Skip to content

Secure JDK Flight Recorder management for containerized JVMs

License

Unknown, Apache-2.0 licenses found

Licenses found

Unknown
LICENSE
Apache-2.0
LICENSE.txt
Notifications You must be signed in to change notification settings

cryostatio/cryostat

Repository files navigation

CI build and push Quay Repository Google Group : Cryostat Development

A container-native JVM application which acts as a bridge to other containerized JVMs and exposes a secure API for producing, analyzing, and retrieving JDK Flight Recorder data from your cloud workloads.

SEE ALSO

  • cryostat.io : upstream documentation website with user guides, tutorials, blog posts, and other user-facing content. Start here if what you've read so far sounds interesting and you want to know more as a user, rather than as a developer. Here you will find instructions on how to install Cryostat using the Cryostat Operator, how to configure your applications to enable connectivity, and how to use the Cryostat application.

  • cryostat-core : the core library providing a convenience wrapper and headless stubs for use of JFR using JDK Mission Control internals.

  • cryostat-operator : an Operator for deploying Cryostat in your OpenShift or Kubernetes cluster.

  • cryostat-helm: a Helm Chart for deploying Cryostat in your OpenShift or Kubernetes cluster

  • cryostat-web : the React frontend included as a submodule in Cryostat and built into Cryostat's OCI images.

  • JDK Mission Control : the desktop application complement to JFR. Some parts of JMC are borrowed and re-used to form the basis of Cryostat. JMC is still a recommended tool for more full-featured analysis of JFR files beyond what Cryostat currently implements.

  • binjr : a timeseries visualization desktop application which supports reading JFR files

This repository contains the source code for Cryostat versions 3.0 and later. Cryostat (née "container-jfr") versions prior to 3.0 are located at cryostatio/cryostat-legacy. Container images from both are published to the same quay.io repository.

CONTRIBUTING

We welcome and appreciate any contributions from our community. Please visit our guide on how you can take part in improving Cryostat.

See contribution guide →

REQUIREMENTS

Build requirements:

Smoketest run requirements:

General run requirements:

  • an OpenShift or Kubernetes cluster
  • OR any other container platform which can host OCI containers

BUILD

This project uses Quarkus, the Supersonic Subatomic Java Framework.

If you want to learn more about Quarkus, please visit its website: https://quarkus.io/ .

Setup Dependencies

For ease and convenience, it is suggested to use podman with the following configurations:

$ systemctl --user enable --now podman.socket

$HOME/.bashrc (or equivalent shell configuration)

export DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock

$HOME/.testcontainers.properties

ryuk.container.privileged=true
docker.client.strategy=org.testcontainers.dockerclient.UnixSocketClientProviderStrategy
testcontainers.reuse.enable=false

Initialize submodules before building:

$ git submodule init && git submodule update
$ cd src/main/webui
$ yarn install && yarn yarn:frzinstall
$ cd -

Build the application container image

The application image can be created using:

# With Maven
$ ./mvnw package
# Or with Quarkus CLI
$ quarkus build

Build and run the application in dev mode

You can run your application in dev mode that enables live coding using:

# With Maven
$ ./mvnw compile quarkus:dev
# Or with Quarkus CLI
$ quarkus dev

This will run Cryostat as a local JVM process hooked up to its frontend, and required companion services in containers. Any changes made to the backend or frontend sources, application.properties, pom.xml, etc. will trigger automatic rebuilds and live-coding.

NOTE: Quarkus now ships with a Dev UI, which is available in dev mode only at http://localhost:8181/q/dev/.

Run the application with dev mode frontend

You can run the server setup with a live coding frontend instance using:

terminal 1

$ ./smoktest.bash -t

terminal 2

$ cd /path/to/cryostat-web # this can be ./src/main/webui , or a separate clone of the cryostat-web repository
$ yarn yarn:frzinstall
$ yarn start:dev

This will run Cryostat, required companion services, and test applications in a podman/docker compose container setup. Changes to frontend sources in /path/to/cryostat-web will trigger automatic rebuilds and live-coding of the web UI only. This is often useful for frontend development compared to the previous dev mode setup, since it allows for the full suite of test applications to be deployed.

The Quarkus Dev UI is not available in this setup.

RUN

Local Smoketesting

Development on this project is primarily done using podman, though things should generally work when using docker as well. Ensure you have performed the podman setup above first, then build the container image and run smoketests. This will spin up the cryostat container and its required services.

# build Cryostat container, clean up any dangling container images/layers
$ ./mvnw package ; podman image prune -f
# alternatively, use Quarkus CLI instead of the Maven wrapper
$ quarkus build ; podman image prune -f
# check the available smoketest options
$ bash smoketest.bash -h
# run a smoketest scenario
$ bash smoketest.bash -O # without the -O flag, the smoketest will pull the latest development image version, rather than the one you just built

To make containers' names DNS-resolvable from the host machine, do:

$ git clone https://github.com/figiel/hosts libuserhosts
$ cd libuserhosts
$ make PREFIX=$HOME/bin all install
$ echo 'export LD_PRELOAD=$HOME/bin/lib/libuserhosts.so' >> ~/.bashrc
$ export LD_PRELOAD=$HOME/bin/lib/libuserhosts.so

(this will require a C compiler toolchain present on your development machine)

You can verify that this setup works by running smoketest.bash, and then in another terminal:

$ LD_PRELOAD=$HOME/bin/libuserhosts.so ping auth
$ LD_PRELOAD=$HOME/bin/libuserhosts.so curl http://auth:8080
$ LD_PRELOAD=$HOME/bin/libuserhosts.so firefox http://auth:8080