Open Liberty 20.0.0.11 brings Kerberos authentication and Thanos support in Grafana dashboards

Open Liberty 20.0.0.11 brings Kerberos authentication and Thanos support in Grafana dashboards

This article is a quick look at two exciting updates in the new Open Liberty 20.0.0.11 release. First, you can now use the Kerberos authentication protocol to secure Java Database Connectivity (JDBC) data sources. I’ll introduce the new kerberos configuration element in Open Liberty’s server.xml and show you how to use the Kerberos protocol to secure a data source.

We’ve also updated Open Liberty’s Grafana dashboard, which you can now use to visualize MicroProfile Metrics data from Thanos data sources. This new functionality benefits developers working in Kubernetes environments such as Red Hat OpenShift, where it is possible to use Thanos to query and store metrics data from multiple clusters. Keep reading to learn more about both of these updates in Open Liberty 20.0.0.11.

Run your applications using Open Liberty 20.0.0.11

Use the following coordinates to install Open Liberty 20.0.0.10 with Maven:

<dependency>
  <groupId>io.openliberty</groupId>
  <artifactId>openliberty-runtime</artifactId>
  <version>20.0.0.11</version>
  <type>zip</type>
</dependency>

For Gradle, use:

dependencies {
    libertyRuntime group: 'io.openliberty', name: 'openliberty-runtime', version: '[20.0.0.11,)'
}

If you’re using Docker, it’s:

FROM open-liberty

Everything you need to grow your career.

With your free Red Hat Developer program membership, unlock our library of cheat sheets and ebooks on next-generation application development.

SIGN UP

Kerberos authentication for JDBC data sources

Kerberos is a network authentication protocol that lets a client and server authenticate by communicating with a key distribution center (KDC). Starting with Open Liberty 20.0.0.11, you may use Kerberos authentication for JDBC data sources that are backed by one of the following databases:

  • IBM DB2
  • Oracle Database
  • Microsoft SQLServer
  • PostgreSQL

Open Liberty’s Kerberos authentication builds on top of the JDK’s Kerberos Login Module (Krb5LoginModule) and the Java Generic Secure Services API. The Kerberos Login Module, in turn, builds on top of the Kerberos operating system libraries for the specific system in use.

The kerberos server.xmlconfiguration element provides systemwide configuration options for the Open Liberty server. For example:

  <kerberos keytab="${server.config.dir}/security/krb5.keytab" configFile="${server.config.dir}/security/krb5.conf"/>

Here is an example of how to use the Kerberos protocol to secure a JDBC data source:

  <featureManager>
  <feature>jdbc-4.2</feature>
  </featureManager>

  <!-- optional config: This is only needed if you need to customize the location of keytab or krb5.conf -->
  <kerberos keytab="${server.config.dir}/security/krb5.keytab" configFile="${server.config.dir}/security/krb5.conf"/>

  <authData id="myKerberosAuth" krb5Principal="krbUser"/>

  <library id="db2DriverLib">
    <fileset dir="${server.config.dir}/db2"/>
  </library>

  <dataSource jndiName="jdbc/krb/basic" containerAuthDataRef="myKerberosAuth">
    <jdbcDriver libraryRef="db2DriverLib"/>
    <properties.db2.jcc databaseName="${DB2_DBNAME}" serverName="${DB2_HOSTNAME}" portNumber="${DB2_PORT}"/>
  </dataSource>

Before this release, it was technically possible to use Kerberos authentication with JDBC data sources, but the configuration was complex and undocumented. The Open Liberty server also lacked connection pooling support when using Kerberos authentication for data sources.

The Grafana dashboard now supports Thanos

With Open Liberty 20.0.0.11, you can now use the Open Liberty Grafana dashboard to visualize data from a Thanos data source. The Grafana dashboard provides a range of time-series visualizations of MicroProfile Metrics data, including performance metrics for CPU and servlet operations, connection pooling, and garbage collection. The Grafana dashboard is powered by a Prometheus data source, configured to ingest data from the /metrics endpoint of one or more Open Liberty servers. You can use the dashboard to view performance metrics in near real-time.

Open Liberty previously supported visualizing metrics data only in cases where Prometheus was the data source. However, Kubernetes environments such as OpenShift use Thanos to query and store metrics data from multiple clusters. In the new Open Liberty Grafana dashboard, shown in Figure 1, Kubernetes and OpenShift users can set Thanos as the data source for displaying metrics data.

The updated Grafana dashboard showing CPU processing time and system load.

Figure 1: The new Open Liberty 20.0.0.11 Grafana dashboard.

Using Thanos with the new Grafana dashboard

Learn more about what you can do with the new Open Liberty 20.0.0.11 Grafana dashboard:

Try Open Liberty 20.0.0.11 in Red Hat Runtimes

Open Liberty is part of Red Hat Runtimes and is available to Red Hat Runtimes subscribers. To learn more about deploying Open Liberty applications to Red Hat OpenShift, see our Open Liberty guide, Deploying microservices to OpenShift. Open Liberty 20.0.0.11 is available through Maven, Gradle, Docker, and as a downloadable archive.

Share