If you are the author or maintainer of an JVM-based Open Source software, chances are you publish it to the Maven Central repository so that automated build tools can download it. With JCenter and Bintray decommissioned, there’re not many hosting options around. There’s jitpack.io, and it’s much easier to publish there than to Maven Central, but their relaxed requirements can also be seen as a problem. For example, JitPack builds from source, so, the artifacts aren’t signed. I publish to JitPack for hobby projects, but for serious work, I prefer Maven Central.

Problem Statement

Artifacts to be published to Maven Central must meet certain requirements, one of which is accompanying PGP signatures. Users of your library might want to verify these artifacts’ PGP signatures against a public key server. Several plugins are available for popular build tools like Maven, Gradle and SBT that attempt to make the publishing process less painful, but the signing process is a real pain in the neck. In this article, I will lay out the exact steps needed for generating a PGP key pair, and a Gradle example of using them to sign the artifacts. Having generated the keys, they can be used by any build tool.

A PGP signature can also be used for signing commits and tags on GitHub.

Security Considerations

Using a private key in a CI/CD enviornment like GitHub workflow requires extreme caution to avoid unintentional exposure. Here are a few best practices:

• Key Cleanup: Always delete the imported key at the end of the job, regardless of the job outcome, to prevent accidental leaks.

• Log Hygiene: Ensure that the key is never printed to the job logs, as this can expose it. If using GitHub Secrets, this is automatically taken care of by GitHub; you can also mask it yourself using the add-mask workflow command.

• Temporary Files: If your workflow uses temporary files to handle keys, make sure they are securely deleted.

Requirements

The only thing you will need other than a computer and an internet connection is Docker engine installed. For Windows and Mac, you can install Docker Desktop.

Steps

1. Run an Ubuntu container.

   docker run --rm -it -v $(pwd)/.gnupg:/root/.gnupg -e GPG_TTY=/dev/console ubuntu bash
   

2. Install GnuPG, which is an implementation of the Open PGP standard.

   apt update && apt install -y gnupg
   

3. Generate a GPG key pair. Because of the Docker volume mapping, the generated keys are stored in the .gnupg directory in your home directory.

   gpg --full-generate-key
   

4. At the prompt, specify the kind of key you want, or press Enter to accept the default RSA and RSA.
5. Enter the desired key size. I recommend at least 4096 bits.
6. Enter the length of time the key should be valid. Press Enter to accept the default selection, indicating that the key does not expire.
7. Confirm that the key does not expire by entering ‘y’.
8. Enter your full name.
9. Enter your email address.
10. Enter a comment, or press Enter to skip.
11. Verify that your selections are correct. Enter ‘O’ (Upper case O) to proceed.
12. Type a secure passphrase. If you enter a weak passphrase, you will be asked to confirm it.
13. Retype the passphrase.
14. Use the following command to list GPG keys for which you have both a public and private key.

    gpg --list-secret-keys --keyid-format SHORT
    

    The last few lines will be similar to the following. The key id/fingerprint is the 40-character string on the second line of sec. The last 8 characters (shown on the first line after rsa3072, 9D397642 in the example below) are sufficient to uniquely identify the key, and is referred to as the <key id> in the following steps.

    sec   rsa3072/9D397642 2021-04-04 [SC]
      C49D1269413357A989292F0BBED9F87D9D397642
    uid         [ultimate] John Doe <johndoe@nowhere.com>
    ssb   rsa3072/AD77D767 2021-04-04 [E]
    

    To list the public keys in the keyring, run with --list-keys instead of --list-secret-keys. Note that the key id is the same for both. If you need to retrive the public key later, you can search for it using the key id or the email provided in step 9 above.

    gpg --keyserver <keyserver> --search-key <key id>
    gpg --auto-key-locate <keyserver> --locate-keys <email>
    

    The keyserver must include the protocol hkp.

15. Upload the public key to a key server; Maven Central uses hkp://keyserver.ubuntu.com.

    gpg --keyserver keyserver.ubuntu.com --send-keys <key id>
    

    Optionally, convert the secret key to a Base64 encoded format with no line breaks. This may be required because a lot of public CI servers allow the secret key to be set as an environment variable, and the line breaks and special characters in the secret key are not compatible with an environment variable.

    gpg --armor --export-secret-keys <key id> | base64 -w0
    

    If you are using Gradle, you can use the Signing plugin along with the Base64 keys to sign the artifacts, as shown below (using Kotlin DSL):

    fun base64Decode(prop: String): String? {
        return project.findProperty(prop)?.let {
            String(Base64.getDecoder().decode(it.toString())).trim()
        }
    }
    
    signing {
        useInMemoryPgpKeys(base64Decode("signingKey"), base64Decode("signingPassword"))
        sign(*publishing.publications.toTypedArray())
    }
    

    signingKey and signingPassword are project properties that are set from the corresponding environment properties.

    If you’ve previously saved the keys to files, here are the commands to import them.

    gpg --import </path/to/public/key/file>
    gpg --allow-secret-key-import --import </path/to/private/key/file>
    

16. As for the actual upload to Maven Central, the Gradle Maven Publish Plugin doesn’t support publishing to the new Sonatype Central Publishing Portal. There’s an open issue for Gradle to support publishing to Central, but they seem to be reluctant in doing so. There’re a bunch of third-party plugins that support publishing to Central, among which JReleaser and vanniktech/gradle-maven-publish-plugin seem to be the most popular and actively maintained. I personally couldn’t get JReleaser to sign the artifacts successfully, and went with the vanniktech plugin instead.

Conclusion

And there we have it, a complete recipe for generating a PGP key pair, and a Gradle example of using them to sign the artifacts.

Over the last few years, we have seen more and more projects and companies adopt gRPC as the communication protocol among internal microservices, or even for customer-facing services. gRPC can be implemented in many languages, Java being one of them, and when it comes to Java web frameworks, Spring Boot is arguably the most popular. On the deployment side of things, Kubernetes has emerged as the undisputed leader. Thus, it is only fair that we talk about all three of them when we are looking to make a production-ready application.

From now on, I will refer to Spring Boot simply as Boot, and Kubernetes as K8S. Also, I will use “gRPC service” and “gRPC server” interchangeably unless there is a specific need for disambiguation.

I deliberately avoided providing supporting information about the popularity claims made above, but if you are the “trust but verify” type, feel free to convince yourself by doing some research.

Problem Statement

We want to deploy a gRPC client-server application in K8S with no web (HTTP/S) interface, and we want to monitor the application health.

Design

Let’s first take stock of where each member of the trio stands when it comes to monitoring application health:

• gRPC defines a health checking protocol for the server. It does not define a corresponding protocol for the client.
• K8S defines liveness and readiness probes.
• Boot provides Actuator, and Actuator provides a Health endpoint.

So, a reasonable strategy is to implement the gRPC health checking protocol, make it available under the Boot Actuator health endpoint, and then use the K8S probes to query the Actuator health endpoint time to time.

Implementation

gRPC

Good thing is, io.grpc:grpc-services comes with an implementation of the Health service that implements the “GRPC Health Checking Protocol”; it is the class HealthServiceImpl and can be retrieved by a call to HealthStatusManager.getHealthService(). However, registering that service with the gRPC server is our responsibility.

For monitoring a gRPC client readiness, we can watch the ManagedChannel state using the methods ManagedChannel.getState() and ManagedChannel.notifyWhenStateChanged() methods. If the state is ConnectivityState.TRANSIENT_FAILURE when checked, there has been some transient failure, and the gRPC client app is alive but not accepting requests (not ready).

Implementing a gRPC client liveness check is up to the application.

