Bertrand Delacretaz, profile picture
Uploaded byBertrand Delacretaz
PDF, PPTX874 views

Building an Apache Sling Rendering Farm

The document discusses the development of an Apache Sling rendering farm, highlighting key architectural components, including load balancing and federated services, to enhance scalability and performance. It addresses challenges such as sandboxing and isolation in multi-tenant environments while presenting experimental solutions and coding strategies. The speaker, Bertrand Delacretaz, emphasizes the in-memory nature of Sling as a crucial differentiator and concludes by acknowledging the complexities and future possibilities in the rendering farm's evolution.

Download as PDF, PPTX
APACHE SLING & FRIENDS TECH MEETUP BERLIN, 25-27 SEPTEMBER 2017 Building an Apache Sling Rendering Farm Bertrand Delacretaz @bdelacretaz Sling committer and PMC member
 Principal Scientist, Adobe AEM team slides revision 2017-09-25
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 2 What are we building?setting the stage
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 3 How is Sling used today? Load
 BalancingThe Web Publishing Instances Sling instances dedicated to single tenants or “friendly” tenants. Rendering + Caching Content
 Repository Rendering + Caching Content
 Repository Rendering + Caching Content
 Repository Rendering + Caching Content
 Repository Content
 Repository Authoring Content Distribution
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 4 A Massive Sling Rendering/Processing Farm? Content
 Repository Resource
 Resolution Scripting +
 Rendering Resource
 Resolution Resource
 Resolution Resource
 Resolution Scripting +
 Rendering Scripting +
 Rendering Scripting +
 Rendering Load
 Balancing Load
 Balancing Elastic scaling at each stage Multiple developers (“tenants”) see their own world only
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 5 Federated ServicesThis 2017 after all
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 6 Content
 Repository Resource
 Resolver Scripting and Rendering Script Resolver HTTP
 front-end Sling Engine Microservices! Nice and trendy, but will that perform? HTTP HTTP HTTP HTTP HTTP HTTP Each component is an independent HTTP-based service, aka “religious microservices”
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 7 The Sling PipelineFaithfully serving requests since 2007!
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 8 Content
 Repository Resource
 Resolver Scripting and Rendering Script Resolver Resource ScriptRequest Output Sling Request Processing Pipeline 1 2 3 4 Conceptually, the request hits the repository first, to get the Resource. Scripts and Servlets are equivalent, considering scripts only here. All in-memory and in-process! sling:include 5..N content aggregation!
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 9 Content
 Repository Scripting and Rendering Script Resolver Scripts Output Federated Services Friendly? Resource
 Resolver Content Aggregator Aggregated
 Content Request Process boundaries
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 10 Reasonably Federated?Can we get isolation AND performance?
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 11 HTTP
 front-end Reasonably Federated Sling Rendering Farm? Aggregated
 Content Content
 Repository Resource
 Resolver Content Aggregator Content Provider
 Service Content Rendering
 Service Scripting and Rendering Script Resolver Scripts
 Repository Output It’s still mostly Sling, with the addition of a (scripted?) content aggregation step. Federated services provide more deployment and scaling options. Sandboxed Execution Isolated Content Sandboxed Execution
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 12 Sandboxing & IsolationHow?
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 13 Sandboxing & Isolation? Scripting and Rendering Sandboxed Execution Content
 Repository Isolated Content Content Aggregator Sandboxed Execution Repository Access Control can work but require a dynamic search path in Sling, see our experiments. Impacts caching, and mapping of incoming to resource paths is needed.Tried and tested. Repository jails look possible with probable impact on Sling internals. Same with multiple SlingRepository services. New and more like a blacklist. Custom, restricted languages are the safest? HTL (Use-API?), Handlebars? Sandboxing Nashorn (JavaScript) looks possible but not ideal, see our experiments. Sandboxing Java is not realistic- IBM canceled multi tenant JVM project for example.
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 14 But it’s a VM, right? Oak Libraries Sling Engine JavaVirtual Machine content Oak Libraries Sling Engine JavaVirtual Machine content Oak Libraries Sling Engine JavaVirtual Machine content Perfect isolation! Java classes
 memory space Application
 memory space Java classes
 memory space Application
 memory space Java classes
 memory space Application
 memory space But suboptimal use of resources! (and containers wouldn’t help)
