diff --git a/container-images/jdk17/runtime-image/Dockerfile b/container-images/jdk17/runtime-image/Dockerfile new file mode 100644 index 0000000..b66ee9a --- /dev/null +++ b/container-images/jdk17/runtime-image/Dockerfile @@ -0,0 +1,210 @@ + +# This is a Dockerfile for the jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9:1.0.0.Beta image. + + +## START target image jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9:1.0.0.Beta +## \ + FROM registry.access.redhat.com/ubi9/ubi-minimal + + + USER root + +###### START module 'jboss.container.user:2.0+jboss1' +###### \ + # Copy 'jboss.container.user' module content + COPY modules/jboss.container.user /tmp/scripts/jboss.container.user + # Switch to 'root' user for package management for 'jboss.container.user' module defined packages + USER root + # Install packages defined in the 'jboss.container.user' module + RUN microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y shadow-utils \ + && microdnf clean all \ + && rpm -q shadow-utils + # Set 'jboss.container.user' module defined environment variables + ENV \ + GECOS="JBoss user" \ + HOME="/home/jboss" \ + UID="185" \ + USER="jboss" + # Custom scripts from 'jboss.container.user' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.user/configure.sh" ] +###### / +###### END module 'jboss.container.user:2.0+jboss1' + +###### START module 'jboss.container.openjdk:0' +###### \ +###### / +###### END module 'jboss.container.openjdk:0' + +###### START module 'jboss.container.openjdk.jdk:17' +###### \ + # Copy 'jboss.container.openjdk.jdk' module content + COPY modules/jboss.container.openjdk.jdk /tmp/scripts/jboss.container.openjdk.jdk + # Switch to 'root' user for package management for 'jboss.container.openjdk.jdk' module defined packages + USER root + # Install packages defined in the 'jboss.container.openjdk.jdk' module + RUN microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y java-17-openjdk-devel \ + && microdnf clean all \ + && rpm -q java-17-openjdk-devel + # Set 'jboss.container.openjdk.jdk' module defined environment variables + ENV \ + JAVA_HOME="/usr/lib/jvm/java-17" \ + JAVA_VENDOR="openjdk" \ + JAVA_VERSION="17" \ + JBOSS_CONTAINER_OPENJDK_JDK_MODULE="/opt/jboss/container/openjdk/jdk" + # Set 'jboss.container.openjdk.jdk' module defined labels + LABEL \ + org.jboss.product="openjdk" \ + org.jboss.product.openjdk.version="17" \ + org.jboss.product.version="17" + # Custom scripts from 'jboss.container.openjdk.jdk' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.openjdk.jdk/configure.sh" ] +###### / +###### END module 'jboss.container.openjdk.jdk:17' + +###### START module 'jboss.container.wildfly.dynamic-resources:2.0' +###### \ + # Copy 'jboss.container.wildfly.dynamic-resources' module content + COPY modules/jboss.container.wildfly.dynamic-resources /tmp/scripts/jboss.container.wildfly.dynamic-resources + # Custom scripts from 'jboss.container.wildfly.dynamic-resources' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.wildfly.dynamic-resources/install.sh" ] +###### / +###### END module 'jboss.container.wildfly.dynamic-resources:2.0' + +###### START module 'jboss.container.java.proxy:2.0' +###### \ + # Copy 'jboss.container.java.proxy' module content + COPY modules/jboss.container.java.proxy /tmp/scripts/jboss.container.java.proxy + # Set 'jboss.container.java.proxy' module defined environment variables + ENV \ + JBOSS_CONTAINER_JAVA_PROXY_MODULE="/opt/jboss/container/java/proxy" + # Custom scripts from 'jboss.container.java.proxy' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.java.proxy/configure.sh" ] +###### / +###### END module 'jboss.container.java.proxy:2.0' + +###### START module 'jboss.container.java.jvm:1.0' +###### \ + # Copy 'jboss.container.java.jvm' module content + COPY modules/jboss.container.java.jvm /tmp/scripts/jboss.container.java.jvm + # Set 'jboss.container.java.jvm' module defined environment variables + ENV \ + JBOSS_CONTAINER_JAVA_JVM_MODULE="/opt/jboss/container/java/jvm" + # Custom scripts from 'jboss.container.java.jvm' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.java.jvm/configure.sh" ] +###### / +###### END module 'jboss.container.java.jvm:1.0' + +###### START module 'jboss.container.wildfly.run.api:1.0' +###### \ +###### / +###### END module 'jboss.container.wildfly.run.api:1.0' + +###### START module 'jboss.container.wildfly.run.common:1.0' +###### \ + # Copy 'jboss.container.wildfly.run.common' module content + COPY modules/jboss.container.wildfly.run.common /tmp/scripts/jboss.container.wildfly.run.common + # Set 'jboss.container.wildfly.run.common' module defined environment variables + ENV \ + JBOSS_CONTAINER_WILDFLY_RUN_MODULE="/opt/jboss/container/wildfly/run" \ + WILDFLY_OVERRIDING_ENV_VARS="1" + # Custom scripts from 'jboss.container.wildfly.run.common' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.wildfly.run.common/configure.sh" ] +###### / +###### END module 'jboss.container.wildfly.run.common:1.0' + +###### START module 'jboss.container.util.logging:1.0' +###### \ + # Copy 'jboss.container.util.logging' module content + COPY modules/jboss.container.util.logging /tmp/scripts/jboss.container.util.logging + # Set 'jboss.container.util.logging' module defined environment variables + ENV \ + JBOSS_CONTAINER_UTIL_LOGGING_MODULE="/opt/jboss/container/util/logging/" + # Custom scripts from 'jboss.container.util.logging' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.util.logging/configure.sh" ] +###### / +###### END module 'jboss.container.util.logging:1.0' + +###### START module 'jboss.container.wildfly.run:2.0' +###### \ +###### / +###### END module 'jboss.container.wildfly.run:2.0' + +###### START module 'jboss.container.eap.cleanup:1.0' +###### \ + # Copy 'jboss.container.eap.cleanup' module content + COPY modules/jboss.container.eap.cleanup /tmp/scripts/jboss.container.eap.cleanup + # Set 'jboss.container.eap.cleanup' module defined environment variables + ENV \ + JBOSS_HOME="/opt/server" + # Custom scripts from 'jboss.container.eap.cleanup' module + USER 185 + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.eap.cleanup/configure.sh" ] +###### / +###### END module 'jboss.container.eap.cleanup:1.0' + +###### START module 'jboss.container.util.pkg-update:1.0' +###### \ + # Copy 'jboss.container.util.pkg-update' module content + COPY modules/jboss.container.util.pkg-update /tmp/scripts/jboss.container.util.pkg-update + # Custom scripts from 'jboss.container.util.pkg-update' module + USER root + RUN [ "sh", "-x", "/tmp/scripts/jboss.container.util.pkg-update/execute.sh" ] +###### / +###### END module 'jboss.container.util.pkg-update:1.0' + +###### START image 'jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9:1.0.0.Beta' +###### \ + # Switch to 'root' user for package management for 'jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9' image defined packages + USER root + # Install packages defined in the 'jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9' image + RUN microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y hostname jq vim-minimal unzip tar \ + && microdnf clean all \ + && rpm -q hostname jq vim-minimal unzip tar + # Set 'jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9' image defined environment variables + ENV \ + IMAGE_NAME="jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9" \ + IMAGE_VERSION="1.0.0.Beta" \ + SSO_DEFAULT_PROVIDER_NAME="rh-sso" + # Set 'jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9' image defined labels + LABEL \ + com.redhat.component="jboss-eap81-openjdk17-runtime-openshift-container" \ + com.redhat.deployments-dir="/opt/server/standalone/deployments" \ + description="The JBoss EAP 8.1 OpenJDK 17 runtime image" \ + io.cekit.version="4.14.0" \ + io.k8s.description="Base image to run an EAP 8.1 server and application" \ + io.k8s.display-name="JBoss EAP 8.1 runtime image" \ + io.openshift.expose-services="8080:http" \ + io.openshift.tags="javaee,eap,eap8" \ + maintainer="Red Hat" \ + name="jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9" \ + org.jboss.product="eap81-openjdk17-runtime" \ + org.jboss.product.version="1.0.0.Beta" \ + summary="The JBoss EAP 8.1 OpenJDK 17 runtime image" + # Exposed ports in 'jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9' image + EXPOSE 8443 8080 +###### / +###### END image 'jboss-eap-8-tech-preview/eap81-openjdk17-runtime-openshift-rhel9:1.0.0.Beta' + + + + # Switch to 'root' user and remove artifacts and modules + USER root + RUN rm -rf "/tmp/scripts" "/tmp/artifacts" + # Clear package manager metadata + RUN rm -rf "/var/cache/yum" "/var/lib/dnf" "/var/cache/apt" "/var/cache/dnf" + + # Define the user + USER 185 + # Define the working directory + WORKDIR /home/jboss + # Define run cmd + CMD ["sh", "-c", "${JBOSS_CONTAINER_WILDFLY_RUN_MODULE}/run"] +## / +## END target image \ No newline at end of file diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.eap.cleanup/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.eap.cleanup/configure.sh new file mode 100644 index 0000000..e58720d --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.eap.cleanup/configure.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# Configure module +set -e + +ln -s "$JBOSS_HOME" /opt/eap + +# Handle UBI9 specifics, otherwise cloud feature-pack for 8.0 would break +# Only create the link for UBI9 image. +if [ -n "${JBOSS_CONTAINER_JAVA_PROXY_MODULE}" ]; then + if [ ! -f /opt/run-java/proxy-options ]; then + mkdir -p /opt/run-java/ + ln -s "${JBOSS_CONTAINER_JAVA_PROXY_MODULE}/proxy-options" /opt/run-java/proxy-options + fi +fi diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.eap.cleanup/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.eap.cleanup/module.yaml new file mode 100644 index 0000000..78c090b --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.eap.cleanup/module.yaml @@ -0,0 +1,26 @@ +args: [] +artifacts: [] +description: Finalize installation. Create symlink from JBOSS_HOME to /opt/eap +envs: +- name: JBOSS_HOME + value: /opt/server +execute: +- directory: jboss.container.eap.cleanup + module_name: jboss.container.eap.cleanup + name: jboss.container.eap.cleanup/configure.sh + script: configure.sh + user: 185 +labels: [] +modules: + install: [] + repositories: [] +name: jboss.container.eap.cleanup +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '1.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/artifacts/opt/jboss/container/java/jvm/debug-options b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/artifacts/opt/jboss/container/java/jvm/debug-options new file mode 100644 index 0000000..44d14c5 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/artifacts/opt/jboss/container/java/jvm/debug-options @@ -0,0 +1,14 @@ +#!/bin/sh + +# Check for debug options and echo them if enabled. Meant to be included by +# a run script. + +debug_options() { + if [ "x${JAVA_DEBUG}" != "x" ]; then + local debug_port=${JAVA_DEBUG_PORT:-5005} + echo "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${debug_port}" + fi +} + +## Echo options, trimming trailing and multiple spaces +echo "$(debug_options)" | awk '$1=$1' diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/artifacts/opt/jboss/container/java/jvm/java-default-options b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/artifacts/opt/jboss/container/java/jvm/java-default-options new file mode 100644 index 0000000..fba9d15 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/artifacts/opt/jboss/container/java/jvm/java-default-options @@ -0,0 +1,89 @@ +#!/bin/sh +# ================================================================= +# Detect whether running in a container and set appropriate options +# for limiting Java VM resources +# +# Usage: JAVA_OPTS="$(java-default-options.sh)" + +# stubs for jvm specific overrides +jvm_specific_options() { + : +} + +jvm_specific_diagnostics() { + : +} + +# Include overridden jvm_specific_*() functions +if [ -f "${JBOSS_CONTAINER_OPENJDK_JDK_MODULE}/jvm-options" ]; then + source "${JBOSS_CONTAINER_OPENJDK_JDK_MODULE}/jvm-options" +fi + +# Check for memory options and calculate a sane default if not given +max_memory() { + case "$JAVA_MAX_MEM_RATIO" in + "0") # explicitly disabled + return + ;; + "") + maxmem="80.0" + ;; + *) + maxmem="$(printf "%.0f.0" "$JAVA_MAX_MEM_RATIO")" + ;; + esac + echo "-XX:MaxRAMPercentage=$maxmem" +} + +# Switch on diagnostics except when switched off +diagnostics() { + if [ "x$JAVA_DIAGNOSTICS" != "x" ]; then + echo "$(jvm_specific_diagnostics)" + fi +} + +gc_config() { + local minHeapFreeRatio=${GC_MIN_HEAP_FREE_RATIO:-10} + local maxHeapFreeRatio=${GC_MAX_HEAP_FREE_RATIO:-20} + local timeRatio=${GC_TIME_RATIO:-4} + local adaptiveSizePolicyWeight=${GC_ADAPTIVE_SIZE_POLICY_WEIGHT:-90} + local gcOptions="${GC_CONTAINER_OPTIONS:--XX:+UseParallelGC}" + + # for compat reasons we don't set a default value for metaspaceSize + local metaspaceSize + # We also don't set a default value for maxMetaspaceSize + local maxMetaspaceSize=${GC_MAX_METASPACE_SIZE} + + if [ -n "${GC_METASPACE_SIZE}" ]; then + metaspaceSize=${GC_METASPACE_SIZE} + if [ -n "${maxMetaspaceSize}" ]; then + # clamp the max size of metaspaceSize to be <= maxMetaspaceSize + if [ "${metaspaceSize}" -gt "${maxMetaspaceSize}" ]; then + metaspaceSize=${maxMetaspaceSize} + fi + fi + fi + + local allOptions="$(jvm_specific_options) " + allOptions+="${gcOptions} " + allOptions+="-XX:MinHeapFreeRatio=${minHeapFreeRatio} " + allOptions+="-XX:MaxHeapFreeRatio=${maxHeapFreeRatio} " + allOptions+="-XX:GCTimeRatio=${timeRatio} " + allOptions+="-XX:AdaptiveSizePolicyWeight=${adaptiveSizePolicyWeight} " + # if no value was specified for maxMetaSpaceSize we should skip passing it entirely + if [ -n "${maxMetaspaceSize}" ]; then + allOptions+="-XX:MaxMetaspaceSize=${maxMetaspaceSize}m " + fi + if [ -n "${metaspaceSize}" ]; then + allOptions+="-XX:MetaspaceSize=${metaspaceSize}m " + fi + + echo "${allOptions}" +} + +error_handling() { + echo "-XX:+ExitOnOutOfMemoryError" +} + +## Echo options, trimming trailing and multiple spaces +echo "$(max_memory) $(gc_config) $(diagnostics) $(error_handling)" | awk '$1=$1' diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/configure.sh new file mode 100755 index 0000000..79e86ec --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/configure.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/java/jvm/* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/module.yaml new file mode 100644 index 0000000..4092f76 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/module.yaml @@ -0,0 +1,79 @@ +args: [] +artifacts: [] +description: ^ Provides support for configuring Java JVM, e.g. GC settings, etc. Basic + usage is opts=$($JBOSS_CONTAINER_JAVA_JVM_MODULE/java-default-options) +envs: +- name: JBOSS_CONTAINER_JAVA_JVM_MODULE + value: /opt/jboss/container/java/jvm +- description: If set, this prevents all default and generated options (such as JVM + and GC tuning, proxy settings, etc.) from being applied. Instead the user should + specify exactly the `java` options they want in this variable. + example: -verbose:class + name: JAVA_OPTS +- description: User specified Java options to be appended to the generated options. + This variable has no effect if `JAVA_OPTS` has been defined. + example: -Dsome.property=foo + name: JAVA_OPTS_APPEND +- description: Specify the maximum heap memory. Corresponds to the JVM argument `-XX:MaxRAMPercentage`. + The default is `80.0` which means 80% of the available memory. You can disable + this mechanism by setting the value to `0`. The supplied value can be an integer + or float, but only the whole number part is used. + example: '90.0' + name: JAVA_MAX_MEM_RATIO +- description: 'Set this to get some diagnostics information to standard output when + things are happening. **Note: ** This option, if set to true, will set `-XX :+UnlockDiagnosticVMOptions`. + **Disabled by default.**' + example: 'true' + name: JAVA_DIAGNOSTICS +- description: If set remote debugging will be switched on. **Disabled by default.** + example: 'true' + name: JAVA_DEBUG +- description: Port used for remote debugging. Defaults to *5005*. + example: '8787' + name: JAVA_DEBUG_PORT +- description: Minimum percentage of heap free after GC to avoid expansion. + example: '20' + name: GC_MIN_HEAP_FREE_RATIO +- description: Maximum percentage of heap free after GC to avoid shrinking. + example: '40' + name: GC_MAX_HEAP_FREE_RATIO +- description: Specifies the ratio of the time spent outside the garbage collection + (for example, the time spent for application execution) to the time spent in the + garbage collection. + example: '4' + name: GC_TIME_RATIO +- description: The weighting given to the current GC time versus previous GC times. + example: '90' + name: GC_ADAPTIVE_SIZE_POLICY_WEIGHT +- description: The initial metaspace size. + example: '20' + name: GC_METASPACE_SIZE +- description: The maximum metaspace size. + example: '100' + name: GC_MAX_METASPACE_SIZE +- description: specify Java GC to use. The value of this variable should contain the + necessary JRE command-line options to specify the required GC, which will override + the default of `-:+UseParallelGC`. + example: -XX:+UseG1GC + name: GC_CONTAINER_OPTIONS +execute: +- directory: jboss.container.java.jvm + module_name: jboss.container.java.jvm + name: jboss.container.java.jvm/configure.sh + script: configure.sh +labels: [] +modules: + install: + - name: jboss.container.user + - name: jboss.container.java.proxy + repositories: [] +name: jboss.container.java.jvm +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '1.