Boot

As of this writing, Spring Boot does not have out of the box support for gRPC (little surprising, since they seem to support everything else under the sun). A Google search brings up two libraries that aim to fill this gap, yidongnan/grpc-spring-boot-starter being one of them. If property grpc.server.health-service-enabled is true (default), it registers the Health service automatically for us. So, in order to make the server health status available under Actuator health endpoint, we just need to implement a HealthIndicator named GrpcServerHealthIndicator that is a client of the Health service. See Writing Custom HealthIndicators.

Starting with version 2.3.0.RELEASE, Spring Boot provides liveness and readiness information under Actuator health endpoint. See Kubernetes Probes for details. In order to include our GrpcServerHealthIndicator in liveness and readiness groups, see Checking external state with Kubernetes Probes.

For example, to add to the readiness health group:

management.endpoint.health.group.readiness.include=readinessState,grpcServer

A Boot application running on Kubernetes will show the following health report:

/actuator/health

{
  "status": "UP",
  "components": {
    "diskSpace": {
      "status": "UP",
      "details": { //...
      }
    },
    "livenessProbe": {
      "status": "UP"
    },
    "ping": {
      "status": "UP"
    },
    "readinessProbe": {
      "status": "UP"
    }
  },
  "groups": [
    "liveness",
    "readiness"
  ]
}

and

/actuator/health/liveness

{
  "status": "UP",
  "components": {
    "livenessProbe": {
      "status": "UP"
    }
  }
}

The problem, though, is that our application does not have any web interface. So, what do we do?

Pretend you are thinking hard about a solution before reading on.

The solution is to use Actuator monitoring over JMX.

Following is the JMX counterpart to the HTTP /actuator/health output above (line breaks and indentation for legibility only):

{
  status=UP,
  components={
    diskSpace={status=UP, details={...}},
    livenessState={status=UP},
    ping={status=UP},
    readinessState={status=UP}
  },
  groups=[liveness, readiness]
}

Note that the K8S probes are not mandatory, so, if you are using an older version of Boot that does not support those, fret not. The GrpcServerHealthIndicator can still contribute to the overall health status available in the top-level status, it just will not contribute to the liveness and readiness health groups.

K8S

K8S defines two distinct checks: Liveness and readiness. However, gRPC only defines a single health checking protocol and does not have a native concept of readiness check. A reasonable way to map gRPC responses to Kubernetes checks way is interpreting SERVING response as the service being alive and ready to accept more requests, NOT SERVING response as the service being alive but not accepting requests, and UNKNOWN or failure to respond as the service not being alive.

We have already discussed mapping gRPC client health to Kubernetes checks in this section.

JMX

To monitor a JVM using the JMX API, we must enable the JMX agent when starting the JVM. We can enable the JMX agent for local monitoring, for a client management application running on the local system, or for remote monitoring, for a client management application running on a remote system. The steps involved vary, and can be quite involved. See Monitoring and Management Using JMX Technology for details. Apparently it is not very well understood, as indicated by the plethora of Stack Overflow questions on this topic:

• How to programmatically invoke MBeans operation of target process.
• spring boot actuator connect jmx programmatically.
• How to use SpringBoot actuator over JMX.
• How to connect to a java program on localhost jvm using JMX?
• How to access Spring-boot JMX remotely.

For the problem at hand, we will use a much simpler approach. Note that the K8S probes execute on the same host as the application, so we do not need to connect to the app remotely. Instead, we will find the process we want to attach to, just like we do when running JConsole, using the jcmd tool introduced in Java SE 7. It is available under $JAVA_HOME/bin, same place as the java binary.

Assuming we have started our gRPC app using the following command:

java -cp /myapp.jar com.mycompany.myapp.MainClass

The output of running jcmd will show (with different PIDs) the following:

87864 jdk.jcmd/sun.tools.jcmd.JCmd
87785 com.mycompany.myapp.MainClass

We use the ProcessBuilder class to run the jcmd command. We then parse the output as shown above and find the PID for the JVM process matching the given main class name. Following is a Kotlin code snippet showing how to do it:

val pid = output
  .map { it.split("\\s+".toRegex()) }
  .filter { it.size > 1 && it[1].endsWith(mainClass) }
  .map { it.first() }
  .firstOrNull() ?: throw IllegalArgumentException("Couldn't find process matching: $mainClass")

That is all we need to attach to that process using the Attach API that was introduced in Java SE 6. Our JMX client attaches to the VirtualMachine corresponding to the PID, and starts the JMX management agent in the target process if not already running. Kotlin code snippet again:

val connectorAddress = vm.agentProperties.getProperty("com.sun.management.jmxremote.localConnectorAddress") ?: vm.startLocalManagementAgent()
val url = JMXServiceURL(connectorAddress)
val connection = JMXConnectorFactory.connect(url).mBeanServerConnection

It then invokes the health operation on the Spring Boot Health MBean.

val health = connection
  .invoke("org.springframework.boot:type=Endpoint,name=Health", "health", null, null)
  .toString()

Finally, it parses the result, and checks the status of the livenessState or readinessState. If Kubernetes probes are not available/enabled, it checks the top-level status. If the status is not UP, it throws an exception causing the client to exit with an error. The parsing logic can be implemented in various ways, and I leave it to the reader to choose their own.

Assuming the JMX client is a command line app that accepts option -m for the main class, and options -l and -r for running the liveness and readiness checks, respectively, we can set up the K8S liveness probe as follows:

livenessProbe:
  exec:
    command:
    - health-probe
    - -l
    - -m
    - MainClass
  initialDelaySeconds: 5
  periodSeconds: 5

The readiness probe is almost identical.

We assume above that health-probe is a binary executable available on the server PATH. There are various ways to distribute a Java app with binaries that we will not discuss here; if using Gradle as a build tool, the Application plugin can do it.

Obviously, the JMX client distribution has to be included in the server Docker image for the K8S probes to work.

Conclusion

And there we have it, a complete recipe for grPC health checks on Kubernetes with Spring Boot Actuator.

I recently came across this blog post where the author talks about a solution for scheduling interdependent tasks. Coincidentally, I have been brushing up Data Structures and Algorithms in preparation for job interviews and realized that the solution discussed in the aforementioned blog could be simplified. That is what I am going to be discussing in this post.

Problem Statement

Given a set of tasks that have dependencies on one another, find an execution order such that depended tasks are executed before their dependents. This is a general class of problems known as the Scheduling Problems that honors a set of constraints, most importantly, the precedence constraints, which specify that certain tasks must be performed before certain others. For example, consider a college student planning a course schedule, under the constraint that certain courses are prerequisite for certain other courses. In the image below, an arrow from course A to course B means A needs to be taken before B.

This problem can be solved by sorting the directed graph in the Topological order such that all its edges point from a vertex earlier in the order to a vertex later in the order. A topological order for our example model is shown above.

An obvious prerequisite is that no cycles exist in the graph. Our solution is going to check for cycles though (Trust, but verify).

Design

It occurred to me that a Topological sort is actually not necessary, because the dependencies of a task are fixed at its construction time. The original solution needed the sort because the task scheduler attempted to figure out which tasks needed to run before others; instead, we can simplify the design such that each task notifies its dependents on its completion. Think of it like a Domino effect; once started, the process would progress on its own. Referring to the previous example, Scientific Computing would notify Artificial Intelligence when it is completed, Complexity Theory would notify Cryptography, and so on and so forth.

That is where the Observer Pattern comes in.

Implementation

I make heavy use Java 8 Stream and concurrency constructs, so if you are not familiar with those, you may want to brush up on those before reading further.

Task

Java supports the Observer Pattern in two ways:

1. Using Observer and Observable.

2. Using PropertyChangeSupport and PropertyChangeListener.

I chose the latter because the former has been deprecated in Java 9; see the Observable Javadoc for details.