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 15 Sandboxing scripting languages? <% var length = 0; if (request.getRequestParameter("file") != null) { var file = null; // store file var reqPara = request.getRequestParameter("file"); var is = reqPara.getInputStream(); file = Packages.java.io.File.createTempFile("posttest", ".txt"); var fout = new Packages.java.io.FileOutputStream(file); var c; while ((c = is.read()) != -1) { fout.write(c); } fout.close(); // read length length = file.length(); } %> OS Resources Infinite Loops Java classes & services Memory
 Usage? Many things need to be limited.
 Whitelist approach is much safer -> custom languages?
 HTL inherently sandboxed, except its Use-objects
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 16 Containers? Oak Libraries Sling Engine OS container content Java classes
 memory space Application
 memory space SMALL! Shared Memory Pools, Caches etc. memory Oak Libraries Sling Engine OS container content Java classes
 memory space Application
 memory space SMALL! Oak Libraries Sling Engine OS container content Java classes
 memory space Application
 memory space SMALL! Same problem as multiple JVMs Sharing caches, compiled scripts etc. can be a pragmatic solution.
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 17 What do we do?
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 18 Hybrid Sling Rendering Farm Annotated Aggregated Content HTTP
 front-end HTTP
 routing Scripting + Rendering Script Resolver scripts Shared Services Custom Code Script Resolver scripts Tenant-Specific Services servletscontent Resource
 Resolver Content Aggregator Oak Libraries Shared Services Sandboxed Execution New
 Component Content-driven routing Isolated
 Content Dynamic Search Path Provides the flexibility of Sling via tenant-specific services and dynamic routing. Uses shared services for the common parts. Allows for billable options depending on the actual routing.
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 19 Experimentsbuilding blocks that might be reusable
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 20 Resolving new types of scripts Experim ent Script Resolver Client
 GET Request Wrapped
 AGG Request Wrap the request to make it appear as an AGG (*) request and pass that to the Sling ServletResolver. Adapt the return SlingScript to an InputStream to read its text. (*) or any other non-existent HTTP verb. Content
 Repository /apps
 /myapp /AGG.js AGG.js
 script
 text Code at https://github.com/bdelacretaz/sling-adaptto-2017 (ContentBVP.java)
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 21 Resolving a SLING-CONTENT script Experim ent Code at https://github.com/bdelacretaz/sling-adaptto-2017 (ContentBVP.java) String getAggregatorScript(SlingHttpServletRequest r) { String result = null; Servlet s = servletResolver.resolveServlet( new ChangeMethodRequestWrapper(r, "SLING-CONTENT")); if(s instanceof SlingScript) { InputStream is = ((SlingScript)s).getScriptResource() .adaptTo(InputStream.class); } if(is != null) { result = IOUtils.toString(is) } } return result; } adaptTo() Bonus Points!
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 22 Content Aggregation with Sling Query Experim entvar $ = Packages.org.apache.sling.query.SlingQuery.$ var SearchStrategy = Packages.org.apache.sling.query.api.SearchStrategy var resourceResolver = resource.getResourceResolver() var result = { siblings : $(resource).siblings(), rootChildren : $(resource).parents().last().children(), queryResult : $(resourceResolver) .searchStrategy(SearchStrategy.QUERY) .find("nt:base[title=foo]") } Used in a BindingsValuesProvider? Or in a custom json renderer servlet which runs this script. Inherently sandboxed due to custom language. https://sling.apache.org/documentation/bundles/sling-query.html
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 23 Dynamic scripts/servlet search path Experim entif(dynamicServletResolver.canResolve(resource)) { servlet = dynamicServletResolver.resolveServlet(request); } else { …existing resolver code } A fairly simple change to the SlingServletResolver - should evolve into a real extension point if desired, and probably get the request as well. Tested in SLING-4386 - another multitenant experiment which provides tenant-specific scripts but no real isolation. Currently requires disabling the servlet resolution cache.
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 24 Nashorn (JavaScript) sandboxing (Java Delight) Experim entNashornSandbox { allow(final Class<?> clazz); injectGlobalVariable(String variableName, Object object); setMaxCPUTime(long limitMsec); Object eval(final String javaScriptCode); allowPrintFunctions(boolean v); allowReadFunctions(boolean v); ...more allow functions // $ARG, $ENV, $EXEC... allowGlobalsObjects(final boolean v); } Uses Nashorn’s ClassFilter to block Java classes Sandboxing rewrites standard methods + user code- > blacklisting, not ideal https://github.com/javadelight/delight-nashorn-sandbox (Java Delight Suite)
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 25 CODAwhere to now?
Building an Apache Sling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 26 CODA Thank you for attending! I’m Bertrand Delacretaz (@bdelacretaz) In-memory nature of Sling is an important differentiator, in good and bad ways! Hybrid Rendering Farm promising - do you need it? Sandboxing is difficult, whitelisting much preferred, custom languages? Reusable
 experiments?

