Apache
Home » miscellaneous » Sandbox

Virtual Bundles

Overview

The OSGi framework supports deploying and managing bundles, which are reusable units of code and resources. Although the OSGi specification does not explicitly require bundles to be packaged as JAR files, it does require that bundles look like JAR files (i.e., they have a manifest and named byte entries). For the most part, this abstraction as worked well and has allowed framework implementations to support other archive formats and even install-by-reference semantics (to some degree). However, there are limitations limitations as to what can be achieved by this approach.

The “JAR abstraction” employed by the OSGi specification for bundles requires that the framework is always in control of all aspects of class loading (e.g., searching for bytes, defining classes from bytes, etc.). While this makes sense since the framework must enforce consistency, it limits the framework to scenarios where a bundle can be modeled as a JAR file. Overall, this limitation might not seem so onerous, but the result is that every new requirement that comes along at the bundle level results in modifications (and bloating) of the core framework specification.

To avoid bloat and added conceptual complexity, this proposal introduces the primitive concept of a virtual bundle to the OSGi framework. A virtual bundle can quite succinctly be described as a bundle whose content is not managed by the framework. More specifically, the idea is to weaken the “JAR abstraction” where the framework expects to have access to byte entries in an archive and instead allow another entity to manage entry access and more importantly bundle class loading. The ultimate goal is to reduce the need to modify the framework to support niche requirements by enabling their support in upper layers.

Use cases

Some potential use cases for virtual bundles:

This is not a complete list of use cases, but provides some potential examples.

Terminology

The following terms are used in this document:

Technical approach

To support a virtual bundle concept, we need to introduce a few new interfaces to manage access to the virtual bundle's content and to provide it access to its own wiring state. This section discusses these interfaces as well as other technical issues.

Proposed API

This proposal defines the following new interfaces and/or augmentations to existing interfaces to support adding a virtual bundle concept to the framework.

NOTE 1: The package name used for this prototype is org.apache.felix.framework.ext to avoid an IP issues regarding the development of the prototype in the open at Apache Felix. If we want to change it to the org.osgi.framework namespace, we need some way of making timely updates of the proposed packages available to the public.

NOTE 2: All names in this document (e.g., interfaces, methods, etc.) are subject to change and were merely chosen for the purposes of making progress on the prototype.

VirtualModule

The VirtualModule interface abstracts access to the virtual bundle's content and is the management object handling content access. The name might seem confusing, but results from how framework implementations must handle bundles. Normally in the OSGi framework, a bundle is not necessarily associated with a single bundle archive; instead, it may have multiple archives associated with it at run time depending on whether it has been updated or not. In the Felix framework implementation, we call these things modules and this naming was chosen for that reason:

    public interface VirtualModule {
        void resolve(Wire bootWire, List<Wire> wires) throws BundleException;

        Class loadClass(String name) throws ClassNotFoundException;
        URL getResource(String name);
        Enumeration getResources(String name);

        URL getEntry(String entry);
        Enumeration<String> getEntryPaths(String path);
        Enumeration<URL> findEntries(String path, String filePattern, boolean recurse);
    }

The VirtualModule interface is implemented by a manager wishing to provide a virtual bundle. The core of the interface provides access to the content (i.e., both classes and entries). Third-party management of class access is the main differentiator between a normal bundle and a virtual bundle; this means the manager owns the class loader associated with the VirtualModule.

Most of the methods on this interface are self explanatory; however, the resolve() method is not. The resolve() method provides the virtual module its wiring context in the form of Wire objects. This allows the manager-owned class loader to implement proper OSGi class delegation. The bootWire parameter is a special wire that performs boot delegation, while the wires parameter performs normal delegation for imported packages and required bundles. The resolve() method is technically a setter method and is called by the framework when resolving the virtual module to inject its wires; however, the method may throw an exception if it cannot resolve at that time.

NOTE 1: Technically, we could merge bootWire into wires or we could eliminate wires and just have a single delegateWire that wraps the actual wires.

For clarity, the class- and resource-related methods take into account wiring delegation; the entry-related methods do not. This is similar for normal bundles.

NOTE 2: We could potentially use a dispose() method that is called when the framework is really done with the virtual module (i.e., when it is refreshed).

