Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding UBI min tags #288

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
99 changes: 99 additions & 0 deletions releases/latest/full/Dockerfile.ubimin.openjdk11.jre
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
FROM ibmsemeruruntime/open-11-jdk:ubi_min-jre
ARG LIBERTY_VERSION=21.0.0.11
ARG LIBERTY_SHA=e7d441888396a6e7b493e21b4af870aeac901183
ARG LIBERTY_BUILD_LABEL=cl21.0.0.11920-1900
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-runtime/$LIBERTY_VERSION/openliberty-runtime-$LIBERTY_VERSION.zip
ARG LIBERTY_LICENSE_URL=https://raw.githubusercontent.com/OpenLiberty/open-liberty/master/LICENSE
ARG LIBERTY_LICENSE_SHA=84f00503d6516c91190de866e78d6010899673b7
ARG OPENJ9_SCC=true
ARG VERBOSE=false

LABEL org.opencontainers.image.authors="Arthur De Magalhaes, Chris Potter, Leo Christy Jesuraj" \
org.opencontainers.image.vendor="Open Liberty" \
org.opencontainers.image.url="https://openliberty.io/" \
org.opencontainers.image.source="https://github.com/OpenLiberty/ci.docker" \
org.opencontainers.image.version="$LIBERTY_VERSION" \
org.opencontainers.image.revision="$LIBERTY_BUILD_LABEL" \
vendor="Open Liberty" \
name="Open Liberty" \
version="$LIBERTY_VERSION" \
summary="Image for Open Liberty with IBM Semeru Runtime Open Edition OpenJDK with OpenJ9 and UBI 8" \
description="This image contains the Open Liberty runtime with IBM Semeru Runtime Open Edition OpenJDK with OpenJ9 and Red Hat UBI 8 as the base OS. For more information on this image please see https://github.com/OpenLiberty/ci.docker#building-an-application-image"

COPY helpers /opt/ol/helpers
COPY fixes/ /opt/ol/fixes/

# Install Open Liberty
RUN microdnf -y install shadow-utils wget unzip openssl \
&& wget -q $LIBERTY_DOWNLOAD_URL -U UA-Open-Liberty-Docker -O /tmp/wlp.zip \
&& echo "$LIBERTY_SHA /tmp/wlp.zip" > /tmp/wlp.zip.sha1 \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& chmod -R u+x /usr/bin \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& mkdir -p /licenses \
&& wget -q $LIBERTY_LICENSE_URL -O /licenses/LICENSE \
&& echo "$LIBERTY_LICENSE_SHA /licenses/LICENSE" | sha1sum -c --strict --check \
&& adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
&& microdnf -y remove shadow-utils wget unzip \
&& microdnf clean all \
&& chown -R 1001:0 /opt/ol/wlp \
&& chmod -R g+rw /opt/ol/wlp

# Set Path Shortcuts
ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true \
OPENJ9_SCC=$OPENJ9_SCC

# Configure Open Liberty
RUN /opt/ol/wlp/bin/server create --template=javaee8 \
&& rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea

# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
&& mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
&& ln -s /opt/ol/wlp/usr/shared/resources/lib.index.cache /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
&& mkdir -p /config/configDropins/defaults \
&& mkdir -p /config/configDropins/overrides \
&& mkdir -p /config/dropins \
&& mkdir -p /config/apps \
&& ln -s /opt/ol/wlp /liberty \
&& chown -R 1001:0 /config \
&& chmod -R g+rw /config \
&& chown -R 1001:0 /logs \
&& chmod -R g+rw /logs \
&& chown -R 1001:0 /opt/ol/wlp/usr \
&& chmod -R g+rw /opt/ol/wlp/usr \
&& chown -R 1001:0 /opt/ol/wlp/output \
&& chmod -R g+rw /opt/ol/wlp/output \
&& chown -R 1001:0 /opt/ol/helpers \
&& chmod -R g+rw /opt/ol/helpers \
&& chown -R 1001:0 /opt/ol/fixes \
&& chmod -R g+rwx /opt/ol/fixes \
&& mkdir /etc/wlp \
&& chown -R 1001:0 /etc/wlp \
&& chmod -R g+rw /etc/wlp \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml

# Create a new SCC layer
RUN if [ "$OPENJ9_SCC" = "true" ]; then populate_scc.sh; fi \
&& rm -rf /output/messaging /output/resources/security /logs/* $WLP_OUTPUT_DIR/.classCache \
&& chown -R 1001:0 /opt/ol/wlp/output \
&& chmod -R g+rwx /opt/ol/wlp/output

#These settings are needed so that we can run as a different user than 1001 after server warmup
ENV RANDFILE=/tmp/.rnd \
OPENJ9_JAVA_OPTIONS="-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal -Dosgi.checkConfiguration=false"

USER 1001

EXPOSE 9080 9443

ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]
4 changes: 3 additions & 1 deletion releases/latest/images.txt
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
kernel-slim Dockerfile.ubuntu.openjdk8 open-liberty kernel-slim-java8-openj9 kernel-slim
kernel-slim Dockerfile.ubuntu.openjdk11 open-liberty kernel-slim-java11-openj9
kernel-slim Dockerfile.ubi.openjdk8 openliberty/open-liberty kernel-slim-java8-openj9-ubi kernel-slim-ubi
kernel-slim Dockerfile.ubi.openjdk11 openliberty/open-liberty kernel-slim-java11-openj9-ubi
kernel-slim Dockerfile.ubi.openjdk11 openliberty/open-liberty kernel-slim-java11-openj9-ubi
kernel-slim Dockerfile.ubimin.openjdk11.jre openliberty/open-liberty kernel-slim-java11-ubi-min
full Dockerfile.ubuntu.openjdk8 open-liberty full-java8-openj9 full
full Dockerfile.ubuntu.openjdk11 open-liberty full-java11-openj9
full Dockerfile.ubi.openjdk8 openliberty/open-liberty full-java8-openj9-ubi full-ubi
full Dockerfile.ubi.openjdk11 openliberty/open-liberty full-java11-openj9-ubi
full Dockerfile.ubimin.openjdk11.jre openliberty/open-liberty full-java11-ubi-min
beta Dockerfile.ubuntu.openjdk8 open-liberty beta-java8-openj9 beta
beta Dockerfile.ubuntu.openjdk11 open-liberty beta-java11-openj9 beta-java11
98 changes: 98 additions & 0 deletions releases/latest/kernel-slim/Dockerfile.ubimin.openjdk11.jre
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
FROM ibmsemeruruntime/open-11-jdk:ubi_min-jre
ARG LIBERTY_VERSION=21.0.0.11
ARG LIBERTY_SHA=bf7d3b1ce093dca85005e0cbbe655dabe6ef96ea
ARG LIBERTY_BUILD_LABEL=cl21.0.0.11920-1900
ARG LIBERTY_DOWNLOAD_URL=https://repo1.maven.org/maven2/io/openliberty/openliberty-kernel/$LIBERTY_VERSION/openliberty-kernel-$LIBERTY_VERSION.zip
ARG LIBERTY_LICENSE_URL=https://raw.githubusercontent.com/OpenLiberty/open-liberty/master/LICENSE
ARG LIBERTY_LICENSE_SHA=84f00503d6516c91190de866e78d6010899673b7
ARG OPENJ9_SCC=true
ARG VERBOSE=false

LABEL org.opencontainers.image.authors="Arthur De Magalhaes, Chris Potter, Leo Christy Jesuraj" \
org.opencontainers.image.vendor="Open Liberty" \
org.opencontainers.image.url="https://openliberty.io/" \
org.opencontainers.image.source="https://github.com/OpenLiberty/ci.docker" \
org.opencontainers.image.version="$LIBERTY_VERSION" \
org.opencontainers.image.revision="$LIBERTY_BUILD_LABEL" \
vendor="Open Liberty" \
name="Open Liberty" \
version="$LIBERTY_VERSION" \
summary="Image for Open Liberty with IBM Semeru Runtime Open Edition OpenJDK with OpenJ9 and UBI Min 8" \
description="This image contains the Open Liberty runtime with IBM Semeru Runtime Open Edition OpenJDK with OpenJ9 and Red Hat UBI 8 as the base OS. For more information on this image please see https://github.com/OpenLiberty/ci.docker#building-an-application-image"

