Amazon Web Services Developer Flight Checklist

Working in the clouds on Amazon AWS benefits from some best practices.  I am capturing details into a pre-flight checklist before you fly between the clouds as I come across them in my daily development.

Amazon Web Service Best Practices

Elastic Beanstalk

1) Add JVM tracking like New Relic
2) Add Log tracking like SumoLogic or Splunk
3) Add GEOIP tracking like MaxMind geoIP
When deploying the mod_geoip conf file to elastic beanstalk remember that we are running behind an elastic load balancer proxy.  This proxy will add its IP address to the %{X-Forwarded-For} variable.  geoIP will not be able to pick out the actual client IP until you add the following parameter to the conf file to workaround this nonstandard NCSA log format.
4) Install an SSL certificate on the ELB (Elastic Load Balancer)
Follow but gunzip, tar xvf and cd to the install directory first.

EC2 instances need the Java AWS SDK
obrienlabs-mbp15:_deployment michaelobrien$ sudo scp ~/.aws/credentials ec2-user@

credentials                                                                                                                            100%  221     0.2KB/s   00:00  

Pick your JVM
They do seem to quietly upgrade the JDK after official published versions - they have since went for 1.6.0_24 to 32 and 1.7.0_51 to 72
OpenJDK versions lag SUN by about a week, but amazon seems to favour Java 8
The 3 ami versions for 6, 7 and 8 look to be behind more as we drop JDK versions - with Java 8 up to date and 6 way behind.

OpenJDK versions
Beanstalk Tomcat 8 Java 8 =  1.8.0_25 (latest 25) 2014.09 v1.0.0
Beanstalk Tomcat 7 Java 7 = 1.7.0_65 (latest 72) 2014.09 v1.0.9
Beanstalk Tomcat 7 Java 6 = 1.6.0_32 (latest 85) 2014.09 v1.0.9

Their official page on supported platforms
On all your windows machines install cygwin and enable the ssh server.

AWS Technical Details

Amazon Service Disruptions:

Some AWS services encounter issues from time to time at the service, zone or region.  If you happen to be in the console you see the occasional message at the top - however the RSS feed gives a bit more detail on the issue.  Again if you build in standard zone and region redundancy then failover kicks in and no service disruption affects your instances.

Install the client - passed by my teamlead

VPC restrictions

us-east-1a is restricted by amazon for new subnets (I read this somewhere – and also read that is was full) – and for t2 instances

us-east-1c came back as restricted during a CloudFormation json deployment run – but I read somewhere that this may be only for customers that have accounts predating when the “default” VPC (only 1 public subnet at – customers like my personal  that signed up after Aug 2014 get are in the default VPC.

Elastic Beanstalk

Configuring a local OSX dev environment for Beanstalk


Get an SSL Certificate signed by Entrust

Entrust will reply to your request within 10 min.

obrienlabs-mbp15:nutridat_domain_cert michaelobrien$ openssl genrsa 2048 > privatekey.pem
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Ontario
Locality Name (eg, city) []:Ottawa
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (e.g. server FQDN or YOUR name) []
Email Address []:michael@o

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

An optional company name []:.

Elastic Beanstalk on AWS runs on a customized EC2 AMI as Tomcat 6/7/8 on top of Apache HTTPD.
Configure your maven project to compile against Tomcat 7 or 8


No automatic maven dependencies in eclipse/sts? add the following
Get the AWS CLI and EC2 CLI
curl "" -o ""
obrienlabs-mbp15:aws michaelobrien$ ec2-describe-instances
curl "" -o ""
obrienlabs-mbp15:aws michaelobrien$ aws --version
aws-cli/1.7.0 Python/2.7.6 Darwin/14.0.0
Install Apache HTTP Server
Install Apache Tomcat Web Container
When registering a domain with a Canadian address - you will need a space in the postal code to get past the verification check on AWS Route53
EC2 Get metadata using the link local address
Increase the upload size for files greater than 5Mb in server.xml by changing the maxSwallowSize

