Sample scripts to create an image with an applicaiton running on a ma…

[aseembajaj]

…naged server running in MSI mode (Managed Server Independence mode)

[Djelibeybi]

There are some changes that need to be made to make the resulting image more efficient.

[Djelibeybi]

These three ENV directives should be combined into a single directive/layer.

[Djelibeybi]

These three COPY directives should be combined into a single directive/layer.

[Djelibeybi]

This COPY directive should be included in the previous COPY so that it's contained in the same layer.

[Djelibeybi]

Please do not use bash as the ENTRYPOINT. You should be calling launcher.sh and providing the command-line parameters via a CMD directive. You should also switch this to use the JSON representation.

https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact

[aseembajaj]

Hi Avi. I have removed the use of bash as entry point. But I need to use shell form of Entrypoint because I need variable replacement that is otherwise unavailable in exec form. So, I can't split this into ENTRYPOINT and CMD. Nor can I switch to JSON form. Using either of these causes variable replacement to stop working.

[Djelibeybi]

Your launcher.sh should just be able to read the environment variable as you're setting it higher in the Dockerfile. You don't need to pass it as a parameter here.

[aseembajaj]

Yes, you are right. So, I'll be making these changes for this particular suggestion that you made:

• No use of bash, invoke launcher.sh directly
• Use JSON format
• No parameter needed, so no need to specify CMD

Here is what the updated directive will look like:

ENTRYPOINT ["/u01/oracle/launcher.sh"]

[Djelibeybi]

These three ARG directives should be combined into a single directive/layer.

[aseembajaj]

Hi Avi. I can't seem to find an ARG directive that can be used to declare multiple arguments:
https://docs.docker.com/engine/reference/builder/#arg
Can you please point me to it? Thanks

[Djelibeybi]

Sorry, you're right. Was getting confused with ENV directives.

[Djelibeybi]

Should these ARG directives not get default values then?

[aseembajaj]

Yes, that's right Avi. These are arguments that specify what application to deploy and from where. So there can't be any defaults for these.

[Djelibeybi]

How can there not be defaults? What happens if these are not provided? Your launcher/entrypoint will need to handle the case of being run without any ARG values gracefully.

[aseembajaj]

There are not options, these are more like required arguments. How can we default on the application directory to be added?

I can make them default to the application bundled in the sample directory (like the way it was before these arguments were introduced). What do you say?

Arguments

---------

ARG name=summercamps
ARG source=apps/summercamps.ear
ARG simple_filename=summercamps.ear

[Djelibeybi]

That seems fine. Or your container should throw an error and refuse to start if the required arguments are not provided. Whatever you feel is the best outcome.

[aseembajaj]

Hi Avi,

I'll go with default. These are sample scripts. Customers might have to change the script anyways to add more parameters to deployment, they can choose their own defaults at that time. We can use the default based on samples bundled in this directory.

[Djelibeybi]

Please combine the two COPY directives into a single directive/layer.

[Djelibeybi]

This launcher.sh script has no handlers for stop/start. You need to add handlers so that users can use docker stop effectively.

[aseembajaj]

Hi Avi,

By handlers for stop, did you mean something like trapping (using trap) SIGKILL and SIGTERM and passing them on to server process?

What do you mean by a handler for start? Isn't launcher the script that will run when we start the container?

[Djelibeybi]

Yes, sorry. I meant handlers for SIGKILL and SIGTERM (which are what docker stop calls).

[aseembajaj]

Hi Avi,

launcher.sh invokes startManagedWebLogic.sh. This script (startManagedWebLogic.sh) like startWebLogic.sh used by other docker samples is created during WebLogic domain creation. I think these scripts communicate these signals to the underlying JVM (or not at the very least not inhibit the transmission of signal to the underlying JVM). WLS running in JVM handles SIGTERM and SIGKILL correctly.

[Djelibeybi]

Have you tested and confirmed that the signal handlers still work as expected?

[aseembajaj]

Hi Avi,

Following up on your question about behavior of docker stop with WLS, I experimented and found the following.

About docker stop

1. docker stop sends a SIGTERM to the main process initially and then sends a SIGKILL after some time. This is a configurable value, defaults to 10 seconds.
2. WebLogic java process handles SIGTERM to perform a forceShutdown() of the server, cleaning up a few things.
3. When we launch WebLogic using generated shell scripts, sending SIGTERM to the pid of shell script doesn’t invoke the hook mentioned in Add Coherence Dockerfiles and scripts #2
4. However if we find the pid of the java process (JVM that is running the server) and send a SIGTERM to it, shutdown hook mentioned in Add Coherence Dockerfiles and scripts #2 is invoked
5. Trying to replicate Project description #3 in Docker image is equally ineffective. More specifically we can try and capture the pid of the process for the WLS startup script being launched as a part of docker container, but trapping SIGTERM (on docker stop) and forwarding to that captured pid is ineffective (like Project description #3)
6. Perhaps we can replicate Reestruction of folders and scripts #4 in docker image i.e. try to trap SIGTERM and translate to a SIGTERM to all running java processes. But I am having trouble with this because we use oracle slim image in PS2 docker image and “ps” is not available.
7. For WLS MSI docker image, I have been using the generated WLS script called startManagedWebLogic.sh. But I believe that observations in Project description #3 and Revised work  #5 will be the same if we use startWebLogic.sh for admin server in a regular WLS docker image