More Related Content

PDF
GraphQL in Apache Sling - but isn't it the opposite of REST?
byBertrand Delacretaz
 
ODP
Rapid JCR Applications Development with Sling
byFelix Meschberger
 
PDF
Paving the way to a native Sling
byRadu Cotescu
 
PDF
Day CRX Introduction
byCédric Hüsler
 
PDF
Repoinit: a mini-language for content repository initialization
byBertrand Delacretaz
 
PDF
Serverless - introduction et perspectives concrètes
byBertrand Delacretaz
 
PDF
Sling and Serverless, Best Friends Forever?
byBertrand Delacretaz
 
PPTX
Optimizing Spring Boot apps for Docker
byGraham Charters
 
GraphQL in Apache Sling - but isn't it the opposite of REST?
byBertrand Delacretaz
 
Rapid JCR Applications Development with Sling
byFelix Meschberger
 
Paving the way to a native Sling
byRadu Cotescu
 
Day CRX Introduction
byCédric Hüsler
 
Repoinit: a mini-language for content repository initialization
byBertrand Delacretaz
 
Serverless - introduction et perspectives concrètes
byBertrand Delacretaz
 
Sling and Serverless, Best Friends Forever?
byBertrand Delacretaz
 
Optimizing Spring Boot apps for Docker
byGraham Charters
 

What's hot

PDF
Rh developers fat jar smackdown
byRed Hat Developers
 
PDF
DCSF19 Tips and Tricks of the Docker Captains
byDocker, Inc.
 
PDF
BBL Premiers pas avec Docker
bykanedafromparis
 
PDF
Continuous Integration: SaaS vs Jenkins in Cloud
byIdeato
 
PDF
DCEU 18: Tips and Tricks of the Docker Captains
byDocker, Inc.
 
PPTX
Writing a Gem with native extensions
byTristan Penman
 
PDF
Docker in practice
byJonathan Giannuzzi
 
PDF
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
byDana Luther
 
PDF
Streamline your development environment with docker
byGiacomo Bagnoli
 
PPTX
Running Docker in Development & Production (DevSum 2015)
byBen Hall
 
PPTX
Running Docker in Development & Production (#ndcoslo 2015)
byBen Hall
 
PPTX
Docker for Developers - Sunshine PHP
byChris Tankersley
 
PPTX
Lessons from running potentially malicious code inside Docker containers
byBen Hall
 
PDF
DocuOps & Asciidoctor in a JVM World
bySchalk Cronjé
 
PPT
Build service with_docker_in_90mins
byLarry Cai
 
PDF
Docker perl build
byWorkhorse Computing
 
PDF
Check the version with fixes. Link in description
byPrzemyslaw Koltermann
 
PPTX
Docker
byCary Gordon
 
PDF
Hands on Docker - Launch your own LEMP or LAMP stack
byDana Luther
 
PPTX
Cloud hybridation leveraging on Docker 1.12
byLudovic Piot
 
Rh developers fat jar smackdown
byRed Hat Developers
 
DCSF19 Tips and Tricks of the Docker Captains
byDocker, Inc.
 
BBL Premiers pas avec Docker
bykanedafromparis
 
Continuous Integration: SaaS vs Jenkins in Cloud
byIdeato
 
DCEU 18: Tips and Tricks of the Docker Captains
byDocker, Inc.
 
Writing a Gem with native extensions
byTristan Penman
 
Docker in practice
byJonathan Giannuzzi
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
byDana Luther
 
Streamline your development environment with docker
byGiacomo Bagnoli
 
Running Docker in Development & Production (DevSum 2015)
byBen Hall
 
Running Docker in Development & Production (#ndcoslo 2015)
byBen Hall
 
Docker for Developers - Sunshine PHP
byChris Tankersley
 
Lessons from running potentially malicious code inside Docker containers
byBen Hall
 
DocuOps & Asciidoctor in a JVM World
bySchalk Cronjé
 
Build service with_docker_in_90mins
byLarry Cai
 
Docker perl build
byWorkhorse Computing
 
Check the version with fixes. Link in description
byPrzemyslaw Koltermann
 
Docker
byCary Gordon
 
Hands on Docker - Launch your own LEMP or LAMP stack
byDana Luther
 
Cloud hybridation leveraging on Docker 1.12
byLudovic Piot
 

Similar to Building an Apache Sling Rendering Farm

PDF
Can we run the Whole Web on Apache Sling?
byBertrand Delacretaz
 
PDF
Effective Web Application Development with Apache Sling
byRobert Munteanu
 
PPT
Build Your Own CMS with Apache Sling
byBob Paulin
 
PDF
RESTFul development with Apache sling
bySergii Fesenko
 
PPTX
Rest and Sling Resolution
byDEEPAK KHETAWAT
 
PPTX
Shooting rabbits with sling
byTomasz Rękawek
 
PDF
CIRCUIT 2015 - 10 Things Apache Sling Can Do
byICF CIRCUIT
 
PPTX
Content-centric architectures - case study : Apache Sling
byFabrice Hong
 
PDF
Modern operations with Apache Sling (2014 adaptTo version)
byBertrand Delacretaz
 
PPTX
Integration patterns in AEM 6
byYuval Ararat
 
PDF
Using OSGi for script deployment in Apache Sling
byRadu Cotescu
 
PDF
Apache Sling
bynobby
 
PPTX
Sling pipes
byAnkit Gubrani
 
PDF
Content-Centric Web Development with Apache Sling
byKoen Van Eeghem
 
PDF
Apache Sling Scripting Reloaded
byRadu Cotescu
 
PDF
Effective web application development with Apache Sling
byRobert Munteanu
 
ODP
Server-side OSGi with Apache Sling (Jazoon 2010)
byFelix Meschberger
 
PPTX
EPAM IT WEEK: AEM & TDD. It's so boring...
byAndrew Manuev
 
PDF
Escape the defaults - Configure Sling like AEM as a Cloud Service
byRobert Munteanu
 
