Dockerized XDPS - dedreval/xdps-docs GitHub Wiki
XDPS image builds in two steps which are
- Application server and patches download step - required as a separate step because archives are quite big and takes time to download so better keep them cached
- Application building step - since application build requires JBboss libraries, build and deployment are combined.
FROM registry.access.redhat.com/ubi8/openjdk-8:1.20-2.1729105708 AS downloader
Installers to be downloaded are jboss server, jboss server patch, ant and mysql driver
ARG JBOSS_ARCHIVE=jboss-eap-7.4.0.zip
ARG PATCH_ARCHIVE=jboss-eap-7.4.18-patch.zip
ARG ANT_ARCHIVE=apache-ant-1.10.14-bin.zip
ARG MYSQL_DRIVER=mysql-connector-java-5.1.47.jar
ARG ARTIFACTORY=https://artifactory.aws.wiley.com/artifactory
ARG JBOSS_ARCHIVE_URL=${ARTIFACTORY}/thirdparty/3rdparty/xdps/jboss/7.4/server/jboss-eap-7.4.0.zip
ARG PATCH_ARCHIVE_URL=${ARTIFACTORY}/thirdparty/3rdparty/xdps/jboss/7.4/patch/jboss-eap-7.4.18-patch.zip
ARG ANT_ARCHIVE_URL=https://downloads.apache.org//ant/binaries/apache-ant-1.10.14-bin.zip
ARG MYSQL_DRIVER_URL=https://repo1.maven.org/maven2/mysql/mysql-connector-java/5.1.47/mysql-connector-java-5.1.47.jar
ARG TMP=/TMP
USER root
RUN mkdir ${TMP}
RUN curl -L -o ${TMP}/${MYSQL_DRIVER} ${MYSQL_DRIVER_URL}
RUN curl -L -o ${TMP}/${ANT_ARCHIVE} ${ANT_ARCHIVE_URL}
RUN curl -L -o ${TMP}/${PATCH_ARCHIVE} ${PATCH_ARCHIVE_URL}
RUN curl -L -o ${TMP}/${JBOSS_ARCHIVE} ${JBOSS_ARCHIVE_URL}
FROM registry.access.redhat.com/ubi8/openjdk-8:1.20-2.1729105708
Setting working directory and variables
WORKDIR /workspace/
ARG JBOSS_ARCHIVE=jboss-eap-7.4.0.zip
ARG PATCH_ARCHIVE=jboss-eap-7.4.18-patch.zip
ARG ANT_ARCHIVE=apache-ant-1.10.14-bin.zip
ARG MYSQL_DRIVER=mysql-connector-java-5.1.47.jar
ARG JBOSS_ROOT=/opt/jboss
ARG JBOSS_HOME=/opt/jboss/jboss-eap-7.4
ARG CT=/CT
ARG COCHRANE_RES=/CT/CochraneCMS
ARG CONTENT_ROOT=/opt/efs
ARG CONFIG_ROOT=/opt/config/xdps-app
ARG LOGS_ROOT=/opt/logs
ARG APP_USER=appuser
ARG TMP=/TMP
USER root
Add folders for resources logs and content
RUN mkdir -p ${TMP}
RUN mkdir -p ${CONTENT_ROOT}/tmp/crg
RUN mkdir -p ${CONTENT_ROOT}/tmp/notifications/retry-queue
RUN mkdir -p ${CONTENT_ROOT}/cochrane/downloaded/aries
RUN mkdir -p ${CONTENT_ROOT}/repository_rendering
RUN mkdir -p ${LOGS_ROOT}
RUN mkdir -p ${CT}/.ssh
Installing tools
RUN microdnf install -y unzip git dos2unix procps nano && microdnf clean all
COPY --from=downloader ${TMP}/${ANT_ARCHIVE} ${TMP}/${ANT_ARCHIVE}
RUN unzip ${TMP}/${ANT_ARCHIVE} -d /opt/
RUN mv /opt/apache-ant-1.10.14 /opt/ant
RUN ln -s /opt/ant/bin/ant /usr/bin/ant
RUN rm ${TMP}/${ANT_ARCHIVE}
Installing initial jboss version
COPY --from=downloader ${TMP}/${JBOSS_ARCHIVE} ${TMP}/${JBOSS_ARCHIVE}
RUN unzip ${TMP}/${JBOSS_ARCHIVE} -d ${JBOSS_ROOT}
Copying JBoss patch archive downloaded during previous step
COPY --from=downloader ${TMP}/${PATCH_ARCHIVE} ${TMP}/${PATCH_ARCHIVE}
Copying jboss patch script and application server startup scripts from project
COPY Setup/patch-jboss.sh /opt/patch-jboss.sh
COPY Setup/entrypoint.sh /opt/jboss/entrypoint.sh
Making patch and startup scripts executable
RUN chmod +x /opt/patch-jboss.sh
RUN dos2unix /opt/patch-jboss.sh
RUN chmod +x /opt/jboss/entrypoint.sh
RUN dos2unix /opt/jboss/entrypoint.sh
RUN /opt/patch-jboss.sh ${JBOSS_HOME} ${TMP}
Add missing libraries from project to application server
COPY --from=downloader ${TMP}/${MYSQL_DRIVER} ${JBOSS_HOME}/standalone/deployments/${MYSQL_DRIVER}
COPY CochraneCMS/lib/modules ${JBOSS_HOME}/modules
COPY CmsQaService/lib/modules ${JBOSS_HOME}/modules
COPY CmsRenderService/lib/modules ${JBOSS_HOME}/modules
Adding resources from project
COPY Setup/ct-scripts/. ${CT}
COPY CochraneCMS/resources/. ${COCHRANE_RES}
COPY CmsQaService/resources/. ${COCHRANE_RES}
COPY CmsRenderService/resources/. ${COCHRANE_RES}
Making scripts executable and fixing line breaks
RUN find ${CT} -type f -exec dos2unix {} +
RUN find ${CT} -name "*.sh" -exec chmod u+x {} +
Copying application source code for ant build
COPY .git .git
COPY CmsQaService CmsQaService
COPY CmsRenderService CmsRenderService
COPY CochraneCMS CochraneCMS
COPY Configurator Configurator
Building and deploying application
RUN git config --global safe.directory /workspace
RUN ant docker-deploy -Dhost=docker -Djboss.home=${JBOSS_HOME} -buildfile /workspace/CochraneCMS/build-docker.xml
RUN ant docker-deploy -Dhost=docker -Djboss.home=${JBOSS_HOME} -buildfile /workspace/CmsQaService/build-docker.xml
RUN ant docker-deploy -Dhost=docker -Djboss.home=${JBOSS_HOME} -buildfile /workspace/CmsRenderService/build-docker.xml
Cleaning workspace
RUN rm -rf /workspace
Deleting default JBoss configuration
RUN rm -rf $JBOSS_HOME/standalone/configuration
Copying container configurations for all environments
RUN mkdir -p ${CONFIG_ROOT}
COPY Setup/config/. ${CONFIG_ROOT}
Changing application resources ownership to application user
RUN groupadd -g 2000 ${APP_USER} && useradd ${APP_USER} -u 2000 -g ${APP_USER} -d ${CT} -m
RUN chown -R ${APP_USER}:${APP_USER} ${JBOSS_ROOT}
RUN chown -R ${APP_USER}:${APP_USER} ${TMP}
RUN chown -R ${APP_USER}:${APP_USER} ${CONTENT_ROOT}
RUN chown -R ${APP_USER}:${APP_USER} ${LOGS_ROOT}
RUN chown -R ${APP_USER}:${APP_USER} ${CT}
RUN chown -R ${APP_USER}:${APP_USER} ${CONFIG_ROOT}
Swithcing current user to application user
USER ${APP_USER}
Starting application server
EXPOSE 8080 8443 9990 8787
CMD ["/opt/jboss/entrypoint.sh"]
#!/bin/sh
ENV_NAME is provided by Jenkins job and could have values dev, qa, sit and prod Also, for local testing you could also use value "local"
cp /opt/config/xdps-app/${ENV_NAME}/truststore.ks /CT/truststore.ks
cp /opt/config/xdps-app/${ENV_NAME}/known_hosts /CT/.ssh/known_hosts
ID_RSA_BASE64 and ID_PERICLES_BASE64 are stored as environment specific Vault secrets and substituted automatically by Jenkins job.
