Update open-liberty to run as non-root #5587
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Diff:diff --git a/open-liberty_javaee8-java8-ibmsfj/Dockerfile b/open-liberty_javaee8-java8-ibmsfj/Dockerfile
index 3b74f9f..196c925 100644
--- a/open-liberty_javaee8-java8-ibmsfj/Dockerfile
+++ b/open-liberty_javaee8-java8-ibmsfj/Dockerfile
@@ -4,7 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=ea57c461ec2cefe051392c6dbe598dc0cd626439
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-javaee8/$LIBERTY_VERSION/openliberty-javaee8-$LIBERTY_VERSION.zip
-COPY docker-server /opt/ol/docker/
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -13,31 +15,55 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
- WLP_SKIP_MAXPERMSIZE=true \
- KEYSTORE_REQUIRED=true
+ WLP_SKIP_MAXPERMSIZE=true
+
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh
new file mode 100755
index 0000000..9ce84cb
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -eox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
copy from open-liberty_kernel-java8-ibmsfj/docker-server
copy to open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_kernel-java8-ibm/Dockerfile b/open-liberty_kernel-java8-ibm/Dockerfile
index c2abdc1..362e1f5 100644
--- a/open-liberty_kernel-java8-ibm/Dockerfile
+++ b/open-liberty_kernel-java8-ibm/Dockerfile
@@ -1,12 +1,11 @@
-
FROM ibmjava:8-jre
ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=b54f360ae14ea72b4fc04c11693216c41891ab11
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,30 +18,54 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+USER 1001
+
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configure.sh b/open-liberty_kernel-java8-ibm/helpers/build/configure.sh
new file mode 100755
index 0000000..4a5cf96
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -Eeox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/docker-server b/open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_kernel-java8-ibm/docker-server
rename to open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibm/docker-server
+++ b/open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_kernel-java8-ibmsfj/Dockerfile b/open-liberty_kernel-java8-ibmsfj/Dockerfile
index 137d932..b7dd6d8 100644
--- a/open-liberty_kernel-java8-ibmsfj/Dockerfile
+++ b/open-liberty_kernel-java8-ibmsfj/Dockerfile
@@ -3,9 +3,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=b54f360ae14ea72b4fc04c11693216c41891ab11
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -14,30 +14,56 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+USER 1001
+
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh b/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh
new file mode 100755
index 0000000..9ce84cb
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -eox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/docker-server b/open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_javaee8-java8-ibmsfj/docker-server
rename to open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_javaee8-java8-ibmsfj/docker-server
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_latest/Dockerfile b/open-liberty_latest/Dockerfile
index 190c8c2..78fd5bf 100644
--- a/open-liberty_latest/Dockerfile
+++ b/open-liberty_latest/Dockerfile
@@ -4,9 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=ea57c461ec2cefe051392c6dbe598dc0cd626439
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-javaee8/$LIBERTY_VERSION/openliberty-javaee8-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,32 +19,56 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
- WLP_SKIP_MAXPERMSIZE=true \
- KEYSTORE_REQUIRED=true
+ WLP_SKIP_MAXPERMSIZE=true
+
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/ssl.xml b/open-liberty_latest/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_latest/helpers/build/configure.sh b/open-liberty_latest/helpers/build/configure.sh
new file mode 100755
index 0000000..4a5cf96
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -Eeox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_latest/docker-server b/open-liberty_latest/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_latest/docker-server
rename to open-liberty_latest/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_latest/docker-server
+++ b/open-liberty_latest/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_webProfile8-java8-ibm/Dockerfile b/open-liberty_webProfile8-java8-ibm/Dockerfile
index 2dc55c0..c0df596 100644
--- a/open-liberty_webProfile8-java8-ibm/Dockerfile
+++ b/open-liberty_webProfile8-java8-ibm/Dockerfile
@@ -4,9 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=d4eab6bcd7666bceb0fd3d3f736b98868f3c9d09
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-webProfile8/$LIBERTY_VERSION/openliberty-webProfile8-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,31 +19,55 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_webProfile8-java8-ibm/docker-server b/open-liberty_webProfile8-java8-ibm/docker-server
deleted file mode 100755
index ee468e3..0000000
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh b/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh
new file mode 100755
index 0000000..4a5cf96
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -Eeox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
similarity index 52%
copy from open-liberty_kernel-java8-ibmsfj/docker-server
copy to open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_webProfile8-java8-ibmsfj/Dockerfile b/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
index 38e007f..f1ed2ca 100644
--- a/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
+++ b/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
@@ -4,7 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=d4eab6bcd7666bceb0fd3d3f736b98868f3c9d09
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-webProfile8/$LIBERTY_VERSION/openliberty-webProfile8-$LIBERTY_VERSION.zip
-COPY docker-server /opt/ol/docker/
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -13,31 +15,55 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_webProfile8-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibmsfj/docker-server
deleted file mode 100755
index ee468e3..0000000
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh
new file mode 100755
index 0000000..9ce84cb
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -eox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_kernel-java8-ibmsfj/docker-server