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/gc.feature b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/gc.feature new file mode 100644 index 0000000..1118081 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/gc.feature @@ -0,0 +1,61 @@ +@ubi9 +Feature: Openshift OpenJDK GC tests + + Scenario: Check default GC configuration + Given container is started as uid 1000 + Then container log should contain -XX:+UseParallelGC + And container log should contain -XX:MinHeapFreeRatio=10 + And container log should contain -XX:MaxHeapFreeRatio=20 + And container log should contain -XX:GCTimeRatio=4 + + Scenario: Check GC_MIN_HEAP_FREE_RATIO GC configuration + Given container is started with env + | variable | value | + | GC_MIN_HEAP_FREE_RATIO | 5 | + Then container log should contain -XX:MinHeapFreeRatio=5 + + Scenario: Check GC_MAX_HEAP_FREE_RATIO GC configuration + Given container is started with env + | variable | value | + | GC_MAX_HEAP_FREE_RATIO | 50 | + Then container log should contain -XX:MaxHeapFreeRatio=50 + + Scenario: Check GC_TIME_RATIO GC configuration + Given container is started with env + | variable | value | + | GC_TIME_RATIO | 5 | + Then container log should contain -XX:GCTimeRatio=5 + + Scenario: Check GC_ADAPTIVE_SIZE_POLICY_WEIGHT GC configuration + Given container is started with env + | variable | value | + | GC_ADAPTIVE_SIZE_POLICY_WEIGHT | 80 | + Then container log should contain -XX:AdaptiveSizePolicyWeight=80 + + Scenario: Check GC_MAX_METASPACE_SIZE GC configuration + Given container is started with env + | variable | value | + | GC_MAX_METASPACE_SIZE | 120 | + Then container log should contain -XX:MaxMetaspaceSize=120m + + Scenario: Check GC_CONTAINER_OPTIONS configuration + Given container is started with env + | variable | value | + | GC_CONTAINER_OPTIONS | -XX:+UseG1GC | + Then container log should contain -XX:+UseG1GC + And container log should not contain -XX:+UseParallelGC + + Scenario: Check GC_METASPACE_SIZE GC configuration + Given container is started with env + | variable | value | + | GC_METASPACE_SIZE | 120 | + Then container log should contain -XX:MetaspaceSize=120m + And container log should not contain integer expression expected + + Scenario: Check GC_METASPACE_SIZE constrained by GC_MAX_METASPACE_SIZE GC configuration + Given container is started with env + | variable | value | + | GC_METASPACE_SIZE | 120 | + | GC_MAX_METASPACE_SIZE | 90 | + Then container log should contain -XX:MaxMetaspaceSize=90m + And container log should contain -XX:MetaspaceSize=90m diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/memory.feature b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/memory.feature new file mode 100644 index 0000000..64ca385 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/memory.feature @@ -0,0 +1,41 @@ +Feature: OPENJDK-559 JVM Memory tests + + @ubi9 + Scenario: Check default JVM max heap configuration + Given container is started as uid 1000 + Then container log should contain -XX:MaxRAMPercentage=80.0 + + @ubi9 + Scenario: Check configured JVM max heap configuration and ensure JAVA_MAX_MEM_RATIO accepts floats but only takes whole number part + Given container is started with env + | variable | value | + | JAVA_MAX_MEM_RATIO | 90.4 | + Then container log should contain -XX:MaxRAMPercentage=90.0 + + @ubi9 + Scenario: Ensure JAVA_MAX_MEM_RATIO accepts Integers + Given container is started with env + | variable | value | + | JAVA_MAX_MEM_RATIO | 90 | + Then container log should contain -XX:MaxRAMPercentage=90.0 + + @ubi9 + Scenario: Ensure JAVA_MAX_MEM_RATIO=0 disables parameter + Given container is started with env + | variable | value | + | JAVA_MAX_MEM_RATIO | 0 | + Then container log should not contain -XX:MaxRAMPercentage + + @ubi9 + Scenario: Check default JVM initial heap configuration is unspecified + Given container is started as uid 1000 + Then container log should not contain -XX:InitialRAMPercentage + And container log should not contain -Xms + + # Not the runtime images + @ubi9/openjdk-11 + @ubi9/openjdk-17 + @ubi9/openjdk-21 + Scenario: Ensure Maven doesn't use MaxRAMPercentage=80 + Given s2i build https://github.com/jboss-container-images/openjdk-test-applications from spring-boot-sample-simple + Then s2i build log should match regex INFO Using MAVEN_OPTS.*-XX:MaxRAMPercentage=25.0$ diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/runtime.feature b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/runtime.feature new file mode 100644 index 0000000..4104541 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.jvm/tests/features/runtime.feature @@ -0,0 +1,68 @@ +@ubi9/openjdk-11 +@ubi9/openjdk-17 +@ubi9/openjdk-21 +Feature: Openshift OpenJDK Runtime tests + + @ubi9 + Scenario: Check JAVA_OPTS overrides defaults + Given container is started with env + | variable | value | + | JAVA_OPTS | --show-version | + Then container log should not contain -XX:MaxRAMPercentage + + @ubi9 + Scenario: Check empty JAVA_OPTS overrides defaults + Given container is started with env + | variable | value | + | JAVA_OPTS | | + Then container log should not contain -XX:MaxRAMPercentage + + @ubi9 + Scenario: Check JAVA_OPTS overrides JAVA_OPTS_APPEND + Given container is started with env + | variable | value | + | JAVA_OPTS | -verbose:gc | + | JAVA_OPTS_APPEND | -Xint | + Then container log should contain -verbose:gc + And container log should not contain -Xint + + @ubi9 + Scenario: Check JAVA_APP_NAME can contain spaces (OPENJDK-1551) + Given container is started with env + | variable | value | + | JAVA_APP_NAME | foo bar | + Then container log should not contain exec: bar': not found + + @ubi9 + Scenario: Check default JAVA_APP_DIR (OPENJDK-2034) + When container is ready + Then available container log should contain INFO running in /deployments + + @ubi9 + Scenario: Check custom JAVA_APP_DIR (OPENJDK-2034) + Given container is started with env + | variable | value | + | JAVA_APP_DIR | /home/default | + Then available container log should contain INFO running in /home/default + + @ubi9 + Scenario: Check relative path JAVA_APP_DIR (OPENJDK-2034) + Given container is started with env + | variable | value | + | JAVA_APP_DIR | . | + Then available container log should contain INFO running in /home/default + + @ubi9 + Scenario: Check non-existent path JAVA_APP_DIR (OPENJDK-2034) + Given container is started with env + | variable | value | + | JAVA_APP_DIR | /nope | + Then available container log should contain ERROR No directory /nope found for auto detection + + # Builder images only + Scenario: Ensure JAVA_APP_DIR and S2I work together (OPENJDK-2034) + Given s2i build https://github.com/jboss-container-images/openjdk-test-applications from undertow-servlet + | variable | value | + | JAVA_APP_DIR | /home/default | + | S2I_TARGET_DEPLOYMENTS_DIR | /home/default | + Then container log should contain /home/default/undertow-servlet.jar diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/parse-proxy-url.sh b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/parse-proxy-url.sh new file mode 100644 index 0000000..bade4c7 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/parse-proxy-url.sh @@ -0,0 +1,42 @@ +# Parses proxy URL into components which may be used independently. +# +# Input: +# 1: Proxy URL. If unset will search the following environment variables for +# a default value: https_proxy, http_proxy +# 2: Default scheme. If a scheme is not specified in the URL, this will be +# returned. +# 3: Default port. If a port is not specified in the URL, this will be +# returned. +# +# Output is transferred through the following environment variables: +# * JAVA_PROXY_SCHEME: scheme of proxy URL +# * JAVA_PROXY_USERNAME: proxy user +# * JAVA_PROXY_PASSWORD: proxy password +# * JAVA_PROXY_HOST: proxy host +# * JAVA_PROXY_PORT: proxy port +# +# Example usage: +# source "$JAVA_PROXY_MODULE"/parse-proxy-url.sh "http://user@myproxy.com/" "http" "80" +# if [ -n "$JAVA_PROXY_HOST" ]; then +# # use JAVA_PROXY_ vars +# fi +# + +local JAVA_PROXY_SCHEME= +local JAVA_PROXY_USERNAME= +local JAVA_PROXY_PASSWORD= +local JAVA_PROXY_HOST= +local JAVA_PROXY_PORT= + +local url="${1:-${https_proxy:-${http_proxy}}}" +local default_scheme="$2" +local default_port="$3" + +if [ -n "$url" ] ; then + #[scheme://][user[:password]@]host[:port][/path][?params] + eval $(echo "$1" | sed -e "s+^\(\([^:]*\)://\)\?\(\([^:@]*\)\(:\([^@]*\)\)\?@\)\?\([^:/?]*\)\(:\([^/?]*\)\)\?.*$+JAVA_PROXY_SCHEME='\2' JAVA_PROXY_USERNAME='\4' JAVA_PROXY_PASSWORD='\6' JAVA_PROXY_HOST='\7' JAVA_PROXY_PORT='\9'+") + + JAVA_PROXY_SCHEME="${JAVA_PROXY_SCHEME:-$default_scheme}" + JAVA_PROXY_PORT="${JAVA_PROXY_PORT:-$default_port}" +fi + diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/proxy-options b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/proxy-options new file mode 100644 index 0000000..bced84a --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/proxy-options @@ -0,0 +1,50 @@ +#!/bin/sh + +preConfigure() { + unset JAVA_PROXY_OPTIONS +} +configure() { + JAVA_PROXY_OPTIONS="$(proxy_options)" +} + + +# parse the URL +function parse_url() { + #[scheme://][user[:password]@]host[:port][/path][?params] + echo "$1" | sed -e "s+^\(\([^:]*\)://\)\?\(\([^:@]*\)\(:\([^@]*\)\)\?@\)\?\([^:/?]*\)\(:\([^/?]*\)\)\?.