All we need to do in a task is keep track of the completion of its dependencies. When all the tasks it depends on have completed, the task starts execution, and on completion, notifies its dependents. Here’s the Task class snippet:

public final class Task<V> implements PropertyChangeListener {
    private final String id;
    private final PropertyChangeSupport support;
    private final Collection<Task<V>> dependsOn;
    private final Function<Map<String, V>, V> action;
    private final Executor executor;
    private final Map<String, V> resultMap;

    private Task(...) {
        this.id = id;
        this.dependsOn = dependsOn;
        this.action = action;
        this.executor = executor;

        this.support = new PropertyChangeSupport(this);
        this.resultMap = new ConcurrentHashMap<>();
        this.dependsOn.forEach(d -> d.addDependent(this));
    }

    public static <T> TaskBuilder<T> builder() {
        return new TaskBuilder<>();
    }

    @SuppressWarnings("unchecked")
    void addDependent(PropertyChangeListener dependent) {
        support.addPropertyChangeListener(dependent);
        if (dependent instanceof Task<?>) {
            Collection<Task<V>> dependsOn = ((Task<V>) dependent).dependsOn;
            if (!dependsOn.contains(this)) {
                dependsOn.add(this);
            }
        }
    }

    ...

    public V result() {
        return resultMap.get(id);
    }

    @Override
    @SuppressWarnings("unchecked")
    public void propertyChange(PropertyChangeEvent evt) {
        String taskId = evt.getPropertyName();
        Set<String> ids = dependsOn
                .stream()
                .map(task -> task.id)
                .collect(toSet());

        if (!ids.contains(taskId)) {
            throw new IllegalStateException(...);
        }
        resultMap.put(taskId, (V) evt.getNewValue());
        if (ids.equals(resultMap.keySet())) {
            execute();
        }
    }

    public void execute() {
        try {
            CompletableFuture.supplyAsync(
                      () -> action.apply(unmodifiableMap(resultMap)), executor)
                    .thenAccept(result -> {
                        resultMap.put(id, result);
                        support.firePropertyChange(id, null, result);
                    });
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    ...

    public static final class TaskBuilder<V> {
        ...

        public Task<V> build() {
            ...
            return new Task<>(id, dependsOn, action, executor);
        }
    }
}

I use the Builder Pattern to provide an elegant means of constructing a task.

The task scheduler simply needs to check if there is a cycle, and if not, submit the tasks that do not depend on others. In order to do that, I use the excellent algs4 library.

public final class TaskScheduler<V> {
    private final Map<String, V> resultMap;
    private final CountDownLatch latch;
    private final List<Task<V>> rootTasks;
    ...

    @SuppressWarnings("unchecked")
    public TaskScheduler(List<Task<V>> tasks) {
        int v = tasks.size();
        Map<String, Integer> taskMap = IntStream.range(0, v)
                .mapToObj(i -> new SimpleImmutableEntry<>(tasks.get(i).id(), i))
                .collect(toMap(Map.Entry::getKey, Map.Entry::getValue));

        Digraph graph = new Digraph(v);
        taskMap.forEach((name, idx) -> {
            Task<V> task = tasks.get(idx);
            task.dependsOn()
                    .forEach(dependency ->
                        graph.addEdge(idx, taskMap.get(dependency)));
        });
        DirectedCycle directedCycle = new DirectedCycle(graph);
        if (directedCycle.hasCycle()) {
            ...
            throw new IllegalArgumentException(...);
        }

        rootTasks = IntStream.range(0, v)
                .filter(i -> graph.outdegree(i) == 0)
                .mapToObj(tasks::get)
                .collect(toList());

        resultMap = new ConcurrentHashMap<>();
        latch = new CountDownLatch(v);
        PropertyChangeListener accumulator = evt -> {
            latch.countDown();
            resultMap.put(evt.getPropertyName(), (V) evt.getNewValue());
        };
        tasks.forEach(task -> task.addDependent(accumulator));
    }

    public Map<String, V> await(long timeout, TimeUnit unit) {
        rootTasks.forEach(Task::execute);
        latch.await(timeout, unit);

        return unmodifiableMap(resultMap);
    }
}

Lastly, since we should never write code without writing unit tests (you do not, right?), here is a test:

void testTask() throws InterruptedException {
    Random random = new Random();
    ExecutorService executor = Executors.newSingleThreadExecutor();

    Task<Integer> f1 = Task.<Integer>builder()
            .id("f1")
            .executor(executor)
            .action(resultMap -> {
                try {
                    Thread.sleep(random.nextInt(5));
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
                return 0;
            })
            .build();
    Task<Integer> f2 = Task.<Integer>builder()
            .id("f2")
            .executor(executor)
            .action(resultMap -> {
                try {
                    Thread.sleep(random.nextInt(5));
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
                return 1;
            })
            .build();
    Task<Integer> f3 = Task.<Integer>builder()
            .id("f3")
            .executor(executor)
            .dependsOn(Arrays.asList(f1, f2))
            .action(resultMap -> {
                try {
                    Thread.sleep(random.nextInt(5));
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
                return resultMap.get("f1") + resultMap.get("f2");
            })
            .build();
    Task<Integer> f4 = Task.<Integer>builder()
            .id("f4")
            .executor(executor)
            .dependsOn(Arrays.asList(f2, f3))
            .action(resultMap -> {
                try {
                    Thread.sleep(random.nextInt(5));
                } catch (InterruptedException e) {
                    e.printStackTrace();
                }
                return resultMap.get("f2") + resultMap.get("f3");
            })
            .build();

    Integer result = new TaskScheduler<>(f1, f2, f3, f4)
            .await(30, TimeUnit.SECONDS)
            .get("f4");

    assertNotNull(result);
    assertEquals(2, result.intValue());
}

To finish off, here is a sample execution log:

Task: f1 depends on: []
Task: f2 depends on: []
Task: f3 depends on: [f1, f2]
Task: f4 depends on: [f2, f3]
Task: f1 is executing on thread: pool-1-thread-1
Received notification from task: f1 inside task: f3
Task: f3 is not ready
Task: f2 is executing on thread: pool-1-thread-1
Received notification from task: f2 inside task: f3
Task: f3 is ready to be executed
Received notification from task: f2 inside task: f4
Task: f4 is not ready
Task: f3 is executing on thread: pool-1-thread-1
Received notification from task: f3 inside task: f4
Task: f4 is ready to be executed
Task: f4 is executing on thread: pool-1-thread-1

Conclusion

I believe a good solution is deceptively simple, and therein lies its elegance. For a production-grade solution, I would have robust exception handling, but for a proof-of-concept like this, I did not spend much time with that.

With the paradigm shift towards Microservices and Cloud-Native architecture (whether everyone is doing it right is another topic though), containers have become almost synonymous with those terms. Given that Kubernetes is a “Production-Grade Container Orchestration” (their words), and with features like horizontal scaling, self-healing, and storage orchestration, it is only natural that we are discussing running a database as a container on Kubernetes. In this post, I discuss running a Couchbase cluster on Kubernetes. I assume familiarity with both Couchbase and Kubernetes, as well as RxJava and Hystrix, all of which are required for the rest of this write-up.

From now on, I will refer to the Couchbase server as CB, the Couchbase client application as the client, and Kubernetes as K8S.

This is not a meant to be a recipe for running a highly-available, fully-redundant, multi-node CB cluster on K8S in Production. As of this writing, CB does not officially support running on K8S. This is a narrative of my experiences and learnings; YMMV and most likely will.

The term connection is used loosely here to indicate a logical connection, and is not to be taken as a physical TCP/IP connection.

Problem Statement

We want to run a CB cluster on K8S, and must support the following use cases:

• The client startup must be resilient of CB failure/availability.
• The client must not fail the request, but return a degraded response instead, if CB is not available.
• The client must reconnect should a CB failover happens.
• CB server must be able restart without human intervention; while this may sound trivial, I will later discuss why it is not.