rename to open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi |
Smaller Diff:diff --git a/open-liberty_javaee8-java8-ibmsfj/Dockerfile b/open-liberty_javaee8-java8-ibmsfj/Dockerfile
index 3b74f9f..196c925 100644
--- a/open-liberty_javaee8-java8-ibmsfj/Dockerfile
+++ b/open-liberty_javaee8-java8-ibmsfj/Dockerfile
@@ -4,7 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=ea57c461ec2cefe051392c6dbe598dc0cd626439
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-javaee8/$LIBERTY_VERSION/openliberty-javaee8-$LIBERTY_VERSION.zip
-COPY docker-server /opt/ol/docker/
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -13,31 +15,55 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
- WLP_SKIP_MAXPERMSIZE=true \
- KEYSTORE_REQUIRED=true
+ WLP_SKIP_MAXPERMSIZE=true
+
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh
similarity index 79%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
copy to open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh
index f3a0283..9ce84cb 100755
--- a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh
@@ -1,12 +1,12 @@
-#!/bin/bash
-set -Eeox pipefail
+#!/bin/sh
+set -eox pipefail
##Define variables for XML snippets source and target paths
-WLP_INSTALL_DIR=/opt/ibm/wlp
+WLP_INSTALL_DIR=/opt/ol/wlp
SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
-SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET=/config/configDropins/overrides
mkdir -p ${SNIPPETS_TARGET}
@@ -28,16 +28,6 @@ if [ "$SSL" == "true" ]; then
cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
fi
-# OpenIdConnect Client
-if [ "$OIDC" == "true" ] || [ "$OIDC_CONFIG" == "true" ]
-then
- cp $SNIPPETS_SOURCE/oidc.xml $SNIPPETS_TARGET/oidc.xml
-fi
-
-if [ "$OIDC_CONFIG" == "true" ]; then
- cp $SNIPPETS_SOURCE/oidc-config.xml $SNIPPETS_TARGET/oidc-config.xml
-fi
-
# HTTP Endpoint
if [ "$HTTP_ENDPOINT" == "true" ]; then
if [ "$SSL" == "true" ]; then
@@ -72,7 +62,3 @@ if [ "$JMS_ENDPOINT" == "true" ]; then
cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
fi
fi
\ No newline at end of file
-
-
-# Install needed features
-installUtility install --acceptLicense defaultServer
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
copy from open-liberty_kernel-java8-ibmsfj/docker-server
copy to open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_kernel-java8-ibm/Dockerfile b/open-liberty_kernel-java8-ibm/Dockerfile
index c2abdc1..362e1f5 100644
--- a/open-liberty_kernel-java8-ibm/Dockerfile
+++ b/open-liberty_kernel-java8-ibm/Dockerfile
@@ -1,12 +1,11 @@
-
FROM ibmjava:8-jre
ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=b54f360ae14ea72b4fc04c11693216c41891ab11
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,30 +18,54 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+USER 1001
+
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml
copy to open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh b/open-liberty_kernel-java8-ibm/helpers/build/configure.sh
similarity index 81%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
copy to open-liberty_kernel-java8-ibm/helpers/build/configure.sh
index f3a0283..4a5cf96 100755
--- a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configure.sh
@@ -2,11 +2,11 @@
set -Eeox pipefail
##Define variables for XML snippets source and target paths
-WLP_INSTALL_DIR=/opt/ibm/wlp
+WLP_INSTALL_DIR=/opt/ol/wlp
SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
-SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET=/config/configDropins/overrides
mkdir -p ${SNIPPETS_TARGET}
@@ -28,16 +28,6 @@ if [ "$SSL" == "true" ]; then
cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
fi
-# OpenIdConnect Client
-if [ "$OIDC" == "true" ] || [ "$OIDC_CONFIG" == "true" ]
-then
- cp $SNIPPETS_SOURCE/oidc.xml $SNIPPETS_TARGET/oidc.xml
-fi
-
-if [ "$OIDC_CONFIG" == "true" ]; then
- cp $SNIPPETS_SOURCE/oidc-config.xml $SNIPPETS_TARGET/oidc-config.xml
-fi
-
# HTTP Endpoint
if [ "$HTTP_ENDPOINT" == "true" ]; then
if [ "$SSL" == "true" ]; then
@@ -72,7 +62,3 @@ if [ "$JMS_ENDPOINT" == "true" ]; then
cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
fi
fi
\ No newline at end of file
-
-
-# Install needed features
-installUtility install --acceptLicense defaultServer
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/docker-server b/open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_kernel-java8-ibm/docker-server
rename to open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibm/docker-server
+++ b/open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_kernel-java8-ibmsfj/Dockerfile b/open-liberty_kernel-java8-ibmsfj/Dockerfile
index 137d932..b7dd6d8 100644
--- a/open-liberty_kernel-java8-ibmsfj/Dockerfile
+++ b/open-liberty_kernel-java8-ibmsfj/Dockerfile
@@ -3,9 +3,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=b54f360ae14ea72b4fc04c11693216c41891ab11
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -14,30 +14,56 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+USER 1001
+
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh b/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh
similarity index 79%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
copy to open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh
index f3a0283..9ce84cb 100755
--- a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh
@@ -1,12 +1,12 @@
-#!/bin/bash
-set -Eeox pipefail
+#!/bin/sh
+set -eox pipefail
##Define variables for XML snippets source and target paths
-WLP_INSTALL_DIR=/opt/ibm/wlp
+WLP_INSTALL_DIR=/opt/ol/wlp
SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
-SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET=/config/configDropins/overrides
mkdir -p ${SNIPPETS_TARGET}
@@ -28,16 +28,6 @@ if [ "$SSL" == "true" ]; then
cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
fi
-# OpenIdConnect Client
-if [ "$OIDC" == "true" ] || [ "$OIDC_CONFIG" == "true" ]
-then
- cp $SNIPPETS_SOURCE/oidc.xml $SNIPPETS_TARGET/oidc.xml
-fi
-
-if [ "$OIDC_CONFIG" == "true" ]; then
- cp $SNIPPETS_SOURCE/oidc-config.xml $SNIPPETS_TARGET/oidc-config.xml
-fi
-
# HTTP Endpoint
if [ "$HTTP_ENDPOINT" == "true" ]; then
if [ "$SSL" == "true" ]; then
@@ -72,7 +62,3 @@ if [ "$JMS_ENDPOINT" == "true" ]; then
cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
fi
fi
\ No newline at end of file
-
-
-# Install needed features
-installUtility install --acceptLicense defaultServer
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/docker-server b/open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_javaee8-java8-ibmsfj/docker-server
rename to open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_javaee8-java8-ibmsfj/docker-server
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_latest/Dockerfile b/open-liberty_latest/Dockerfile
index 190c8c2..78fd5bf 100644
--- a/open-liberty_latest/Dockerfile
+++ b/open-liberty_latest/Dockerfile
@@ -4,9 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=ea57c461ec2cefe051392c6dbe598dc0cd626439
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-javaee8/$LIBERTY_VERSION/openliberty-javaee8-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,32 +19,56 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
- WLP_SKIP_MAXPERMSIZE=true \
- KEYSTORE_REQUIRED=true
+ WLP_SKIP_MAXPERMSIZE=true
+
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml b/open-liberty_latest/helpers/build/configuration_snippets/ssl.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml
copy to open-liberty_latest/helpers/build/configuration_snippets/ssl.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh b/open-liberty_latest/helpers/build/configure.sh
similarity index 81%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
copy to open-liberty_latest/helpers/build/configure.sh
index f3a0283..4a5cf96 100755
--- a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
+++ b/open-liberty_latest/helpers/build/configure.sh
@@ -2,11 +2,11 @@
set -Eeox pipefail
##Define variables for XML snippets source and target paths
-WLP_INSTALL_DIR=/opt/ibm/wlp
+WLP_INSTALL_DIR=/opt/ol/wlp
SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
-SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET=/config/configDropins/overrides
mkdir -p ${SNIPPETS_TARGET}
@@ -28,16 +28,6 @@ if [ "$SSL" == "true" ]; then
cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
fi
-# OpenIdConnect Client
-if [ "$OIDC" == "true" ] || [ "$OIDC_CONFIG" == "true" ]
-then
- cp $SNIPPETS_SOURCE/oidc.xml $SNIPPETS_TARGET/oidc.xml
-fi
-
-if [ "$OIDC_CONFIG" == "true" ]; then
- cp $SNIPPETS_SOURCE/oidc-config.xml $SNIPPETS_TARGET/oidc-config.xml
-fi
-
# HTTP Endpoint
if [ "$HTTP_ENDPOINT" == "true" ]; then
if [ "$SSL" == "true" ]; then
@@ -72,7 +62,3 @@ if [ "$JMS_ENDPOINT" == "true" ]; then
cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
fi
fi
\ No newline at end of file
-
-
-# Install needed features
-installUtility install --acceptLicense defaultServer
\ No newline at end of file
diff --git a/open-liberty_latest/docker-server b/open-liberty_latest/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_latest/docker-server
rename to open-liberty_latest/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_latest/docker-server
+++ b/open-liberty_latest/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_webProfile8-java8-ibm/Dockerfile b/open-liberty_webProfile8-java8-ibm/Dockerfile
index 2dc55c0..c0df596 100644
--- a/open-liberty_webProfile8-java8-ibm/Dockerfile
+++ b/open-liberty_webProfile8-java8-ibm/Dockerfile
@@ -4,9 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=d4eab6bcd7666bceb0fd3d3f736b98868f3c9d09
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-webProfile8/$LIBERTY_VERSION/openliberty-webProfile8-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,31 +19,55 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_webProfile8-java8-ibm/docker-server b/open-liberty_webProfile8-java8-ibm/docker-server
deleted file mode 100755
index ee468e3..0000000
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh b/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh
similarity index 81%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
copy to open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh
index f3a0283..4a5cf96 100755
--- a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh
@@ -2,11 +2,11 @@
set -Eeox pipefail
##Define variables for XML snippets source and target paths
-WLP_INSTALL_DIR=/opt/ibm/wlp
+WLP_INSTALL_DIR=/opt/ol/wlp
SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
-SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET=/config/configDropins/overrides
mkdir -p ${SNIPPETS_TARGET}
@@ -28,16 +28,6 @@ if [ "$SSL" == "true" ]; then
cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
fi
-# OpenIdConnect Client
-if [ "$OIDC" == "true" ] || [ "$OIDC_CONFIG" == "true" ]
-then
- cp $SNIPPETS_SOURCE/oidc.xml $SNIPPETS_TARGET/oidc.xml
-fi
-
-if [ "$OIDC_CONFIG" == "true" ]; then
- cp $SNIPPETS_SOURCE/oidc-config.xml $SNIPPETS_TARGET/oidc-config.xml
-fi
-
# HTTP Endpoint
if [ "$HTTP_ENDPOINT" == "true" ]; then
if [ "$SSL" == "true" ]; then
@@ -72,7 +62,3 @@ if [ "$JMS_ENDPOINT" == "true" ]; then
cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
fi
fi
\ No newline at end of file
-
-
-# Install needed features
-installUtility install --acceptLicense defaultServer
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
similarity index 52%
copy from open-liberty_kernel-java8-ibmsfj/docker-server
copy to open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_webProfile8-java8-ibmsfj/Dockerfile b/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
index 38e007f..f1ed2ca 100644
--- a/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
+++ b/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
@@ -4,7 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=d4eab6bcd7666bceb0fd3d3f736b98868f3c9d09
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-webProfile8/$LIBERTY_VERSION/openliberty-webProfile8-$LIBERTY_VERSION.zip
-COPY docker-server /opt/ol/docker/
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -13,31 +15,55 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+ && server start && server stop && rm -rf /output/resources/security/ /output/messaging /logs/* && chmod -R g+rwx /opt/ol/wlp/output/*
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_webProfile8-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibmsfj/docker-server
deleted file mode 100755
index ee468e3..0000000
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-client.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-embedded.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-endpoint.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/http-ssl-endpoint.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-endpoint.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-endpoint.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-health-check.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/mp-monitoring.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