About docker kill

docker kill results in a SIGKILL signal. There is no way to intercept or trap it. That is also the case when we send a SIGKILL signal to a WLS server started with shell scripts (outside docker)

[Djelibeybi]

Is this behaviour replicated in the base WebLogic image or introduced by your addition of the launcher.sh script? If the former, please open another issue so that @mriccell can look into that. If the latter, you'll need to reimplement the handlers so that the SIGTERM is sent to the right pid.

[aseembajaj]

Hi Avi,

As suspected, docker stop isn't converted to a forceShutdown request for WLS server. Here is what I tried:
docker pull container-registry.oracle.com/middleware/weblogic:12.2.1.1
docker run container-registry.oracle.com/middleware/weblogic:12.2.1.1

And then on the side I issued a docker stop request using a generated container name

docker stop epic_meitner

I can see that shutdown hook is not invoked, and the container stopped after 10 seconds (the default difference between the time SIGTERM and SIGKILL are sent to the container process)

Had it worked, I would have expected to see something like the following on stdout of the container:

<Jun 5, 2017 3:18:30,533 PM PDT>
<Jun 5, 2017 3:18:30,534 PM PDT> <Server shutdown has been requested by .>
<Jun 5, 2017 3:18:30,538 PM PDT>
<Jun 5, 2017 3:18:30,549 PM PDT>
<Jun 5, 2017 3:18:30,549 PM PDT>
<Jun 5, 2017 3:18:30,561 PM PDT>
<Jun 5, 2017 3:18:30,601 PM PDT> <JMX Connector Server stopped at service:jmx:iiop://10.147.117.136:7001/jndi/weblogic.management.mbeanservers.edit.>
<Jun 5, 2017 3:18:30,602 PM PDT> <JMX Connector Server stopped at service:jmx:iiop://10.147.117.136:7001/jndi/weblogic.management.mbeanservers.domainruntime.>
<Jun 5, 2017 3:18:30,666 PM PDT> <JMX Connector Server stopped at service:jmx:iiop://10.147.117.136:7001/jndi/weblogic.management.mbeanservers.runtime.>
Stopping Derby server...
Derby server stopped.

[Djelibeybi]

Can you please open a new issue for this, so that @mriccell can take a look?

[aseembajaj]

Hi Avi,

Other than the issue about stop / start, I have incorporated all your feedback and updated the pull request.

[mriccell]

Aseem Sorry I did not have an opportunity to review, will do that now. Thanks Monica

…

On 6/2/2017 2:18 PM, Aseem Bajaj wrote: Hi Avi, Other than the issue about stop / start, I have incorporated all your feedback and updated the pull request. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#401 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AKKX3NTfFoFjCpE-4YhivhyNgOK3BLJHks5sAFHYgaJpZM4NsQrs>.

[Djelibeybi]

I have approved this PR. Just waiting on @brunoborges and @mriccell to complete their review.

[Djelibeybi]

@aseembajaj I see the new commit you just added, but wouldn't this make more sense as a seperate PR for the upstream createAndStartEmptyDomain.sh script instead?

[aseembajaj]

Hi Avi,

This change only handles MSI server image. The changes to be made for non-MSI setups could be similar, but different.

• The managed servers in that setup must have been started using NodeManager, so we have to find another way to initiate forceShutdown on those servers
• The admin server in that setup could be forceShutdown in the same manner. But I would assume that we would want to make a coherent change for both cases that setup

[Djelibeybi]

@aseembajaj it would be great if you could work with @mriccell to see if you can come up with a more global solution that would work across all downstream images that extend the base WLS image.

[aseembajaj]

Sure, I'll work with Monica and give her inputs about how we can implement this so that all images benefit.

[mriccell]

Tge RUN command provision-domain-for-msi.sh parameters such as weblogic weblogic1 8001 ms1 8011 dev $number_of_ms should be set with ENV directive in the dockerfile.

