From 5b2819aaa795c50e7e1707e60ae79f354f123a8b Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 26 Jan 2022 17:44:28 -0500 Subject: [PATCH 1/5] feat(jdp): add env var to enable JDP --- README.md | 15 ++++++++------- src/main/extras/app/entrypoint.sh | 5 ++++- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index b436bbb872..a036ef0669 100644 --- a/README.md +++ b/README.md @@ -103,18 +103,19 @@ Note: If your podman runtime is set to runc v1.0.0-rc91 or later it is not neces ## CONFIGURATION -Cryostat can be configured via the following environment variables +Cryostat can be configured via the following environment variables: #### Configuration for cryostat -* `CRYOSTAT_WEB_HOST`: the hostname used by the cryostat web server -* `CRYOSTAT_WEB_PORT`: the internal port used by the cryostat web server -* `CRYOSTAT_EXT_WEB_PORT`: the external port used by the cryostat web server -* `CRYOSTAT_CORS_ORIGIN`: the origin for CORS to load a different cryostat-web instance +* `CRYOSTAT_WEB_HOST`: the hostname used by the cryostat web server. Defaults to reverse-DNS resolving the host machine's hostname. +* `CRYOSTAT_WEB_PORT`: the internal port used by the cryostat web server. Defaults to 8181. +* `CRYOSTAT_EXT_WEB_PORT`: the external port used by the cryostat web server. Defaults to be equal to `CRYOSTAT_WEB_PORT`. +* `CRYOSTAT_CORS_ORIGIN`: the origin for CORS to load a different cryostat-web instance. Defaults to the empty string, which disables CORS. * `CRYOSTAT_MAX_WS_CONNECTIONS`: the maximum number of websocket client connections allowed (minimum 1, maximum 64, default 2) -* `CRYOSTAT_AUTH_MANAGER`: the authentication/authorization manager used for validating user accesses. See the `USER AUTHENTICATION / AUTHORIZATION` section for more details. Set to the fully-qualified class name of the auth manager implementation to use, ex. `io.cryostat.net.BasicAuthManager`. +* `CRYOSTAT_AUTH_MANAGER`: the authentication/authorization manager used for validating user accesses. See the `USER AUTHENTICATION / AUTHORIZATION` section for more details. Set to the fully-qualified class name of the auth manager implementation to use, ex. `io.cryostat.net.BasicAuthManager`. Defaults to an AuthManager corresponding to the selected deployment platform, whether explicit or automatic (see below). * `CRYOSTAT_PLATFORM`: the platform client used for performing platform-specific actions, such as listing available target JVMs. If `CRYOSTAT_AUTH_MANAGER` is not specified then a default auth manager will also be selected corresponding to the platform, whether that platform is specified by the user or automatically detected. Set to the fully-qualified name of the platform detection strategy implementation to use, ex. `io.cryostat.platform.internal.KubeEnvPlatformStrategy`. -* `CRYOSTAT_CONFIG_PATH`: the filesystem path for the configuration directory (default `/opt/cryostat.d/conf.d`) +* `CRYOSTAT_ENABLE_JDP_BROADCAST`: enable the Cryostat JVM to broadcast itself via JDP (Java Discovery Protocol). Defaults to `false`. +* `CRYOSTAT_CONFIG_PATH`: the filesystem path for the configuration directory. Defaults to `/opt/cryostat.d/conf.d`. #### Configuration for Automated Analysis Reports diff --git a/src/main/extras/app/entrypoint.sh b/src/main/extras/app/entrypoint.sh index b7d02202b9..e6195f73cd 100755 --- a/src/main/extras/app/entrypoint.sh +++ b/src/main/extras/app/entrypoint.sh @@ -106,13 +106,16 @@ fi FLAGS=( "-XX:+CrashOnOutOfMemoryError" - "-Dcom.sun.management.jmxremote.autodiscovery=true" "-Dcom.sun.management.jmxremote.port=$CRYOSTAT_RJMX_PORT" "-Dcom.sun.management.jmxremote.rmi.port=$CRYOSTAT_RMI_PORT" "-Djavax.net.ssl.trustStore=$SSL_TRUSTSTORE" "-Djavax.net.ssl.trustStorePassword=$SSL_TRUSTSTORE_PASS" ) +if [ "CRYOSTAT_ENABLE_JDP_BROADCAST" = "true" ]; then + FLAGS+=("-Dcom.sun.management.jmxremote.autodiscovery=true") +fi + importTrustStores if [ "$CRYOSTAT_DISABLE_JMX_AUTH" = "true" ]; then From 96243318fb02ac3a5a7d16429c58f4a98872830c Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 26 Jan 2022 17:48:05 -0500 Subject: [PATCH 2/5] feat(jdp): add env vars for JDP addr and port --- README.md | 2 ++ src/main/extras/app/entrypoint.sh | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index a036ef0669..d63ab51dad 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,8 @@ Cryostat can be configured via the following environment variables: * `CRYOSTAT_AUTH_MANAGER`: the authentication/authorization manager used for validating user accesses. See the `USER AUTHENTICATION / AUTHORIZATION` section for more details. Set to the fully-qualified class name of the auth manager implementation to use, ex. `io.cryostat.net.BasicAuthManager`. Defaults to an AuthManager corresponding to the selected deployment platform, whether explicit or automatic (see below). * `CRYOSTAT_PLATFORM`: the platform client used for performing platform-specific actions, such as listing available target JVMs. If `CRYOSTAT_AUTH_MANAGER` is not specified then a default auth manager will also be selected corresponding to the platform, whether that platform is specified by the user or automatically detected. Set to the fully-qualified name of the platform detection strategy implementation to use, ex. `io.cryostat.platform.internal.KubeEnvPlatformStrategy`. * `CRYOSTAT_ENABLE_JDP_BROADCAST`: enable the Cryostat JVM to broadcast itself via JDP (Java Discovery Protocol). Defaults to `false`. +* `CRYOSTAT_JDP_ADDRESS`: the JDP multicast address to send discovery packets. Defaults to `224.0.23.178`. +* `CRYOSTAT_JDP_PORT`: the JDP multicast port to send discovery packets. Defaults to `7095`. * `CRYOSTAT_CONFIG_PATH`: the filesystem path for the configuration directory. Defaults to `/opt/cryostat.d/conf.d`. #### Configuration for Automated Analysis Reports diff --git a/src/main/extras/app/entrypoint.sh b/src/main/extras/app/entrypoint.sh index e6195f73cd..0e67c4eff7 100755 --- a/src/main/extras/app/entrypoint.sh +++ b/src/main/extras/app/entrypoint.sh @@ -116,6 +116,14 @@ if [ "CRYOSTAT_ENABLE_JDP_BROADCAST" = "true" ]; then FLAGS+=("-Dcom.sun.management.jmxremote.autodiscovery=true") fi +if [ -z "CRYOSTAT_JDP_ADDRESS" ]; then + FLAGS+=("-Dcom.sun.management.jmxremote.jdp.address=$CRYOSTAT_JDP_ADDRESS") +fi + +if [ -z "CRYOSTAT_JDP_PORT" ]; then + FLAGS+=("-Dcom.sun.management.jmxremote.jdp.port=$CRYOSTAT_JDP_PORT") +fi + importTrustStores if [ "$CRYOSTAT_DISABLE_JMX_AUTH" = "true" ]; then From ba0fa3d8480b21e67ae2bb4c3c51d21f3b54b17b Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 26 Jan 2022 17:49:37 -0500 Subject: [PATCH 3/5] enable JDP in development tests --- pom.xml | 2 ++ run.sh | 1 + 2 files changed, 3 insertions(+) diff --git a/pom.xml b/pom.xml index b456e55904..a3248f7cf1 100644 --- a/pom.xml +++ b/pom.xml @@ -398,6 +398,8 @@ --mount type=tmpfs,target=/opt/cryostat.d/probes.d --env + CRYOSTAT_ENABLE_JDP_BROADCAST=true + --env CRYOSTAT_TARGET_CACHE_TTL=60 --env CRYOSTAT_DISABLE_JMX_AUTH=true diff --git a/run.sh b/run.sh index 9ddf7de976..f67c91bf7e 100755 --- a/run.sh +++ b/run.sh @@ -98,6 +98,7 @@ podman run \ --mount type=bind,source="$(dirname $0)/templates",destination=/opt/cryostat.d/templates.d,relabel=shared \ --mount type=bind,source="$(dirname $0)/truststore",destination=/truststore,relabel=shared \ --mount type=tmpfs,target=/opt/cryostat.d/probes.d \ + -e CRYOSTAT_ENABLE_JDP_BROADCAST=true \ -e CRYOSTAT_REPORT_GENERATOR=$CRYOSTAT_REPORT_GENERATOR \ -e CRYOSTAT_PLATFORM=$CRYOSTAT_PLATFORM \ -e CRYOSTAT_DISABLE_SSL=$CRYOSTAT_DISABLE_SSL \ From f218e42373e46bf8a26ffad00fdf20f0eb25a106 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 26 Jan 2022 18:02:13 -0500 Subject: [PATCH 4/5] fix(jdp): broken env var checks --- src/main/extras/app/entrypoint.