We will not discuss the following:

• Multi-node CB cluster.
• Failover.

Architecture

Now that we have laid out the basics, let’s analyze each item of the problem statement in detail.

• Client Startup

  Our client is a Spring Boot app, which used to use Spring Data Couchbase for CB integration. Spring Data Couchbase initializes various CB related beans at startup, and a failure to connect to CB is fatal. I tried to work my way around that limitation, but soon realized it wouldn’t work; I needed to roll my own CB client code. At this point, let me ask you this:

  What do you think is most needed to handle CB connection failure at startup?

  The answer is flippantly simple: Do not initialize CB connection at startup. When do we do it then? Umm, perhaps on the first request? That could work but the CB cluster and bucket opening are time-consuming operations, so unless we could tell the client “hey, you are the lucky one to make the first request; please wait while we get our s**t together”, we needed to find another way. It is the right idea, but we need a better implementation.

  We want to decouple the CB initialization from the request thread, and if at any time during the request we find CB connection not initialized, we start the initialization process on a separate thread while immediately failing the CB request. We also want to attempt initialization during the application startup, on a separate thread of course, which if successful, means that the first request will find a CB connection ready to be used. However, if the initialization fails during the startup, we do not want hundreds or thousands of subsequent requests to flood the CB server; we need to throttle the traffic, as well as put a sleep time between failures, should there be any. We need Hystrix.

  Good thing is that the CB Java client SDK fully supports RxJava, and so does Hystrix, so they fit like peas in a pod.

  Last but not the least, since cluster and bucket opening are expensive operations, we cache the values once successful.

• Degraded Response

  I already touched upon this in the previous section. If at any time during the request we find CB connection not initialized, we immediately fail the CB request. The client handles the exception, and returns a successful response without CB data. If, however, CB connection had been initialized but later dropped, then the CB request blocks until it times out. As long as the CB request timeout is less than the HTTP request timeout, the caller receives a slightly delayed, but successful response.

• Client Reconnection

  Connection attempts if none had succeeded so far has been discussed in the startup section. Continuing on the previous section, reconnection after a successful connection had been established but later dropped is handled by CB SDK. This is also related to the following section, because when a CB node is restarted, it’s IP may very well change. The default CB client (and server) behavior is to use IPs for nodes, but in K8S, that does not work because of the aforementioned reason. We need to use DNS names that do not change with node restarts. We will see later how to implement this in K8S.

• CB Server Node Restart

  Discussed in the previous section.

Implementation

CB Client

As previously mentioned, we use RxJava all the way. It makes a crucial difference between this approach and any other by introducing delayed execution. I dare say, as of this writing, no other solution exists publicly that employs this technique, and thus, is robust enough to handle CB connection failure at startup. My code uses a Single<AsyncCluster> and Single<AsyncBucket>, so we can delay the execution until subscription. I use the factory pattern to encapsulate the gory details of bootstrap and bucket opening. Using RxJava also allows me to declaratively spawn new threads, and handle failures gracefully.

“Talk is cheap. Show me the code” - Linus Torvalds.

The lynchpin of this solution are three classes, CouchbaseAsyncClusterFactory, CouchbaseAsyncBucketFactory, and AsyncBucketHystrixObservableCommand. Technically, the first two are interface, with default implementations provided in the same Java files. The factory classes are singleton Spring beans that each store references to a Single<AsyncCluster> and Single<AsyncBucket>, respective to their names. The Hystrix command is responsible for opening the bucket, optionally creating it if does not already exist as well as creating a primary index, and controlling the access to the bucket creation/opening logic through a semaphore. I strongly encourage you to take a look before proceeding: The code speaks for itself, I hope, and there are ample comments in the Hystrix command.

I also called upon the Repository design pattern, and created a CouchbaseRepository interface, and a BaseCouchbaseRepository abstract class extending from it. Client code is usually expected to extend BaseCouchbaseRepository, and simply supply the generic type required. Of course, ambitious clients are free to implement CouchbaseRepository, or even use the factory classes directly. A sample Repository implementation is as follows, and it’s beyond trivial.

@Repository
public class CouchbaseBeerRepository extends BaseCouchbaseRepository<Beer> {
}

That’s it! The code using the CouchbaseBeerRepository looks like the following:

beerRepository.findOne(id)
    .map(ResponseEntity::ok)
    .onErrorReturn(t ->  ResponseEntity.status(INTERNAL_SERVER_ERROR).build())
    .timeout(TIMEOUT_MILLIS, MILLISECONDS)
    .toBlocking()
    .value()

The complete CB client library code is on my GitHub, as well the client app that uses it.

It appears that with CB server 5, the client holds on to the previously established but now invalid connections longer. To counter this, we set the “Socket Keepalive ErrorThreshold” = 1 for the CB client.

If you are using Spring 5 WebFlux, you can go completely non-blocking and return a Reactive Streams Publisher. That is a topic for another day.

Couchbase Java client SDK has a CouchbaseAsyncRepository, but since it requires an AsyncBucket for instantiation, it was not useful to me.

CB Server

Official Couchbase Docker image requires manual set up, thus I created my own image that initializes an one-node cluster out of the box. It is available on Docker Hub as asarkar/couchbase. In order to make it work on K8S, we must set the node hostname to a DNS name, not IP. By doing so, when the node is restarted, the hostname does not change even though the IP may. To achieve this, we use a StatefulSet, along with a Headless service. StatefulSet gives us predetermined Pod names, and when used with a Headless service, each node gets a network identity in the form of $(statefulset name)-$(ordinal).$(service name).$(namespace).svc.cluster.local, which is what we use for hostname. The service itself gets a DNS name $(service name).$(namespace).svc.cluster.local that resolves to a list of all the nodes. Refer to the StatefulSet and Headless service docs, as well as the K8S DNS docs for further details.

However, the above is not all. If we stop here, the CB client would be given the service DNS name, which in turn would resolve to the Pods during bootstrap. That does not work for two reasons:

1. For high availability, the CB client SDK usually expects a list of nodes, not a single node.

2. The “smart” client, as they call it, establishes a fully-connected mesh network with the CB server nodes. Depending on what services are running on which nodes, and how the data is replicated, the client makes the decision which node to talk to. Putting a service in front of the nodes completely breaks this process.

Luckily, there is something called DNS SRV Record. Quoting K8S docs:

For each named port, the SRV record would have the form _my-port-name._my-port-protocol.my-svc.my-namespace.svc.cluster.local … For a headless service, this resolves to multiple answers, one for each pod that is backing the service

And from CB docs for Managing Connections, we come to know that the CB client can be configured to bootstrap with a DNS SRV Record in the form of _couchbase._tcp.example.com. Connecting the dots, if we name one of the exposed ports on the service couchbase, and provide the client with a name cb-svc.my-namespace.svc.cluster.local, we are golden!

I initially assumed that the prefix couchbase was only an example, and could be any string as long as the FQN is a DNS SRV name. That is not the case; it is not at all difficult to make it configurable in the CouchbaseEnvironment, but the CB guys decided to hard code the couchbase prefix instead.

If the CB client is running in the same K8S namespace, only cb-svc can be used without requiring the FQN.

Last but not the least, data persistence. After all, what good is a database that cannot persist data? Luckily, StatefulSet has first-class support for Stable Storage. Since we are running a single-node CB cluster on a dedicated K8S node, we chose to go with a hostPath. We did try GlusterFS once, but it did not perform well under load, and we did not see the return on investment in fine-tuning it. In the future, if we loosen the restriction to run CB on a single K8S node, we can easily repopulate the data in a short time. For the period the data would not be available, the client would continue to return a degraded response.

My GitHub CB project contains the K8S manifests. You can use those to run locally on Minikube, or on any other cluster.

