clean payara6 docker image and adds IT.

62c0bd6e · Emmanuel Bruno · a665fbad · 62c0bd6e · 62c0bd6e · 62c0bd6e
Commit 62c0bd6e authored 3 years ago by Emmanuel Bruno
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -7,11 +7,11 @@ WORKDIR /app
 COPY . /app/
 RUN --mount=type=cache,id=mvncache,target=/root/.m2/repository,rw \
-	mvn -B package
+	mvn -B verify
 ### Then we add the builded war to a JEE server.
 #FROM payara/server-full:5.2021.9-jdk11 as server
-FROM brunoe/payara:jdk11-6 as server
+FROM  brunoe/payara:jdk11-13 as server
 ARG STORE_PASSWORD=changeit
 ## Download the JDBC driver
@@ -25,26 +25,22 @@ RUN apt-get update && \
 USER payara
 ## This script adds a jdbc connection pool and ressource
-COPY docker/post-boot-commands.asadmin $POSTBOOT_COMMANDS
+COPY --chown=payara:payara docker/post-boot-commands.asadmin $POSTBOOT_COMMANDS
 ##
 ## We copy the OUR certificates to payara
-COPY --from=build /app/utils/src/main/resources/mycert.crt  /app/utils/src/main/resources/mycert.p12 /tmp/
+COPY --from=build --chown=payara:payara /app/utils/src/main/resources/mycert.crt  /app/utils/src/main/resources/mycert.p12 /tmp/
-COPY --from=build /app/utils/src/main/resources/mycert-pub.p12  /app/utils/src/main/resources/mycert-pub.p12 /
+COPY --from=build --chown=payara:payara /app/utils/src/main/resources/mycert-pub.p12  /app/utils/src/main/resources/mycert-pub.p12 /
 RUN keytool -importkeystore -noprompt -destkeystore /opt/payara/appserver/glassfish/domains/domain1/config/keystore.jks -srckeystore /tmp/mycert.p12 -srcstoretype PKCS12 -alias mycert -srcstorepass storepass -deststorepass ${STORE_PASSWORD} -deststoretype pkcs12 && \
    keytool -importcert -noprompt -trustcacerts -destkeystore /opt/payara/appserver/glassfish/domains/domain1/config/cacerts.jks -file /tmp/mycert.crt -alias mycert -srcstorepass storepass -deststorepass ${STORE_PASSWORD} -deststoretype pkcs12
-#RUN wget https://github.com/eclipse-ee4j/mojarra/releases/download/3.0.2-RELEASE/jakarta.faces-3.0.2.jar \
-#    -O /opt/payara/appserver/glassfish/modules/jakarta.faces.jar
-#RUN wget https://github.com/eclipse-ee4j/mojarra/releases/download/2.3.17-RELEASE/jakarta.faces-2.3.17.jar \
-#    -O /opt/payara/appserver/glassfish/modules/jakarta.faces.jar
 FROM server as production
-#COPY --from=build /app/jee/restApp/target/*.war \
+#COPY --from=build --chown=payara:payara  /app/jee/restApp/target/*.war \
 #                  $DEPLOY_DIR
-#COPY --from=build /app/jee/wsApp/target/*.war \
+#COPY --from=build --chown=payara:payara /app/jee/wsApp/target/*.war \
 #                  $DEPLOY_DIR
-#COPY --from=build /app/jee/jsf/target/*.war \
+#COPY --from=build --chown=payara:payara /app/jee/jsf/target/*.war \
 #                  $DEPLOY_DIR
-COPY --from=build /app/jee/ear/target/*.ear \
+COPY --from=build --chown=payara:payara /app/jee/ear/target/*.ear \
                  $DEPLOY_DIR
\ No newline at end of file
--- a/docker/payara/Dockerfile
+++ b/docker/payara/Dockerfile
-# FROM azul/zulu-openjdk:8u222 as mypayara
-#FROM eclipse-temurin:17-jdk
 FROM eclipse-temurin:11.0.13_8-jdk-focal
+ENV HOME_DIR=/opt/payara
+ENV PAYARA_DIR=${HOME_DIR}/appserver \
+    SCRIPT_DIR=${HOME_DIR}/scripts \
+    CONFIG_DIR=${HOME_DIR}/config \
+    DEPLOY_DIR=${HOME_DIR}/deployments \
+    PASSWORD_FILE=${HOME_DIR}/passwordFile \
+    ADMIN_USER=admin \
+    ADMIN_PASSWORD=admin \
+    JVM_ARGS="" \
+    MEM_MAX_RAM_PERCENTAGE="70.0" \
+    MEM_XSS="512k"
+ENV PATH="${PATH}:${PAYARA_DIR}/bin"
+ARG TINI_VERSION=v0.19.0
+# Download tini
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini \
+    https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc /
+RUN true \
+    && apt-get update \
+    && apt-get install -y gpg wget unzip\
+    && rm -rf /var/lib/apt/lists/* \
+    && mkdir -p ${HOME_DIR} \
+    && addgroup --gid 1000 payara \
+    && adduser --system --uid 1000 --no-create-home --shell /bin/bash --home "${HOME_DIR}" --gecos "" --ingroup payara payara \
+    && echo payara:payara | chpasswd \
+    && mkdir -p ${PAYARA_DIR} \
+    && mkdir -p ${DEPLOY_DIR} \
+    && mkdir -p ${CONFIG_DIR} \
+    && mkdir -p ${SCRIPT_DIR} \
+    && chown -R payara:payara ${HOME_DIR} \
+    # Verify tini
+    && gpg --verbose --keyserver keyserver.ubuntu.com --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 \
+    && gpg --verify /tini.asc \
+    && chmod +x /tini \
+    && true
+USER payara
+WORKDIR ${HOME_DIR}
 # Default payara ports to expose
 # 4848: admin console
 # 9009: debug port (JPDA)
 # 8080: http
 # 8181: https
-EXPOSE 4848 9009 8080 8181 8686
+EXPOSE 4848 9009 8080 8181
-#ARG PAYARA_VERSION=5.2021.9
+ENV DOMAIN_NAME=domain1 \
-#ARG PAYARA_SHA1=81c43f3c537ec74a813b48172758866615e1e792
+    PAYARA_ARGS="" \
+    PREBOOT_COMMANDS=${CONFIG_DIR}/pre-boot-commands.asadmin \
+    PREBOOT_COMMANDS_FINAL=${CONFIG_DIR}/pre-boot-commands-final.asadmin \
+    POSTBOOT_COMMANDS=${CONFIG_DIR}/post-boot-commands.asadmin \
+    POSTBOOT_COMMANDS_FINAL=${CONFIG_DIR}/post-boot-commands-final.asadmin \
+    DEPLOY_PROPS=""
 ARG PAYARA_VERSION=6.2021.1.Alpha1
 ARG PAYARA_SHA1=0262f8af7e52b318109ed43f8a31a1e93f111bbf
 ARG PAYARA_PKG=https://search.maven.org/remotecontent?filepath=fish/payara/distributions/payara/${PAYARA_VERSION}/payara-${PAYARA_VERSION}.zip
+COPY --chown=payara:payara bin/* ${SCRIPT_DIR}/
-ARG TINI_VERSION=v0.19.0
+#COPY --chown=payara:payara maven/artifacts/payara6 ${PAYARA_DIR}/
-# Initialize the configurable environment variables
-ENV HOME_DIR=/opt/payara\
-    PAYARA_DIR=/opt/payara/appserver\
-    SCRIPT_DIR=/opt/payara/scripts\
-    CONFIG_DIR=/opt/payara/config\
-    DEPLOY_DIR=/opt/payara/deployments\
-    PASSWORD_FILE=/opt/payara/passwordFile\
-    # Payara Server Domain options
-    DOMAIN_NAME=domain1\
-    ADMIN_USER=admin\
-    ADMIN_PASSWORD=admin\
-    # Utility environment variables
-    JVM_ARGS=\
-    PAYARA_ARGS=\
-    DEPLOY_PROPS=\
-    POSTBOOT_COMMANDS=/opt/payara/config/post-boot-commands.asadmin\
-    PREBOOT_COMMANDS=/opt/payara/config/pre-boot-commands.asadmin
-ENV PATH="${PATH}:${PAYARA_DIR}/bin"
-# Create and set the Payara user and working directory owned by the new user
-RUN groupadd -g 1000 payara && \
-    useradd -u 1000 -M -s /bin/bash -d ${HOME_DIR} payara -g payara && \
-    echo payara:payara | chpasswd && \
-    mkdir -p ${DEPLOY_DIR} && \
-    mkdir -p ${CONFIG_DIR} && \
-    mkdir -p ${SCRIPT_DIR} && \
-    chown -R payara: ${HOME_DIR} && \
-    # Install required packages
-    apt-get update && \
-    apt-get install -y wget unzip gpg && \
-    rm -rf /var/lib/apt/lists/*
-# Install tini as minimized init system
-RUN wget --no-verbose -O /tini https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini && \
-    wget --no-verbose -O /tini.asc https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini.asc && \
-    gpg --batch --keyserver "keyserver.ubuntu.com" --recv-keys 595E85A6B1B4779EA4DAAEC70B588DFF0527A9B7 && \
-    gpg --batch --verify /tini.asc /tini && \
-    chmod +x /tini
-USER payara
-WORKDIR ${HOME_DIR}
 # Download and unzip the Payara distribution
 RUN ulimit -n 1024 ; wget --no-verbose -O payara.zip ${PAYARA_PKG} && \
    echo "${PAYARA_SHA1} *payara.zip" | sha1sum -c - && \
    unzip -qq payara.zip -d ./ && \
-    mv payara*/ appserver && \