    <Connector port="8080" protocol="HTTP/1.1"
               redirectPort="8443" />
Install monitoring services like SumoLogic, New Relic and Boundary

curl -fsS -d '{"token":"api.6f44444444-3333"}' -H 'Content-Type: application/json' > && chmod +x && ./

20150408: beanstalk environment configuration update does not work - it fails to update the AMI
before ami: ami-986327f0
after update from 2014.09 v1.2.0 to 2015.03 v1.3.0
after ami: ami-986327f0
2015-04-08 11:45:33 UTC-0400 ERROR Update environment operation is complete, but with errors. For more information, see troubleshooting documentation. 

Since the default ami for 2015.03 v1.3.0 is

This should be the ami during the upgrade
Fix: replace the ami with the new ami-0c6f5f64 version after the AWS upgrade
2015-04-08 15:13:12 UTC-0400 INFO Environment health has transitioned from RED to GREEN 

AWS Technical Links

Beanstalk CloudFormation parameters -
Elastic Container Service -
Send Mail - SES Sending Limits - Installing AWS CLI -

configure secure access

Get all the hosts up on your private subnet

for ip in $(seq 1 254); do ping -c 1 192.168.0.$ip>/dev/null; [ $? -eq 0 ] && echo "192.168.0.$ip UP" || : ; done

20150329: RDS Performance: My t2-micro RDS instances are taking 13 sec for all queries (count, select, filter) where they used to take less than 1.  Rebooting - no change, rebuilding the RDS instance decreases the time to 9 sec (indexing?)
When I switched up to a t2-small with double the ram - speed increased to 6 sec.  Therefore I have hit some sweet spot with my 3 million biometric records.
After a couple warm up queries (directly in MySQL Workbench) to kick in burst mode for "select count(1) from biometric.gps_record"
t2-micro = 11.9 sec
t2-small = 2.5 to 1.1 sec
t2-medium = 1.6 to 0.9 sec 
I took a T2.medium (2 threads & 4G) and modified it back to a T2.micro (1 thread @ 1G) and performance went from 1.1 sec to 10 sec as expected - as the query is memory intensive and peaks at 1700Mb from a baseline of 450Mb - therefore a T2.small (1 thread @ 2G) will sufficed until I run up 6 million records

Thursday, November 6, 2014

Amazon Web Services Cloud PaaS using Elastic Beanstalk on top of Elastic Compute Cloud

In progress - 20141104


    Embrace DevOps by running everything in the cloud - the only thing you need locally is a very good developer machine.

How to become a DevOps developer.
    I need a platform as a service solution for both the application server layer and the database layer but I would like to retain some control over the infrastructure.  There are several solutions including Oracle Cloud, Google AppSpot, Pivotal CloudFoundry, Cloudbees, Heroku and other providers - however there is one service that has almost everything we need - Amazon Web Services.

    I ran Oracle cloud for 6 months - specifically the PaaS offering around their $275/month Java service and their $250/month database service.

However, I found that it did not offer the flexibility that AWS currently offers in a combined Iaas and PaaS model.

Account Setup:

Get an Amazon Web Services account at
Get Atlassian JIRA, Bitbucket and Bamboo accounts
Link your bamboo and jira accounts
Elastic Beanstalk supports Java 8 and Tomcat 8 but you need to enable Java 8 first

Developer Setup:

A good machine - ideally the top Mac Pro
VMware Fusion for running multiple OSX, Redhat and Windows virtual machines
MySQL (or PostgreSQL)

Connect to your EC2 or RDS instance


obrienlabs-mbp15:keys michaelobrien$ chmod 400 obrien_systems_aws_20141115.pem  obrienlabs-mbp15:keys michaelobrien$ ssh-add obrien_systems_aws_20141115.pem obrienlabs-mbp15:keys michaelobrien$ ssh -i obrien_systems_aws_20141115.pem
No packages needed for security; 1 packages available Run "sudo yum update" to apply all updates. [ec2-user@ip-172-31-01-01 ~]$ 
obrienlabs-mbp15:keys michaelobrien$ ssh-add obrien_systems_aws_20141115.pem
to bastion
obrienlabs-mbp15:keys michaelobrien$ ssh -A
then to instance
obrienlabs-mbp15:keys michaelobrien$ ssh

