Jakarta EE on Microsoft Azure with Cargo Tracker

This workshop include self guided and instructor lead activities. Self-guided activites will be labeled. Otherwise, assume instructor leads the students in the execution of steps.

Why a non-official repo?

This workshop is work in progress destined for https://github.com/Azure-Samples/cargotracker-azure-workshop.

The instructor will use an etherpad to share credentials and other details not suitable for putting in the live repository.

PENDING Update with link to etherpad from riseup.net.

Slides or website?

The workshop is mostly done with this website, but the instructor will present some slides several times. You can download the slides here.

Common set up for the rest of the day

25min Configure essential credentials for the workshop.

Set up for JBoss EAP

Do section 1 from the JBoss EAP workshop. https://github.com/Azure-Samples/workshop-migrate-jboss-on-app-service/blob/main/instructions/1-environment-setup.md

Set up for Open Liberty

10min Self-guided. Activate your azure pass to create your subscription.
5min Self-guided. Make sure Azure Cloud Shell works in your subscription.
- Cloud Shell overview
- We will be using the bash variant of Azure Cloud Shell.
- The first time you open the cloud shell, you must accept creating some cloud storage within your subscription.
10min Self-guided. Perform set up steps in your Azure Cloud Shell.
1. Make a fork of the workshop repo https://github.com/edburns/javaland-javaee.
2. Enable GitHub Actions in the fork.
  
  a. Select the Actions tab.
  
  b. You may need to click a big green “I understand my workflows, go ahead and enable them” button.
3. In the Azure Cloud Shell, do gh auth login.
  
  a. Select GitHub.com.
  
  a. Select SSH
  
  b. Generate a new SSH key Yes.
  
  b. Select Login with a web browser.
  
  c. Copy the code.
  
  c. If the browser fails to open, select the hyperlink in the Cloud Shell, or copy paste it to a new tab.
  
  d. Paste the code into the GitHub tab.
  
  e. If you are logged in successfully, you should see something like the following in your Cloud Shell.
```
✓ Authentication complete.
- gh config set -h github.com git_protocol ssh
✓ Configured git protocol
✓ Uploaded the SSH key to your GitHub account: /home/cf9af31d-cea6-4763-b8f2-3ded0806/.ssh/id_ed25519.pub
✓ Logged in as edburns
```
4. gh repo clone the fork using SSH NOT HTTPS.
```
gh repo clone git@github.com:<your github name>/javaland-javaee.git
```
5. Say yes to the SSH question.
6. cd javaland-javaee/.github/workflows/
7. Run the setup.sh script and answer the prompts.
  
  a. Instructor will put any shared credentials necessary in the Etherpad.
  
  a. You may need to use Ctrl-Shift-v to paste into the Cloud Shell.
  
  b. For the Enter owner/reponame enter your github username and the javaland-javaee. This allows the script to set GitHub Actions repository secrets.
  
  c. Copy the entire output of the script to a text file and save it. You might need to refer to the contents to allow the instructor to help you if you get stuck. Also, if the Cloud Shell is allowed to time out, you will need these values. Finally, the disambiguation prefix is used by another script to remove the resources at the of day.
15min Perform additional set up steps in the Azure Portal https://aka.ms/publicportal

The instructor will direct you to perform the following steps.
1. In the Portal toolbar, select Azure Active Directory. The icon is a pyramid.
2. Under Manage, select Roles and administrators.
3. In the textfield labeled Search by name or description, without pressing enter, type Directory readers. When the auto-suggest fills in, select Directory readers.
4. Select + Add assignments.
5. In the textfield labeled Search, enter the prefix you entered for the first question in the setup.sh. In the suggestions, be sure to select the one right one. You need the one that ends in u. The u is for User Assigned Managed Identity. It will match the format <prefix>mmyyu where mmyy is today’s date in mmyy format.
6. Select Add.
7. In the Portal messages you should see Successfully added assignment.
8. In the middle of the table you should see <prefix>mmyyu.
It is very important to verify this role is correctly assigned.

Why this is important in general?
- Absolutely everything done in Azure is done under the authority of a “Managed Identity” concept.
- This concept is implemented with a combination of two Azure role based access control (RBAC) technologies:
  - Azure RBAC
  - Azure AD RBAC
  Why two? Evolution. This quote is about Amazon, but it applies to any evolving public cloud:
  
  An analogy: Evolving a Cessna prop‐plane into a 747 jumbo jet in‐flight
  
  Source: Marvin Theimer, Amazon Web Services LLC at ACM SigOPS 2009.
  
  For some more history, see Classic subscription administrator roles, Azure roles, and Azure AD roles.
- You may have heard the term “Service Principal”. Managed Identity is a more modern concept built around the older concept of Service Principal.
- For the complete documentation about managed identities, see Overview of Managed Identities
  
  a managed identity is a service principal of a special type that can only be used with Azure resources. When the managed identity is deleted, the corresponding service principal is automatically removed.
Why this is important for Jakarta EE on AKS
- The offers we are using for Jakarta EE on AKS require a User Assigned Managed Identity to successfully operate.

JBoss EAP on Azure App Service

Open Liberty on AKS

Liberty on AKS

WebLogic Server on AKS

Clean up

5min Remove resources created by the common set up.

In Cloud Shell, cd javaland-javaee/.github/workflows/
./teardown.sh.
Enter the disambiguation prefix that was output from setup.sh and press enter.
The script removes any resources and repository secrets created by setup.sh.
Remove the resource groups for the database and storage account. These will be something like wlsd-db-1953611437-2 and wlsd-sa-1953611437-2, respectively.