+    mv payara*/* ${PAYARA_DIR} && rm -rf payara*
-    # Configure the password file for configuring Payara
-    echo "AS_ADMIN_PASSWORD=\nAS_ADMIN_NEWPASSWORD=${ADMIN_PASSWORD}" > /tmp/tmpfile && \
+RUN true \
-    echo "AS_ADMIN_PASSWORD=${ADMIN_PASSWORD}" >> ${PASSWORD_FILE} && \
+    && echo "AS_ADMIN_PASSWORD=\nAS_ADMIN_NEWPASSWORD=${ADMIN_PASSWORD}" > /tmp/password-change-file.txt \
-    # Configure the payara domain
+    && echo "AS_ADMIN_PASSWORD=${ADMIN_PASSWORD}" >> ${PASSWORD_FILE} \
-    ${PAYARA_DIR}/bin/asadmin --user ${ADMIN_USER} --passwordfile=/tmp/tmpfile change-admin-password --domain_name=${DOMAIN_NAME} && \
+    && ${PAYARA_DIR}/bin/asadmin --user ${ADMIN_USER} --passwordfile=/tmp/password-change-file.txt change-admin-password --domain_name=${DOMAIN_NAME} \
-    ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-domain ${DOMAIN_NAME} && \
+    && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} start-domain ${DOMAIN_NAME} \
-    ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} enable-secure-admin && \
+    && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} enable-secure-admin \
-    for MEMORY_JVM_OPTION in $(${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} list-jvm-options | grep "Xm[sx]"); do\
+    && for MEMORY_JVM_OPTION in \
+       $(${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} list-jvm-options | grep "Xm[sx]\|Xss"); \
+       do\
         ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} delete-jvm-options $MEMORY_JVM_OPTION;\
-    done && \
+       done \
-    # FIXME: when upgrading this container to Java 10+, this needs to be changed to '-XX:+UseContainerSupport' and '-XX:MaxRAMPercentage'
+    && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} create-jvm-options \
-#     ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} create-jvm-options '-XX\:+UnlockExperimentalVMOptions:-XX\:+UseCGroupMemoryLimitForHeap:-XX\:MaxRAMFraction=1' && \
+      '-XX\:+UseContainerSupport:-XX\:MaxRAMPercentage=${ENV=MEM_MAX_RAM_PERCENTAGE}:-Xss${ENV=MEM_XSS}' \
-    ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} create-jvm-options '-XX\:+UseContainerSupport:-XX\:MaxRAMPercentage=100' && \
+    && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} \
-    ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} set-log-attributes com.sun.enterprise.server.logging.GFFileHandler.logtoFile=false && \
+      set-log-attributes com.sun.enterprise.server.logging.GFFileHandler.logtoFile=false \
-    ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} stop-domain ${DOMAIN_NAME} && \
+    && ${PAYARA_DIR}/bin/asadmin --user=${ADMIN_USER} --passwordfile=${PASSWORD_FILE} stop-domain ${DOMAIN_NAME} \
-    # Cleanup unused files
+    && rm -rf \
-    rm -rf \
+        /tmp/password-change-file.txt \
-        /tmp/tmpFile \
-        payara.zip \
        ${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/osgi-cache \
-        ${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/logs
+        ${PAYARA_DIR}/glassfish/domains/${DOMAIN_NAME}/logs \
-#        ${PAYARA_DIR}/glassfish/domains/domain1
+    && true
-# Copy across docker scripts
-COPY --chown=payara:payara bin/*.sh ${SCRIPT_DIR}/
-RUN mkdir -p ${SCRIPT_DIR}/init.d && \
-    chmod +x ${SCRIPT_DIR}/*
 ENTRYPOINT ["/tini", "--"]
-CMD ${SCRIPT_DIR}/entrypoint.sh
+CMD "${SCRIPT_DIR}/entrypoint.sh"
--- a/docker/payara/build.sh
+++ b/docker/payara/build.sh
-COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker build -t brunoe/payara:jdk11-6 .
+COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker build -t brunoe/payara:jdk11-13 .