Make sure you are using the latest AWS CLI as some API has been upgraded
[ec2-user@ip-10-0-1-106 ~]$ aws --version aws-cli/1.5.1 Python/2.6.9 Linux/3.14.20-20.44.amzn1.x86_64


    You will want Continuous Integration support in the form of a GIT hosting service that supports Maven.   GitHub is one possibility but I find the Atlassian has a rich ecosystem that integrates very well with Amazon AWS.  A bamboo build account can automate building and deploying to your elastic beanstalk EC2 instances with a minimal amount of scripting.



ScaleArc as a software SQL cache and read/write sharding proxy sees its best performance when the number of threads is a small multiple of the number of cores in the proxy.

20141112 AWS re:Invent Keynote

AWS EC2 container service (docker)
ECS arrived 20141218

Google just came out with an alpha version of their microservices container – a 3rd option to look at briefly.  

High Availability live key rotation and tracking
AWS Key Management

There is no easy way to see what all is running and what the ecosystem connections are
AWS Config

Additional tracking on top of AWS CloudTrail
AWS Service Catalog

CI and CD
AWS CodeCommit
AWS CodePipeline
AWS CodeDeploy

AWS Aurora  (Cloud native DB)

20141113: AWS Lambda Compute Service
After you ask to be in the preview

get up to speed on node.js

Monday, August 4, 2014

Multitenancy, JAX-RS 2.0, JPA 2.1, JSON-P 1.0, WebSocket and Cassandra on WebLogic 12.1.3

Oracle WebLogic 12.1.3 shipped on 23 June 2014.
This release is significant because it has partial Java EE 7 support ( JAX-RS 2.0,WebSocket (WS protocol) support, JSON-P and JPA 2.1 spec support). As is normal oracle procedure the first release into a partial EE upgrade requires shared library enablement and movement of the JPA SPI injection jar at the top of the server class path - so CMP persistence will work with EclipseLink 2.5 and Hibernate 4.3.
We can now inject 2.1 version of Hibernate 4.3 and EclipseLink 2.5 entityManagers.  EclipseLink 2.5  will allow us to use multi-tenancy and JPA-RS 2.0 annotations.

See the Oracle WebLogic 12.1.3 whitepaper

Up your heap and permgen in
-JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m  -XX:MaxPermSize=256m
+JAVA Memory arguments: -Xms256m -Xmx1024m -XX:CompileThreshold=8000 -XX:PermSize=512m  -XX:MaxPermSize=512m

JAX-RS 2.0

Enable JAX-RS 2.0 by deploying the 2.0 library war on 12.1.3
Library jax-rs(2.0,2.5.1)ActiveLibraryAdminServer100
You will see
<20-Aug-2014 5:52:17 o'clock PM UTC> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING.>
Aug 20, 2014 5:52:35 PM org.glassfish.jersey.server.ApplicationHandler initialize
INFO: Initiating Jersey application, version Jersey: 2.5.1 2014-01-02 13:43:00...

Add the following to your web.xml
    <description>JAX-RS Tools Generated - Do not modify</description>
    <servlet-name>JAX-RS Servlet</servlet-name>
    <!-- servlet-class></servlet-class-->
    <servlet-name>JAX-RS Servlet</servlet-name>
Add the following to your weblogic.xml
Use wlserver\orasocket\scripts\orasocket.min.js

JPA 2.1

JSON-P 1.0

WebSocket Protocol

Cassandra 2.0 NoSQL column DB
[OGM-122] Support Cassandra as Datastore - Hibernate JIRA


select count(1) from gps_record where coalesce(geohash, '') <> ''

Tuesday, July 22, 2014

LDD: Living the Developer Dream

In order to live the developer dream - you need to do a lot of things I won't discuss here.  However the following couple suggestions may help you get there.