*$+ local scheme='\2' username='\4' password='\6' hostname='\7' port='\9'+" +} + +# Check for proxy options and echo if enabled. +function proxy_options() { + local ret="" + ret="$(java_proxy_options "${https_proxy}" https)" + ret="$ret $(java_proxy_options "${http_proxy}" http)" + + source "$JBOSS_CONTAINER_JAVA_PROXY_MODULE"/translate-no-proxy.sh + if [ -n "$JAVA_PROXY_NONPROXYHOSTS" ] ; then + ret="$ret -Dhttp.nonProxyHosts=$JAVA_PROXY_NONPROXYHOSTS" + fi + echo "$ret" +} + +# internal usage only +function java_proxy_options() { + local url="$1" + local transport="$2" + local ret="" + + if [ -n "$url" ] ; then + source "$JBOSS_CONTAINER_JAVA_PROXY_MODULE"/parse-proxy-url.sh "$url" + if [ -n "$JAVA_PROXY_HOST" ] ; then + ret="-D${transport}.proxyHost=${JAVA_PROXY_HOST}" + fi + if [ -n "$JAVA_PROXY_PORT" ] ; then + ret="$ret -D${transport}.proxyPort=${JAVA_PROXY_PORT}" + fi + if [ -n "$JAVA_PROXY_USERNAME" -o -n "$JAVA_PROXY_PASSWORD" ] ; then + echo "WARNING: Proxy URL for ${transport} contains authentication credentials, these are not supported by java" >&2 + fi + fi + echo "$ret" +} + diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/translate-no-proxy.sh b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/translate-no-proxy.sh new file mode 100644 index 0000000..3e1fd61 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/artifacts/opt/jboss/container/java/proxy/translate-no-proxy.sh @@ -0,0 +1,22 @@ +# Translates no_proxy environment variables into a format consumable +# by Java +# +# Output is transferred through the following environment variables: +# * JAVA_PROXY_NONPROXYHOSTS: list of no-proxy hosts formatted for Java +# +# Example usage: +# source "$JAVA_PROXY_MODULE"/translate-no-proxy.sh +# if [ -n "$JAVA_PROXY_NONPROXYHOSTS" ]; then +# # use JAVA_PROXY_NONPROXYHOSTS +# fi +# + +local JAVA_PROXY_NONPROXYHOSTS= + +local noProxy="${no_proxy}" +if [ -n "$noProxy" ]; then + noProxy="${noProxy//,/|}" + noProxy="${noProxy//|./|*.}" + noProxy="${noProxy/#./*.}" + JAVA_PROXY_NONPROXYHOSTS="${noProxy}" +fi diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/configure.sh new file mode 100755 index 0000000..4f485eb --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/configure.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/java/proxy* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/module.yaml new file mode 100644 index 0000000..6229cd2 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.java.proxy/module.yaml @@ -0,0 +1,39 @@ +args: [] +artifacts: [] +description: ^ Provides support configuring proxy settings in Java. Basic usage is + opts=$(source $JBOSS_CONTAINER_JAVA_PROXY_MODULE; proxy_options) +envs: +- name: JBOSS_CONTAINER_JAVA_PROXY_MODULE + value: /opt/jboss/container/java/proxy +- description: The location of the https proxy. This takes precedence over **http_proxy** + and will be used for both Maven builds and Java runtime. + example: myuser:mypass@127.0.0.1:8080 + name: https_proxy +- description: The location of the http proxy. This will be used for both Maven builds + and Java runtime. + example: http://127.0.0.1:8080 + name: http_proxy +- description: A comma separated lists of hosts, IP addresses or domains that can + be accessed directly. This will be used for both Maven builds and Java runtime. + example: foo.example.com,*.example.org + name: no_proxy +execute: +- directory: jboss.container.java.proxy + module_name: jboss.container.java.proxy + name: jboss.container.java.proxy/configure.sh + script: configure.sh +labels: [] +modules: + install: + - name: jboss.container.user + repositories: [] +name: jboss.container.java.proxy +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '2.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/artifacts/opt/jboss/container/openjdk/jdk/jvm-options b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/artifacts/opt/jboss/container/openjdk/jdk/jvm-options new file mode 100644 index 0000000..a6a96dc --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/artifacts/opt/jboss/container/openjdk/jdk/jvm-options @@ -0,0 +1,10 @@ + +#!/bin/sh +# ============================================================================== +# JDK specific customizations +# +# ============================================================================== + +function jvm_specific_diagnostics() { + echo "-Xlog:gc::utctime -XX:NativeMemoryTracking=summary" +} diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/configure.sh new file mode 100755 index 0000000..45c6195 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/configure.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd + +# Set this JDK as the alternative in use +_arch="$(uname -i)" +alternatives --set java java-17-openjdk.${_arch} +alternatives --set javac java-17-openjdk.${_arch} +alternatives --set java_sdk_openjdk java-17-openjdk.${_arch} +alternatives --set jre_openjdk java-17-openjdk.${_arch} + +# Update securerandom.source for quicker starts (must be done after removing jdk 8, or it will hit the wrong files) +JAVA_SECURITY_FILE=/usr/lib/jvm/java/conf/security/java.security +SECURERANDOM=securerandom.source +if grep -q "^$SECURERANDOM=.*" $JAVA_SECURITY_FILE; then + sed -i "s|^$SECURERANDOM=.*|$SECURERANDOM=file:/dev/urandom|" $JAVA_SECURITY_FILE +else + echo $SECURERANDOM=file:/dev/urandom >> $JAVA_SECURITY_FILE +fi diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/module.yaml new file mode 100644 index 0000000..43cb5e6 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk.jdk/module.yaml @@ -0,0 +1,41 @@ +args: [] +artifacts: [] +description: Installs the JDK for OpenJDK 17. +envs: +- name: JAVA_HOME + value: /usr/lib/jvm/java-17 +- name: JAVA_VENDOR + value: openjdk +- name: JAVA_VERSION + value: '17' +- name: JBOSS_CONTAINER_OPENJDK_JDK_MODULE + value: /opt/jboss/container/openjdk/jdk +execute: +- directory: jboss.container.openjdk.jdk + module_name: jboss.container.openjdk.jdk + name: jboss.container.openjdk.jdk/configure.sh + script: configure.sh +labels: +- name: org.jboss.product + value: openjdk +- name: org.jboss.product.version + value: '17' +- name: org.jboss.product.openjdk.version + value: '17' +modules: + install: + - name: jboss.container.user + - name: jboss.container.openjdk + repositories: [] +name: jboss.container.openjdk.jdk +osbs: + configuration: {} + repository: {} +packages: + install: + - java-17-openjdk-devel + repositories: [] +ports: [] +schema_version: 1 +version: '17' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/artifacts/opt/jboss/container/openjdk/jdk/jvm-options b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/artifacts/opt/jboss/container/openjdk/jdk/jvm-options new file mode 100644 index 0000000..8b5b09c --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/artifacts/opt/jboss/container/openjdk/jdk/jvm-options @@ -0,0 +1,10 @@ + +#!/bin/sh +# ============================================================================== +# JDK specific customizations +# +# ============================================================================== + +function jvm_specific_diagnostics() { + echo "-Xlog:gc::utctime -XX:NativeMemoryTracking=summary -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMTStatistics -verbose:gc" +} diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/configure.sh new file mode 100755 index 0000000..635b0cf --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/configure.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd + +# Set this JDK as the alternative in use +_arch="$(uname -i)" +alternatives --set java java-11-openjdk.${_arch} +alternatives --set javac java-11-openjdk.${_arch} +alternatives --set java_sdk_openjdk java-11-openjdk.${_arch} +alternatives --set jre_openjdk java-11-openjdk.${_arch} + +# Update securerandom.source for quicker starts (must be done after removing jdk 8, or it will hit the wrong files) +JAVA_SECURITY_FILE=/usr/lib/jvm/java/conf/security/java.security +SECURERANDOM=securerandom.source +if grep -q "^$SECURERANDOM=.*" $JAVA_SECURITY_FILE; then + sed -i "s|^$SECURERANDOM=.*|$SECURERANDOM=file:/dev/urandom|" $JAVA_SECURITY_FILE +else + echo $SECURERANDOM=file:/dev/urandom >> $JAVA_SECURITY_FILE +fi diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/module.yaml new file mode 100644 index 0000000..8c9e50b --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/11/module.yaml @@ -0,0 +1,36 @@ +schema_version: 1 + +name: "jboss.container.openjdk.jdk" +description: "Installs the JDK for OpenJDK 11." +version: "11" + +labels: +- name: "org.jboss.product" + value: "openjdk" +- name: "org.jboss.product.version" + value: "11" +- name: "org.jboss.product.openjdk.version" + value: "11" + +envs: +- name: "JAVA_HOME" + value: "/usr/lib/jvm/java-11" +- name: "JAVA_VENDOR" + value: "openjdk" +- name: "JAVA_VERSION" + value: "11" +- name: JBOSS_CONTAINER_OPENJDK_JDK_MODULE + value: /opt/jboss/container/openjdk/jdk + +packages: + install: + - java-11-openjdk-devel + - tzdata-java + +modules: + install: + - name: jboss.container.user + - name: jboss.container.openjdk + +execute: +- script: configure.sh diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/artifacts/opt/jboss/container/openjdk/jdk/jvm-options b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/artifacts/opt/jboss/container/openjdk/jdk/jvm-options new file mode 100644 index 0000000..a6a96dc --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/artifacts/opt/jboss/container/openjdk/jdk/jvm-options @@ -0,0 +1,10 @@ + +#!/bin/sh +# ============================================================================== +# JDK specific customizations +# +# ============================================================================== + +function jvm_specific_diagnostics() { + echo "-Xlog:gc::utctime -XX:NativeMemoryTracking=summary" +} diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/configure.sh new file mode 100755 index 0000000..45c6195 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/configure.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd + +# Set this JDK as the alternative in use +_arch="$(uname -i)" +alternatives --set java java-17-openjdk.