From 153e5216c018cafcf7b8cae2337b3733475130a0 Mon Sep 17 00:00:00 2001 From: MLenterman Date: Thu, 14 Sep 2023 13:50:14 +0200 Subject: [PATCH 1/2] build: migration to java 11 runtime for better performance and memory usage --- Dockerfile | 49 ++++++++++++--- Dockerfile.java11 | 63 ------------------- Dockerfile.java8 | 34 ++++++++++ docker-compose.zaakbrug.dev.perf-tests.yml | 4 +- .../resources/DeploymentSpecifics.properties | 11 ++-- 5 files changed, 81 insertions(+), 80 deletions(-) delete mode 100644 Dockerfile.java11 create mode 100644 Dockerfile.java8 diff --git a/Dockerfile b/Dockerfile index 41fe5a71f..339b615d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,29 @@ -# Keep in sync with version in frank-runner.properties. Detailed instructions can be found in CONTRIBUTING.md. -# Check whether java-orig files have changed in F!F and update custom code (java and java-orig files) accordingly +FROM tomcat:8-jre11-temurin-jammy AS base -# Before bumping make sure https://github.com/ibissource/iaf/issues/5356 is resolved or stuurgegevens-refactor PR is merged. -FROM docker.io/wearefrank/frank-framework:7.9-20230905.223421 +ARG GID=1000 +ARG UID=1000 + +# Secure files (CIS-DI-0008) +RUN chmod -R 751 /usr/bin /usr/sbin + +# Create folder and user, and set file permissions +RUN set -eux && \ + # Create default directory for configurations, properties and credential filesystem + mkdir -p /opt/frank/secrets && \ + # Create tomcat user for stepping down from root + groupadd -g ${GID} tomcat && \ + useradd -u ${UID} -g tomcat -s /usr/sbin/nologin -l tomcat && \ + # Change permissions and ownership of files + chown -hR tomcat:tomcat ${CATALINA_HOME} && \ + chown -hR tomcat:tomcat /opt/frank + +# All previous actions are performed as root. Run following instructions and start container as tomcat. +USER tomcat + +# Copy environment configuration +COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/conf/catalina.properties /usr/local/tomcat/conf/catalina.properties +COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ +COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT # TempFix TODO: Move this to the credentialprovider.properties ENV credentialFactory.class=nl.nn.credentialprovider.PropertyFileCredentialFactory @@ -21,14 +42,22 @@ COPY --chown=tomcat src/main/configurations/ /opt/frank/configurations/ COPY --chown=tomcat src/main/resources/ /opt/frank/resources/ COPY --chown=tomcat src/test/testtool/ /opt/frank/testtool/ -# Compile custom class, this should be changed to a buildstep in the future -COPY --chown=tomcat src/main/java /tmp/java -RUN javac \ +# Compile custom class +FROM eclipse-temurin:8-jdk-jammy AS build + +COPY --from=base /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ +COPY --from=base /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT + +COPY src/main/java /tmp/java +RUN mkdir /tmp/classes \ + && javac \ /tmp/java/nl/nn/adapterframework/parameters/Parameter.java \ -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \ - -verbose -d /usr/local/tomcat/webapps/ROOT/WEB-INF/classes -RUN rm -rf /tmp/java + -verbose -d /tmp/classes + +FROM base AS final + +COPY --from=build --chown=tomcat /tmp/classes/ /usr/local/tomcat/webapps/ROOT/WEB-INF/classes -# The part after "||" is to make sure the response of the health-endpoint call is included in the logs, for debugging purposes. HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=60 \ CMD curl --fail --silent http://localhost:8080/iaf/api/server/health || (curl --silent http://localhost:8080/iaf/api/server/health && exit 1) diff --git a/Dockerfile.java11 b/Dockerfile.java11 deleted file mode 100644 index 339b615d1..000000000 --- a/Dockerfile.java11 +++ /dev/null @@ -1,63 +0,0 @@ -FROM tomcat:8-jre11-temurin-jammy AS base - -ARG GID=1000 -ARG UID=1000 - -# Secure files (CIS-DI-0008) -RUN chmod -R 751 /usr/bin /usr/sbin - -# Create folder and user, and set file permissions -RUN set -eux && \ - # Create default directory for configurations, properties and credential filesystem - mkdir -p /opt/frank/secrets && \ - # Create tomcat user for stepping down from root - groupadd -g ${GID} tomcat && \ - useradd -u ${UID} -g tomcat -s /usr/sbin/nologin -l tomcat && \ - # Change permissions and ownership of files - chown -hR tomcat:tomcat ${CATALINA_HOME} && \ - chown -hR tomcat:tomcat /opt/frank - -# All previous actions are performed as root. Run following instructions and start container as tomcat. -USER tomcat - -# Copy environment configuration -COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/conf/catalina.properties /usr/local/tomcat/conf/catalina.properties -COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ -COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT - -# TempFix TODO: Move this to the credentialprovider.properties -ENV credentialFactory.class=nl.nn.credentialprovider.PropertyFileCredentialFactory -ENV credentialFactory.map.properties=/opt/frank/resources/credentials.properties -ENV zaakbrug.zds.timezone=UTC - -# Copy dependencies -COPY --chown=tomcat lib/server/ /usr/local/tomcat/lib/ -COPY --chown=tomcat lib/webapp/ /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/ - -# When deploying the "context.xml" should be copied to /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml -COPY --chown=tomcat src/main/webapp/META-INF/context.xml /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml - -# Copy Frank! -COPY --chown=tomcat src/main/configurations/ /opt/frank/configurations/ -COPY --chown=tomcat src/main/resources/ /opt/frank/resources/ -COPY --chown=tomcat src/test/testtool/ /opt/frank/testtool/ - -# Compile custom class -FROM eclipse-temurin:8-jdk-jammy AS build - -COPY --from=base /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ -COPY --from=base /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT - -COPY src/main/java /tmp/java -RUN mkdir /tmp/classes \ - && javac \ - /tmp/java/nl/nn/adapterframework/parameters/Parameter.java \ - -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \ - -verbose -d /tmp/classes - -FROM base AS final - -COPY --from=build --chown=tomcat /tmp/classes/ /usr/local/tomcat/webapps/ROOT/WEB-INF/classes - -HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=60 \ - CMD curl --fail --silent http://localhost:8080/iaf/api/server/health || (curl --silent http://localhost:8080/iaf/api/server/health && exit 1) diff --git a/Dockerfile.java8 b/Dockerfile.java8 new file mode 100644 index 000000000..41fe5a71f --- /dev/null +++ b/Dockerfile.java8 @@ -0,0 +1,34 @@ +# Keep in sync with version in frank-runner.properties. Detailed instructions can be found in CONTRIBUTING.md. +# Check whether java-orig files have changed in F!F and update custom code (java and java-orig files) accordingly + +# Before bumping make sure https://github.com/ibissource/iaf/issues/5356 is resolved or stuurgegevens-refactor PR is merged. +FROM docker.io/wearefrank/frank-framework:7.9-20230905.223421 + +# TempFix TODO: Move this to the credentialprovider.properties +ENV credentialFactory.class=nl.nn.credentialprovider.PropertyFileCredentialFactory +ENV credentialFactory.map.properties=/opt/frank/resources/credentials.properties +ENV zaakbrug.zds.timezone=UTC + +# Copy dependencies +COPY --chown=tomcat lib/server/ /usr/local/tomcat/lib/ +COPY --chown=tomcat lib/webapp/ /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/ + +# When deploying the "context.xml" should be copied to /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml +COPY --chown=tomcat src/main/webapp/META-INF/context.xml /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml + +# Copy Frank! +COPY --chown=tomcat src/main/configurations/ /opt/frank/configurations/ +COPY --chown=tomcat src/main/resources/ /opt/frank/resources/ +COPY --chown=tomcat src/test/testtool/ /opt/frank/testtool/ + +# Compile custom class, this should be changed to a buildstep in the future +COPY --chown=tomcat src/main/java /tmp/java +RUN javac \ + /tmp/java/nl/nn/adapterframework/parameters/Parameter.java \ + -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \ + -verbose -d /usr/local/tomcat/webapps/ROOT/WEB-INF/classes +RUN rm -rf /tmp/java + +# The part after "||" is to make sure the response of the health-endpoint call is included in the logs, for debugging purposes. +HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=60 \ + CMD curl --fail --silent http://localhost:8080/iaf/api/server/health || (curl --silent http://localhost:8080/iaf/api/server/health && exit 1) diff --git a/docker-compose.zaakbrug.dev.perf-tests.yml b/docker-compose.zaakbrug.dev.perf-tests.yml index fe482f78a..1a9edd796 100644 --- a/docker-compose.zaakbrug.dev.perf-tests.yml +++ b/docker-compose.zaakbrug.dev.perf-tests.yml @@ -2,9 +2,7 @@ version: '3.8' services: zaakbrug: - build: - context: . - dockerfile: ./Dockerfile.java11 + build: . environment: - zaakbrug.zgw.zaken-api.timeout=120000 - zaakbrug.zgw.catalogi-api.timeout=120000 diff --git a/src/main/resources/DeploymentSpecifics.properties b/src/main/resources/DeploymentSpecifics.properties index 52e2cec4d..83a3e54c9 100644 --- a/src/main/resources/DeploymentSpecifics.properties +++ b/src/main/resources/DeploymentSpecifics.properties @@ -18,22 +18,25 @@ configurations.names=Translate classloader.type=DirectoryClassLoader ibistesttool.custom=Custom +#large files +soap.bus.org.apache.cxf.stax.maxTextLength=1000000000 + zaakbrug.zgw.zaken-api.root-url=http://localhost:8000/zaken/api/v1/ -zaakbrug.zgw.zaken-api.timeout=20000 +zaakbrug.zgw.zaken-api.timeout=60000 # Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header zaakbrug.zgw.zaken-api.auth-type=jwt # reference to an auth alias configured in credentials.properties zaakbrug.zgw.zaken-api.auth-alias=zaken-api.jwt zaakbrug.zgw.catalogi-api.root-url=http://localhost:8000/catalogi/api/v1/ -zaakbrug.zgw.catalogi-api.timeout=20000 +zaakbrug.zgw.catalogi-api.timeout=60000 zaakbrug.zgw.catalogi-api.auth-type=jwt zaakbrug.zgw.catalogi-api.auth-alias=zaken-api.jwt zaakbrug.zgw.documenten-api.root-url=http://localhost:8000/documenten/api/v1/ -zaakbrug.zgw.documenten-api.timeout=20000 +zaakbrug.zgw.documenten-api.timeout=60000 zaakbrug.zgw.documenten-api.auth-type=jwt zaakbrug.zgw.documenten-api.auth-alias=zaken-api.jwt zaakbrug.zgw.besluiten-api.root-url=http://localhost:8000/besluiten/api/v1/ -zaakbrug.zgw.besluiten-api.timeout=20000 +zaakbrug.zgw.besluiten-api.timeout=60000 zaakbrug.zgw.besluiten-api.auth-type=jwt zaakbrug.zgw.besluiten-api.auth-alias=zaken-api.jwt From 9ab06c33a87979b2c08833537a1a1c811c211c5c Mon Sep 17 00:00:00 2001 From: MLenterman Date: Thu, 14 Sep 2023 15:22:31 +0200 Subject: [PATCH 2/2] build: pass ff version to dockerfile with variables --- CONTRIBUTING.md | 14 ++++++++------ Dockerfile | 32 ++++++++++++++++++++++---------- Dockerfile.java8 | 4 ++-- docker-compose.zaakbrug.dev.yml | 5 ++++- 4 files changed, 36 insertions(+), 19 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 555e9946f..e7496d1ff 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -6,12 +6,14 @@ We like to stay up-to-date with the latest version of the Frank!Framework to get Execute the following steps when bumping the Frank!Framework version: 1. Look up the latest framework snapshot build on [DockerHub - Frank!Framework](https://hub.docker.com/r/wearefrank/frank-framework/tags). The format of the tag should be: `.-.