COPY helpers /opt/ol/helpers
COPY fixes/ /opt/ol/fixes/

# Install Open Liberty
RUN microdnf -y install shadow-utils wget unzip openssl \
&& wget -q $LIBERTY_DOWNLOAD_URL -U UA-Open-Liberty-Docker -O /tmp/wlp.zip \
&& echo "$LIBERTY_SHA /tmp/wlp.zip" > /tmp/wlp.zip.sha1 \
&& sha1sum -c /tmp/wlp.zip.sha1 \
&& chmod -R u+x /usr/bin \
&& unzip -q /tmp/wlp.zip -d /opt/ol \
&& rm /tmp/wlp.zip \
&& rm /tmp/wlp.zip.sha1 \
&& mkdir -p /licenses \
&& wget -q $LIBERTY_LICENSE_URL -O /licenses/LICENSE \
&& echo "$LIBERTY_LICENSE_SHA /licenses/LICENSE" | sha1sum -c --strict --check \
&& adduser -u 1001 -r -g root -s /usr/sbin/nologin default \
&& microdnf -y remove shadow-utils wget unzip \
&& microdnf clean all \
&& chown -R 1001:0 /opt/ol/wlp \
&& chmod -R g+rw /opt/ol/wlp

# Set Path Shortcuts
ENV PATH=/opt/ol/wlp/bin:/opt/ol/docker/:/opt/ol/helpers/build:$PATH \
LOG_DIR=/logs \
WLP_OUTPUT_DIR=/opt/ol/wlp/output \
WLP_SKIP_MAXPERMSIZE=true \
OPENJ9_SCC=$OPENJ9_SCC

# Configure Open Liberty
RUN /opt/ol/wlp/bin/server create \
&& rm -rf $WLP_OUTPUT_DIR/.classCache /output/workarea


# Create symlinks && set permissions for non-root user
RUN mkdir /logs \
&& mkdir -p /opt/ol/wlp/usr/shared/resources/lib.index.cache \
&& ln -s /opt/ol/wlp/usr/shared/resources/lib.index.cache /lib.index.cache \
&& mkdir -p $WLP_OUTPUT_DIR/defaultServer \
&& ln -s $WLP_OUTPUT_DIR/defaultServer /output \
&& ln -s /opt/ol/wlp/usr/servers/defaultServer /config \
&& mkdir -p /config/configDropins/defaults \
&& mkdir -p /config/configDropins/overrides \
&& ln -s /opt/ol/wlp /liberty \
&& chown -R 1001:0 /config \
&& chmod -R g+rw /config \
&& chown -R 1001:0 /logs \
&& chmod -R g+rw /logs \
&& chown -R 1001:0 /opt/ol/wlp/usr \
&& chmod -R g+rw /opt/ol/wlp/usr \
&& chown -R 1001:0 /opt/ol/wlp/output \
&& chmod -R g+rw /opt/ol/wlp/output \
&& chown -R 1001:0 /opt/ol/helpers \
&& chmod -R g+rw /opt/ol/helpers \
&& chown -R 1001:0 /opt/ol/fixes \
&& chmod -R g+rwx /opt/ol/fixes \
&& mkdir /etc/wlp \
&& chown -R 1001:0 /etc/wlp \
&& chmod -R g+rw /etc/wlp \
&& echo "<server description=\"Default Server\"><httpEndpoint id=\"defaultHttpEndpoint\" host=\"*\" /></server>" > /config/configDropins/defaults/open-default-port.xml

# Create a new SCC layer
RUN if [ "$OPENJ9_SCC" = "true" ]; then populate_scc.sh; fi \
&& rm -rf /output/messaging /output/resources/security /logs/* $WLP_OUTPUT_DIR/.classCache /output/workarea \
&& chown -R 1001:0 /opt/ol/wlp/output \
&& chmod -R g+rwx /opt/ol/wlp/output

#These settings are needed so that we can run as a different user than 1001 after server warmup
ENV RANDFILE=/tmp/.rnd \
OPENJ9_JAVA_OPTIONS="-XX:+IgnoreUnrecognizedVMOptions -XX:+IdleTuningGcOnIdle -Xshareclasses:name=openj9_system_scc,cacheDir=/opt/java/.scc,readonly,nonFatal -Dosgi.checkConfiguration=false"

USER 1001

EXPOSE 9080 9443

ENTRYPOINT ["/opt/ol/helpers/runtime/docker-server.sh"]
CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]