Start using the cloud - but until you get there, setup your own server on site.

Java Remote Diagnostics

Setting up the hosting server
- add the following java properties to your JVM - preferably on the WebLogic server "server start | arguments" tab

- see the ports in your jvm process
obrienlabs-mbp15:security michaelobrien$ ps -ef | grep java

  501 79388 79343   0 11:57am ??         0:12.75 /Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/bin/java -client -Xms256m -Xmx512m -XX:MaxPermSize=256m -Dweblogic.Name=AdminServer -Xverify:none -Djava.endorsed.dirs=/Library/Java/JavaVirtualMachines/jdk1.7.0_51.jdk/Contents/Home/jre/lib/endorsed:/Users/michaelobrien/Oracle/Middleware/Oracle_HomeC/oracle_common/modules/endorsed -da -Dwls.home=/Users/michaelobrien/Oracle/Middleware/Oracle_HomeC/wlserver/server -Dweblogic.home=/Users/michaelobrien/Oracle/Middleware/Oracle_HomeC/wlserver/server weblogic.Server

Setting up the diagnostic client

obrienlabs-mbp15:bin michaelobrien$ jvisualvm -J-Dnetbeans.system_socks_proxy=localhost:13333

You should see the following from a VMWare Redhat client connected to the host OSX 10.9 server running the JVM.

Java Remote Debugging

Wednesday, July 2, 2014

Hexoskin Heart Rate, ECG,VO2 and activity capture

Hexoskin is an excellent product from Carré technologies that I find extremely useful.

- real time iOS and Android monitoring 

- ECG data available online only by disconnecting/syncing in OSX/win7

Tuesday, June 17, 2014

APIs Frameworks and Tools



Play (Google) / SBT (Scala Build Tool - Typesafe)

C:\_dev\_play>play new test2
 _ __ | | __ _ _  _
| '_ \| |/ _' | || |
|  __/|_|\____|\__ /
|_|            |__/

play 2.2.3 built with Scala 2.10.3 (running Java 1.7.0_51),

The new application will be created in C:\_dev\_play\test2

What is the application name? [test2]
> redirect

Which template do you want to use for this new application?

  1             - Create a simple Scala application
  2             - Create a simple Java application

> 1
OK, application redirect is created.

Have fun!

C:\_dev\_play>cd test2

 Volume in drive C is OS
 Volume Serial Number is 4E12-1E48

 Directory of C:\_dev\_play\test2

29/05/2014  16:26    <DIR>          .
29/05/2014  16:26    <DIR>          ..
29/05/2014  16:25               141 .gitignore
24/07/2014  16:28    <DIR>          app
24/07/2014  16:28               140 build.sbt
24/07/2014  16:28    <DIR>          conf
24/07/2014  16:28    <DIR>          project
24/07/2014  16:28    <DIR>          public
29/05/2014  16:25               147 README
24/07/2014  16:28    <DIR>          test
               3 File(s)            428 bytes
               7 Dir(s)   3,725,914,112 bytes free

[redirect] $ start 9001

(Starting server. Type Ctrl+D to exit logs, the server will remain in background)

Play server process ID is 8440
[info] play - Application started (Prod)
[info] play - Listening for HTTP on /0:0:0:0:0:0:0:0:9001
Your new application is ready.


Javascript / CSS

Java EE 7

Java EE 6

Java EE 5


Sunday, June 15, 2014

Upgrading to WebLogic 12c (12.1.2 or 12.1.3) from 10.3.5 or 10.3.6

    If you are upgrading from an older 11g 10.3.5 or 10.3.6 version of WebLogic Server to the latest 12.1.2 (EE6) or 12.1.3 (EE6 + partial EE7) version - the following references may be of assistance.


You can run 2 WebLogic domains simultaneously by running them on different ports.  Put one of the domains on admin port 7001 and the 2nd on admin port 17001, managed server ports 7101/7201 and nodemanager port 5556.