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/extras/app/entrypoint.sh b/src/main/extras/app/entrypoint.sh index 0e67c4eff7..0e546d2600 100755 --- a/src/main/extras/app/entrypoint.sh +++ b/src/main/extras/app/entrypoint.sh @@ -112,15 +112,15 @@ FLAGS=( "-Djavax.net.ssl.trustStorePassword=$SSL_TRUSTSTORE_PASS" ) -if [ "CRYOSTAT_ENABLE_JDP_BROADCAST" = "true" ]; then +if [ "$CRYOSTAT_ENABLE_JDP_BROADCAST" = "true" ]; then FLAGS+=("-Dcom.sun.management.jmxremote.autodiscovery=true") fi -if [ -z "CRYOSTAT_JDP_ADDRESS" ]; then +if [ -n "$CRYOSTAT_JDP_ADDRESS" ]; then FLAGS+=("-Dcom.sun.management.jmxremote.jdp.address=$CRYOSTAT_JDP_ADDRESS") fi -if [ -z "CRYOSTAT_JDP_PORT" ]; then +if [ -n "$CRYOSTAT_JDP_PORT" ]; then FLAGS+=("-Dcom.sun.management.jmxremote.jdp.port=$CRYOSTAT_JDP_PORT") fi From b98695f0d450ba4f446737835b5f0488e15e8b26 Mon Sep 17 00:00:00 2001 From: Andrew Azores Date: Wed, 2 Feb 2022 12:41:06 -0500 Subject: [PATCH 5/5] default JDP to true for backward compatibility --- README.md | 2 +- src/main/extras/app/entrypoint.sh | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d63ab51dad..8327b2d7a6 100644 --- a/README.md +++ b/README.md @@ -114,7 +114,7 @@ Cryostat can be configured via the following environment variables: * `CRYOSTAT_MAX_WS_CONNECTIONS`: the maximum number of websocket client connections allowed (minimum 1, maximum 64, default 2) * `CRYOSTAT_AUTH_MANAGER`: the authentication/authorization manager used for validating user accesses. See the `USER AUTHENTICATION / AUTHORIZATION` section for more details. Set to the fully-qualified class name of the auth manager implementation to use, ex. `io.cryostat.net.BasicAuthManager`. Defaults to an AuthManager corresponding to the selected deployment platform, whether explicit or automatic (see below). * `CRYOSTAT_PLATFORM`: the platform client used for performing platform-specific actions, such as listing available target JVMs. If `CRYOSTAT_AUTH_MANAGER` is not specified then a default auth manager will also be selected corresponding to the platform, whether that platform is specified by the user or automatically detected. Set to the fully-qualified name of the platform detection strategy implementation to use, ex. `io.cryostat.platform.internal.KubeEnvPlatformStrategy`. -* `CRYOSTAT_ENABLE_JDP_BROADCAST`: enable the Cryostat JVM to broadcast itself via JDP (Java Discovery Protocol). Defaults to `false`. +* `CRYOSTAT_ENABLE_JDP_BROADCAST`: enable the Cryostat JVM to broadcast itself via JDP (Java Discovery Protocol). Defaults to `true`. * `CRYOSTAT_JDP_ADDRESS`: the JDP multicast address to send discovery packets. Defaults to `224.0.23.178`. * `CRYOSTAT_JDP_PORT`: the JDP multicast port to send discovery packets. Defaults to `7095`. * `CRYOSTAT_CONFIG_PATH`: the filesystem path for the configuration directory. Defaults to `/opt/cryostat.d/conf.d`. diff --git a/src/main/extras/app/entrypoint.sh b/src/main/extras/app/entrypoint.sh index 0e546d2600..6bbdb0672c 100755 --- a/src/main/extras/app/entrypoint.sh +++ b/src/main/extras/app/entrypoint.sh @@ -112,8 +112,10 @@ FLAGS=( "-Djavax.net.ssl.trustStorePassword=$SSL_TRUSTSTORE_PASS" ) -if [ "$CRYOSTAT_ENABLE_JDP_BROADCAST" = "true" ]; then +if [ -z "$CRYOSTAT_ENABLE_JDP_BROADCAST" ]; then FLAGS+=("-Dcom.sun.management.jmxremote.autodiscovery=true") +else + FLAGS+=("-Dcom.sun.management.jmxremote.autodiscovery=$CRYOSTAT_ENABLE_JDP_BROADCAST") fi if [ -n "$CRYOSTAT_JDP_ADDRESS" ]; then