Wire

The Wire interface provides a delegation mechanism to the manager of virtual module class loaders:

    public interface Wire {
        Class loadClass(String name) throws ClassNotFoundException;
        URL getResource(String name) throws ResourceNotFoundException;
        Enumeration getResources(String name) throws ResourceNotFoundException;
    }

The methods are reasonable self explanatory, since they perform the actions normally associated with the methods of the same name on a class loader. However, their behavior is defined to help managers support proper OSGi class and resource delegation. The result of each method and its meaning are:

Injection of wires into a virtual module does not compel the manager-owned class loader to obey proper OSGi delegation patterns. It is recommended to do so to ensure consistency, but the third-party provider has the flexibility to deviate as it sees fit, but it must live with the consequences.

FelixBundleContext

The framework needs to provide explicit support for installing virtual bundles and currently this happens via two new methods on the BundleContext interface. For the prototype, these methods are added to a specialization of BundleContext:

    public interface FelixBundleContext extends BundleContext {
        VirtualModuleContext installBundle(String location, Map headers, VirtualModule vm)
            throws BundleException;
        VirtualModuleContext reinstallBundle(Bundle bundle, VirtualModule vm)
            throws BundleException;
    }

The installBundle() method is how a manager installs a virtual bundle for the first time. The location parameter is the normal bundle location string, the headers parameter is the virtual bundle's manifest, and the vm parameter is the virtual bundle's VirtualModule implementation. The reinstallBundle() method is used by a manager to reinstall or reattach a VirtualModule implementation to a previously installed virtual bundle, such as on framework restart.

NOTE 1: Technically, it would be possible to avoid passing in the VirtualModule instance to installBundle() and force the manager to always attach VirtualModule implementations using reinstallBundle(), but this approach at least makes the first install atomic.

NOTE 2: Perhaps reinstallBundle() should be on the Bundle interface.

VirtualModuleContext

When a manager installs or reinstalls a virtual bundle, it receives a VirtualModuleContext:

    public interface VirtualModuleContext {
        Bundle getBundle();
        File getDataFile();
    }

The sole purpose of a VirtualModuleContext is to provide the manager with access to the virtual bundle's private data area. The VirtualModuleContext is valid even when the virtual bundle is not ACTIVE, but becomes invalid once the virtual bundle is UNINSTALLED.

NOTE: This could be implemented as a super interface of BundleContext.

Virtual bundle lifecycle

In an effort to minimize the impact to the framework, the lifecycle handling for virtual bundles has been kept purposely simplistic. There was a conscious decision to avoid making the framework responsible for reifying the relationship between a virtual bundle and its manager; instead, this is solely the manager's responsibility. This does have some have some potential ramifications on issues like ordering, which will be discussed shortly along with other lifecycle-related issues.

Persistence of virtual bundles

When a virtual bundle is installed, it is installed persistently; however, this has a different meaning than for normal bundles. A virtual bundle is recorded persistently in the bundle cache and its specified headers are cached for it; this means the headers cannot change after installation unless updated, like a normal bundle. The managed object (i.e., the VirtualModule instance) associated with a virtual bundle is not persisted. This means on subsequent framework restarts, the framework is able to reconstitute a virtual bundle and maintains its private data area, but the reconstituted virtual bundle is merely an empty shell. It is the managers responsibility to reinstall the virtual bundle's associated VirtualModule.

Manager/virtual bundle ordering

In many cases it will be important for the manager to start before anyone attempts to use a virtual bundle. If so, the manager should be placed in a lower start level than its virtual bundles. Although not optimal, this is acceptable since virtual bundles are quite low level and are effectively extending the framework. This may not be necessary in all cases and could potentially be alleviated to some degree if the framework were proactive during the reinstall phase of a virtual bundle (e.g., it could immediately try to restart persistently started bundles after a reinstall).

NOTE: This is also related to the “active dependencies” topic of RFC-154; if the framework managed some active dependencies then this could be resolved that way, but that opens another whole can of worms.

Refreshing a virtual bundle

When a normal bundle is refreshed, the framework throws away the class loader associated with the bundle and will ultimately create a new one when needed. For virtual bundles, the first part is the similar, but the second is not since the framework has no way to create the needed VirtualModule instance. Thus, when a virtual bundle is refreshed, the framework throws away the associated VirtualModule instance and sets the associated state of the virtual bundle to INSTALLED. It is the manager's responsibility to detect this situation and reinstall the needed VirtualModule instance.

NOTE: Technically, I think it may be possible to achieve this somewhat atomically with a synchronous bundle listener.

Refreshing a virtual bundle does not necessarily have a direct impact on the manager. In other words, the virtual bundle does not necessarily have an implicit dependency on its manager.