${_arch} +alternatives --set javac java-17-openjdk.${_arch} +alternatives --set java_sdk_openjdk java-17-openjdk.${_arch} +alternatives --set jre_openjdk java-17-openjdk.${_arch} + +# Update securerandom.source for quicker starts (must be done after removing jdk 8, or it will hit the wrong files) +JAVA_SECURITY_FILE=/usr/lib/jvm/java/conf/security/java.security +SECURERANDOM=securerandom.source +if grep -q "^$SECURERANDOM=.*" $JAVA_SECURITY_FILE; then + sed -i "s|^$SECURERANDOM=.*|$SECURERANDOM=file:/dev/urandom|" $JAVA_SECURITY_FILE +else + echo $SECURERANDOM=file:/dev/urandom >> $JAVA_SECURITY_FILE +fi diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/module.yaml new file mode 100644 index 0000000..3fd1cd4 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/17/module.yaml @@ -0,0 +1,35 @@ +schema_version: 1 + +name: "jboss.container.openjdk.jdk" +description: "Installs the JDK for OpenJDK 17." +version: "17" + +labels: +- name: "org.jboss.product" + value: "openjdk" +- name: "org.jboss.product.version" + value: "17" +- name: "org.jboss.product.openjdk.version" + value: "17" + +envs: +- name: "JAVA_HOME" + value: "/usr/lib/jvm/java-17" +- name: "JAVA_VENDOR" + value: "openjdk" +- name: "JAVA_VERSION" + value: "17" +- name: JBOSS_CONTAINER_OPENJDK_JDK_MODULE + value: /opt/jboss/container/openjdk/jdk + +packages: + install: + - java-17-openjdk-devel + +modules: + install: + - name: jboss.container.user + - name: jboss.container.openjdk + +execute: +- script: configure.sh diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/artifacts/opt/jboss/container/openjdk/jdk/jvm-options b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/artifacts/opt/jboss/container/openjdk/jdk/jvm-options new file mode 100644 index 0000000..a6a96dc --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/artifacts/opt/jboss/container/openjdk/jdk/jvm-options @@ -0,0 +1,10 @@ + +#!/bin/sh +# ============================================================================== +# JDK specific customizations +# +# ============================================================================== + +function jvm_specific_diagnostics() { + echo "-Xlog:gc::utctime -XX:NativeMemoryTracking=summary" +} diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/configure.sh new file mode 100755 index 0000000..d9bc042 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/configure.sh @@ -0,0 +1,30 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd + +# Set this JDK as the alternative in use +_arch="$(uname -i)" +alternatives --set java java-21-openjdk.${_arch} +alternatives --set javac java-21-openjdk.${_arch} +alternatives --set java_sdk_openjdk java-21-openjdk.${_arch} +alternatives --set jre_openjdk java-21-openjdk.${_arch} + +# Update securerandom.source for quicker starts (must be done after removing jdk 8, or it will hit the wrong files) +JAVA_SECURITY_FILE=/usr/lib/jvm/java/conf/security/java.security +SECURERANDOM=securerandom.source +if grep -q "^$SECURERANDOM=.*" $JAVA_SECURITY_FILE; then + sed -i "s|^$SECURERANDOM=.*|$SECURERANDOM=file:/dev/urandom|" $JAVA_SECURITY_FILE +else + echo $SECURERANDOM=file:/dev/urandom >> $JAVA_SECURITY_FILE +fi diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/module.yaml new file mode 100644 index 0000000..fe2f4a5 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/21/module.yaml @@ -0,0 +1,35 @@ +schema_version: 1 + +name: "jboss.container.openjdk.jdk" +description: "Installs the JDK for OpenJDK 21." +version: &jdkver "21" + +labels: +- name: "org.jboss.product" + value: "openjdk" +- name: "org.jboss.product.version" + value: *jdkver +- name: "org.jboss.product.openjdk.version" + value: *jdkver + +envs: +- name: "JAVA_HOME" + value: "/usr/lib/jvm/java-21" +- name: "JAVA_VENDOR" + value: "openjdk" +- name: "JAVA_VERSION" + value: *jdkver +- name: JBOSS_CONTAINER_OPENJDK_JDK_MODULE + value: /opt/jboss/container/openjdk/jdk + +packages: + install: + - java-21-openjdk-devel + +modules: + install: + - name: jboss.container.user + - name: jboss.container.openjdk + +execute: +- script: configure.sh diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/artifacts/opt/jboss/container/openjdk/jdk/jvm-options b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/artifacts/opt/jboss/container/openjdk/jdk/jvm-options new file mode 100644 index 0000000..31e1a45 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/artifacts/opt/jboss/container/openjdk/jdk/jvm-options @@ -0,0 +1,10 @@ + +#!/bin/sh +# ============================================================================== +# JDK specific customizations +# +# ============================================================================== + +function jvm_specific_diagnostics() { + echo "-XX:NativeMemoryTracking=summary -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -XX:+UnlockDiagnosticVMOptions -XX:+PrintNMTStatistics -verbose:gc" +} diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/configure.sh new file mode 100755 index 0000000..64bd513 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/configure.sh @@ -0,0 +1,23 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/openjdk/jdk/* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd + +# Set this JDK as the alternative in use +_arch="$(uname -i)" +alternatives --set java java-1.8.0-openjdk.${_arch} +alternatives --set javac java-1.8.0-openjdk.${_arch} +alternatives --set java_sdk_openjdk java-1.8.0-openjdk.${_arch} +alternatives --set jre_openjdk java-1.8.0-openjdk.${_arch} + +echo securerandom.source=file:/dev/urandom >> /usr/lib/jvm/java/jre/lib/security/java.security diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/module.yaml new file mode 100644 index 0000000..d85cce5 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/8/module.yaml @@ -0,0 +1,35 @@ +schema_version: 1 + +name: "jboss.container.openjdk.jdk" +description: "Installs the JDK for OpenJDK 8." +version: "8" + +labels: +- name: "org.jboss.product" + value: "openjdk" +- name: "org.jboss.product.version" + value: "1.8.0" +- name: "org.jboss.product.openjdk.version" + value: "1.8.0" + +envs: +- name: "JAVA_HOME" + value: "/usr/lib/jvm/java-1.8.0" +- name: "JAVA_VENDOR" + value: "openjdk" +- name: "JAVA_VERSION" + value: "1.8.0" +- name: JBOSS_CONTAINER_OPENJDK_JDK_MODULE + value: /opt/jboss/container/openjdk/jdk + +packages: + install: + - java-1.8.0-openjdk-devel + +modules: + install: + - name: jboss.container.user + - name: jboss.container.openjdk + +execute: +- script: configure.sh diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/module.yaml new file mode 100644 index 0000000..9771590 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/module.yaml @@ -0,0 +1,19 @@ +args: [] +artifacts: [] +description: A dummy descriptor to couple tests with jdk modules +envs: [] +execute: [] +labels: [] +modules: + install: [] + repositories: [] +name: jboss.container.openjdk +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/tests/features/openjdk.feature b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/tests/features/openjdk.feature new file mode 100644 index 0000000..1bace56 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.openjdk/tests/features/openjdk.feature @@ -0,0 +1,98 @@ +Feature: Miscellaneous OpenJDK-related unit tests + + @ubi9/openjdk-11 + @ubi9/openjdk-11-runtime + Scenario: Check that only OpenJDK 11 is installed + When container is started with args + | arg | value | + | command | rpm -qa | + Then available container log should not contain java-1.8.0 + Then available container log should not contain java-17 + Then available container log should not contain java-21 + + @ubi9/openjdk-17 + @ubi9/openjdk-17-runtime + Scenario: Check that only OpenJDK 17 is installed + When container is started with args + | arg | value | + | command | rpm -qa | + Then available container log should not contain java-1.8.0 + Then available container log should not contain java-11 + Then available container log should not contain java-21 + + @ubi9/openjdk-21 + @ubi9/openjdk-21-runtime + Scenario: Check that only OpenJDK 21 is installed + When container is started with args + | arg | value | + | command | rpm -qa | + Then available container log should not contain java-1.8.0 + Then available container log should not contain java-11 + Then available container log should not contain java-17 + + @ubi9 + Scenario: Ensure JAVA_HOME is defined and contains Java + When container is started with args + | arg | value | + | command | bash -c "$JAVA_HOME/bin/java -version" | + Then available container log should contain OpenJDK Runtime Environment + + @ubi9 + Scenario: Check that certain non-UBI packages are not installed + When container is started with args + | arg | value | + | command | rpm -qa | + Then available container log should not contain grub + Then available container log should not contain os-prober + Then available container log should not contain rpm-plugin-systemd-inhibit + + @ubi9/openjdk-11 + @ubi9/openjdk-11-runtime + Scenario: Check that directories from other JDKs are not present (JDK11) + When container is started with args + | arg | value | + | command | ls -1 /usr/lib/jvm | + Then available container log should not contain java-1.8.0 + Then available container log