Improve the docker image #923
Comments
lmsurpre
added a commit
that referenced
this issue
Apr 20, 2020
This tells the openliberty docker.ci process not to bother with creating
a separate keystore, thereby removing the conflicting values warning:
```
Property password has conflicting values:
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/configDropins/defaults/keystore.xml.
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/server.xml.
```
I also added a version tag (20.0.0.3) to our Dockerfile to make our
builds more consistent...this should be kept in-sync with our
liberty-runtime dependency version in `fhir-parent/pom.xml`.
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 20, 2020
This tells the openliberty docker.ci process not to bother with creating
a separate keystore, thereby removing the conflicting values warning:
```
Property password has conflicting values:
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/configDropins/defaults/keystore.xml.
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/server.xml.
```
I also added a version tag (20.0.0.3) to our Dockerfile to make our
builds more consistent...this should be kept in-sync with our
liberty-runtime dependency version in `fhir-parent/pom.xml`.
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 22, 2020
This tells the openliberty docker.ci process not to bother with creating
a separate keystore, thereby removing the conflicting values warning:
```
Property password has conflicting values:
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/configDropins/defaults/keystore.xml.
Secure value is set in
file:/opt/ol/wlp/usr/servers/fhir-server/server.xml.
```
I also added a version tag (20.0.0.3) to our Dockerfile to make our
builds more consistent...this should be kept in-sync with our
liberty-runtime dependency version in `fhir-parent/pom.xml`.
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
|
Currently we use the "full" image. However, it looks like this should be improved in future versions: OpenLiberty/ci.docker#175 To move to the "kernel" version, we need to move our server name from |
lmsurpre
added a commit
that referenced
this issue
Apr 2, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 3, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 4, 2021
1. Dockerfile now extends liberty `kernel-slim` instead of `full`; this required us to use the defaultServer server instead of fhir-server, but let us take advantage of OpenJ9's Shared Class Cache for faster start times (at the expense of longer docker build times) 2. Added logging environment variables to get basic log and trace messages sent to console by default; everything is done via environment variable so that it can be overridden (at first I used a bootstrap.properties file but I found out that takes precedent over the environment variables set at runtime) 3. Removed the configResources library from server.xml and bulkdata.xml; it turns out we weren't loading our config files from the classpath and so we didn't need this. Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
|
#2196 addresses points number 2 and 3 from the description by extending On the first point, I don't think we see this warning any more. However, we continue to use our own self-signed example certificate (rather than using a liberty-generated one on the fly)...mainly because we have all the trust relationships set up between our client and server certs and this would require significant release automation to replicate. |
lmsurpre
added a commit
that referenced
this issue
Apr 5, 2021
this change splits the COPY /opt/ol/wlp/usr /opt/ol/wlp/usr into two steps: * first we move just the server.xml and configDropins * then, after installing the liberty features, we add the application * finally, we add the bootstrap.sh script and related tools Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 5, 2021
this change splits the COPY /opt/ol/wlp/usr /opt/ol/wlp/usr into two steps: * first we move just the server.xml and configDropins * then, after installing the liberty features, we add the application * finally, we add the bootstrap.sh script and related tools Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre
added a commit
that referenced
this issue
Apr 5, 2021
issue #923 - run features.sh earlier to enable layer caching
|
I also moved us onto the java 11 version of liberty (from java 8) |
|
Deployed a new created docker image in the cloud and the the server seems to be up and running quite a bit faster than before. Marking this as closed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Follow-on from #837
Currently, we install our own server.xml and our own server, then delete the defaultServer.
However, now that we're based on OpenLiberty, we should follow the guidance at https://github.com/OpenLiberty/ci.docker#building-an-application-image
Here's at least 3 things that I think we could clean up/take advantage of:
We might be able to workaround that by convincing Liberty not to mixin their own keystore.xml, but a better option would be to just let liberty generate its own keystore instead of pre-packaging ours.
For more info, see https://github.com/OpenLiberty/ci.docker/blob/master/SECURITY.md#providing-a-custom-keystore
This should help us with the startup performance, which I feel is noticably slower since we moved to OpenLiberty 20.0.0.3 (not sure if its about OpenLiberty vs WebSphere Liberty or about 19.0.0.12 vs 20.0.0.3)
The text was updated successfully, but these errors were encountered: