### Dockerfile for Open Liberty Application Image Source: https://github.com/openliberty/ci.docker/blob/main/README.md This Dockerfile demonstrates how to build a custom Open Liberty application image. It starts from a base Open Liberty image, copies server configuration, features, interim fixes, and the application WAR file, then runs configuration scripts to prepare the image. ```dockerfile FROM icr.io/appcafe/open-liberty:kernel-slim-java17-openj9-ubi # Add Liberty server configuration including all necessary features COPY --chown=1001:0 server.xml /config/ # Modify feature repository (optional) # A sample is in the 'Getting Required Features' section below COPY --chown=1001:0 featureUtility.properties /opt/ol/wlp/etc/ # This script will add the requested XML snippets to enable Liberty features and grow image to be fit-for-purpose using featureUtility. # Only available in 'kernel-slim'. The 'full' tag already includes all features for convenience. RUN features.sh # Add interim fixes (optional) COPY --chown=1001:0 interim-fixes /opt/ol/fixes/ # Add app COPY --chown=1001:0 Sample1.war /config/dropins/ # This script will add the requested server configurations, apply any interim fixes and populate caches to optimize runtime RUN configure.sh ``` -------------------------------- ### Kubernetes/OpenShift core_pattern Examples Source: https://github.com/openliberty/ci.docker/blob/main/README.md These examples demonstrate the content of the `/proc/sys/kernel/core_pattern` file in Kubernetes and OpenShift environments. The presence of a pipe symbol (`|`) at the beginning of this file indicates that core dumps are processed by a user-space program. ```console $ cat /proc/sys/kernel/core_pattern |/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e ``` ```console $ cat /proc/sys/kernel/core_pattern |/usr/share/apport/apport %p %s %c %d %P %E ``` -------------------------------- ### Configure Open Liberty with Infinispan Session Caching (Dockerfile) Source: https://github.com/openliberty/ci.docker/blob/main/README.md This Dockerfile configures Open Liberty to use Infinispan for session caching. It installs the Infinispan client JARs, copies them to the Liberty shared resources, and sets the INFINISPAN_SERVICE_NAME environment variable. It also includes commented-out variables for host, port, user, and password for advanced configurations. ```Dockerfile ### Infinispan Session Caching ### FROM icr.io/appcafe/open-liberty:kernel-slim-java8-openj9-ubi AS infinispan-client # Install Infinispan client jars USER root RUN infinispan-client-setup.sh USER 1001 FROM icr.io/appcafe/open-liberty:kernel-slim-java8-openj9-ubi AS open-liberty-infinispan # Copy Infinispan client jars to Open Liberty shared resources COPY --chown=1001:0 --from=infinispan-client /opt/ol/wlp/usr/shared/resources/infinispan /opt/ol/wlp/usr/shared/resources/infinispan # Instruct configure.sh to use Infinispan for session caching. # This should be set to the Infinispan service name. # TIP - Run the following oc/kubectl command with admin permissions to determine this value: # oc get infinispan -o jsonpath={.items[0].metadata.name} ENV INFINISPAN_SERVICE_NAME=example-infinispan # Uncomment and set to override auto detected values. # These are normally not needed if running in a Kubernetes environment. # One such scenario would be when the Infinispan and Liberty deployments are in different namespaces/projects. #ENV INFINISPAN_HOST= #ENV INFINISPAN_PORT= #ENV INFINISPAN_USER= #ENV INFINISPAN_PASS= # This script will add the requested XML snippets and grow image to be fit-for-purpose RUN configure.sh ``` -------------------------------- ### Run Open Liberty Container with Logging Environment Variables Source: https://github.com/openliberty/ci.docker/blob/main/README.md This example demonstrates how to run an Open Liberty container with specific environment variables to control logging. It sets the console format to JSON, the log level to 'info', and includes 'message', 'trace', 'accessLog', 'ffdc', and 'audit' as sources for console logging. ```shell docker run -d -p 80:9080 -p 443:9443 -e WLP_LOGGING_CONSOLE_FORMAT=JSON -e WLP_LOGGING_CONSOLE_LOGLEVEL=info -e WLP_LOGGING_CONSOLE_SOURCE=message,trace,accessLog,ffdc,audit open-liberty:latest ``` -------------------------------- ### Configure SSO: Provider Specific Environment Variables (Example) Source: https://github.com/openliberty/ci.docker/blob/main/SECURITY.md Demonstrates how provider-specific environment variables are named for SSO configuration. The naming convention follows `SEC_SSO__`, allowing for detailed configuration of each provider. ```dockerfile # Example for a provider named 'provider2' requiring a client secret ENV SEC_SSO_PROVIDER2_CLIENTSECRET="your_client_secret_here" ``` -------------------------------- ### Configure Open Liberty Logging in Dockerfile Source: https://github.com/openliberty/ci.docker/blob/main/README.md This snippet shows how to copy a custom bootstrap.properties file into the Open Liberty Docker image to disable writing to trace.log and direct trace data to the console. It ensures the configuration is applied when the container starts. ```dockerfile COPY --chown=1001:0 bootstrap.properties /config/ ``` -------------------------------- ### Configure JMS Endpoint in Open Liberty Source: https://github.com/openliberty/ci.docker/blob/main/README.md Adds configuration properties for a JMS endpoint, with options for SSL enabled or disabled configurations. The specific XML snippet depends on the SSL setup. ```XML ``` -------------------------------- ### Push Manifest List using Command-Line Arguments Source: https://github.com/openliberty/ci.docker/blob/main/docs/multi-arch-images.md Pushes the manifest list to the registry using the 'from-args' command of manifest-tool, specifying platforms and template/target images via arguments. Requires specifying registry credentials on MacOS. ```bash ./manifest-tool push from-args \ --platforms linux/amd64,linux/s390x \ --template //multi-arch:ARCH \ --target //multi-arch:latest ``` -------------------------------- ### Build and Push Image for amd64 Source: https://github.com/openliberty/ci.docker/blob/main/docs/multi-arch-images.md Builds a Docker image for the amd64 architecture and pushes it to a specified registry. This is a prerequisite for creating a multi-arch image. ```bash docker build -t //multi-arch:amd64 -f Dockerfile . docker push //multi-arch:amd64 ``` -------------------------------- ### Inspect Multi-Arch Image Source: https://github.com/openliberty/ci.docker/blob/main/docs/multi-arch-images.md Inspects the created multi-arch image to verify that all manifest references are included. ```bash /manifest-tool inspect //multi-arch:latest ``` -------------------------------- ### Build and Push Image for s390x Source: https://github.com/openliberty/ci.docker/blob/main/docs/multi-arch-images.md Builds a Docker image for the s390x architecture and pushes it to a specified registry. This is a prerequisite for creating a multi-arch image. ```bash docker build -t //multi-arch:s390x -f Dockerfile . docker push //multi-arch:s390x ``` -------------------------------- ### Push Manifest List using YAML Specification Source: https://github.com/openliberty/ci.docker/blob/main/docs/multi-arch-images.md Pushes the manifest list to the registry using the 'from-spec' command of manifest-tool. Requires specifying registry credentials on MacOS. ```bash ./manifest-tool push multi-arch.yaml ./manifest-tool --username --password push multi-arch.yaml ``` -------------------------------- ### Create Manifest List using YAML Specification Source: https://github.com/openliberty/ci.docker/blob/main/docs/multi-arch-images.md Creates a YAML file defining source images and a target image for a manifest list. This file is then used with the manifest-tool to build the multi-arch image. ```yaml image: //multi-arch:latest manifests: - image: //multi-arch:s390x platform: architecture: s390x os: linux - image: //multi-arch:amd64 platform: architecture: amd64 os: linux ``` -------------------------------- ### Configure Open Liberty JSON Logging Source: https://github.com/openliberty/ci.docker/blob/main/README.md This bootstrap.properties configuration directs Open Liberty logs to the console in JSON format. It specifies which log sources (messages, trace, access logs, etc.) should be included and optionally disables writing to traditional log files. ```properties # direct events to console in json format com.ibm.ws.logging.console.log.level=info com.ibm.ws.logging.console.format=json com.ibm.ws.logging.console.source=message,trace,accessLog,ffdc,audit # disable writing to messages.log by not including any sources (optional) com.ibm.ws.logging.message.format=json com.ibm.ws.logging.message.source= ``` -------------------------------- ### Configure Hazelcast Session Caching in Dockerfile Source: https://github.com/openliberty/ci.docker/blob/main/README.md Provides a Dockerfile snippet to enable Hazelcast session caching in Open Liberty. It includes copying Hazelcast client libraries, configuring Hazelcast XML, and setting environment variables for topology (client-server or embedded) and verbosity. The snippet also highlights the use of the `configure.sh` script for applying these configurations. ```dockerfile ### Hazelcast Session Caching ### # Copy the Hazelcast libraries from the Hazelcast container image COPY --from=hazelcast/hazelcast --chown=1001:0 /opt/hazelcast/lib/*.jar /opt/ol/wlp/usr/shared/resources/hazelcast/ # Instruct configure.sh to copy the client topology hazelcast.xml ARG HZ_SESSION_CACHE=client # Default setting for the verbose option ARG VERBOSE=false # Instruct configure.sh to copy the embedded topology hazelcast.xml and set the required system property #ARG HZ_SESSION_CACHE=embedded #ENV JAVA_TOOL_OPTIONS="-Dhazelcast.jcache.provider.type=server ${JAVA_TOOL_OPTIONS}" ## This script will add the requested XML snippets and grow image to be fit-for-purpose RUN configure.sh ``` -------------------------------- ### Copy Custom XML Snippet to Open Liberty Docker Source: https://github.com/openliberty/ci.docker/blob/main/README.md This Dockerfile snippet demonstrates how to copy a customized XML configuration snippet into the Open Liberty container's override directory. This allows for runtime configuration changes without needing to rebuild the image with specific build arguments. ```dockerfile COPY --chown=1001:0 /config/configDropins/overrides ``` -------------------------------- ### Configure MicroProfile Monitoring in Open Liberty Source: https://github.com/openliberty/ci.docker/blob/main/README.md Monitors the server runtime environment and application metrics using Liberty features `mpMetrics-1.1` and `monitor-1.0`. The `/metrics` endpoint is configured without authentication for broader compatibility. ```XML mpMetrics-1.1 monitor-1.0 ``` -------------------------------- ### Apply Interim Fixes using Dockerfile Source: https://github.com/openliberty/ci.docker/blob/main/releases/applying-ifixes/README.md This snippet demonstrates how to apply interim fixes during the Docker build. It involves copying the interim fix JAR files into the `/fixes` directory and then executing the `configure.sh` script to apply them. ```dockerfile # Add interim fixes (optional) COPY --chown=1001:0 interim-fixes /fixes/ # This script will add the requested XML snippets, grow image to be fit-for-purpose and apply interim fixes RUN configure.sh ``` -------------------------------- ### Feature Utility Properties for Remote Repository Source: https://github.com/openliberty/ci.docker/blob/main/README.md This configuration file specifies an alternative remote repository for downloading Liberty features using the `featureUtility.properties`. It includes the URL, username, and password for accessing the repository. ```properties remoteRepo.url=https://my-remote-server/secure/maven2 remoteRepo.user=operator remoteRepo.password={aes}KM8dhwcv892Ss1sawu9R+ ``` -------------------------------- ### Configure SSO: Set Redirect Host and Port (Deploy Time) Source: https://github.com/openliberty/ci.docker/blob/main/SECURITY.md Specifies the protocol, host, and port that the identity provider should use to redirect the user back after authentication. This is crucial for the SSO flow to complete correctly. ```dockerfile ENV SEC_SSO_REDIRECTTORPHOSTANDPORT="https://myApp-myNamespace-myClusterHostname.mycompany.com" ``` -------------------------------- ### Configure IIOP Endpoint in Open Liberty Source: https://github.com/openliberty/ci.docker/blob/main/README.md Adds configuration properties for an IIOP endpoint, supporting both SSL enabled and disabled configurations. Requires setting the `IIOP_ENDPOINT_HOST` environment variable. ```XML ``` -------------------------------- ### Configure SSO: Define Identity Providers (Build Time) Source: https://github.com/openliberty/ci.docker/blob/main/SECURITY.md Configures Single Sign-On (SSO) by specifying the identity providers to be used during the image build. Multiple providers can be