ODP
Server-side OSGi with Apache Sling (OSGiDevCon 2011)
byFelix Meschberger
 
Can we run the Whole Web on Apache Sling?
byBertrand Delacretaz
 
Effective Web Application Development with Apache Sling
byRobert Munteanu
 
Build Your Own CMS with Apache Sling
byBob Paulin
 
RESTFul development with Apache sling
bySergii Fesenko
 
Rest and Sling Resolution
byDEEPAK KHETAWAT
 
Shooting rabbits with sling
byTomasz Rękawek
 
CIRCUIT 2015 - 10 Things Apache Sling Can Do
byICF CIRCUIT
 
Content-centric architectures - case study : Apache Sling
byFabrice Hong
 
Modern operations with Apache Sling (2014 adaptTo version)
byBertrand Delacretaz
 
Integration patterns in AEM 6
byYuval Ararat
 
Using OSGi for script deployment in Apache Sling
byRadu Cotescu
 
Apache Sling
bynobby
 
Sling pipes
byAnkit Gubrani
 
Content-Centric Web Development with Apache Sling
byKoen Van Eeghem
 
Apache Sling Scripting Reloaded
byRadu Cotescu
 
Effective web application development with Apache Sling
byRobert Munteanu
 
Server-side OSGi with Apache Sling (Jazoon 2010)
byFelix Meschberger
 
EPAM IT WEEK: AEM & TDD. It's so boring...
byAndrew Manuev
 
Escape the defaults - Configure Sling like AEM as a Cloud Service
byRobert Munteanu
 
Server-side OSGi with Apache Sling (OSGiDevCon 2011)
byFelix Meschberger
 

More from Bertrand Delacretaz

PDF
VanillaJS & the Web Platform, a match made in heaven?
byBertrand Delacretaz
 
PDF
Surviving large online communities with conciseness and clarity
byBertrand Delacretaz
 
PDF
The Moving House Model, adhocracy and remote collaboration
byBertrand Delacretaz
 
PDF
Open Source Changes the World!
byBertrand Delacretaz
 
PDF
How to convince your left brain (or manager) to follow the Open Source path t...
byBertrand Delacretaz
 
PDF
L'Open Source change le Monde - BlendWebMix 2019
byBertrand Delacretaz
 
PDF
Shared Neurons - the Secret Sauce of Open Source communities?
byBertrand Delacretaz
 
PDF
State of the Feather - ApacheCon North America 2018
byBertrand Delacretaz
 
PDF
Karate, the black belt of HTTP API testing?
byBertrand Delacretaz
 
PDF
Open Source at Scale: the Apache Software Foundation (2018)
byBertrand Delacretaz
 
PDF
They don't understand me! Tales from the multi-cultural trenches
byBertrand Delacretaz
 
PDF
Prise de Décisions Asynchrone, Devoxx France 2018 (avec vidéo)
byBertrand Delacretaz
 
PDF
Project and Community Services the Apache Way
byBertrand Delacretaz
 
PDF
La Fondation Apache - keynote au Paris Open Source Summit 2017
byBertrand Delacretaz
 
PDF
Asynchronous Decision Making - FOSS Backstage 2017
byBertrand Delacretaz
 
PDF
Who needs meetings? Asynchronous Decision Making to the rescue
byBertrand Delacretaz
 
PDF
Simple software is hard...don't give up!
byBertrand Delacretaz
 
PDF
I will NOT attend your meeting - I'm an Open Source person
byBertrand Delacretaz
 
PDF
Open Development in the Enterprise, 19 minutes 2016 version
byBertrand Delacretaz
 
PDF
RESTful OSGi middleware for NoSQL databases with Docker
byBertrand Delacretaz
 
VanillaJS & the Web Platform, a match made in heaven?
byBertrand Delacretaz
 
Surviving large online communities with conciseness and clarity
byBertrand Delacretaz
 
The Moving House Model, adhocracy and remote collaboration
byBertrand Delacretaz
 
Open Source Changes the World!
byBertrand Delacretaz
 
How to convince your left brain (or manager) to follow the Open Source path t...
byBertrand Delacretaz
 
L'Open Source change le Monde - BlendWebMix 2019
byBertrand Delacretaz
 
Shared Neurons - the Secret Sauce of Open Source communities?
byBertrand Delacretaz
 
State of the Feather - ApacheCon North America 2018
byBertrand Delacretaz
 
Karate, the black belt of HTTP API testing?
byBertrand Delacretaz
 
Open Source at Scale: the Apache Software Foundation (2018)
byBertrand Delacretaz
 