`. For example: 7.9-20230907.223421. -2. Replace the tag in the `Dockerfile` with the new tag. -3. Replace the tag in `frank-runner.properties` with the new tag. -4. Start ZaakBrug with the `Frank!Runner` to automatically replace the `./src/main/configuration//FrankConfig.xsd` and `./src/main/configuration/FrankConfig.xsd` with the newer version. You can stop the Frank!Runner once the files are replaced. Note that currently the Frank!Runner will also add `FrankConfig.xsd` to the `.gitignore` file. Make sure to revert the change to `.gitignore`. -5. Check [GitHub - Frank!Framework - Parameter.java commit history](https://github.com/ibissource/iaf/commits/master/core/src/main/java/nl/nn/adapterframework/parameters/Parameter.java) for any changes to this class. If there are indeed changes, update the corresponding file under `./src/main/java/nl/nn/adapterframework/...`. The `.java-orig` file content should be 1 on 1 equal to the new version on GitHub. Take care to not accidentally remove the intended customization of the code in the `.java` file. -6. Run the e2e testsuite by using the below Docker-Compose and configuration to validate the changes. You should only need `docker-compose -f ./docker-compose.zaakbrug.dev.yml -f ./docker-compose.openzaak.dev.yml up --build --force-recreate` for this. (TODO: Automate running of e2e tests in ci/cd). -7. Commit you changes on a branch with as message: `build(dependencies): bump f!f version to `. Create a PR to have you changes merged to master. +2. Replace the value of `FF_VERSION` in the `Dockerfile` with the new tag. +3. Replace the value of `FF_VERSION` in the `Dockerfile.java8` with the new tag. +4. Replace the default value for `FF_VERSION` under `services.zaakbrug.build.args` in `docker-compose.zaakbrug.dev.yml` with the new tag. NOTE: Watch out to not replace the '-' in front of the tag: ${FF_VERSION:-} +5. Replace the value of `ff.version` in `frank-runner.properties` with the new tag. +6. Start ZaakBrug with the `Frank!Runner` to automatically replace the `./src/main/configuration//FrankConfig.xsd` and `./src/main/configuration/FrankConfig.xsd` with the newer version. You can stop the Frank!Runner once the files are replaced. Note that currently the Frank!Runner will also add `FrankConfig.xsd` to the `.gitignore` file. Make sure to revert the change to `.gitignore`. +7. Check [GitHub - Frank!Framework - Parameter.java commit history](https://github.com/ibissource/iaf/commits/master/core/src/main/java/nl/nn/adapterframework/parameters/Parameter.java) for any changes to this class. If there are indeed changes, update the corresponding file under `./src/main/java/nl/nn/adapterframework/...`. The `.java-orig` file content should be 1 on 1 equal to the new version on GitHub. Take care to not accidentally remove the intended customization of the code in the `.java` file. +8. Run the e2e testsuite by using the below Docker-Compose and configuration to validate the changes. You should only need `docker-compose -f ./docker-compose.zaakbrug.dev.yml -f ./docker-compose.openzaak.dev.yml up --build --force-recreate` for this. (TODO: Automate running of e2e tests in ci/cd). +9. Commit you changes on a branch with as message: `build(dependencies): bump f!f version to `. Create a PR to have you changes merged to master. # Docker-compose The docker-compose development environment is designed to be flexible and composable. This prevents the need for developers to run the entire stack eventhough their work requires only a small part of the stack. For this we make use of a docker-compose feature that merges a given array of docker-compose files together. Simply provide a `-f ./docker-compose..yml` argument for each docker-compose file you wish to include in the `docker-compose up`command. diff --git a/Dockerfile b/Dockerfile index 339b615d1..c0e262987 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,15 @@ -FROM tomcat:8-jre11-temurin-jammy AS base - +# Keep in sync with version in frank-runner.properties. Detailed instructions can be found in CONTRIBUTING.md. +# Check whether java-orig files have changed