similarity index 100%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configuration_snippets/ssl.xml
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
diff --git a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh
similarity index 79%
copy from websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
copy to open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh
index f3a0283..9ce84cb 100755
--- a/websphere-liberty_18.0.0.4-kernel/helpers/build/configure.sh
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh
@@ -1,12 +1,12 @@
-#!/bin/bash
-set -Eeox pipefail
+#!/bin/sh
+set -eox pipefail
##Define variables for XML snippets source and target paths
-WLP_INSTALL_DIR=/opt/ibm/wlp
+WLP_INSTALL_DIR=/opt/ol/wlp
SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
-SNIPPETS_SOURCE=/opt/ibm/helpers/build/configuration_snippets
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
SNIPPETS_TARGET=/config/configDropins/overrides
mkdir -p ${SNIPPETS_TARGET}
@@ -28,16 +28,6 @@ if [ "$SSL" == "true" ]; then
cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
fi
-# OpenIdConnect Client
-if [ "$OIDC" == "true" ] || [ "$OIDC_CONFIG" == "true" ]
-then
- cp $SNIPPETS_SOURCE/oidc.xml $SNIPPETS_TARGET/oidc.xml
-fi
-
-if [ "$OIDC_CONFIG" == "true" ]; then
- cp $SNIPPETS_SOURCE/oidc-config.xml $SNIPPETS_TARGET/oidc-config.xml
-fi
-
# HTTP Endpoint
if [ "$HTTP_ENDPOINT" == "true" ]; then
if [ "$SSL" == "true" ]; then
@@ -72,7 +62,3 @@ if [ "$JMS_ENDPOINT" == "true" ]; then
cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
fi
fi
\ No newline at end of file
-
-
-# Install needed features
-installUtility install --acceptLicense defaultServer
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_kernel-java8-ibmsfj/docker-server
rename to open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi |
|
Old image vs new image: REPOSITORY TAG IMAGE ID SIZE
open-liberty kernel-java8-ibm fa17a76a1a73 464MB
open-liberty kernel-java8-ibm e490c7777459 609MBThere are quite a few recursive From a quick look through I'd recommend adding |
|
thanks for the feedback @yosifkit - we're going to look into this. |
|
hi @yosifkit - we have updated the Unfortunately the server warmup is bloating the image a bit, but that got us about a 60% startup improvement of the container. We did not want to implement a solution that runs |
|
Sorry, I didn't mean to move the chown/chmod to the entrypoint (that would defeat the work of trying to make it run in openshift), just an example of using open-liberty kernel-java8-ibm 2e1e89c640f5 465MB |
Diff:diff --git a/open-liberty_javaee7-java8-ibm/Dockerfile b/open-liberty_javaee7-java8-ibm/Dockerfile
index f516a91..abd3d76 100644
--- a/open-liberty_javaee7-java8-ibm/Dockerfile
+++ b/open-liberty_javaee7-java8-ibm/Dockerfile
@@ -3,4 +3,4 @@ ENV KEYSTORE_REQUIRED "true"
RUN cp /opt/ol/wlp/templates/servers/javaee7/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_javaee7-java8-ibmsfj/Dockerfile b/open-liberty_javaee7-java8-ibmsfj/Dockerfile
index 1bab3c5..8138efc 100644
--- a/open-liberty_javaee7-java8-ibmsfj/Dockerfile
+++ b/open-liberty_javaee7-java8-ibmsfj/Dockerfile
@@ -3,4 +3,4 @@ ENV KEYSTORE_REQUIRED "true"
RUN cp /opt/ol/wlp/templates/servers/javaee7/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_javaee8-java8-ibmsfj/Dockerfile b/open-liberty_javaee8-java8-ibmsfj/Dockerfile
index 3b74f9f..c27626f 100644
--- a/open-liberty_javaee8-java8-ibmsfj/Dockerfile
+++ b/open-liberty_javaee8-java8-ibmsfj/Dockerfile
@@ -4,7 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=ea57c461ec2cefe051392c6dbe598dc0cd626439
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-javaee8/$LIBERTY_VERSION/openliberty-javaee8-$LIBERTY_VERSION.zip
-COPY docker-server /opt/ol/docker/
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -13,31 +15,57 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
- WLP_SKIP_MAXPERMSIZE=true \
- KEYSTORE_REQUIRED=true
+ WLP_SKIP_MAXPERMSIZE=true
+
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp/usr \
+ && chmod -R g+rw /opt/ol/wlp/usr \
+ && chown -R 1001:0 /opt/ol/wlp/output \
+ && chmod -R g+rw /opt/ol/wlp/output \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+ && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh
new file mode 100755
index 0000000..9ce84cb
--- /dev/null
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -eox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
copy from open-liberty_kernel-java8-ibmsfj/docker-server
copy to open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_javaee8-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_kernel-java8-ibm/Dockerfile b/open-liberty_kernel-java8-ibm/Dockerfile
index c2abdc1..f5aa404 100644
--- a/open-liberty_kernel-java8-ibm/Dockerfile
+++ b/open-liberty_kernel-java8-ibm/Dockerfile
@@ -1,12 +1,11 @@
-
FROM ibmjava:8-jre
ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=b54f360ae14ea72b4fc04c11693216c41891ab11
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,30 +18,56 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp/usr \
+ && chmod -R g+rw /opt/ol/wlp/usr \
+ && chown -R 1001:0 /opt/ol/wlp/output \
+ && chmod -R g+rw /opt/ol/wlp/output \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+USER 1001
+
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_kernel-java8-ibm/helpers/build/configure.sh b/open-liberty_kernel-java8-ibm/helpers/build/configure.sh
new file mode 100755
index 0000000..4a5cf96
--- /dev/null
+++ b/open-liberty_kernel-java8-ibm/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -Eeox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibm/docker-server b/open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_kernel-java8-ibm/docker-server
rename to open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibm/docker-server
+++ b/open-liberty_kernel-java8-ibm/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_kernel-java8-ibmsfj/Dockerfile b/open-liberty_kernel-java8-ibmsfj/Dockerfile
index 137d932..d2c46a1 100644
--- a/open-liberty_kernel-java8-ibmsfj/Dockerfile
+++ b/open-liberty_kernel-java8-ibmsfj/Dockerfile