There is a gotcha is with configuring the K8S Liveliness and Readiness Probes. We implemented the former as a simple probe of the 8091 port (here is a list of all CB ports). Implementing a smart probe for readiness, like checking the cluster status or something similar, ran into a problem where CB tries to contact all the nodes for determining cluster status, and until the readiness probe succeeds, K8S does not create a DNS entry for the node, thus resulting in a catch-22 situation. Thus, we did not implement a custom readiness probe.

Conclusion

Like I mentioned in the beginning, CB does not officially support running on K8S. They say they are working on it, but not much details have been made available. There also exists an official blog, but it falls short of addressing the issues discussed in this article. In order to be a first-class K8S citizen, CB has to support effortless scaling up and down, which means adding and removing nodes without the need for manual intervention, and step up their failover game. Data replication/migration when nodes are added or removed also needs to be handled transparent to the clients. While time will tell the future of CB server on K8S, I do not see why, with some effort, the client solution here cannot be incorporated in the CB Java client SDK; I intend to approach them with that proposal, such that other people can also benefit from my effort and learning.

In 2015-2016, we redesigned a monolithic application into Microservices and chose the Spring Cloud Config for configuration management.

Quoting the docs:

Spring Cloud Config provides server and client-side support for externalized configuration in a distributed system.

To their credit, the Spring Cloud Config documentation is fairly good, but it doesn’t go into the level of detail I was looking for. This post attempts to bridge that gap. I assume some basic familiarity with Spring Cloud Config, so if you are new to it, come back after having read the official documentation. If working with Spring Cloud, you may also find my post Spring Cloud Netflix Eureka - The Hidden Manual useful.

Basic Architecture

The Config server is a Spring Boot application that is aware of the Spring PropertySource and Environment abstractions. It serves properties in response to HTTP requests. It can also serve plain text files, thus acting like a simple Web Server. I’m not going to repeat what’s already specified in the official docs, so let’s move on to what’s not mentioned there.

When reading config files from sub-directories, if more than one directory has files with identical names, the last one wins. I haven’t checked but would assume similar behavior for multiple Git repos as well. The question I’ve, and didn’t get time to look into, is what makes a PropertySource for config server? Is it an application, a Spring profile, a Git repo, a label, or some combination of these?

Failover

In spite of the built-in intelligence, Config server is pretty dumb in some cases. It doesn’t have any caching mechanism, although properties are fairly easy to cache, and as of this writing, it doesn’t have first class support for failover, as well. Depending on the backing property store, it either goes to the file system for every request, or pulls from Git. The former is not that bad, even though caching would obviously help, but the latter could be an issue if connection to Git is slow or the repo is somewhat large. Ticket #566 complains about the last point.

Lack of failover is a bigger concern. Assuming the backing property store is a Git repo, if Config loses connectivity to Git, or for some other reason, fails to clone the repo, it fails the request. This is a problem for Singleton beans that attempt to fetch properties at startup, because the application fails to start up. There are few tickets opened to address this, notably #617 and #631. While Spring works towards providing first class support for failover, I submitted a pull request to make JGitEnvironmentRepository#refresh method public, which is the one that does the cloning. If refresh is made public, then Config server could be enhanced using Spring AOP to handle failover. How, depends on your use case and design. One option is to return stale properties from the local repo if refresh fails. Another option is to return cached properties. Multiple Git repos could be configured as well, although in that case, keeping them in sync would become another challenge.

High Availability

Unlike Eureka, Config server doesn’t have a concept of peers. Thus, if you are serving properties from native file system, the simplest option is to use a shared file system. You can them employ the usual techniques against hard disk failures to provide high availability. If you are using Git, the simplest solution is to put Config server behind a load balancer, or if using a container orchestration solution like Kubernetes, set up a Kubernetes service. The actual number of Config server instances is then abstracted from the clients who only see the load balancer (physical or Kubernetes) URL.

If you expect that the config server may be temporarily unavailable when your client app starts, you can ask it to keep trying after a failure. First you need to set spring.cloud.config.failFast=true, and then you need to add spring-retry and spring-boot-starter-aop to your classpath. See the official docs for details. As of this writing, there is no server-side retry, although it wouldn’t be very difficult to add that using AOP or by submitting a pull request.

Dynamic Update

It’s possible to dynamically update the properties without having to restart Config server or the client apps using Git webhooks and Spring Cloud Bus. It requires a broker as the transport, and as of this writing, only RabbitMQ and Kafka are supported. You need to add spring-cloud-config-monitor to the Config server, and a broker implementation like spring-cloud-starter-bus-kafka to both the server and the client. Then you need to set up Git webhooks for the /monitor endpoint, that’s brought in by the spring-cloud-config-monitor. I’ve tried this implementation using Kafka, and it worked, but in our case, deploying and maintaining a queue for dynamic updates that’s going to be quite infrequent couldn’t be justified. Unfortunately, the monitor endpoint is tightly coupled with Spring Cloud Bus and it’s not possible to reuse the controller and the parsing of the events, but to choose how to react to the push notifications. I’ve opened ticket #628 to address this, although I don’t expect them to fix it anytime soon.

I ended up copying the monitor endpoint implementation from Spring. Then I pimped the Config server to fetch the list of all pods from Kubernetes, and send a HTTP POST to each one on the /refresh endpoint provided by Spring Boot Actuator. I used the KubernetesClient from the io.fabric8:kubernetes-client project for retrieving the list of pods. The actual code handles some advanced cases like rolling update and retries, but the theory behind it is as explained above and not complicated. The technique I used is similar to this example, and yes, the solution is fully reactive within the limits of current Spring framework.

Config server is not the only choice though: Netflix Archaius, Apache ZooKeeper and Kubernetes ConfigMap also provide configuration management, although none is aware of Spring PropertySource and Environment abstractions out of the box. In the end, Config server is a good choice if you are willing to put in some time to make it more robust.

In 2015-2016, we redesigned a monolithic application into Microservices and chose the Spring Cloud Netflix as the foundation.

Quoting the docs:

(Spring Cloud Netflix) provides Netflix OSS integrations for Spring Boot apps through autoconfiguration and binding to the Spring Environment and other Spring programming model idioms.

Overtime, we gained more familiarity with the framework, and I even contributed some pull requests. I thought I knew enough until I started looking into Eureka redundancy and failover. A quick proof of concept didn’t work and as I dug more, I came across other poor souls scouring the internet for similar information. Unfortunately, there wasn’t much to find. To their credit, the Spring Cloud documentation is fairly good, and there’s also a Netflix Wiki, but none went into the level of detail I was looking for. This post attempts to bridge that gap. I assume some basic familiarity with Eureka and service discovery, so if you’re new to those, come back after having read the Spring Cloud documentation.

Basic Architecture

Eureka has two basic components, server and client. Quoting the Netflix Wiki:

Eureka is a REST (Representational State Transfer) based service that is primarily used in the AWS cloud for locating services for the purpose of load balancing and failover of middle-tier servers. We call this service, the Eureka Server. Eureka also comes with a Java-based client component, the Eureka Client, which makes interactions with the service much easier. The client also has a built-in load balancer that does basic round-robin load balancing.

A Eureka client application is referred to as an instance. There’s a subtle difference between a client application and Eureka client; the former is your application while the latter is a component provided by the framework.

