posts

How to make Java the DevOps best friend

figure
Dec 16, 2021
Dmitry Chuyko

A successful DevOps strategy is not about abstract ideas, team collaboration, and good practices of continuous application delivery alone. It is also about technologies that make those practices come to life. For example, vulnerability scanners provide continuous safety monitoring throughout the CI/CD pipeline. Docker helps developers package, deploy, replicate, and shift containers in a streamlined way. Kubernetes enables automatic management of the containerized applications.

In addition to that, there is a runtime. The development platform is a crucial component that influences the security and performance of the application and even the efficiency of your internal DevOps process for Java development. Let us find out how!

This article will discuss how to organize a reliable CD pipeline by choosing the Java Development Kit distribution that best fits your DevOps methodology. You will also see that the simplest method for installation is not always the best one; it may be fraught with potential issues. Finally, we will discover a novel tool that will help you manage the runtimes of the whole Windows PC fleet with a single application.

Alternatively, contact our engineers, and they will tell you how to boost the efficiency of your Java DevOps processes through top-class JDK distribution and cutting edge tools.

  1. JDK distribution fitting the DevOps purposes
  2. Installing a JDK distribution: approaches and pitfalls
    1. Simple download is not that simple
    2. Install a package
    3. Use the developer’s website
    4. Containers
    5. APIs
  3. DevOps and the tools for automated Java monitoring
  4. Conclusion

JDK distribution fitting the DevOps purposes

When Oracle stopped releasing free builds of Java SE 8 in 2019, many companies started to look for alternatives. Luckily, Java was open-sourced long ago, so there are a few high-quality OpenJDK distributions to choose from. The question is, how to select a distro most suitable for your organization?

A good Java Development Kit distribution aiding rather than hindering your DevOps processes must meet the following requirements:

  • You will be unpleasantly surprised when your programs start behaving inappropriately after the migration. It means that the distribution doesn’t conform to the standards. TCK verification guarantees the compliance with Java SE specifications, so the migration can be performed without any issues.
  • Timely updates ensure the security of your runtime at all times. The updates must be integrated continuously without delays, so there will be no chance left for exploits. A good Java Development Kit distribution has a release cycle aligned with Oracle’s plus quarterly CPUs with fixes to known vulnerabilities and bugs.
  • Using different distributions for PCs, servers, and the cloud is expensive and time-consuming. A company has to monitor and integrate updates for each runtime individually. A unified runtime with a wide range of supported platforms significantly simplifies the process of testing, updating, security patches integration, and deployment.
  • The DevOps processes in Java development must run smoothly and continuously. If a problem arises, it may impede and disturb the workflow, especially if you have to wait for days or weeks for it to be solved. A runtime with high-quality support enables almost immediate response based on SLA and without a middle man. For instance, a critical vulnerability in Java logging libraries has recently been discovered. Although the affected library is not part of Liberica JDK, we still can help our clients by fixing the issue because their security is our top priority.
  • Convenient support conditions are also important. Some vendors offer pricing based on vCores. As a result, upgrading/downgrading your fleet will necessitate legally changing the contract, which demands money and precious time. With flexible per-instance pricing, you won’t encounter this issue. Besides, it is less expensive because the number of CPUs and the processor class do not matter.
  • A company with a fleet consisting of thousands of PCs would benefit more from long-term support. After all, upgrading every two years is inconvenient and significantly slows down the development process. Therefore, a distribution with LTS-releases supported for at least eight years will enable your developers to concentrate on delivering a high-quality product to the customers rather than rewriting the code constantly.
  • In the case of cloud development, time and size mean money. The smaller your containers are, the faster is the deployment and the fewer resources are consumed. A perfect JDK distribution should be fit for cloud use and provide small containers. Additional Java tools for DevOps would be a bonus. For example, Liberica JDK comes with Liberica Native Kit to accelerate the startup times and minimize static footprint.

As you can see, there are a lot of factors to consider when selecting a JDK distribution. However, with the right choice, you will be able to automate your processes even more, reduce your TCO, speed up the development, and enhance the security of your application.

Still not sure whether you should switch from Oracle JDK to OpenJDK? Download a comprehensive white paper dispelling common fears about OpenJDK and giving reasons for migration.

Installing a JDK distribution: approaches and pitfalls

DevOps powered by Java is a tempting idea. But before you enjoy the benefits of a selected JDK distribution, you have to install it first, which is not as easy as it seems.

Simple download is not that simple

OpenJDK is an open source implementation of Java SE, meaning that all components are free for download and use. So all you have to do is browse through all OpenJDK distros available, select a suitable one and download the necessary files. Then you can update your JDK by receiving and integrating security patches and updates. The process is simple, but in reality, there are a lot of variables you have to consider. First, you need to know the version you’re running and how it complies with the files you download. Then you must ensure that the chosen distro is TCK-validated to comply with Java SE standards. It would also help to run your own tests to see how the JDK works with your application and whether it satisfies your goals.

Install a package

Install a JDK package through a package manager, a tool that enables automated installation/deinstallation and runtime updates. This approach is more sophisticated than the previous one. There are a variety of package managers available on the market: OS-specific ones like YUM or APT for Linux, Homebrew for macOS, and cross-platform ones like SDKMAN!. But this approach has its downsides, too.