should not contain java-17 + Then available container log should not contain java-21 + + @ubi9/openjdk-17 + @ubi9/openjdk-17-runtime + Scenario: Check that directories from other JDKs are not present (JDK17) + When container is started with args + | arg | value | + | command | ls -1 /usr/lib/jvm | + Then available container log should not contain java-1.8.0 + Then available container log should not contain java-11 + Then available container log should not contain java-21 + + @ubi9/openjdk-21 + @ubi9/openjdk-21-runtime + Scenario: Check that directories from other JDKs are not present (JDK21) + When container is started with args + | arg | value | + | command | ls -1 /usr/lib/jvm | + Then available container log should not contain java-1.8.0 + Then available container log should not contain java-11 + Then available container log should not contain java-17 + + @ubi9 + Scenario: Ensure LANG is defined and contains UTF-8 + When container is started with args + | arg | value | + | command | bash -c "$JAVA_HOME/bin/java -XshowSettings:properties -version" | + Then available container log should contain file.encoding = UTF-8 + + @ubi9 + Scenario: Ensure tar is installed (OPENJDK-1165) + When container is started with args + | arg | value | + | command | tar | + Then available container log should not contain command not found + + @ubi9 + Scenario: Ensure tzdata RPM is properly installed (OPENJDK-2519) + When container is started with args + | arg | value | + | command | rpm -V tzdata | + Then available container log should not contain missing diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.user/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.user/configure.sh new file mode 100644 index 0000000..1b47d93 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.user/configure.sh @@ -0,0 +1,11 @@ +#!/bin/bash +set -e + +# Create a user and group used to launch processes +# We use the ID 185 for the group as well as for the user. +# This ID is registered static ID for the JBoss EAP product +# on RHEL which makes it safe to use. +groupadd -r $USER -g $UID && useradd -u $UID -r -g root -G $USER -m -d $HOME -s /sbin/nologin -c "$GECOS" $USER + +# OPENJDK-533, OPENJDK-556: correct permissions for OpenShift etc +chmod 0770 $HOME diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.user/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.user/module.yaml new file mode 100644 index 0000000..0e15e98 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.user/module.yaml @@ -0,0 +1,38 @@ +args: [] +artifacts: [] +description: Configures the jboss user and permissions. This module should be included + by all images. +envs: +- name: USER + value: jboss +- name: UID + value: 185 +- name: HOME + value: /home/jboss +- name: GECOS + value: JBoss user +execute: +- directory: jboss.container.user + module_name: jboss.container.user + name: jboss.container.user/configure.sh + script: configure.sh +labels: [] +modules: + install: [] + repositories: [] +name: jboss.container.user +osbs: + configuration: {} + repository: {} +packages: + install: + - shadow-utils + repositories: [] +ports: [] +run: + name: run + user: 185 + workdir: /home/jboss +schema_version: 1 +version: 2.0+jboss1 +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/artifacts/opt/jboss/container/util/logging/logging.sh b/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/artifacts/opt/jboss/container/util/logging/logging.sh new file mode 100644 index 0000000..5d1bc83 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/artifacts/opt/jboss/container/util/logging/logging.sh @@ -0,0 +1,31 @@ +if [ -z "$(type -t log_warning)" ]; then + +BLACK='\033[0;30m' +RED='\033[0;31m' +YELLOW='\033[0;33m' +DEFAULT='\033[0m' + +function log_warning() { + local message="${1}" + + echo >&2 -e "${YELLOW}WARN ${message}${DEFAULT}" +} + +function log_error() { + local message="${1}" + + echo >&2 -e "${RED}ERROR ${message}${DEFAULT}" +} + +function log_info() { + local message="${1}" + + echo >&2 -e "INFO ${message}" +} + +if [ "${LOGGING_SCRIPT_DEBUG}" = "true" ] ; then + set -x + log_info "Script debugging is enabled, allowing bash commands and their arguments to be printed as they are executed" +fi + +fi diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/configure.sh new file mode 100755 index 0000000..470528d --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/configure.sh @@ -0,0 +1,14 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R $USER:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/util/logging/* + +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/module.yaml new file mode 100644 index 0000000..e915d5f --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.util.logging/module.yaml @@ -0,0 +1,30 @@ +args: [] +artifacts: [] +description: Provides support for script logging, e.g. colorization of levels, redirection + to stderr, etc. +envs: +- name: JBOSS_CONTAINER_UTIL_LOGGING_MODULE + value: /opt/jboss/container/util/logging/ +- description: Set to true to enable script debugging. + example: true + name: LOGGING_SCRIPT_DEBUG +execute: +- directory: jboss.container.util.logging + module_name: jboss.container.util.logging + name: jboss.container.util.logging/configure.sh + script: configure.sh +labels: [] +modules: + install: + - name: jboss.container.user + repositories: [] +name: jboss.container.util.logging +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '1.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.util.pkg-update/execute.sh b/container-images/jdk17/runtime-image/modules/jboss.container.util.pkg-update/execute.sh new file mode 100755 index 0000000..eff66ce --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.util.pkg-update/execute.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -euo pipefail + +for candidate in yum dnf microdnf; do + if command -v "$candidate"; then + mgr="$(command -v "$candidate")" + "$mgr" update --setopt=install_weak_deps=0 --setopt=tsflags=nodocs -y + "$mgr" -y clean all + exit + fi +done + +echo "cannot find a package manager" >&2 +exit 1 diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.util.pkg-update/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.util.pkg-update/module.yaml new file mode 100644 index 0000000..e6c8443 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.util.pkg-update/module.yaml @@ -0,0 +1,23 @@ +args: [] +artifacts: [] +description: Perform a system update via the package manager. +envs: [] +execute: +- directory: jboss.container.util.pkg-update + module_name: jboss.container.util.pkg-update + name: jboss.container.util.pkg-update/execute.sh + script: execute.sh +labels: [] +modules: + install: [] + repositories: [] +name: jboss.container.util.pkg-update +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '1.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/dynamic_resources.sh b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/dynamic_resources.sh new file mode 100644 index 0000000..84cef9b --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/dynamic_resources.sh @@ -0,0 +1,73 @@ +#!/bin/sh + +if [ "${SCRIPT_DEBUG}" = "true" ] ; then + set -x + echo "Script debugging is enabled, allowing bash commands and their arguments to be printed as they are executed" +fi + +# For backward compatibility: CONTAINER_HEAP_PERCENT is old variable name +JAVA_MAX_MEM_RATIO=${JAVA_MAX_MEM_RATIO:-${CONTAINER_HEAP_PERCENT:+$(echo "${CONTAINER_HEAP_PERCENT}" "100" | awk '{ printf "%d", $1 * $2 }')}} + +function source_java_run_scripts() { + # load java options functions + source "${JBOSS_CONTAINER_JAVA_JVM_MODULE}/java-default-options" +} + +source_java_run_scripts + +# Returns a set of options that are not supported by the current jvm. The idea +# is that java-default-options always configures settings for the latest jvm. +# That said, it is possible that the configuration won't map to previous +# versions of the jvm. In those cases, it might be better to have different +# implementations of java-default-options for each version of the jvm (e.g. a +# private implementation that is sourced by java-default-options based on the +# jvm version). This would allow for the defaults to be tuned for the version +# of the jvm being used. +unsupported_options() { + if [[ $($JAVA_HOME/bin/java -version 2>&1 | awk -F "\"" '/version/{ print $2}') == *"1.7"* ]]; then + echo "(-XX:NativeMemoryTracking=[^ ]*|-XX:+PrintGCDateStamps|-XX:+UnlockDiagnosticVMOptions|-XX:CICompilerCount=[^ ]*|-XX:GCTimeRatio=[^ ]*|-XX:MaxMetaspaceSize=[^ ]*|-XX:AdaptiveSizePolicyWeight=[^ ]*)" + else + echo "(--XX:MaxPermSize=[^ ]*)" + fi +} + +# Merge default java options into the passed argument +adjust_java_options() { + local options="$@" + local remove_xms + # nuke any hard-coded memory settings. java-default-options won't add these + # if they're already specified + JAVA_OPTS="$(echo $JAVA_OPTS| sed -re 's/(-Xmx[^ ]*|-Xms[^ ]*)//g')" + local java_options=$(source "${JBOSS_CONTAINER_JAVA_JVM_MODULE}/java-default-options") + local unsupported="$(unsupported_options)" + for option in $java_options; do + if [[ ${option} == "-Xmx"* ]]; then + if [[ "$options" == *"-Xmx"* ]]; then + options=$(echo $options | sed -e "s/-Xmx[^ ]*/${option}/") + else + options="${options} ${option}" + fi + if [ "x$remove_xms" == "x" ]; then + remove_xms=1 + fi + elif [[ ${option} == "-Xms"* ]]; then + if [[ "$options" == *"-Xms"* ]]; then + options=$(echo $options | sed -e "s/-Xms[^ ]*/${option}/") + else + options="${options} ${option}" + fi + remove_xms=0 + elif $(echo "$options" | grep -Eq -- "${option%=*}(=[^ ]*)?