They don't understand me! Tales from the multi-cultural trenches
byBertrand Delacretaz
 
Prise de Décisions Asynchrone, Devoxx France 2018 (avec vidéo)
byBertrand Delacretaz
 
Project and Community Services the Apache Way
byBertrand Delacretaz
 
La Fondation Apache - keynote au Paris Open Source Summit 2017
byBertrand Delacretaz
 
Asynchronous Decision Making - FOSS Backstage 2017
byBertrand Delacretaz
 
Who needs meetings? Asynchronous Decision Making to the rescue
byBertrand Delacretaz
 
Simple software is hard...don't give up!
byBertrand Delacretaz
 
I will NOT attend your meeting - I'm an Open Source person
byBertrand Delacretaz
 
Open Development in the Enterprise, 19 minutes 2016 version
byBertrand Delacretaz
 
RESTful OSGi middleware for NoSQL databases with Docker
byBertrand Delacretaz
 

Recently uploaded

PPTX
Презентация Филимонов (английский).pptx
bydragonnonext
 
PPTX
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
PDF
Submission Start Now....! International Journal of Ubiquitous Computing (IJU)
byijujournal
 
PDF
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
PPTX
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
PDF
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
PDF
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
PDF
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
PDF
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
PDF
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
PDF
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 
PDF
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 
PPTX
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
PDF
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
PDF
Viktor Huszag - Amadeus IT Group - Anti-Fraud Policy
byViktor Huszag
 
PDF
Submit Your Research Papers...! IJCI welcomes conferences to publish their p...
byIJCI JOURNAL
 
Презентация Филимонов (английский).pptx
bydragonnonext
 
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
Submission Start Now....! International Journal of Ubiquitous Computing (IJU)
byijujournal
 
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
Categorisation_of_Cyber_Attacks for hnd pearson level 4 students
byhawa175590
 
Top 10 Countries to Hire Remote Developers in 2025 copy.pdf
byOuranos Technologies Pvt Ltd
 
Missouri Mobile App Development Company Addresses Safety Concerns After UPS P...
byMike Brown
 
10 Interesting Facts About Infinite Craft
byMiranda Croftoon
 
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
What is Crypto SIP & How It Works | Beginner’s Guide to Crypto SIP Investments
by3verseTV
 
The walking dead series-Apresentation free dowload.pdf
byDinisPires6
 
Elastic meetup - From Search to Smart: Python + Elastic ELSER.pptx
bysmollinga
 
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
Viktor Huszag - Amadeus IT Group - Anti-Fraud Policy
byViktor Huszag
 
Submit Your Research Papers...! IJCI welcomes conferences to publish their p...
byIJCI JOURNAL
 