Netflix designed Eureka to be highly dynamic. There are properties, and then there are properties that define intervals after which to look for changes in the first set of properties. This is a common paradigm, meaning most of these properties can be changed at runtime, and are picked up in the next refresh cycle. For example, the URL that the client uses to register with Eureka can change and that is picked up after 5min (configurable by eureka.client.eurekaServiceUrlPollIntervalSeconds). Most users will not need such dynamic updates but if you do, you can find all the configuration options as follows:

• For Eureka server config: org.springframework.cloud.netflix.eureka.server.EurekaServerConfigBean that implements com.netflix.eureka.EurekaServerConfig. All properties are prefixed by eureka.server.
• For Eureka client config: org.springframework.cloud.netflix.eureka.EurekaClientConfigBean that implements com.netflix.discovery.EurekaClientConfig. All properties are prefixed by eureka.client.
• For Eureka instance config: org.springframework.cloud.netflix.eureka.EurekaInstanceConfigBean that implements (indirectly) com.netflix.appinfo.EurekaInstanceConfig. All properties are prefixed by eureka.instance.

Refer to Netflix Wiki for further architectural details.

Eureka Instance and Client

An instance is identified in Eureka by the eureka.instance.instanceId or, if not present, eureka.instance.metadataMap.instanceId. The instances find each other using eureka.instance.appName, which Spring Cloud defaults to spring.application.name or UNKNOWN, if the former is not defined. You’ll want to set spring.application.name because applications with the same name are clustered together in Eureka server. It’s not required to set eureka.instance.instanceId, as it defaults to CLIENT IP:PORT, but if you do set it, it must be unique within the scope of the appName. There’s also a eureka.instance.virtualHostName, but it’s not used by Spring, and is set to spring.application.name or UNKNOWN as described above.

If registerWithEureka is true, an instance registers with a Eureka server using a given URL; then onwards, it sends heartbeats every 30s (configurable by eureka.instance.leaseRenewalIntervalInSeconds). If the server doesn’t receive a heartbeat, it waits 90s (configurable by eureka.instance.leaseExpirationDurationInSeconds) before removing the instance from registry and there by disallowing traffic to that instance. Sending heartbeat is an asynchronous task; if the operation fails, it backs off exponentially by a factor of 2 until a maximum delay of eureka.instance.leaseRenewalIntervalInSeconds * eureka.client.heartbeatExecutorExponentialBackOffBound is reached. There is no limit to the number of retries for registering with Eureka.

The heartbeat is not the same as updating the instance information to the Eureka server. Every instance is represented by an com.netflix.appinfo.InstanceInfo, which is a bunch of information about the instance. The InstanceInfo is sent to the Eureka server at regular intervals, starting at 40s after startup (configurable by eureka.client.initialInstanceInfoReplicationIntervalSeconds), and then onwards every 30s (configurable by eureka.client.instanceInfoReplicationIntervalSeconds).

If eureka.client.fetchRegistry is true, the client fetches the Eureka server registry at startup and caches it locally. From then on, it only fetches the delta (this can be turned off by setting eureka.client.shouldDisableDelta to false, although that’d be a waste of bandwidth). The registry fetch is an asynchronous task scheduled every 30s (configurable by eureka.client.registryFetchIntervalSeconds). If the operation fails, it backs off exponentially by a factor of 2 until a maximum delay of eureka.client.registryFetchIntervalSeconds * eureka.client.cacheRefreshExecutorExponentialBackOffBound is reached. There is no limit to the number of retries for fetching the registry information.

The client tasks are scheduled by com.netflix.discovery.DiscoveryClient, which Spring Cloud extends in org.springframework.cloud.netflix.eureka.CloudEurekaClient.

Why Does It Take So Long to Register an Instance with Eureka?

Mostly copied from spring-cloud-netflix#373 with my own spin put on it.

1. Client Registration

   The first heartbeat happens 30s (described earlier) after startup so the instance doesn’t appear in the Eureka registry before this interval.

2. Server Response Cache

   The server maintains a response cache that is updated every 30s (configurable by eureka.server.responseCacheUpdateIntervalMs). So even if the instance is just registered, it won’t appear in the result of a call to the /eureka/apps REST endpoint. However, the instance may appear on the Eureka Dashboard just after registration. This is because the Dashboard bypasses the response cache used by the REST API. If you know the instanceId, you can still get some details from Eureka about it by calling /eureka/apps/<appName>/<instanceId>. This endpoint doesn’t make use of the response cache.

   So, it may take up to another 30s for other clients to discover the newly registered instance.

3. Client Cache Refresh

   Eureka client maintain a cache of the registry information. This cache is refreshed every 30s (described earlier). So, it may take another 30s before a client decides to refresh its local cache and discover other newly registered instances.

4. LoadBalancer Refresh

   The load balancer used by Ribbon gets its information from the local Eureka client. Ribbon also maintains a local cache to avoid calling the client for every request. This cache is refreshed every 30s (configurable by ribbon.ServerListRefreshInterval). So, it may take another 30s before Ribbon can make use of the newly registered instance.

   In the end, it may take up to 2min before a newly registered instance starts receiving traffic from the other instances.

Eureka Server

The Eureka server has a peer-aware mode, in which it replicates the service registry across other Eureka servers, to provide load balancing and resiliency. Peer-aware mode is the default so a Eureka server also acts as a Eureka client and registers to a peer on a given URL. This is how you should run Eureka in production but for demo or proof of concepts, you can run in standalone mode by setting registerWithEureka to false.

When the eureka server starts up it tries to fetch all the registry information from the peer eureka nodes. This operation is retried 5 times for each peer (configurable by eureka.server.numberRegistrySyncRetries). If for some reason this operation fails, the server does not allow clients to get the registry information for 5min (configurable by eureka.server.getWaitTimeInMsWhenSyncEmpty).

Eureka peer awareness brings in a whole new level of complication by introducing a concept called “self-preservation” (can be turned off by setting eureka.server.enableSelfPreservation to false). In fact, when looking online, this is where I saw most people tripping on. From Netflix Wiki:

When the Eureka server comes up, it tries to get all of the instance registry information from a neighboring node. If there is a problem getting the information from a node, the server tries all of the peers before it gives up. If the server is able to successfully get all of the instances, it sets the renewal threshold that it should be receiving based on that information. If any time, the renewals falls below the percent configured for that value, the server stops expiring instances to protect the current instance registry information.

The math works like this: If there are two clients registered to a Eureka instance, each one sending a heartbeat every 30s, the instance should receive 4 heartbeats in a minute. Spring adds a lower minimum of 1 to that (configurable by eureka.instance.registry.expectedNumberOfRenewsPerMin), so the instance expects to receive 5 heartbeats every minute. This is then multiplied by 0.85 (configurable by eureka.server.renewalPercentThreshold) and rounded to the next integer, which brings us back to 5 again. If anytime there are less than 5 heartbeats received by Eureka in 15min (configurable by eureka.server.renewalThresholdUpdateIntervalMs), it goes into self-preservation mode and stops expiring already registered instances.

Eureka server makes an implicit assumption that the clients are sending their heartbeat at a fixed rate of 1 every 30s. If two instances are registered, the server expects to receive (2 * 2 + 1 ) * 0.85 = 5 heartbeats every minute. If the renewal rate drops below this value, the self-preservation mode is activated. Now, if the clients are sending heartbeats much faster (say, every 10s), the server receives 12 heartbeats per minute and keeps receiving 6/min even if one of the instances goes down. Thus, the self protection mode is not activated even though it should be. This is why it’s not advisable to change eureka.client.instanceInfoReplicationIntervalSeconds. You can instead tinker with eureka.server.renewalPercentThreshold if you must.

Eureka peers don’t count towards the expected number of renewals, but the heartbeats from them is considered within the number of renewals received last minute. In peer-aware mode, the heartbeats can go to any Eureka instance; this is important when running behind a load balancer or as a Kubernetes service, where the heartbeats are sent in Round-robin mode (usually) to each instance.