Create a (non-TX with properties: "Supports Global Transactions" global TX with one-phase commit) datasource to (for example postgreSQL) to be used by JMS called "MWJMSds".
Create a JDBC persistent store for each migratable server - but you will only be able to use datasources that are completely non-transactional.  Turn off the checkbox on the DS to see it in the dropdown of the persistent store create page.
The following table should be created "MW1WLStore" using a MW1 and MW2 prefix but we get.

one or more registered update listeners reported activation problems. The following failures occurred: -- The following failures occurred: -- javax.naming.NameNotFoundException: While trying to lookup 'jms.MWJDBCDerbyDS2' didn't find subcontext 'jms'. Resolved ''; remaining name 'jms/MWJDBCDerbyDS2' javax.naming.NameNotFoundException: While trying to lookup 'jms.MWJDBCDerbyDS2' didn't find subcontext 'jms'. Resolved ''; remaining name 'jms/MWJDBCDerbyDS2'

Make sure you target the managed server - not the admin server

MW_ManagedServer_1 (migratable)

Create JMS servers and target the persistent store and managed server target

MW_ManagedServer_1 (migratable)

Create a JMS Module
Create a subdeployment - target only the 2 JMS servers
Create a JMS distributed queue - use advanced targeting and select the subdeployment.
Go back into the JMS queue | SubDeployment and notice that the subdeployment is reset to "none" - this seems to be a new bug in WebLogic - if you resave this page you will reset the subdeployment and target

Uniform Distributed Queue
JMSServer-1, JMSServer-2

If I deselect one of the JMS servers in the subdeployment setup page - then the subdeployment reappears on the subdeployment dropdown of the distributed queue.
Other possible workarounds like changing the target of the subdeployment to the cluster (which inherits the JMS server(s)) does not work.

There are many features not available in default targeting - therefore we need to get multi-server subdeployment working.

weblogic_timers table:
Verify that the datasource is set on the cluster | configuration | scheduling page



The server consists of a cluster where each physical node has a nodemanager, 2 managed servers and 2 JMS servers.

Design Issues

DI 1: JMS Server failover via Migratable Target

DI 2: Time for all managed servers and DB must be synchronized

Verification Test Plan:


Uniform Distributed Queues:
The documentation for 12.1.2 states that default targeting should be deferred in favour of advanced targeting involving subdeployments.
However there is an issue where the subdeployment that targets more than one JMS server is not selectable as a target for UDQ's.

Targeting the cluster instead of a subdeployment is very limited in functionality - therefore we need to get multi-server subdeployment working.

Cluster | Configuration | Singleton Services

JPA 2.0

Although JPA 2.0 has been available since the 15 Jan 2010 release of WebLogic 10.3.4 - upgrading from JPA 1.0 may experience the following issues.


Listen Address Unspecified:
The following warning means that multiple IP's are configured for the cluster
<Jun 15, 2014 8:10:48 PM EDT> <Warning> <Cluster> <BEA-003121> <Unicast cluster may not function correctly as the listen address of server MW_ManagedServer_1 is not specified.> 


Thursday, March 27, 2014

Apple MacBook Pro is the key to living the developer dream - have your iOS, your Android and Java EE

      My MacBook Pro is awesome.   On a single machine I am able to develop Java EE applications, write Android apps and of course evolve iOS mobile applications.   The high end machine is a fusion of what a developer needs.
1) Unix based OS
2) iOS development
3) Java EE development
4) Android development
5) Screen Sharing replaces RDP
6) Vmware Fusion 6 allows for running licensed versions of Windows 7 and an unlimited number of OSX 10.9 VM's
7) When installing iOS 8 beta on an iphone 5s or ipod touch 5th - you will need to cycle the device in member central as well as remove old provisioning profiles in XCode 6 | Devices - re-add them and then reconnect the device.  You will then be able to run new "Swift" coded apps from XCode 6

1) Make sure to turn off native mode for WebLogic 12c node manager on the mac
2) for Insufficient disk space error
use the flag -Dspace.detection=false