Firstly, these managers must be installed on every machine, and JDKs are updated independently on each desktop. Secondly, you don’t have complete control over the updates cycle. The schedule depends on the distribution vendor. Security patches are published by OpenJDK four times a year, and each vendor then uses them in their builds. However, the builds may not be updated in a timely manner. So there’s a risk that you will install a distribution without the latest security fixes, and your application will be vulnerable to exploits.

Use the developer’s website

If you have found a JDK vendor meeting your requirements and the requirements to a secure and performant distribution, you can go directly to the vendor’s website and download the package from there. However, there are also a few things to consider. For example, a distribution may come in different flavors. In the case of Liberica JDK, these are Full, Standard, and Lite, each fit for specific purposes. Then you have to choose the installation method: run the installer or use a command line. Note that it’s essential to have a notarized installer that can also be used to uninstall the JDK because it may be more complicated with the command line.

Containers

Containers are the new black in the IT world. They are beneficial for Java DevOps development as they enable companies to build microservices and increase the agility, speed of deployment and updates. Packaging and delivery processes can be standardized and transferred across environments.

But there are no two containers alike. They have different sizes depending on the OS and components, significantly influencing the pull time and memory consumption.

Let us take a Liberica JDK container based on CentOS. Even optimized, it weighs 319 MB, so pulling the image will take 17 seconds over 100 Mbps network! If this is too much for you, opt for a smaller container. For example, Alpine Linux is a lightweight OS perfect for cloud deployments and containerized applications. Try out BellSoft’s generic Liberica JDK Alpine musl base image, which takes up less than 100 MB on the disk. A container based on Alpine musl and Liberica can be as small as 43.5 MB — it is the smallest container on the market!

Another aspect worth paying attention to is a base image for the container. Sometimes you won’t have features you expect to be there or you’ll have a very outdated Java. If you don’t know what a current JDK version is, you can easily get a container one year outdated in terms of security.

APIs

Suppose you want to gain comprehensive information on a distribution before installing it. You can do that by means of Discovery APIs providing the full metadata on JDK binaries. APIs are meant to automate the process of notifications about JDK releases and security updates by consuming metadata. BellSoft uses its own technologies to create APIs for Liberica JDK. Our APIs are designed so thoroughly that we still provide all the metadata structured as v1.0, even for new products and features. We provide information about the supported architectures and operating systems, artifact types, versions, etc. You also get a download link and a checksum. In addition, our download links and APIs are persistent, meaning that they haven’t changed since the first version.

To use the APIs, you can invoke the whole metadata text in JSON format or make multiple calls getting small pieces of data. The response will be much slower if you request the entire metadata for all the releases and platforms, so use filters and select fields to speed up the process.

Finally, APIs play an essential role in JDK installation for Ansible. The Ansible role for Liberica JDK is cross-platform and can be used with Windows and Linux.

DevOps and the tools for automated Java monitoring

Earlier, we mentioned that a unified runtime simplifies testing and deployment. You are free to work with different vendors, but we believe it would be better to let one reliable vendor take care of your runtime security and updates. In addition, a unified runtime comes with useful utilities to automate your processes, reduce costs, and facilitate the development.

For example, BellSoft has created a solution enabling full control of all the corporate runtimes from one window: Liberica Administration Center (LAC). LAC is a server-based application, which

  • Collects data about Java runtimes (vendor and version) and applications in the Windows PC fleet;
  • Notifies about security issues and license violations and offers a solution;
  • Upgrades Liberica JDK or uninstalls JDKs/JREs;
  • Performs daily and monthly scheduled tasks.

LAC is indispensable for Java DevOps processes as it enables the company to automate runtime monitoring and updates. You will always stay on top of the latest Java improvements and be fully protected thanks to prompt and automatic installation of security patches and updates. In addition, you can upgrade the whole fleet simultaneously or each instance independently. This way, you will save a tremendous amount of time and money as your team won’t have to control the runtimes manually. Consequently, they will dedicate the time to other pending tasks. Therefore, the processes in your CI/CD pipeline will run as smoothly as possible.

Conclusion

In this article, we have seen a direct link between the Java Development Kit quality and DevOps efficiency. We described several methods of JDK installation: all of them have their pros and cons, so utilize the one that fits your purposes. We have also discovered a Java inventory and monitoring tool for DevOps that will keep runtimes in your PC fleet always secure and up-to-date.

Java keeps gaining popularity, and not without reason. It is not only a language; it is a whole ecosystem with frameworks, tools, and a strong community. As a result, Java improves in line with modern requirements for cloud computing, containerization, process automation, and continuous software delivery. So use Java to boost the DevOps at your company, and you will not be disappointed!

posts
Alpaquita vs Alpine: a head-to-head comparison
figure
Nov 10, 2022
Dmitry Chuyko
shorts
Critical vulnerabilities in OpenSSL 3.0
Nov 11, 2022
Sergey Chernyshev

Find out about the newest CVEs discovered in OpenSSL 3.0 and how to eliminate the risk of exploits

Subcribe to our newsletter

figure

Read the industry news, receive solutions to your problems, and find the ways to save money.