The Eureka server doesn’t come out of self-preservation mode until the renewals rise above the threshold. This may cause the clients to get the instances that do not exist anymore. Refer to Understanding Eureka Peer to Peer Communication

One more thing: There is a gotcha with running more than one Eureka server on the same host. Netflix code (com.netflix.eureka.cluster.PeerEurekaNodes.isThisMyUrl) filters out the peer URLs that are on the same host. This may have been done to prevent the server registering as its own peer (I’m guessing here) but because they don’t check for the port, peer awareness doesn’t work unless the Eureka hostnames in the eureka.client.serviceUrl.defaultZone are different. The hacky workaround for this is to define unique hostnames and then map them to 127.0.0.1 in the /etc/hosts file (or its Windows equivalent). Spring Cloud doc talks about this workaround but fails to mention why it’s needed. Now you know.

Regions and Availability Zones

Eureka was designed to run in AWS and uses many concepts and terminologies that are specific to AWS. Regions and Zones are two such things. From AWS doc:

Amazon EC2 is hosted in multiple locations world-wide. These locations are composed of regions and Availability Zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones … Each region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links.

The Eureka dashboard displays the Environment and Data center. The values are set to test and default, respectively, from org.springframework.cloud.netflix.eureka.server.EurekaServerBootstrap by using com.netflix.config.ConfigurationManager. There are various lookups and fallbacks, so if for some reason you need to change those, refer to the source code of the aforementioned classes.

The Eureka client prefers the same zone by default (configurable by eureka.client.preferSameZone). From com.netflix.discovery.endpoint.EndpointUtils.getServiceUrlsFromDNS Javadoc:

Get the list of all eureka service urls from DNS for the eureka client to talk to. The client picks up the service url from its zone and then fails over to other zones randomly. If there are multiple servers in the same zone, the client once again picks one randomly. This way the traffic will be distributed in the case of failures.

Ticket spring-cloud-netflix#203 is open as of this writing where several people talk about regions and zones. I’ve not verified any of that so I can’t comment on how regions and zones work with Eureka.

High Availability (HA)

Mostly copied from spring-cloud-netflix#203 with my own spin put on it.

• The HA strategy seems to be one main Eureka server (server1) with backup(s) (server2).
• A client is provided with a list of Eureka servers through config (or DNS or /etc/hosts)
• Client attempts to connect to server1; at this point, server2 is sitting idle.
• In case server1 is unavailable, the client tries the next one from the list.
• When server1 comes back online, client goes back to using server1.

Of course server1 and server2 can be ran in peer-aware mode, and their registries replicated. But that’s orthogonal to client registration.

A collection — sometimes called a container — is simply an object that groups multiple elements into a single unit. Collections are used to store, retrieve, manipulate, and communicate aggregate data.

Here onwards, I’m going to use the word “collection” to refer to a logical group of things represented by the “the Collections framework” in Java. If I need to refer to the java.util.Collection interface or the java.util.Collections utility class, I’ll use the simple class name, with a capital ‘C’, and style the word differently.

Java 1.5 (rebranded as Java SE 5) introduced generics which provided compile time type safety to collections. However, the collections is not all it’s cracked up to be. In this series of articles, I’ll explore the various design issues with the collections.

1. Map is not a Collection

   The official docs say:

   …interfaces…based on java.util.Map…are not true collections. However, these interfaces contain collection-view operations…

   Consider a use case where you need to extract HTTP request headers that start with a certain prefix. The HttpServletRequest doesn’t have any methods to return a header map, only a hideous Enumeration getHeaderNames (why Java, why?). Let’s take a better abstraction from the Spring Web MVC framework, one of the most popular application frameworks for the Java platform. In Spring, you can get a HttpHeaders which is basically a wrapper around a Map<String,List<String>>. Using Java 8, and some static imports, the code for our use case may look like the following:

   headers.keySet()
       .stream()
       .filter(k -> k.startsWith(prefix))
       .collect(toMap(Function::identity, headers::get));
   

   While the above works, all we really care about is the filter operation. The rest of the code is just a means to an end. If this looks verbose to you, try implementing this in pre Java 8.

   Now let’s try to do the same thing using the class Headers from the Play framework, another popular web application framework, and with Scala. There is a method toMap in Headers trait that returns a Map[String, Seq[String]]. Map trait in Scala extends Traversable which has a filter method. Thus:

   request.headers
       .toMap
       .filter(_.startsWith(prefix))
   

   I have taken the liberty to use some Scala syntactic sugar (I love dropping buzzwords to programmers working with imperative languages because they go like, “wow, that’s so cool, can I buy you a drink?”).

   You don’t need to know Scala in order to appreciate the simplicity of the second solution. A map is nothing but a collection of key-value pairs. Why did they not add a stream method in the Map interface with Java 8 is beyond me.

   You can get pretty darn close to the Scala solution using the excellent Javaslang library:

   HashMap.<String, List<String>>ofAll(httpHeaders)
       .filter((k, v) -> k.startsWith(prefix));
   

   Javaslang has a Multimap interface but none of its implementations has a method to start from a java.util.Map, so I’m using a HashMap<String, List<String>> I’ve ticket 1767 open for this on their Github.

2. String is not a Collection

   Let’s see some code that drops characters other than the vowels from a string.

   String s = "alice";
   
   s.chars()
       .filter(this::isVowel)
       .mapToObj(i -> (char)i)
       .collect(joining());
   

   where isVowel simply checks against a predefined list of integers (ASCII code for vowels, upper and lower cases).

   The Scala solution is trivial:

   s.filter(isVowel)
   

   Javaslang:

   CharSeq.of(s)
       .filter(this::isVowel)
       .toString();
   

   Too easy? I thought so. Let’s consider another example where you need to calculate the run-length encoding of the characters. The output should be a list of tuples. For examples, given the word “bookkeeper”, the output should be a collection with the pairs (b, 1), (o, 2), (k, 2), (e, 2), (p, 1), (e, 1), (r, 1).

   I’ll implement the Javaslang and Scala solutions but will leave the Java 8 solution as a challenge for you. For a pre Java 8 solution, although not exactly in the same format as asked for here, see this.

   Hint: Look at Collector.

   Scala:

   def rle(s: String) = {
       val packed = s.foldLeft(('\u0000', 0, Seq.empty[(Char, Int)])) {(acc, elem) =>
           if (elem == acc._1 || acc._2 == 0) // keeps accumulating dupes
               (elem, acc._2 + 1, acc._3)
           else // adds accumulated dupes to result and starts new dupes accumulator
               (elem, 1, acc._3 :+ (acc._1, acc._2))
       }
   
       packed._3 :+ (packed._1, packed._2) // adds last one
   }
   

   Javaslang:

   public List<Tuple2<Character, Integer>> rle(String s) {
       Tuple3<Character, Integer, List<Tuple2<Character, Integer>>> zero =
               new Tuple3<>('\u0000', 0, new ArrayList<Tuple2<Character, Integer>>());
       Tuple3<Character, Integer, List<Tuple2<Character, Integer>>> packed = CharSeq.of(s)
               .foldLeft(zero, (acc, elem) -> {
                   if (elem == acc._1 || acc._2 == 0) {
                       return new Tuple3(elem, acc._2 + 1, acc._3);
                   } else {
                       acc._3.add(new Tuple2(acc._1, acc._2));
                       return new Tuple3(elem, 1, acc._3);
                  }
               });
   
       packed._3.add(new Tuple2(packed._1, packed._2));
   
       return packed._3;
   }
   

   Again, Javaslang follows on the heels of the Scala solution within the limitations of the language.

   In the code samples above, adding an item to the end can be highly expensive for large collections. Sadly, a detail discussion of performance optimization of various collection operations is out of the scope for this article.

   The examples above may be contrived but that’s not my point. String really is a collection of characters; it in fact, implements CharSequence. Why does it not implement Collection then? You will have to ask the JDK designers. Luckily, all is not lost; the chars method allows for a String to be treated like a Collection.