listed, separated by spaces. Supports OIDC, OAuth2, Facebook, Twitter, GitHub, Google, and LinkedIn. ```dockerfile # Example: Use Google and two OIDC providers ARG SEC_SSO_PROVIDERS="google oidc:provider1,provider2" # Ensure HTTPS is used if providers require it ARG TLS=true # Run the configuration script RUN configure.sh ``` -------------------------------- ### Mount Infinispan Secret in Docker Source: https://github.com/openliberty/ci.docker/blob/main/README.md Demonstrates how to mount an Infinispan generated secret as a volume in Open Liberty containers. This includes specifying the secret name, volume mount path, and read-only access. It also mentions environment variables for overriding the default mount point and alternative configuration when Infinispan and Liberty are in different namespaces. ```yaml ... spec: volumes: - name: infinispan-secret-volume secret: secretName: example-infinispan-generated-secret containers: - name: servera-container image: ol-runtime-infinispan-client:1.0.0 ports: - containerPort: 9080 volumeMounts: - name: infinispan-secret-volume readOnly: true mountPath: "/platform/bindings/infinispan/secret" ... ``` -------------------------------- ### Configure TLS: Provide Custom Keystore Source: https://github.com/openliberty/ci.docker/blob/main/SECURITY.md Enables using a custom keystore file during the image build phase. The keystore file (key.p12) is copied into the image, and its password can be overridden using a keystore.xml file. ```dockerfile # Copy custom keystore into the image COPY key.p12 /output/resources/security/key.p12 # Override keystore password by providing keystore.xml COPY keystore.xml /config/configDropins/defaults/ ``` -------------------------------- ### Configure HTTP Endpoint in Open Liberty Source: https://github.com/openliberty/ci.docker/blob/main/README.md Adds configuration properties for an HTTP endpoint. This can be configured using SSL enabled or disabled endpoints. The XML snippet location varies based on SSL configuration. ```XML ``` -------------------------------- ### Configure TLS: Provide Custom Certificates Source: https://github.com/openliberty/ci.docker/blob/main/SECURITY.md Allows providing custom PEM-encoded certificates (key, certificate, and CA) by mounting them into a specified directory within the container. The container automatically converts these into keystore and truststore files. ```dockerfile # Specify the directory containing custom certificates ENV TLS_DIR=/etc/x509/certs/ # Mount custom certificate files (tls.key, tls.crt, ca.crt) into TLS_DIR ``` -------------------------------- ### Configure MicroProfile Health Check in Open Liberty Source: https://github.com/openliberty/ci.docker/blob/main/README.md Checks the health of the environment using the Liberty feature `mpHealth-1.0`, which implements MicroProfile Health. The configuration is provided via an XML snippet. ```XML mpHealth-1.0 ``` -------------------------------- ### Configure TLS: Import Kubernetes Certificates Source: https://github.com/openliberty/ci.docker/blob/main/SECURITY.md Enables importing certificates from Kubernetes service account secrets into the truststore. This is useful in Kubernetes environments where certificates are managed by the cluster. ```dockerfile ENV SEC_IMPORT_K8S_CERTS=true # Mount Kubernetes service account secrets VOLUME /var/run/secrets/kubernetes.io/serviceaccount ``` -------------------------------- ### Liberty Server Log Messages for Dump Issues Source: https://github.com/openliberty/ci.docker/blob/main/README.md This snippet displays log messages from a Liberty server when encountering issues with system dumps. It highlights the `JVMPORT030W` warning indicating that the core dump is piped to an external program and the subsequent `JVMDUMP012E` error when the core file is not found. ```console [AUDIT ] CWWKE0057I: Introspect request received. The server is dumping status. JVMDUMP034I User requested System dump using '/opt/ibm/wlp/output/defaultServer/core.20200605.191845.1.0001.dmp' through com.ibm.jvm.Dump.triggerDump JVMPORT030W /proc/sys/kernel/core_pattern setting "|/usr/lib/systemd/systemd-coredump %P %u %g %s %t %c %h %e" specifies that the core dump is to be piped to an external program. Attempting to rename either core or core.190. JVMDUMP012E Error in System dump: The core file created by child process with pid = 190 was not found. Expected to find core file with name "/opt/ibm/wlp/output/defaultServer/core.190" [AUDIT ] CWWKE0068I: Java dump created: /opt/ibm/wlp/output/defaultServer/The core file created by child process with pid = 190 was not found. Expected to find core file with name "/opt/ibm/wlp/output/defaultServer/core.190" ``` -------------------------------- ### Configure TLS: Trust Default Certificates Source: https://github.com/openliberty/ci.docker/blob/main/SECURITY.md Enables trusting certificates from default JVM certificate authorities in addition to a configured truststore. This is useful for automatically trusting certificates from known CAs. ```dockerfile ENV SEC_TLS_TRUSTDEFAULTCERTS=true ``` -------------------------------- ### Liberty Server Dump Error with System Include Source: https://github.com/openliberty/ci.docker/blob/main/README.md This snippet shows the error encountered when generating a Liberty server dump with `--include=system` in a Kubernetes/OpenShift environment. The error occurs because the `core_pattern` file in the container contains a pipe symbol, causing the system dump to be piped to an external program instead of being saved directly. ```console $ server dump defaultServer --archive=all.dump.zip --include=system Dumping server defaultServer. CWWKE0009E: The system cannot find the following file and this file will not be included in the server dump archive: /opt/ibm/wlp/output/defaultServer/The core file created by child process with pid = 252052 was not found. Expected to find core file with name "/opt/ibm/wlp/output/defaultServer/core.252052" Server defaultServer dump complete in /opt/ibm/wlp/output/defaultServer/all.dump.zip. ``` -------------------------------- ### List OpenLiberty Docker Image Tags (25.0.0.3) Source: https://github.com/openliberty/ci.docker/blob/main/docs/icr-images.md This code block displays the available Docker image tags for OpenLiberty version 25.0.0.3. These tags are organized to indicate the image type (kernel-slim or full), Java version, OpenJ9/IBM Java runtime, and the base operating system (ubi or ubi-minimal). ```text 25.0.0.3-kernel-slim-java21-openj9-ubi-minimal 25.0.0.3-kernel-slim-java17-openj9-ubi 25.0.0.3-kernel-slim-java11-openj9-ubi 25.0.0.3-kernel-slim-java8-openj9-ubi 25.0.0.3-kernel-slim-java8-ibmjava-ubi 25.0.0.3-full-java21-openj9-ubi-minimal 25.0.0.3-full-java17-openj9-ubi 25.0.0.3-full-java11-openj9-ubi 25.0.0.3-full-java8-openj9-ubi 25.0.0.3-full-java8-ibmjava-ubi ``` -------------------------------- ### Dockerfile to Disable Java Shared Classes Cache Source: https://github.com/openliberty/ci.docker/blob/main/README.md This Dockerfile instruction disables the generation of the Java Shared Classes Cache (SCC) at build time. This is a workaround for build failures on `aarch64` architectures when using the `--platform=linux/amd64` flag with `configure.sh`, although it may reduce container startup performance. ```dockerfile ENV OPENJ9_SCC=false ``` -------------------------------- ### List Open Liberty Images with IBM Cloud CLI Source: https://github.com/openliberty/ci.docker/blob/main/docs/icr-images.md Provides commands to list available Open Liberty container images in the IBM Container Registry (ICR) using the IBM Cloud CLI. Authentication with IBMid is required to list images, but not for pulling them. ```bash ibmcloud cr region-set global ibmcloud cr images --restrict appcafe/open-liberty ``` -------------------------------- ### Git Commit Signature for Contributions Source: https://github.com/openliberty/ci.docker/blob/main/CONTRIBUTING.md This snippet demonstrates the required format for signing off a Git commit to certify your contribution, as per the Developer's Certificate of Origin (DCO). It includes the 'Signed-off-by' line with your name and email. ```git Signed-off-by: John Doe ``` -------------------------------- ### Pull Open Liberty Image from ICR Source: https://github.com/openliberty/ci.docker/blob/main/docs/icr-images.md Demonstrates how to pull a specific Open Liberty container image from the IBM Container Registry (ICR) by appending a tag to the base image URL. This command allows users to select precise versions and configurations of Open Liberty. ```bash docker pull icr.io/appcafe/open-liberty:25.0.0.9-kernel-slim-java17-openj9-ubi ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.