(\s|$)") ; then + options=$(echo $options | sed -re "s@${option%=*}(=[^ ]*)?(\s|$)@${option}\2@") + else + options="${options} ${option}" + fi + done + + if [[ "x$remove_xms" == "x1" ]]; then + options=$(echo $options | sed -e "s/-Xms[^ ]*/ /") + fi + + options=$(echo "${options}"| sed -re "s@${unsupported}(\s)?@@g") + echo "${options}" +} diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/install.sh b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/install.sh new file mode 100644 index 0000000..2b1e914 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/install.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +SCRIPT_DIR=$(dirname $0) + +# Add jboss user to root group +usermod -g root -G jboss jboss + +mkdir -p /usr/local/dynamic-resources +cp -p $SCRIPT_DIR/dynamic_resources.sh /usr/local/dynamic-resources/ + +chown -R jboss:root /usr/local/dynamic-resources/ +chmod -R g+rwX $dir /usr/local/dynamic-resources/ diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/module.yaml new file mode 100644 index 0000000..5a10cdc --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.dynamic-resources/module.yaml @@ -0,0 +1,26 @@ +args: [] +artifacts: [] +description: Legacy dynamic-resources script package, UBI9. +envs: +- description: Deprecated. See JAVA_MAX_MEM_RATIO. + example: 0.5 + name: CONTAINER_HEAP_PERCENT +execute: +- directory: jboss.container.wildfly.dynamic-resources + module_name: jboss.container.wildfly.dynamic-resources + name: jboss.container.wildfly.dynamic-resources/install.sh + script: install.sh +labels: [] +modules: + install: [] + repositories: [] +name: jboss.container.wildfly.dynamic-resources +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '2.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.api/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.api/module.yaml new file mode 100644 index 0000000..1b29576 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.api/module.yaml @@ -0,0 +1,59 @@ +args: [] +artifacts: [] +description: Env variable to configure the server for cloud execution. JVM is automatically + configured, all Java VM related env variables are supported. +envs: +- description: By default executed CLI script output is redirected to '/tmp/server-cli-execution-output-file.txt' + file (or '/tmp/cli-script-output-.cli' when cloud feature-pack is + used). Set this env variable to 'CONSOLE' for output to be displayed in the console. + Set this env variable to a file path for output to be redirected in the provided + file. + name: CLI_EXECUTION_OUTPUT +- description: Set this variable to true to disable server shutdown. You are then + in charge to explicitly kill the server by your own mean. + name: CLI_GRACEFUL_SHUTDOWN +- description: A path to a CLI script to execute at server launch time. The path can + be absolute or relative to $JBOSS_HOME directory. If an error occurs during script + execution, the server startup aborts and CLI errors are displayed in the console. + Management operations that imply a restart of the server are not supported in + such CLI script. + name: CLI_LAUNCH_SCRIPT +- description: To append options to JAVA_OPTS env variable. + name: JAVA_OPTS_APPEND +- description: Set jboss.node.name property value. + name: JBOSS_NODE_NAME +- description: Use this env variable to set the server port offset. This is advised + practice instead of directly setting jboss.socket.binding.port-offset in the SERVER_ARGS. + It allows the server shutdown logic to connect to the running server to do a clean + CLI shutdown. + name: PORT_OFFSET +- description: In order to provide arguments to the launched server. + name: SERVER_ARGS +- description: True by default. That is the value passed to '-Dwildfly.statistics-enabled' + system property when launching the server. Set it to 'false' to disable statistics. + name: SERVER_ENABLE_STATISTICS +- description: In order to override the server launch script called by the image entry-point, + set this env variable to the name of a bash file located in the '$JBOSS_HOME/bin' + directory. + name: SERVER_LAUNCH_SCRIPT_OVERRIDE +- description: By default the management interface is bound to 0.0.0.0 address. You + can change this default using this env variable. + name: SERVER_MANAGEMENT_BIND_ADDRESS +- description: By default the public interface is bound to the hostname ip address. + You can change this default using this env variable. + name: SERVER_PUBLIC_BIND_ADDRESS +execute: [] +labels: [] +modules: + install: [] + repositories: [] +name: jboss.container.wildfly.run.api +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '1.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/artifacts/opt/jboss/container/wildfly/run/run b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/artifacts/opt/jboss/container/wildfly/run/run new file mode 100755 index 0000000..a816695 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/artifacts/opt/jboss/container/wildfly/run/run @@ -0,0 +1,134 @@ +#!/bin/bash + +source "${JBOSS_CONTAINER_UTIL_LOGGING_MODULE}/logging.sh" +source "${JBOSS_CONTAINER_WILDFLY_RUN_MODULE}/run-utils.sh" + +if [ ! -d "${JBOSS_HOME}" ]; then + log_error "*** No installed Server, exiting ***" + exit 1 +fi + +# Un-used, this is a hook to add JPMS options to JVM at startup. +# run_add_jpms_options + +run_setup_shutdown_hook + +#Detects launcher. +if [ -n "${SERVER_LAUNCH_SCRIPT_OVERRIDE}" ]; then + echo "Using custom launcher ${SERVER_LAUNCH_SCRIPT_OVERRIDE}." + actual_launcher="${SERVER_LAUNCH_SCRIPT_OVERRIDE}" +elif [ -f "${JBOSS_HOME}/bin/openshift-launch.sh" ]; then + echo "Using openshift launcher." + actual_launcher=openshift-launch.sh +elif [ -f "${JBOSS_HOME}/bin/standalone-cloud.sh" ]; then + echo "Using cloud launcher." + actual_launcher=standalone-cloud.sh +elif [ -f "${JBOSS_HOME}/bin/standalone.sh" ]; then + echo "Using standalone launcher." + actual_launcher=standalone.sh +fi + +# HANDLE JAVA OPTIONS +source /usr/local/dynamic-resources/dynamic_resources.sh > /dev/null +GC_METASPACE_SIZE=${GC_METASPACE_SIZE:-96} + +JAVA_OPTS="$(adjust_java_options ${JAVA_OPTS})" + +# If JAVA_DIAGNOSTICS and there is jvm_specific_diagnostics, move the settings to PREPEND_JAVA_OPTS +# to bypass the specific EAP checks done on JAVA_OPTS in standalone.sh that could remove the GC EAP specific log configurations +JVM_SPECIFIC_DIAGNOSTICS=$(jvm_specific_diagnostics) +if [ "x$JAVA_DIAGNOSTICS" != "x" ] && [ "x{JVM_SPECIFIC_DIAGNOSTICS}" != "x" ]; then + JAVA_OPTS=${JAVA_OPTS/${JVM_SPECIFIC_DIAGNOSTICS} /} + PREPEND_JAVA_OPTS="${JVM_SPECIFIC_DIAGNOSTICS} ${PREPEND_JAVA_OPTS}" +fi + +# Make sure that we use /dev/urandom (CLOUD-422) +JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom" + +JAVA_OPTS="${JAVA_OPTS} -Djava.net.preferIPv4Stack=true" + +if [ -z "$JBOSS_MODULES_SYSTEM_PKGS" ]; then + JBOSS_MODULES_SYSTEM_PKGS="jdk.nashorn.api,com.sun.crypto.provider" +fi + +if [ -n "$JBOSS_MODULES_SYSTEM_PKGS_APPEND" ]; then + JBOSS_MODULES_SYSTEM_PKGS="$JBOSS_MODULES_SYSTEM_PKGS,$JBOSS_MODULES_SYSTEM_PKGS_APPEND" +fi + + JAVA_OPTS="${JAVA_OPTS} -Djboss.modules.system.pkgs=${JBOSS_MODULES_SYSTEM_PKGS}" + +# DO WE KEEP? +# White list packages for use in ObjectMessages: CLOUD-703 +if [ -n "$MQ_SERIALIZABLE_PACKAGES" ]; then + JAVA_OPTS="${JAVA_OPTS} -Dorg.apache.activemq.SERIALIZABLE_PACKAGES=${MQ_SERIALIZABLE_PACKAGES}" +fi + +# Append to JAVA_OPTS. +JAVA_OPTS="$JAVA_OPTS $JAVA_OPTS_APPEND" + +#Handle proxy options +if [ -f "${JBOSS_CONTAINER_JAVA_PROXY_MODULE}/proxy-options" ]; then + source "${JBOSS_CONTAINER_JAVA_PROXY_MODULE}"/proxy-options +else + source /opt/run-java/proxy-options +fi +eval preConfigure +eval configure + +if [ "${actual_launcher}" == "openshift-launch.sh" ]; then + PREPEND_JAVA_OPTS=$PREPEND_JAVA_OPTS JAVA_OPTS=$JAVA_OPTS $JBOSS_HOME/bin/${actual_launcher} & + pid=$! + wait $pid 2>/dev/null +else + imgName=${JBOSS_IMAGE_NAME:-$IMAGE_NAME} + imgVersion=${JBOSS_IMAGE_VERSION:-$IMAGE_VERSION} + + log_info "Running $imgName image, version $imgVersion" + + # Handle port offset + if [ -n "${PORT_OFFSET}" ]; then + PORT_OFFSET_PROPERTY="-Djboss.socket.binding.port-offset=${PORT_OFFSET}" + fi + + PUBLIC_IP_ADDRESS=${SERVER_PUBLIC_BIND_ADDRESS:-$(hostname -i)} + MANAGEMENT_IP_ADDRESS=${SERVER_MANAGEMENT_BIND_ADDRESS:-0.0.0.0} + ENABLE_STATISTICS=${SERVER_ENABLE_STATISTICS:-true} + + #Ensure node name (FOR NOW NEEDED PERHAPS REVISIT FOR EAP8) + run_init_node_name + + SERVER_ARGS="${JAVA_PROXY_OPTIONS} -Djboss.node.name=${JBOSS_NODE_NAME} -Djboss.tx.node.id=${JBOSS_TX_NODE_ID} ${PORT_OFFSET_PROPERTY} -b ${PUBLIC_IP_ADDRESS} -bmanagement ${MANAGEMENT_IP_ADDRESS} -Dwildfly.statistics-enabled=${ENABLE_STATISTICS} ${SERVER_ARGS}" + + if [ -n "${CLI_LAUNCH_SCRIPT}" ]; then + if [ ! -f "${CLI_LAUNCH_SCRIPT}" ]; then + scriptFile="${JBOSS_HOME}/${CLI_LAUNCH_SCRIPT}" + if [ ! -f "${scriptFile}" ]; then + log_error "${CLI_LAUNCH_SCRIPT} doesn't exist or is not a relative path inside ${JBOSS_HOME}" + exit 