Building an Apache Sling Rendering Farm

  • 1.
    APACHE SLING &FRIENDS TECH MEETUP BERLIN, 25-27 SEPTEMBER 2017 Building an Apache Sling Rendering Farm Bertrand Delacretaz @bdelacretaz Sling committer and PMC member
 Principal Scientist, Adobe AEM team slides revision 2017-09-25
  • 2.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 2 What are we building?setting the stage
  • 3.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 3 How is Sling used today? Load
 BalancingThe Web Publishing Instances Sling instances dedicated to single tenants or “friendly” tenants. Rendering + Caching Content
 Repository Rendering + Caching Content
 Repository Rendering + Caching Content
 Repository Rendering + Caching Content
 Repository Content
 Repository Authoring Content Distribution
  • 4.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 4 A Massive Sling Rendering/Processing Farm? Content
 Repository Resource
 Resolution Scripting +
 Rendering Resource
 Resolution Resource
 Resolution Resource
 Resolution Scripting +
 Rendering Scripting +
 Rendering Scripting +
 Rendering Load
 Balancing Load
 Balancing Elastic scaling at each stage Multiple developers (“tenants”) see their own world only
  • 5.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 5 Federated ServicesThis 2017 after all
  • 6.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 6 Content
 Repository Resource
 Resolver Scripting and Rendering Script Resolver HTTP
 front-end Sling Engine Microservices! Nice and trendy, but will that perform? HTTP HTTP HTTP HTTP HTTP HTTP Each component is an independent HTTP-based service, aka “religious microservices”
  • 7.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 7 The Sling PipelineFaithfully serving requests since 2007!
  • 8.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 8 Content
 Repository Resource
 Resolver Scripting and Rendering Script Resolver Resource ScriptRequest Output Sling Request Processing Pipeline 1 2 3 4 Conceptually, the request hits the repository first, to get the Resource. Scripts and Servlets are equivalent, considering scripts only here. All in-memory and in-process! sling:include 5..N content aggregation!
  • 9.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 9 Content
 Repository Scripting and Rendering Script Resolver Scripts Output Federated Services Friendly? Resource
 Resolver Content Aggregator Aggregated
 Content Request Process boundaries
  • 10.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 10 Reasonably Federated?Can we get isolation AND performance?
  • 11.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 11 HTTP
 front-end Reasonably Federated Sling Rendering Farm? Aggregated
 Content Content
 Repository Resource
 Resolver Content Aggregator Content Provider
 Service Content Rendering
 Service Scripting and Rendering Script Resolver Scripts
 Repository Output It’s still mostly Sling, with the addition of a (scripted?) content aggregation step. Federated services provide more deployment and scaling options. Sandboxed Execution Isolated Content Sandboxed Execution
  • 12.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 12 Sandboxing & IsolationHow?
  • 13.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 13 Sandboxing & Isolation? Scripting and Rendering Sandboxed Execution Content
 Repository Isolated Content Content Aggregator Sandboxed Execution Repository Access Control can work but require a dynamic search path in Sling, see our experiments. Impacts caching, and mapping of incoming to resource paths is needed.Tried and tested. Repository jails look possible with probable impact on Sling internals. Same with multiple SlingRepository services. New and more like a blacklist. Custom, restricted languages are the safest? HTL (Use-API?), Handlebars? Sandboxing Nashorn (JavaScript) looks possible but not ideal, see our experiments. Sandboxing Java is not realistic- IBM canceled multi tenant JVM project for example.
  • 14.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 14 But it’s a VM, right? Oak Libraries Sling Engine JavaVirtual Machine content Oak Libraries Sling Engine JavaVirtual Machine content Oak Libraries Sling Engine JavaVirtual Machine content Perfect isolation! Java classes
 memory space Application
 memory space Java classes
 memory space Application
 memory space Java classes
 memory space Application
 memory space But suboptimal use of resources! (and containers wouldn’t help)
  • 15.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 15 Sandboxing scripting languages? <% var length = 0; if (request.getRequestParameter("file") != null) { var file = null; // store file var reqPara = request.getRequestParameter("file"); var is = reqPara.getInputStream(); file = Packages.java.io.File.createTempFile("posttest", ".txt"); var fout = new Packages.java.io.FileOutputStream(file); var c; while ((c = is.read()) != -1) { fout.write(c); } fout.close(); // read length length = file.length(); } %> OS Resources Infinite Loops Java classes & services Memory