@@ -3,9 +3,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=b54f360ae14ea72b4fc04c11693216c41891ab11
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -14,30 +14,58 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp/usr \
+ && chmod -R g+rw /opt/ol/wlp/usr \
+ && chown -R 1001:0 /opt/ol/wlp/output \
+ && chmod -R g+rw /opt/ol/wlp/output \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+USER 1001
+
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh b/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh
new file mode 100755
index 0000000..9ce84cb
--- /dev/null
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -eox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_javaee8-java8-ibmsfj/docker-server b/open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_javaee8-java8-ibmsfj/docker-server
rename to open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_javaee8-java8-ibmsfj/docker-server
+++ b/open-liberty_kernel-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_latest/Dockerfile b/open-liberty_latest/Dockerfile
index 190c8c2..0c640b2 100644
--- a/open-liberty_latest/Dockerfile
+++ b/open-liberty_latest/Dockerfile
@@ -4,9 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=ea57c461ec2cefe051392c6dbe598dc0cd626439
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-javaee8/$LIBERTY_VERSION/openliberty-javaee8-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,32 +19,58 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
- WLP_SKIP_MAXPERMSIZE=true \
- KEYSTORE_REQUIRED=true
+ WLP_SKIP_MAXPERMSIZE=true
+
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp/usr \
+ && chmod -R g+rw /opt/ol/wlp/usr \
+ && chown -R 1001:0 /opt/ol/wlp/output \
+ && chmod -R g+rw /opt/ol/wlp/output \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ && rm -rf /output/messaging /logs/*
+ && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_latest/helpers/build/configuration_snippets/ssl.xml b/open-liberty_latest/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_latest/helpers/build/configure.sh b/open-liberty_latest/helpers/build/configure.sh
new file mode 100755
index 0000000..4a5cf96
--- /dev/null
+++ b/open-liberty_latest/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -Eeox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_latest/docker-server b/open-liberty_latest/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_latest/docker-server
rename to open-liberty_latest/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_latest/docker-server
+++ b/open-liberty_latest/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_microProfile1-java8-ibm/Dockerfile b/open-liberty_microProfile1-java8-ibm/Dockerfile
index 82f6e1a..596450c 100644
--- a/open-liberty_microProfile1-java8-ibm/Dockerfile
+++ b/open-liberty_microProfile1-java8-ibm/Dockerfile
@@ -2,4 +2,4 @@ FROM open-liberty:kernel-java8-ibm
RUN cp /opt/ol/wlp/templates/servers/microProfile1/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_microProfile1-java8-ibmsfj/Dockerfile b/open-liberty_microProfile1-java8-ibmsfj/Dockerfile
index 05d915a..48ec89c 100644
--- a/open-liberty_microProfile1-java8-ibmsfj/Dockerfile
+++ b/open-liberty_microProfile1-java8-ibmsfj/Dockerfile
@@ -2,4 +2,4 @@ FROM open-liberty:kernel-java8-ibmsfj
RUN cp /opt/ol/wlp/templates/servers/microProfile1/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_microProfile2-java8-ibm/Dockerfile b/open-liberty_microProfile2-java8-ibm/Dockerfile
index 6bbb741..4a9baa5 100644
--- a/open-liberty_microProfile2-java8-ibm/Dockerfile
+++ b/open-liberty_microProfile2-java8-ibm/Dockerfile
@@ -2,4 +2,4 @@ FROM open-liberty:kernel-java8-ibm
RUN cp /opt/ol/wlp/templates/servers/microProfile2/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_microProfile2-java8-ibmsfj/Dockerfile b/open-liberty_microProfile2-java8-ibmsfj/Dockerfile
index b8f0ca2..a866a65 100644
--- a/open-liberty_microProfile2-java8-ibmsfj/Dockerfile
+++ b/open-liberty_microProfile2-java8-ibmsfj/Dockerfile
@@ -2,4 +2,4 @@ FROM open-liberty:kernel-java8-ibmsfj
RUN cp /opt/ol/wlp/templates/servers/microProfile2/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_springBoot1-java8-ibm/Dockerfile b/open-liberty_springBoot1-java8-ibm/Dockerfile
index ed84dcc..f6425cb 100644
--- a/open-liberty_springBoot1-java8-ibm/Dockerfile
+++ b/open-liberty_springBoot1-java8-ibm/Dockerfile
@@ -5,4 +5,4 @@ RUN mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
RUN cp /opt/ol/wlp/templates/servers/springBoot1/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_springBoot1-java8-ibmsfj/Dockerfile b/open-liberty_springBoot1-java8-ibmsfj/Dockerfile
index ddb9698..6c1c508 100644
--- a/open-liberty_springBoot1-java8-ibmsfj/Dockerfile
+++ b/open-liberty_springBoot1-java8-ibmsfj/Dockerfile
@@ -5,4 +5,4 @@ RUN mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
RUN cp /opt/ol/wlp/templates/servers/springBoot1/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_springBoot2-java8-ibm/Dockerfile b/open-liberty_springBoot2-java8-ibm/Dockerfile
index e901eb3..8f08f20 100644
--- a/open-liberty_springBoot2-java8-ibm/Dockerfile
+++ b/open-liberty_springBoot2-java8-ibm/Dockerfile
@@ -5,4 +5,4 @@ RUN mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
RUN cp /opt/ol/wlp/templates/servers/springBoot2/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_springBoot2-java8-ibmsfj/Dockerfile b/open-liberty_springBoot2-java8-ibmsfj/Dockerfile
index aeaf745..74cf8e0 100644
--- a/open-liberty_springBoot2-java8-ibmsfj/Dockerfile
+++ b/open-liberty_springBoot2-java8-ibmsfj/Dockerfile
@@ -5,4 +5,4 @@ RUN mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
RUN cp /opt/ol/wlp/templates/servers/springBoot2/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_webProfile7-java8-ibm/Dockerfile b/open-liberty_webProfile7-java8-ibm/Dockerfile
index 823103e..646dca2 100644
--- a/open-liberty_webProfile7-java8-ibm/Dockerfile
+++ b/open-liberty_webProfile7-java8-ibm/Dockerfile
@@ -2,4 +2,4 @@ FROM open-liberty:kernel-java8-ibm
RUN cp /opt/ol/wlp/templates/servers/webProfile7/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_webProfile7-java8-ibmsfj/Dockerfile b/open-liberty_webProfile7-java8-ibmsfj/Dockerfile
index 6000a4f..cf255c8 100644
--- a/open-liberty_webProfile7-java8-ibmsfj/Dockerfile
+++ b/open-liberty_webProfile7-java8-ibmsfj/Dockerfile
@@ -2,4 +2,4 @@ FROM open-liberty:kernel-java8-ibmsfj
RUN cp /opt/ol/wlp/templates/servers/webProfile7/server.xml /config/server.xml
-RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+RUN /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
diff --git a/open-liberty_webProfile8-java8-ibm/Dockerfile b/open-liberty_webProfile8-java8-ibm/Dockerfile
index 2dc55c0..4d55e1e 100644
--- a/open-liberty_webProfile8-java8-ibm/Dockerfile
+++ b/open-liberty_webProfile8-java8-ibm/Dockerfile
@@ -4,9 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=d4eab6bcd7666bceb0fd3d3f736b98868f3c9d09
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-webProfile8/$LIBERTY_VERSION/openliberty-webProfile8-$LIBERTY_VERSION.zip
-LABEL maintainer="Alasdair Nottingham" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
-COPY docker-server /opt/ol/docker/
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apt-get update \
@@ -19,31 +19,57 @@ RUN apt-get update \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& apt-get remove -y unzip \
- && rm -rf /var/lib/apt/lists/*
+ && rm -rf /var/lib/apt/lists/* \
+ && useradd -u 1001 -r -g 0 -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs \
- && ln -s /liberty /opt/ol/wlp
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp/usr \
+ && chmod -R g+rw /opt/ol/wlp/usr \
+ && chown -R 1001:0 /opt/ol/wlp/output \
+ && chmod -R g+rw /opt/ol/wlp/output \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+ && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
+
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_webProfile8-java8-ibm/docker-server b/open-liberty_webProfile8-java8-ibm/docker-server
deleted file mode 100755
index ee468e3..0000000
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh b/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh
new file mode 100755
index 0000000..4a5cf96
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibm/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -Eeox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
similarity index 52%
copy from open-liberty_kernel-java8-ibmsfj/docker-server
copy to open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_webProfile8-java8-ibm/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi
diff --git a/open-liberty_webProfile8-java8-ibmsfj/Dockerfile b/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
index 38e007f..232fec6 100644
--- a/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
+++ b/open-liberty_webProfile8-java8-ibmsfj/Dockerfile
@@ -4,7 +4,9 @@ ARG LIBERTY_VERSION=19.0.0.2
ARG LIBERTY_SHA=d4eab6bcd7666bceb0fd3d3f736b98868f3c9d09
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-webProfile8/$LIBERTY_VERSION/openliberty-webProfile8-$LIBERTY_VERSION.zip
-COPY docker-server /opt/ol/docker/
+LABEL maintainer="Arthur De Magalhaes" vendor="Open Liberty" url="https://openliberty.io/" github="https://github.com/OpenLiberty/ci.docker"
+
+COPY helpers /opt/ol/helpers
# Install Open Liberty
RUN apk add --no-cache wget \
@@ -13,31 +15,57 @@ RUN apk add --no-cache wget \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
- && rm /tmp/wlp.zip.sha1
+ && rm /tmp/wlp.zip.sha1 \
+ && adduser -u 1001 -S -G root -s /usr/sbin/nologin default \
+ && chown -R 1001:0 /opt/ol/wlp \
+ && chmod -R g+rw /opt/ol/wlp
# Set Path Shortcuts
-ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:$PATH \
+ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true
+# Configure WebSphere Liberty
+RUN /opt/ol/wlp/bin/server create \
+ && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea
+
+#These settings are needed so that we can run as a different user than 1001 after server warmup
+ENV RANDFILE=/tmp/.rnd \
+ JVM_ARGS="-Xshareclasses:name=liberty,nonfatal,cacheDir=/output/.classCache/"
+
+# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
+ && mkdir /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
- && ln -s /logs $WLP_OUTPUT_DIR/defaultServer/logs
-
-# Configure WebSphere Liberty
-RUN /opt/ol/wlp/bin/server create \
- && rm /config/server.env \
- && rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea \
- && mkdir /config/configDropins \
- && mkdir /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/defaults \
+ && mkdir -p /config/configDropins/overrides \
+ && ln -s /opt/ol/wlp /liberty \
+ && chown -R 1001:0 /config \
+ && chmod -R g+rw /config \
+ && chown -R 1001:0 /logs \
+ && chmod -R g+rw /logs \
+ && chown -R 1001:0 /opt/ol/wlp/usr \
+ && chmod -R g+rw /opt/ol/wlp/usr \
+ && chown -R 1001:0 /opt/ol/wlp/output \
+ && chmod -R g+rw /opt/ol/wlp/output \
+ && chown -R 1001:0 /opt/ol/helpers \
+ && chmod -R g+rw /opt/ol/helpers \
+ && mkdir /etc/wlp \
+ && chown -R 1001:0 /etc/wlp \
+ && chmod -R g+rw /etc/wlp \
+ && chown -R 1001:0 /lib.index.cache \
+ && chmod -R g+rw /lib.index.cache \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml \
- && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /logs/*
+ && /opt/ol/wlp/bin/server start && /opt/ol/wlp/bin/server stop && rm -rf /output/resources/security/ /output/messaging /logs/* $WLP_OUTPUT_DIR/.classCache && chmod -R g+rwx /opt/ol/wlp/output/*
+USER 1001
EXPOSE 9080 9443
-ENTRYPOINT ["/opt/ol/docker/docker-server"]
+ENV KEYSTORE_REQUIRED true
+
+ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
diff --git a/open-liberty_webProfile8-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibmsfj/docker-server
deleted file mode 100755
index ee468e3..0000000
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
new file mode 100644
index 0000000..61dddfc
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-client.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast-client xmlns="http://www.hazelcast.com/schema/client-config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/client-config
+ http://www.hazelcast.com/schema/client-config/hazelcast-client-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <redo-operation>true</redo-operation>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </network>
+</hazelcast-client>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
new file mode 100644
index 0000000..4dd8f80
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-embedded.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<hazelcast xmlns="http://www.hazelcast.com/schema/config"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.hazelcast.com/schema/config
+ http://www.hazelcast.com/schema/config/hazelcast-config-3.11.xsd">
+ <properties>
+ <property name="hazelcast.discovery.enabled">true</property>