Refreshing a manager

The framework must maintain dependencies from a manager to its installed virtual bundles so when a manager is refreshed, then all of its virtual bundles will be refreshed too. If the class implementing the VirtualModule instance comes from a bundle other than the manager, then the framework should associate an implicit dependency between this other bundle and the virtual module too so it is refreshed when this other bundle is refreshed, in addition to the manager.

NOTE: It is not necessarily clear that we need to directly support this last case.

Effective time of a virtual module

The effective time of a virtual module instance is related to the lifecycle of the virtual bundle itself and the virtual bundle's manager. It seems obvious that a virtual module instance should be valid (i.e., used by the framework) while the virtual bundle state is RESOLVED, STARTING, ACTIVE, STOPPING, and UNINSTALLED (until refreshed); this mimics normal bundle behavior. With respect to the manager's lifecycle, the prototype currently assumes the virtual module is valid during these same lifecycle states in the manager. In other words, the manager does not need to be active after the fact for the virtual bundles to continue to function, it just needs to be active to install them initially.

NOTE: The alternative is to treat this as some sort of “active dependency” where if the manager is stopped, its associated virtual bundles are refreshed immediately.

Open issues

This section documents open and/or unaddressed issues.

Installation interception

Some form of bundle installation interception is necessary to integrate cleanly with existing management agents that use BundleContext.installBundle() to deploy bundles. One possibility is to introduce a new service interface used by the framework, such as:

    public interface InstallHook {
        boolean installBundle(String location);
        boolean installBundle(String location, InputStream is);
    }

Managers could register such a service which would be used by the framework during bundle installation to call out to the managers to given them an opportunity to process the bundle installation instead of using the default handling. This is somewhat analogous to resource processors in the Deployment Admin specification.

Updating a virtual bundle

No issues are foreseen in the normal update scenario (i.e., updating a bundle to a completely new version of a bundle whether it is virtual or not). It should be possible to update a virtual bundle to a new virtual module (and headers), as well as updating a normal bundle to a virtual bundle or vice versa. This will likely require adding another update() method to Bundle that accepts the appropriate parameters (e.g., Bundle.update(Map headers, VirtualModule vm)).

A more complicated case is related to ordering, which is how to deal with bundles that were installed before the manager was present and/or activated. In this case, a normal update is not completely sufficient since the manager really wants to update the bundle to a virtual bundle, but keep its existing content. Technically, this is possible with the current API by using the entry-related Bundle methods to reconstruct the installed bundle, then performing an update on it to convert it to a virtual bundle.

Resource handling

Typically, a framework implementation has to know something about the content of a bundle to create resource URLs. For example, both Felix and Equinox create resource URLs something like this:

    bundle://<framework-id><bundle-id>:<classpath-idx>/path/to/resource.txt

This sort of approach is necessary since the specification requires that resource URLs can be used as the context to create other resource URLs. Unfortunately, this breaks the module's encapsulation of its content (i.e., the framework must be aware that there is a bundle class path concept).

Currently, a manager must manager register a URL stream handler to provide a protocol to access its virtual modules' content as resources if it cannot be handled via an existing protocol. The downside of this approach is that, for now, a manager has to be active to provide a stream handler service, which means resource access will stop working if the manager is stopped.

A potential solution to this is to inject the virtual module with a resource URL factory which allows the manager to inject its own “opaque” index integer into the framework's normal resource URL.

Dynamic imports

It is possible to add support for dynamic imports through the injection of a special type of wire in the VirtualModule.resolve() method. Like the boot wire, this dynamic wire would be special and would be searched by the manager-owned class loader after its own content and would potentially result in a dynamic import.

Fragments

It may technically be possible to support fragments. Currently, a virtual module is injected with wires that provide access to classes and resources. Conceptually, we could handle fragments by injecting the virtual module with a set of fragment bundles from which it could load entries. The only trick is that the injected bundles could not be a normal bundle since a normal bundle can have multiple bundle revisions associated with it; the injected fragment bundle would need to be a wrapper around a specific revision. Other approach it to create a new wire-like interface for fragment access which could be injected into the virtual module.

Security

One possible approach to deal with security is to inject the virtual module with a protection domain for it to use when defining classes. For virtual modules using predefined classes, then it won't be possible to assign additional permissions to those classes.

Lazy activation

Too support lazy activation across normal bundles and virtual bundles, API would need to be defined for them to participate in this process. Mostly likely, the virtual module would need to be injected with some object for keep track of which classes are being created and which bundles need to be activated.

Considered alternatives

TBD

Rev. 1700393 by cziegeler on Tue, 1 Sep 2015 06:04:06 +0000
Apache Felix, Felix, Apache, the Apache feather logo, and the Apache Felix project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.