1 + fi + else + scriptFile="${CLI_LAUNCH_SCRIPT}" + fi + log_info "Executing CLI script ${scriptFile} during server startup" + markerDir=/tmp/server-cli-boot-hook-dir + rm -rf "${markerDir}" + mkdir "${markerDir}" + bootHookOptions="--start-mode=admin-only -Dorg.wildfly.internal.cli.boot.hook.script=${scriptFile} -Dorg.wildfly.internal.cli.boot.hook.marker.dir=${markerDir}" + outputLocation="${CLI_EXECUTION_OUTPUT:-/tmp/server-cli-execution-output-file.txt}" + if [ "${outputLocation}" == "CONSOLE" ]; then + log_info "CLI execution output displayed in the console" + else + rm -f "${outputLocation}" + bootHookOptions="${bootHookOptions} -Dorg.wildfly.internal.cli.boot.hook.script.output.file=${outputLocation}" + log_info "CLI execution output redirected to ${outputLocation}" + fi + + SERVER_ARGS="${SERVER_ARGS} ${bootHookOptions}" + fi + log_info "Starting server with arguments: ${SERVER_ARGS}" + + # The script must be launched in background for the server to not receive directly signals and allowing for CLI shutdown processed from this script. + PREPEND_JAVA_OPTS=$PREPEND_JAVA_OPTS JAVA_OPTS=$JAVA_OPTS $JBOSS_HOME/bin/${actual_launcher} ${SERVER_ARGS} & + pid=$! + wait $pid 2>/dev/null +fi \ No newline at end of file diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/artifacts/opt/jboss/container/wildfly/run/run-utils.sh b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/artifacts/opt/jboss/container/wildfly/run/run-utils.sh new file mode 100755 index 0000000..71987a2 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/artifacts/opt/jboss/container/wildfly/run/run-utils.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +source "${JBOSS_CONTAINER_UTIL_LOGGING_MODULE}/logging.sh" + +# Some JPMS arguments are specific to cloud, handle them in the main launcher. +# $JBOSS_HOME/bin/standalone.conf extends JAVA_OPTS with arguments. +function run_add_java_options() { + local marker="${1}" + local options="${2}" + local conf_file="$JBOSS_HOME/bin/standalone.conf" + if ! grep -q "$marker" "$conf_file"; then + local jvm_options="$marker +JAVA_OPTS=\"\$JAVA_OPTS ${options}\"" + echo "$jvm_options" >> "$conf_file" + fi +} + +# Un-used, kept as an example in case we have a need to add more JPMS options. +function run_add_jpms_options() { + # Append cloud specific modular options in standalone.conf + SPEC_VERSION="${JAVA_VERSION//1.}" + SPEC_VERSION="${SPEC_VERSION//.*}" + if (( $SPEC_VERSION > 15 )); then + MODULAR_JVM_OPTIONS=`echo $JAVA_OPTS | grep "\-\-add\-modules"` + # if [ "x$MODULAR_JVM_OPTIONS" = "x" ]; then + # if [ "x$RUN_SCRIPT_JPMS_ADD_EXPORT_JNDI_DNS" == "x" ] || [ "x$RUN_SCRIPT_JPMS_ADD_EXPORT_JNDI_DNS" == "xtrue" ]; then + # local option="--add-exports=jdk.naming.dns/com.sun.jndi.dns=ALL-UNNAMED" + # local marker="#JVM modular option ${option} added by image run startup script" + # run_add_java_options "${marker}" "${option}" + # fi + # fi + fi +} + +# Logic to allow for CLI shutdown with a 60secs delay that helps transaction to terminate +function run_clean_shutdown() { + local management_port="" + if [ -n "${PORT_OFFSET}" ]; then + management_port=$((9990 + PORT_OFFSET)) + fi + log_error "*** WildFly wrapper process ($$) received TERM signal ***" + if [ -z ${management_port} ]; then + $JBOSS_HOME/bin/jboss-cli.sh -c "shutdown --timeout=60" + else + $JBOSS_HOME/bin/jboss-cli.sh --commands="connect remote+http://localhost:${management_port},shutdown --timeout=60" + fi + wait $! +} + +function run_setup_shutdown_hook() { + trap "run_clean_shutdown" TERM + trap "run_clean_shutdown" INT + + if [ -n "$CLI_GRACEFUL_SHUTDOWN" ] ; then + trap "" TERM + log_info "Graceful shutdown via a TERM signal has been disabled. Graceful shutdown will need to be initiated via a CLI command." + fi +} + +function run_init_node_name() { + if [ -z "${JBOSS_NODE_NAME}" ] ; then + if [ -n "${NODE_NAME}" ]; then + JBOSS_NODE_NAME="${NODE_NAME}" + elif [ -n "${container_uuid}" ]; then + JBOSS_NODE_NAME="${container_uuid}" + elif [ -n "${HOSTNAME}" ]; then + JBOSS_NODE_NAME="${HOSTNAME}" + else + JBOSS_NODE_NAME="$(hostname)" + fi + fi + # CLOUD-427: truncate transaction node-id JBOSS_TX_NODE_ID to the last 23 characters of the JBOSS_NODE_NAME + if [ ${#JBOSS_NODE_NAME} -gt 23 ]; then + JBOSS_TX_NODE_ID=${JBOSS_NODE_NAME: -23} + else + JBOSS_TX_NODE_ID=${JBOSS_NODE_NAME} + fi +} \ No newline at end of file diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/configure.sh b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/configure.sh new file mode 100644 index 0000000..0cc21c8 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/configure.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# Configure module +set -e + +SCRIPT_DIR=$(dirname $0) +ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts + +chown -R jboss:root $SCRIPT_DIR +chmod -R ug+rwX $SCRIPT_DIR +pushd ${ARTIFACTS_DIR} +cp -pr * / +popd \ No newline at end of file diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/module.yaml new file mode 100644 index 0000000..eea5a3f --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/module.yaml @@ -0,0 +1,28 @@ +args: [] +artifacts: [] +description: Run server in the cloud, common scripts. +envs: +- name: JBOSS_CONTAINER_WILDFLY_RUN_MODULE + value: /opt/jboss/container/wildfly/run +- name: WILDFLY_OVERRIDING_ENV_VARS + value: '1' +execute: +- directory: jboss.container.wildfly.run.common + module_name: jboss.container.wildfly.run.common + name: jboss.container.wildfly.run.common/configure.sh + script: configure.sh +labels: [] +modules: + install: + - name: jboss.container.wildfly.run.api + repositories: [] +name: jboss.container.wildfly.run.common +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '1.0' +volumes: [] diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/test/run.bats b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/test/run.bats new file mode 100644 index 0000000..6e58c32 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run.common/test/run.bats @@ -0,0 +1,84 @@ +#!/usr/bin/env bats +source $BATS_TEST_DIRNAME/../../../../../../../test-common/cli_utils.sh +# fake JBOSS_HOME +export JBOSS_HOME=$BATS_TMPDIR/jboss_home +rm -rf $JBOSS_HOME 2>/dev/null +mkdir -p $JBOSS_HOME/bin/ +touch $JBOSS_HOME/bin/standalone.conf + +export JBOSS_CONTAINER_UTIL_LOGGING_MODULE=$BATS_TMPDIR/logging +mkdir -p "${JBOSS_CONTAINER_UTIL_LOGGING_MODULE}" +cp $BATS_TEST_DIRNAME/../../../../../../../test-common/logging.sh "${JBOSS_CONTAINER_UTIL_LOGGING_MODULE}" +source $BATS_TEST_DIRNAME/../artifacts/opt/jboss/container/wildfly/run/run-utils.sh + +setup() { + rm -f $JBOSS_HOME/bin/standalone.conf + touch $JBOSS_HOME/bin/standalone.conf +} + +@test "Java 8" { + JAVA_VERSION=1.8 + run run_add_jpms_options + [ "${output}" = "" ] + confFile=$(<"${JBOSS_HOME}/bin/standalone.conf") + [ "${confFile}" = "" ] + [ "$status" -eq 0 ] +} + +@test "Java 11" { + JAVA_VERSION=11 + run run_add_jpms_options + [ "${output}" = "" ] + confFile=$(<"${JBOSS_HOME}/bin/standalone.conf") + [ "${confFile}" = "" ] + [ "$status" -eq 0 ] +} + +@test "JBoss Node name set to a value smaller than 23" { + JBOSS_NODE_NAME=foo + run_init_node_name + [ "${JBOSS_NODE_NAME}" = "foo" ] + [ "${JBOSS_TX_NODE_ID}" = "foo" ] +} + +@test "JBOSS_NODE_NAME set" { + JBOSS_NODE_NAME=abcdefghijklmnopqrstuvwxyz123 + run_init_node_name + echo $JBOSS_NODE_NAME + + # Verify that jboss.node.name is untouched + [ "${JBOSS_NODE_NAME}" = "abcdefghijklmnopqrstuvwxyz123" ] + # Verify that jboss.tx.node.id is truncated to last 23 characters + [ "${JBOSS_TX_NODE_ID}" = "ghijklmnopqrstuvwxyz123" ] +} + +@test "Node name set" { + NODE_NAME=abcdefghijklmnopqrstuvwxyz + run_init_node_name + + # Verify that jboss.node.name is untouched + [ "${JBOSS_NODE_NAME}" = "abcdefghijklmnopqrstuvwxyz" ] + # Verify that jboss.tx.node.id is truncated to last 23 characters + [ "${JBOSS_TX_NODE_ID}" = "defghijklmnopqrstuvwxyz" ] +} + +@test "Node name set to value smaller than 23" { + NODE_NAME=abcdef + run_init_node_name + + # Verify that jboss.node.name is untouched + [ "${JBOSS_NODE_NAME}" = "abcdef" ] + # Verify that jboss.tx.node.id is untouched + [ "${JBOSS_TX_NODE_ID}" = "abcdef" ] +} + +@test "Host name set" { + HOSTNAME=abcdefghijklmnopqrstuvwxyz123 + run_init_node_name + echo $JBOSS_NODE_NAME + + # Verify that jboss.node.name is untouched + [ "${JBOSS_NODE_NAME}" = "abcdefghijklmnopqrstuvwxyz123" ] + # Verify that jboss.tx.node.id is truncated to last 23 characters + [ "${JBOSS_TX_NODE_ID}" = "ghijklmnopqrstuvwxyz123" ] +} diff --git a/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run/module.yaml b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run/module.yaml new file mode 100644 index 0000000..0b579d3 --- /dev/null +++ b/container-images/jdk17/runtime-image/modules/jboss.container.wildfly.run/module.yaml @@ -0,0 +1,22 @@ +args: [] +artifacts: [] +description: Run server in the cloud. UBI 9. +envs: [] +execute: [] +labels: [] +modules: + install: + - name: jboss.container.java.jvm + - name: jboss.container.wildfly.run.common + - name: jboss.container.util.logging + repositories: [] +name: jboss.container.wildfly.run +osbs: + configuration: {} + repository: {} +packages: + repositories: [] +ports: [] +schema_version: 1 +version: '2.0' +volumes: []