+ </properties>
+ <network>
+ <join>
+ <multicast enabled="false"/>
+ <tcp-ip enabled="false"/>
+ <discovery-strategies>
+ <discovery-strategy enabled="true" class="com.hazelcast.kubernetes.HazelcastKubernetesDiscoveryStrategy">
+ </discovery-strategy>
+ </discovery-strategies>
+ </join>
+ </network>
+</hazelcast>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
new file mode 100644
index 0000000..db8dc6a
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/hazelcast-sessioncache.xml
@@ -0,0 +1,11 @@
+<server>
+ <featureManager>
+ <feature>sessionCache-1.0</feature>
+ </featureManager>
+ <httpSessionCache libraryRef="HazelcastLib">
+ <properties hazelcast.config.location="file:${shared.config.dir}/hazelcast/hazelcast.xml"/>
+ </httpSessionCache>
+ <library id="HazelcastLib">
+ <fileset dir="${shared.resource.dir}/hazelcast"/>
+ </library>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
new file mode 100644
index 0000000..06dc97e
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
new file mode 100644
index 0000000..0f5691d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/http-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <httpEndpoint id="defaultHttpEndpoint" host="*" httpsPort="9443" httpPort="9080" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
new file mode 100644
index 0000000..016c833
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
new file mode 100644
index 0000000..851f724
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/iiop-ssl-endpoint.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <iiopEndpoint id="defaultIiopEndpoint" host="${env.IIOP_ENDPOINT_HOST}" iiopPort="2809">
+ <iiopsOptions iiopsPort="9402" sslRef="defaultSSLConfig" />
+ </iiopEndpoint>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
new file mode 100644
index 0000000..6de151b
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsPort="7276" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
new file mode 100644
index 0000000..f43e068
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/jms-ssl-endpoint.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <wasJmsEndpoint id="InboundJmsEndpoint" host="*" wasJmsSSLPort="7286" />
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
new file mode 100644
index 0000000..874559d
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-health-check.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpHealth-1.0</feature>
+ </featureManager>
+</server>
\ No newline at end of file
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
new file mode 100644
index 0000000..4f5b0ce
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/mp-monitoring.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>mpMetrics-1.1</feature>
+ <feature>monitor-1.0</feature>
+ </featureManager>
+
+ <mpMetrics authentication="false" />
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
new file mode 100644
index 0000000..6301170
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configuration_snippets/ssl.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<server>
+ <featureManager>
+ <feature>ssl-1.0</feature>
+ </featureManager>
+</server>
diff --git a/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh
new file mode 100755
index 0000000..9ce84cb
--- /dev/null
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/build/configure.sh
@@ -0,0 +1,64 @@
+#!/bin/sh
+set -eox pipefail
+
+##Define variables for XML snippets source and target paths
+WLP_INSTALL_DIR=/opt/ol/wlp
+SHARED_CONFIG_DIR=${WLP_INSTALL_DIR}/usr/shared/config
+SHARED_RESOURCE_DIR=${WLP_INSTALL_DIR}/usr/shared/resources
+
+SNIPPETS_SOURCE=/opt/ol/helpers/build/configuration_snippets
+SNIPPETS_TARGET=/config/configDropins/overrides
+mkdir -p ${SNIPPETS_TARGET}
+
+
+#Check for each Liberty value-add functionality
+
+# MicroProfile Health
+if [ "$MP_HEALTH_CHECK" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-health-check.xml $SNIPPETS_TARGET/mp-health-check.xml
+fi
+
+# MicroProfile Monitoring
+if [ "$MP_MONITORING" == "true" ]; then
+ cp $SNIPPETS_SOURCE/mp-monitoring.xml $SNIPPETS_TARGET/mp-monitoring.xml
+fi
+
+# SSL
+if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/ssl.xml $SNIPPETS_TARGET/ssl.xml
+fi
+
+# HTTP Endpoint
+if [ "$HTTP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/http-ssl-endpoint.xml $SNIPPETS_TARGET/http-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/http-endpoint.xml $SNIPPETS_TARGET/http-endpoint.xml
+ fi
+fi
+
+# Hazelcast Session Caching
+if [ "${HZ_SESSION_CACHE}" == "client" ] || [ "${HZ_SESSION_CACHE}" == "embedded" ]
+then
+ cp ${SNIPPETS_SOURCE}/hazelcast-sessioncache.xml ${SNIPPETS_TARGET}/hazelcast-sessioncache.xml
+ mkdir -p ${SHARED_CONFIG_DIR}/hazelcast
+ cp ${SNIPPETS_SOURCE}/hazelcast-${HZ_SESSION_CACHE}.xml ${SHARED_CONFIG_DIR}/hazelcast/hazelcast.xml
+fi
+
+# IIOP Endpoint
+if [ "$IIOP_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/iiop-ssl-endpoint.xml $SNIPPETS_TARGET/iiop-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/iiop-endpoint.xml $SNIPPETS_TARGET/iiop-endpoint.xml
+ fi
+fi
+
+# JMS Endpoint
+if [ "$JMS_ENDPOINT" == "true" ]; then
+ if [ "$SSL" == "true" ]; then
+ cp $SNIPPETS_SOURCE/jms-ssl-endpoint.xml $SNIPPETS_TARGET/jms-ssl-endpoint.xml
+ else
+ cp $SNIPPETS_SOURCE/jms-endpoint.xml $SNIPPETS_TARGET/jms-endpoint.xml
+ fi
+fi
\ No newline at end of file
diff --git a/open-liberty_kernel-java8-ibmsfj/docker-server b/open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
similarity index 52%
rename from open-liberty_kernel-java8-ibmsfj/docker-server
rename to open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
index ee468e3..54d0aca 100755
--- a/open-liberty_kernel-java8-ibmsfj/docker-server
+++ b/open-liberty_webProfile8-java8-ibmsfj/helpers/runtime/docker-server.sh
@@ -11,7 +11,12 @@ then
if [ ! -e $keystorePath ]
then
# Generate the keystore.xml
- export keystore_password=$(openssl rand -base64 32)
+ export PASSWORD=$(openssl rand -base64 32)
+ XML="<server description=\"Default Server\"><keyStore id=\"defaultKeyStore\" password=\"$PASSWORD\" /></server>"
+
+ # Create the keystore.xml file and place in configDropins
+ mkdir -p $(dirname $keystorePath)
+ echo $XML > $keystorePath
fi
fi
fi |
|
Build test of #5587; 6a969ca; $ bashbrew build open-liberty:kernel
Building bashbrew/cache:e84cb583be781c701f9fb56e42e12086c9785de60df78489927d46c192292d09 (open-liberty:kernel)