 Usage? Many things need to be limited.
 Whitelist approach is much safer -> custom languages?
 HTL inherently sandboxed, except its Use-objects
  • 16.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 16 Containers? Oak Libraries Sling Engine OS container content Java classes
 memory space Application
 memory space SMALL! Shared Memory Pools, Caches etc. memory Oak Libraries Sling Engine OS container content Java classes
 memory space Application
 memory space SMALL! Oak Libraries Sling Engine OS container content Java classes
 memory space Application
 memory space SMALL! Same problem as multiple JVMs Sharing caches, compiled scripts etc. can be a pragmatic solution.
  • 17.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 17 What do we do?
  • 18.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 18 Hybrid Sling Rendering Farm Annotated Aggregated Content HTTP
 front-end HTTP
 routing Scripting + Rendering Script Resolver scripts Shared Services Custom Code Script Resolver scripts Tenant-Specific Services servletscontent Resource
 Resolver Content Aggregator Oak Libraries Shared Services Sandboxed Execution New
 Component Content-driven routing Isolated
 Content Dynamic Search Path Provides the flexibility of Sling via tenant-specific services and dynamic routing. Uses shared services for the common parts. Allows for billable options depending on the actual routing.
  • 19.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 19 Experimentsbuilding blocks that might be reusable
  • 20.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 20 Resolving new types of scripts Experim ent Script Resolver Client
 GET Request Wrapped
 AGG Request Wrap the request to make it appear as an AGG (*) request and pass that to the Sling ServletResolver. Adapt the return SlingScript to an InputStream to read its text. (*) or any other non-existent HTTP verb. Content
 Repository /apps
 /myapp /AGG.js AGG.js
 script
 text Code at https://github.com/bdelacretaz/sling-adaptto-2017 (ContentBVP.java)
  • 21.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 21 Resolving a SLING-CONTENT script Experim ent Code at https://github.com/bdelacretaz/sling-adaptto-2017 (ContentBVP.java) String getAggregatorScript(SlingHttpServletRequest r) { String result = null; Servlet s = servletResolver.resolveServlet( new ChangeMethodRequestWrapper(r, "SLING-CONTENT")); if(s instanceof SlingScript) { InputStream is = ((SlingScript)s).getScriptResource() .adaptTo(InputStream.class); } if(is != null) { result = IOUtils.toString(is) } } return result; } adaptTo() Bonus Points!
  • 22.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 22 Content Aggregation with Sling Query Experim entvar $ = Packages.org.apache.sling.query.SlingQuery.$ var SearchStrategy = Packages.org.apache.sling.query.api.SearchStrategy var resourceResolver = resource.getResourceResolver() var result = { siblings : $(resource).siblings(), rootChildren : $(resource).parents().last().children(), queryResult : $(resourceResolver) .searchStrategy(SearchStrategy.QUERY) .find("nt:base[title=foo]") } Used in a BindingsValuesProvider? Or in a custom json renderer servlet which runs this script. Inherently sandboxed due to custom language. https://sling.apache.org/documentation/bundles/sling-query.html
  • 23.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 23 Dynamic scripts/servlet search path Experim entif(dynamicServletResolver.canResolve(resource)) { servlet = dynamicServletResolver.resolveServlet(request); } else { …existing resolver code } A fairly simple change to the SlingServletResolver - should evolve into a real extension point if desired, and probably get the request as well. Tested in SLING-4386 - another multitenant experiment which provides tenant-specific scripts but no real isolation. Currently requires disabling the servlet resolution cache.
  • 24.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 24 Nashorn (JavaScript) sandboxing (Java Delight) Experim entNashornSandbox { allow(final Class<?> clazz); injectGlobalVariable(String variableName, Object object); setMaxCPUTime(long limitMsec); Object eval(final String javaScriptCode); allowPrintFunctions(boolean v); allowReadFunctions(boolean v); ...more allow functions // $ARG, $ENV, $EXEC... allowGlobalsObjects(final boolean v); } Uses Nashorn’s ClassFilter to block Java classes Sandboxing rewrites standard methods + user code- > blacklisting, not ideal https://github.com/javadelight/delight-nashorn-sandbox (Java Delight Suite)
  • 25.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 25 CODAwhere to now?
  • 26.
    Building an ApacheSling Rendering Farm - Bertrand Delacretaz, adaptTo 2017 26 CODA Thank you for attending! I’m Bertrand Delacretaz (@bdelacretaz) In-memory nature of Sling is an important differentiator, in good and bad ways! Hybrid Rendering Farm promising - do you need it? Sandboxing is difficult, whitelisting much preferred, custom languages? Reusable
 experiments?