In the second part of this series, I will discuss some other design problems of the collections.

Atlassian has a multipage migration guide that you can refer to. The basic steps involved are:

1. Prepare the migration environment

   The migration should be done on a case-sensitive file system to avoid corrupting the repository. If you’ve a Linux system available for the migration, skip the rest of this section. Atlassian has instructions for mounting a case-sensitive file system on Windows and Mac OS X (both file systems are case-insensitive), but it seemed more trouble than its worth, so I did the migration using a Debian Docker image I’d previously created for development purposes. The image is published to my Docker Hub account, and comes with JDK 8, SVN and Git installed. Having created a container from the image, install git-svn.

   I no longer have the Debian image available publicly; you can use asarkar/alpine-plus instead and adapt the following commands for Alpine.

   $ docker run -it abhijitsarkar/docker:debian-dev bash
   dev@b22ce7fa8250:~$ sudo apt-get update
   dev@b22ce7fa8250:~$ sudo apt-get install git-svn
   

   Refer to the Docker official site if you need further details.

   The login user is dev, the password is the same. dev has sudo access to run as root.

   The Alpine image runs as root.

   If you’re not familiar with Docker, I recommend using a virtual machine for doing the migration. Oracle VirtualBox is free and so are most Linux distros, so take your pick.

2. Create an authors mapping file

   This file maps the SVN usernames to Git committers. SVN stores only usernames while Git stores full names and emails. Thus, each entry in the mapping file will map a SVN username to a Git committer full name and email. Something like this:

   username = Full Name <email>

   How long this step will take depends on the format of the SVN username, the number of users, and the number of SVN repositories being migrated.

   The authors file is simply used for converting the history and the users don’t actually need to exist in the Git system. Don’t be confused if there’re users that no longer work for your organization, keep those entries as usual.

   The Atlassian guide assumes that the SVN repo you are extracting the author information from doesn’t require authentication, which almost always is false. Thus the command they’ve in the guide doesn’t work. Use the following command instead:

   $ java -jar svn-migration-scripts.jar authors <svn-repo> \
   <svn-username> <svn-password> > authors.txt
   

3. Clone the SVN repository

   There are various important details that the Atlassian guide misses to mention regarding this phase.

   • Limiting the beginning and ending SVN revision:

     Because SVN trunk, branches and tags can be created inside any regular directory, you may have multiple directories in SVN with their own trunk, branches and tags. We did. SVN tracks all changes using a global unique revision number that is incremented for every commit. Thus if you make a commit on directory dir1, it gets a unique revision number, and next time you commit something to dir2, it gets a higher revision number.

     During conversion, dir1 with it’s trunk, branches and tags is probably going to become a Git repo. In order to avoid SVN beginning the history from the earliest available revision number, it’ll save you a lot of time, and unrelated history, if you just begin from the earliest available revision number for that particular SVN repo. You can find that number by using the following command:

     $ svn log <svn-repo> | tail where <svn-repo> is a URL to dir1.

     Two other useful options are --no-minimize-url and --no-metadata. Refer to the git-svn man page for details.

     Thus, the command to convert a SVN repo with standard layout may be as follows:

     $ git svn clone -r 12345:HEAD --username <svn-username> --no-minimize-url \
     --stdlayout --authors-file=authors.txt \
     <svn-repo>/<project> <git-repo-name>
     

     where 12345 is the earliest available revision number corresponding to the repo.

   • Dealing with non-standard layout:

     If the repo doesn’t follow “standard layout”, meaning it doesn’t have the usual trunk, branches and tags or has them but not all in lower case, then you need to tailor the command to the custom layout. Assuming the trunk is named as TRUNK, and that you don’t care about the branches and tags, the clone command will become as follows:

     $ git svn clone -r 12345:HEAD --username <svn-username> --no-minimize-url \
     --trunk=TRUNK/<project> --prefix='' -authors-file=authors.txt \
     <svn-repo> <git-repo-name>
     

     Note the --prefix='' option. Without it, the Atlassian migration scripts fail to sync with SVN once the initial migration is done but the cutover isn’t. You can go crazy with the custom layout; refer to the git-svn man page for other options.

   • Merging multiple SVN directories into one Git repo:

     To do this, you’ll need to use a SVN URL that is one or more levels above the topmost directory that you want to merge, and use --include-paths and/or --exclude-paths filters. Something like this:

     $ git svn clone -r 12345:HEAD --username <svn-username> --no-minimize-url \
     --stdlayout -authors-file=authors.txt --include-paths="dir1|dir2" \
     <svn-repo> <git-repo-name>
     

     Above I’ve done an OR filter that’ll include both dir1 and dir2. You can use include/exclude with non-standard layout as well.

4. Clean the Git repository

   This basically consists of converting the weird remote references that git svn sets up to local branches and tags. The Atlassian migration scripts do a decent job at this but make some assumptions that may not work for you. First, to check what remote references have been set up, run the following command:

   $ git branch -a

   For me, I only wanted to migrate the trunk and thus simply deleted the remote references without converting them to local branches by using the following command:

   $ rm -Rf .git/refs/remotes/origin

   Run the git branch -a to verify that the references are indeed gone. If they still linger, then they exist in the .git/packed-refs file. Simply edit the file and delete the unwanted lines. You can read all about packed-refs here.

5. Push to the Git server

   This consists of 2 steps, adding a Git remote and pushing to it.

   $ git remote add origin git@my-git-server:myrepository.git
   $ git push origin --all
   $ git push origin --tags
   

6. SVN sync until cutover

   The Atlassian guide talks about a 2-way sync, meaning people can work in SVN and Git, and your local migration repo can be synchronized with both. Unless you’re paid by the hour, I don’t recommend it. The best case scenario is a big bang cutover; if that’s not possible, you can have people continue committing to SVN and sync your local with it. The Atlassian migration scripts have a sync-rebase option that can do this.

   For non-standard layout, The Atlassian migration scripts only work if you’d used the --prefix='' option during cloning as I’d described earlier.

That’s not the case though when you’re watching CNN Heroes. It is an “annual television special created by CNN to honor individuals who make extraordinary contributions to humanitarian aid and make a real difference in their communities”. Each year, millions of people who watch this program are humbled by 10 individuals, who literally, have set out to change the World. They clean up rivers, help children who are fighting cancer, bring health care to some of the darkest parts of the world and so much more.

Make no mistake, on social media, I’ve come across men and women who are appalled by the state of things, and want to bring change. They are well educated, quote from famous poems and prominent literary works, stir up fierce debates, even attack you if you dare say something against their opinion. Unfortunately, that’s as far as their enthusiasm mostly go. How many times have you seen a Facebook post regarding the safety of women in India? Now think, how many times has the poster (or sharer) done something to change that state of affairs? Does that include the writer of this note as well? Yes, sometimes, it shamefully does.

That’s not the case though with Kakenya Ntaiya, a Kenyan women from the Maasai tribe. In her village, it’s customary for girls to undergo Female Genital Mutilation (a.k.a. FGM), where an elderly woman carrying a rusty knife would grab their intimate body parts and, in just moments, cut them out! If that’s not horrific enough, consider this: This ceremony sometimes happens as early as at the age of 10 and in front of hundreds of onlookers! Soon after, the girls are married off. In Ntaiya’s words:

It means the end of their dreams of whatever they want to become in life.

When Ntaiya came to age, she took her stand; she’d go through FGM only if her father let her continue her education. From there, she went on to go to college in United States, a first from her village. Not forgetting her roots, and wanting to “help (my) sisters”, she returned to her village in 2009 and opened a school for girls where today, more than 150 girls receive the education and opportunities that she had to sacrifice so much to attain.

When asked if she cried during the shocking ceremony, she told CNN:

Brave girls don’t cry.

They sure don’t, Ntaiya, they sure don’t.