Friday, March 21, 2014

Using postgreSQL with WebLogic 12c and EclipseLink 2.4 or Hibernate 4.2

This article describes how to get the postgreSQL 9.3 database running on WebLogic 12.1.2 using EclipseLink 2.4 or Hibernate 4.2 as the JPA persistence provider

Tutorial assumes EclipseLink 2.4.2.v20130514-5956486 running on WebLogic on OSX 10.9 using postgreSQL 9.3 the postgreSQL
JDBC driver jar does not come with WebLogic
modify the class
Download the latest postgreSQL 9.3 JDBC 4.1 jar from
Install postgreSQL 9.3 on the mac
Create a database by running Applications/PostgreSQL 9.3/pgAdmin III

Create a datasource in the WebLogic console

JAVA SE RESOURCE_LOCAL persistence.xml

[EL Info]: 2014-03-19 18:03:22.718--ServerSession(1898536649)--Thread(Thread[main,5,main])--EclipseLink, version: Eclipse Persistence Services - 2.4.2.v20130514-5956486 [EL Config]: connection: 2014-03-19 18:03:22.722--ServerSession(1898536649)--Connection(223623898)--Thread(Thread[main,5,main])--connecting(DatabaseLogin( platform=>PostgreSQLPlatform user name=> "postgres" datasource URL=> "jdbc:postgresql://localhost:5432/obrienlabs"

JAVA EE JTA Container Managed persistence.xml

[EL Config]: connection: 2014-03-19 19:50:20.599--ServerSession(1214490893)--Connection(1145000203)--Thread(Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads])--connecting(DatabaseLogin( platform=>PostgreSQLPlatform user name=> "" connector=>JNDIConnector datasource name=>null )) [EL Config]: connection: 2014-03-19 19:50:20.599--ServerSession(1214490893)--Connection(417451054)--Thread(Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads])--Connected: jdbc:postgresql:// User: postgres Database: PostgreSQL Version: 9.3.3 Driver: PostgreSQL Native Driver Version: PostgreSQL 9.3 JDBC4.1 (build 1101) [EL Finest]: sequencing: 2014-03-19 19:50:20.599--ServerSession(1214490893)--Thread(Thread[[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads])--sequencing connected, state is Preallocation_Transaction_NoAccessor_State

Hibernate 4.2.12 on WebLogic

Hibernate 4.3 will not run as a container managed persistence context on WebLogic because only the JPA 2.0 version of the EntityManager proxy is supported ( should support JPA 2.1).  Therefore using Hibernate 4.2 is recommended for 12c.


<property name="hibernate.transaction.jta.platform" value="org.hibernate.service.jta.platform.internal.WeblogicJtaPlatform"/>
<property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQLDialect"/>   

Running any JPA provider that supports the 2.0 spec

1) For polymorphic inheritance - the workaround annotation @ForceDescriminator is definitely your friend

Friday, February 21, 2014

All In CPU Performance Benchmarks

Java on

Macbook Pro 15 (8 core 2.6 GHz i7-4960) 16G RAM | OS 7.0.4 | Java 1.7.0_51 64-bit

38166 ms for Collatz  split: 16
38740 ms for Collatz  split: 32
37234 ms for Collatz  split: 64
35005 ms for Collatz  split: 128
34437 ms for Collatz  split: 256
32271 ms for Collatz  split: 512
31803 ms for Collatz  split: 1024
31707 ms for Collatz  split: 2048
31085 ms for Collatz  split: 4096
31469 ms for Collatz  split: 8192
32078 ms for Collatz  split: 16384
33302 ms for Collatz  split: 32768
32765 ms for Collatz  split: 65536
31821 ms for Collatz  split: 131072
31513 ms for Collatz  split: 262144
32498 ms for Collatz  split: 524288
33560 ms for Collatz  split: 1048576
36520 ms for Collatz  split: 2097152
34296 ms for Collatz  split: 4194304
34482 ms for Collatz  split: 8388608
40003 ms for Collatz  split: 16777216

61681 ms for Collatz  split: 33554432