echo ${ID_RSA_BASE64} | base64 --decode > /CT/.ssh/id_rsa
echo ${ID_PERICLES_BASE64} | base64 --decode > /CT/.ssh/pericles-sftp.pem
chmod 600 /CT/.ssh/id_rsa
chmod 644 /CT/.ssh/known_hosts
chmod 600 /CT/.ssh/pericles-sftp.pem
JAVA_OPTS is JVM related part of of startup command and it is stored separately for each environment in github project do-contenttech-appcfg on paths like envfiles/dev/xdps-app/envfile
export JAVA_OPTS="$JAVA_OPTS \
-Xbootclasspath/p:\
/opt/jboss/jboss-eap-7.4/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-2.1.18.Final-redhat-00001.jar:\
/opt/jboss/jboss-eap-7.4/modules/system/layers/base/org/wildfly/common/main/wildfly-common-1.5.4.Final-redhat-00001.jar \
-Djava.util.logging.manager=org.jboss.logmanager.LogManager \
-Djava.awt.headless=true \
-Djboss.modules.system.pkgs=org.jboss.byteman,org.jboss.logmanager \
-Djavax.net.ssl.trustStore=/CT/truststore.ks \
-Djavax.net.ssl.trustStorePassword=abc123 \
-Djava.net.preferIPv4Stack=true \
-Dfile.encoding=UTF-8 \
-Dcom.sun.jersey.server.impl.cdi.lookupExtensionInBeanManager=true"
exec /opt/jboss/jboss-eap-7.4/bin/standalone.sh \
-Djboss.server.config.url=file:///opt/config/xdps-app/${ENV_NAME}/ \
-Djboss.server.config.dir=/opt/config/xdps-app/${ENV_NAME}/ \
-Djboss.server.log.dir=/opt/logs/
DATABASE_PASSWORD and DATABASE_USERNAME here are environment specific secrets stored in Vault Again, for local testing these variables should be set manually
...
<datasource jta="true" jndi-name="java:jboss/datasources/CochraneCmsDS" pool-name="CochraneCmsDS">
<connection-url>jdbc:mysql://xdps-app-dev.clgqhpadyojf.us-east-1.rds.amazonaws.com:3306/cochrane_cms?rewriteBatchedStatements=true</connection-url>
<driver>mysql</driver>
<transaction-isolation>TRANSACTION_REPEATABLE_READ</transaction-isolation>
<pool>
<min-pool-size>10</min-pool-size>
<max-pool-size>50</max-pool-size>
<flush-strategy>FailingConnectionOnly</flush-strategy>
</pool>
<security>
<user-name>${env.DATABASE_USERNAME}</user-name>
<password>${env.DATABASE_PASSWORD}</password>
...
Get new JBoss or JBoss patch version on RedHat site (authentication required)
Upload artifacts to Wiley repository
Update patch or server versions in Dockerfile:
ARG JBOSS_ARCHIVE=jboss-eap-**7.4.0**.zip
ARG PATCH_ARCHIVE=jboss-eap-**7.4.18**-patch.zip
ARG JBOSS_ARCHIVE_URL=${ARTIFACTORY}/thirdparty/3rdparty/xdps/jboss/**7.4**/server/jboss-eap-**7.4.0**.zip
ARG PATCH_ARCHIVE_URL=${ARTIFACTORY}/thirdparty/3rdparty/xdps/jboss/**7.4**/patch/jboss-eap-**7.4.18**-patch.zip
...
ARG JBOSS_ARCHIVE=jboss-eap-**7.4.0**.zip
ARG PATCH_ARCHIVE=jboss-eap-**7.4.18**-patch.zip
...
ARG JBOSS_HOME=/opt/jboss/jboss-eap-**7.4**
Update patch version in patch installation script - patch-jboss.sh
#!/bin/bash
$JBOSS_HOME/bin/standalone.sh -c=standalone-full.xml &
sleep 30
$JBOSS_HOME/bin/jboss-cli.sh --connect --command='patch apply /TMP/jboss-eap-**7.4.18**-patch.zip'
$JBOSS_HOME/bin/jboss-cli.sh --connect --command=:shutdown
If server version changed - update it in startup script entrypoint.sh
#!/bin/sh
...
export JAVA_OPTS="$JAVA_OPTS \
-Xbootclasspath/p:\
/opt/jboss/jboss-eap-**7.4**/modules/system/layers/base/org/jboss/logmanager/main/jboss-logmanager-2.1.18.Final-redhat-00001.jar:\
/opt/jboss/jboss-eap-**7.4**/modules/system/layers/base/org/wildfly/common/main/wildfly-common-1.5.4.Final-redhat-00001.jar \
...
exec /opt/jboss/jboss-eap-**7.4**/bin/standalone.sh \
-Djboss.server.config.url=file:///opt/config/xdps-app/${ENV_NAME}/ \
...