[brunoborges]

Can launcher.sh live on the top level image? If yes, maybe that should be a script for ENTRYPOINT

[aseembajaj]

Hi Bruno,

You are right in that there could be come collaboration in the startup scripts, one for the base image (that helps all extending images) and the ones specific for scenarios (like MSI). Monica and I had a meeting yesterday. Among other things, we decided that I will try to reuse code around container stop. This will involve slight change in base image too (to allow for reusability). But we still need a separate script for extending images (like MSI) because there are some other tasks that are done specific to the image.

[brunoborges]

@mriccell Monica, mind to follow up on this when possible?

[Djelibeybi]

Can you please rebase this pull request from master? Some of the files have changed since it was submitted.

[aseembajaj]

Hi Avi, Bruno & Monica,

Based on a meeting with Monica, we had identified 5 changes that I had to make to this. I have been unable to work on those changes as I have been involved with other work. I'll re-submit this request after I make changes.

[Djelibeybi]

You don't need to resubmit, just push the required changes to your branch and this PR will automatically update and notify us.

[aseembajaj]

Hi Avi, Bruno & Monica,

I have updated the pull request, to incorporate Monica's feedback. Here are my notes from the review:

• Add a sentence or two about MSI in introduction, running in Docker
• Environment variable declaration using ENV, move to all arguments
• managed name prefix as argument
• Readme.md : A little segment about parameters like default name and default port
• Try to re-use trap command from base image

Note that for the last item, Monica asked me to comment out my "trap" logic since it is being built into the base image.

Can you please re-review and accept the pull request if you are okay with it? Thanks.

[Djelibeybi]

Some minor changes required, but some great improvements.

[Djelibeybi]

You should never need to exec bash into a container. If you need the user to know something, that log file should be sent to stdout at runtime so that the user can use docker logs (or any of the logging drivers) to get the output.

[Djelibeybi]

As above. You should be tailing this log to stdout by default. Take a look at the Database and other Dockerfiles for examples of this.

[Djelibeybi]

This should be #!/bin/bash

[Djelibeybi]

If the rest of this script is not needed (it's all commented out) then just remove those lines.

[Djelibeybi]

Typo: should be "deployments"

[Djelibeybi]

Typo: "docker" should be "Docker"

[Djelibeybi]

Don't provide documentation on how to run a registry, because this will get out of date. You already point to the Docker docs, that's sufficient.

Also, a registry is not required for a service, if you have the same image on all the hosts in the Swarm. It's just that the simplest way for that to happen is to use a local registry. :)

[Djelibeybi]

Please do not provide instructions on how to use Swarm here either. Rather just point to the Swarm documentation.

[Djelibeybi]

Your instructions should assume that user has a local registry and Swarm running. You don't have to provide documentation on how to do that. You can provide links to the registry and Swarm documentation though.

[aseembajaj]

Hi @Djelibeybi

Thanks for the inputs. I have incorporated all your feedback. Please take a look.

[mriccell]

@aseembajaj thank you so much for following up with requested changes. I am happy with the changes to address my concerns.

[aseembajaj]

you are welcome @mriccell. And thank you for your patience I am not sure why I see a comment like "aseembajaj dismissed mriccell's stale review". Perhaps because I responded to this comment over email. I surely did not dismiss you comment, I appreciate it :)

…

On Tue, Jul 18, 2017 at 8:29 AM, Monica Riccelli ***@***.***> wrote: ***@***.**** approved this pull request. @aseembajaj <https://github.com/aseembajaj> thank you so much for following up with requested changes. I am happy with the changes to address my concerns. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#401 (review)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AXKFAJSYefcmmBTYxdbEaO_uCIOn3Layks5sPM9JgaJpZM4NsQrs> .

[Djelibeybi]

There are some minor fixes that are required, but the overall Markdown formatting needs to be reviewed. When I view the entire file, it seems like a lot of the code examples are not formatted correctly.

[Djelibeybi]

Why did you remove the -d here? The image needs to be run in daemon mode, i.e. the background You should then use docker logs to retrieve the stdout from the running container to determine things like the MS name.

[aseembajaj]

Hi @Djelibeybi I removed -d so that stdout can be shown on the console for further investigation. You had mentioned earlier that "exec bash" wasn't a best practice. Anyways, I'll put it back and user "docker logs" as you suggested. Thanks.

[Djelibeybi]

Please remove lines 95-97. We shouldn't be documenting how to use a local registry. That's handled by our own documentation as well as the upstream documentation and is out of scope here.

[aseembajaj]

Alright @Djelibeybi, I'll remove those 3 lines.

[Djelibeybi]

This is not accurate: Docker service creation can be done either using a local registry or by ensuring the same image is available to all hosts. Using a local registry is just easier, but it's not mandatory.

[aseembajaj]

Hi @Djelibeybi I have removed that line altogether now

[Djelibeybi]

Great work, thanks.

[Djelibeybi]

I want @mriccell to give her final approval too, then I'll merge.

[mriccell]

I approve these changes