Tagging open-liberty:kernel
Tagging open-liberty:kernel-java8-ibm
$ test/run.sh open-liberty:kernel
testing open-liberty:kernel
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5].....passed
$ bashbrew build open-liberty:kernel-java8-ibmsfj
Building bashbrew/cache:868eac747f3be62208a6ac0edfe7d648474a017cc6aa4a66382226e457bcbd90 (open-liberty:kernel-java8-ibmsfj)
Tagging open-liberty:kernel-java8-ibmsfj
$ test/run.sh open-liberty:kernel-java8-ibmsfj
testing open-liberty:kernel-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5].....passed
$ bashbrew build open-liberty:webProfile8
Building bashbrew/cache:93822fe9c6d13b0e7aa82ff6bf85abbdb84f77e53651601d9dafd6bc54cfc9d7 (open-liberty:webProfile8)
Tagging open-liberty:webProfile8
Tagging open-liberty:webProfile8-java8-ibm
$ test/run.sh open-liberty:webProfile8
testing open-liberty:webProfile8
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:webProfile8-java8-ibmsfj
Building bashbrew/cache:1b3dca1326a2e2c875712521de05f4de983fd5f3656fee967b57c7af10e4e41b (open-liberty:webProfile8-java8-ibmsfj)
Tagging open-liberty:webProfile8-java8-ibmsfj
$ test/run.sh open-liberty:webProfile8-java8-ibmsfj
testing open-liberty:webProfile8-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:javaee8
Building bashbrew/cache:5ea633472767fddcb6dcc17de97370392b62ce2b8db9aa906c57b49bb3023cdb (open-liberty:javaee8)
Tagging open-liberty:javaee8
Tagging open-liberty:javaee8-java8-ibm
Tagging open-liberty:latest
$ test/run.sh open-liberty:javaee8
testing open-liberty:javaee8
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:javaee8-java8-ibmsfj
Building bashbrew/cache:003afff2ddc6abea7fa7ed91d13439b9f932de350f7668918451edbf059eda51 (open-liberty:javaee8-java8-ibmsfj)
Tagging open-liberty:javaee8-java8-ibmsfj
$ test/run.sh open-liberty:javaee8-java8-ibmsfj
testing open-liberty:javaee8-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:microProfile1
Building bashbrew/cache:8a28aa08239b9388a56b9dd08d2e9d39232583a4cee5520bacc9063e974aa421 (open-liberty:microProfile1)
Tagging open-liberty:microProfile1
Tagging open-liberty:microProfile1-java8-ibm
$ test/run.sh open-liberty:microProfile1
testing open-liberty:microProfile1
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:microProfile1-java8-ibmsfj
Building bashbrew/cache:4e3773a11453191a6ecd3705f9bfc0aed087b96810f4c268375d4291faa9661e (open-liberty:microProfile1-java8-ibmsfj)
Tagging open-liberty:microProfile1-java8-ibmsfj
$ test/run.sh open-liberty:microProfile1-java8-ibmsfj
testing open-liberty:microProfile1-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:microProfile2
Building bashbrew/cache:d25285bef2c6007e34a78712ed2288faa588cbe1342dd60975a10147d1cfefaf (open-liberty:microProfile2)
Tagging open-liberty:microProfile2
Tagging open-liberty:microProfile2-java8-ibm
$ test/run.sh open-liberty:microProfile2
testing open-liberty:microProfile2
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:microProfile2-java8-ibmsfj
Building bashbrew/cache:c9d45e4898ac0d509648a940e3e61a5552c3496b94c4283163e22cebf62711a7 (open-liberty:microProfile2-java8-ibmsfj)
Tagging open-liberty:microProfile2-java8-ibmsfj
$ test/run.sh open-liberty:microProfile2-java8-ibmsfj
testing open-liberty:microProfile2-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:springBoot2
Building bashbrew/cache:aa412e4f1a27929f6e018a9cd31bdbcff91f9af424fdddff439b79fd9b8f7389 (open-liberty:springBoot2)
Tagging open-liberty:springBoot2
Tagging open-liberty:springBoot2-java8-ibm
$ test/run.sh open-liberty:springBoot2
testing open-liberty:springBoot2
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:springBoot2-java8-ibmsfj
Building bashbrew/cache:dcf03ded07854551eec4d4dfaeae00f91319576bfb6d580db9ae1ef1242f6b2f (open-liberty:springBoot2-java8-ibmsfj)
Tagging open-liberty:springBoot2-java8-ibmsfj
$ test/run.sh open-liberty:springBoot2-java8-ibmsfj
testing open-liberty:springBoot2-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:webProfile7
Building bashbrew/cache:c265af83241faf8307631cc3414463197056ecea33fb16ae339c3ea44bfbbf03 (open-liberty:webProfile7)
Tagging open-liberty:webProfile7
Tagging open-liberty:webProfile7-java8-ibm
$ test/run.sh open-liberty:webProfile7
testing open-liberty:webProfile7
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:webProfile7-java8-ibmsfj
Building bashbrew/cache:6f7414df7f4d530a29e3e3ef5e99b0cdbb0addc97df6c810148d8150fa9e088d (open-liberty:webProfile7-java8-ibmsfj)
Tagging open-liberty:webProfile7-java8-ibmsfj
$ test/run.sh open-liberty:webProfile7-java8-ibmsfj
testing open-liberty:webProfile7-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:javaee7
Building bashbrew/cache:22d29aa6f794a1386e2aa4eb2a9b4d18e1ad645b690a961e09957031ac4b4e61 (open-liberty:javaee7)
Tagging open-liberty:javaee7
Tagging open-liberty:javaee7-java8-ibm
$ test/run.sh open-liberty:javaee7
testing open-liberty:javaee7
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:javaee7-java8-ibmsfj
Building bashbrew/cache:250c592da6171674bdd130e47e38372e3497326d1dd661b2c8f84d06289174ff (open-liberty:javaee7-java8-ibmsfj)
Tagging open-liberty:javaee7-java8-ibmsfj
$ test/run.sh open-liberty:javaee7-java8-ibmsfj
testing open-liberty:javaee7-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:springBoot1
Building bashbrew/cache:f5931739469ffb970ba01f62af94e72c6a34ec9d189faa683ad2874a0180b863 (open-liberty:springBoot1)
Tagging open-liberty:springBoot1
Tagging open-liberty:springBoot1-java8-ibm
$ test/run.sh open-liberty:springBoot1
testing open-liberty:springBoot1
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
$ bashbrew build open-liberty:springBoot1-java8-ibmsfj
Building bashbrew/cache:3adccc4476d70d7454d1a647af53701dca15bff79a05db07cad915cb5260099c (open-liberty:springBoot1-java8-ibmsfj)
Tagging open-liberty:springBoot1-java8-ibmsfj
$ test/run.sh open-liberty:springBoot1-java8-ibmsfj
testing open-liberty:springBoot1-java8-ibmsfj
'utc' [1/5]...passed
'cve-2014--shellshock' [2/5]...passed
'no-hard-coded-passwords' [3/5]...passed
'override-cmd' [4/5]...passed
'open-liberty-hello-world' [5/5]....passed
|
|
(Regarding the added labels, I'd recommend taking a look at https://github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md.) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updating Open Liberty to run as non-root.
We are essentially porting the changes that we had in WebSphere Liberty already.