in F!F and update custom code (java and java-orig files) accordingly +ARG FF_VERSION=7.9-20230905.223421 ARG GID=1000 ARG UID=1000 +FROM tomcat:8-jre11-temurin-jammy AS base + +ARG FF_VERSION +ARG GID +ARG UID + # Secure files (CIS-DI-0008) RUN chmod -R 751 /usr/bin /usr/sbin @@ -20,10 +27,15 @@ RUN set -eux && \ # All previous actions are performed as root. Run following instructions and start container as tomcat. USER tomcat +# Needed to created a valid "from" image when using ARG variable +# COPY "--from=docker.io/wearefrank/frank-framework:${FF_VERSION}" doesn't work +FROM docker.io/wearefrank/frank-framework:${FF_VERSION} AS ff-builder +FROM base AS ff-base + # Copy environment configuration -COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/conf/catalina.properties /usr/local/tomcat/conf/catalina.properties -COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ -COPY --from=docker.io/wearefrank/frank-framework:7.9-20230905.223421 --chown=tomcat /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT +COPY --from=ff-builder --chown=tomcat /usr/local/tomcat/conf/catalina.properties /usr/local/tomcat/conf/catalina.properties +COPY --from=ff-builder --chown=tomcat /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ +COPY --from=ff-builder --chown=tomcat /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT # TempFix TODO: Move this to the credentialprovider.properties ENV credentialFactory.class=nl.nn.credentialprovider.PropertyFileCredentialFactory @@ -43,10 +55,10 @@ COPY --chown=tomcat src/main/resources/ /opt/frank/resources/ COPY --chown=tomcat src/test/testtool/ /opt/frank/testtool/ # Compile custom class -FROM eclipse-temurin:8-jdk-jammy AS build +FROM eclipse-temurin:8-jdk-jammy AS custom-code-builder -COPY --from=base /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ -COPY --from=base /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT +COPY --from=ff-base /usr/local/tomcat/lib/ /usr/local/tomcat/lib/ +COPY --from=ff-base /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT COPY src/main/java /tmp/java RUN mkdir /tmp/classes \ @@ -55,9 +67,9 @@ RUN mkdir /tmp/classes \ -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \ -verbose -d /tmp/classes -FROM base AS final +FROM ff-base AS final -COPY --from=build --chown=tomcat /tmp/classes/ /usr/local/tomcat/webapps/ROOT/WEB-INF/classes +COPY --from=custom-code-builder --chown=tomcat /tmp/classes/ /usr/local/tomcat/webapps/ROOT/WEB-INF/classes HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=60 \ CMD curl --fail --silent http://localhost:8080/iaf/api/server/health || (curl --silent http://localhost:8080/iaf/api/server/health && exit 1) diff --git a/Dockerfile.java8 b/Dockerfile.java8 index 41fe5a71f..6cf4ef154 100644 --- a/Dockerfile.java8 +++ b/Dockerfile.java8 @@ -1,8 +1,8 @@ # Keep in sync with version in frank-runner.properties. Detailed instructions can be found in CONTRIBUTING.md. # Check whether java-orig files have changed in F!F and update custom code (java and java-orig files) accordingly +ARG FF_VERSION=7.9-20230905.223421 -# Before bumping make sure https://github.com/ibissource/iaf/issues/5356 is resolved or stuurgegevens-refactor PR is merged. -FROM docker.io/wearefrank/frank-framework:7.9-20230905.223421 +FROM docker.io/wearefrank/frank-framework:${FF_VERSION} # TempFix TODO: Move this to the credentialprovider.properties ENV credentialFactory.class=nl.nn.credentialprovider.PropertyFileCredentialFactory diff --git a/docker-compose.zaakbrug.dev.yml b/docker-compose.zaakbrug.dev.yml index c2b053633..7ee3556ca 100644 --- a/docker-compose.zaakbrug.dev.yml +++ b/docker-compose.zaakbrug.dev.yml @@ -14,7 +14,10 @@ services: - zaakbrug zaakbrug: - build: . + build: + context: . + args: + FF_VERSION: ${FF_VERSION:-7.9-20230905.223421} image: wearefrank/zaakbrug:latest container_name: zaakbrug.dev environment: