagnostics version

Marky Roden Bluemix, DevOps

In this article I will show how to utilize some aspects of the paid Bleumix Monitoring and Analysis service to look inside the performance of your applications.

State of shock

I am in a state of shock, as I am writing this post I actually broke my application, and used these very tools to figure out why……………..COOL !!!

Introduction

The paid version of Bluemix monitoring and analysis costs $0.03 per application her hour – which equates to about $21 a month per app. Once you turn this on it starts charging – and this is completely outside of the 375GB/Hour free cost. In a week I racked up $5 in charges cos I went away for an extended weekend.

m6

 

I hooked that up to my application and immediately started to see more information about it than the free package

m1

Clicking on the Diagnose button gives me access to more information about my slowest requests

m2

Click on one of the request name options then shows me more information about the response time of that item

m3

 

So how did I break the application?

I am putting together a websockets demo for MWLUG and as part of looking at this monitoring service I started to refresh my website repeatedly, quickly in multiple browsers. This blew up the application and it crashed

m4

Out of memory……weird – how come?

Well as I look at the monitoring tools I can clearly see that the baseline application with no one using it – was hovering over 100M

m5

So clearly we need to add more memory

Go CLOUD

All this preaching about scaling and paying for what you need is all well and good until you actually see it happen. In less than 30 seconds I have more memory applied

m8

and after a quick restart – we can see that we are now not pushing the limit of allocated memory

m7

This is fantastic – because I plan to do a live demo of this application in a room full of people next month – there is a really good chance that this would have crashed when 30 people connected to it – and now there isn’t – and that is freaking awesome !!!!

m9

Bluemix Monitoring and Analytics – free service

Marky Roden Bluemix

In this article I will introduce the free IBM Bluemix Monitoring and Analytics service and show some of the available information.

Monitoring and Analytics

From the Bluemix Dashboard select one of your node applications and then “Add a new Service” – scroll down until you find the DevOps section and select Monitoring and Analysis.

a1

 

There are two opens – Free and not Free, in this case we are going to select free.

a2

Once added you have to restage the application

a3

 

 

Once the application is restaged we can access the service from the dashboard – and initially there will be very little of interest/use.

a4

 

But over time you will start to see information build up about how your application is performing within Bluemix. In this case I am using an example from http://pscportal.mybluemix.net – which if you click on the link you will find nothing – that is because I purposefully have nothing running on the root. What is fascinating is how the monitoring shows this and other interesting information.

Once you have added the service you can bind it to all your applications and it will monitor all of them separately.

Investigating a crash

Apparently the application crashed overnight

a7

 

So I wondered what the monitoring said

a6

 

Apparently the application went from zero CPU usage to DEAD right at 3:24am. But what is also really cool and apparent is that the application self healed and restarted itself – how freaking-cloud-cool is that !!

a9

The application is never available – well that is as I would expect – the root has no node path responding to it. There are other routes within the application which work – but not that one.

a8

Looking at the logs we can see that something happened but not much information as to what. I do not have any logging built into the application yet – but I will have to work on that.

XPages

Unfortunately the whole suite of monitoring is not available for XPages yet – I bound the service to my XPages application and all that was visible was he availability. This is still better than nothing.

a10

a11

The not free version

https://www.ng.bluemix.net/docs/services/monana/index.html#monana_paid_feat_c

“You can use the Request Summary dashboard to identify the requests with the slowest response times and use the widgets to drill down and identify blockages. To open the Request Summary dashboard, open theMonitoring and Analytics service, click on the Performance tab and click Diagnose.”

Sounds interesting…….

Conclusion

Doing “DevOps” means constant monitoring of you application. The trick will be to take action based on the monitoring – we will see if we can do that and I will keep watching these logs over time to see what happens to the applications. Admittedly there are next to no users at all – but hey we will see.

 

 

 

 

XPages in Bluemix – Pushing new changes via Bluemix git repository

Marky Roden Bluemix, XPages, XPages in Bluemix

In this article I will look at modifying the out of the box boilerplate application and starting to look at the tooling around the new XPages in Bluemix capability. I will specifically talk about the use of the Bluemix integrated git repository.

Introduction

In the previous article I walked through the basic steps of creating the boilerplate XPages application in Bluemix. So let’s look at what we created and how we can mess with it 🙂

The Dashboard

Looking at the dashboard for our new boilerplate application we can start to see a number of items. On the top right there is an option to Add Git

h2

Continuing will create a git repository within the Bluemix integrated jazz hub repository. Once complete you will see a link to the new repo

h3

Clicking on the link will take you to the repo page

h4

We can immediately see from this image that it is not quite what we normally expect from a “source control repo” for XPages development. The entire NSF is part of the repo……but let’s go with it.

Click on the “Git URL” link to get the URL for the repo

h5

I use source tree for this part of the process – Clone New and use the URL for the repo – you will have to log into IBM as well

h6

Once complete you will have the repo locally – it can then be opened in Domino Designer

h7 h8

 

As we have seen before – we have the to do boilerplate application – to which we can add a new simple XPage

h9

h10

Note

You must be using the notes ID provided by bluemix for your notes applications.

Build and then close the application in designer

Within Sourcetree – we commit the changes in the master branch and push to repo

h11

h12

Once that is complete we can refresh the jazz hub repo page and see the committed change

h13

When we created this repo in Bluemix, the automatic build and deploy tasks were created as well – so clicking on the “Build and Deploy” tab on the top right takes us the deploy page where we can see this in action

h14

Once that is complete we can go over to our application http://hub.mybluemix.net/ToDo_design.nsf/marky.xsp and there it is

h15

Conclusion

Using this method we are able to upload a new XPage into the application without using the built in tooling in OpenNTF release v13

Caveats

I did have a build issue, don’t know why (experimental code) but clicking the redeploy button fixed it.

Don’t forget to build before you send to Bleumix (duh Marky)

I am not sure I recommend this manner of deploying an application to Bluemix via this method – I just wanted to see if it was possible.