Open tam512 opened 5 months ago
This should probably be transferred to the open-liberty repo
Can you post your steps to reproduce, including the a server.xml and the application?
The QuickSec application repo is here
config/bootstrap.properties
with the following:
io.openliberty.checkpoint.allowed.features=enterpriseBeansRemote-4.0,enterpriseBeansPersistentTimer-4.0,enterpriseBeansHome-4.0,enterpriseBeans-4.0
ARG INFINISPAN_IMAGE=stg.icr.io/cp/wlc/websphere-liberty-daily:kernel-java17-openj9-ubi
ARG BASE_IMAGE=stg.icr.io/cp/wlc/websphere-liberty-daily:full-java17-openj9-ubi
FROM $INFINISPAN_IMAGE AS infinispan-client
USER root
RUN set -Eeox pipefail
RUN yum update -y
RUN yum install -y maven
RUN mkdir -p /opt/ibm/wlp/usr/shared/resources/infinispan
RUN echo '
FROM $BASE_IMAGE AS open-liberty-infinispan
COPY --chown=1001:0 --from=infinispan-client /opt/ibm/wlp/usr/shared/resources/infinispan /config/datagrid
ENV INFINISPAN_SERVICE_NAME=datagrid ENV INFINISPAN_PASS=datagridPass
ENV CRIU_RESTORE_DISABLE_RECOVERY=true
COPY --chown=1001:0 ./QuickSec/target/QuickSec.ear /config/apps/ COPY --chown=1001:0 config/server.xml /config/server.xml COPY --chown=1001:0 config/jvm.options /config/jvm.options COPY --chown=1001:0 config/datagrid.xml /config/datagrid.xml COPY --chown=1001:0 config/ldap-config.xml /config/ldap-config.xml COPY --chown=1001:0 config/bootstrap.properties /config/bootstrap.properties
COPY --chown=1001:0 config/openldap.p12 /config/openldap.p12 COPY --chown=1001:0 config/nest-ldap.p12 /config/nest-ldap.p12
COPY --chown=1001:0 ./db2jars /config/db2jars
COPY --chown=1001:0 ./datagrid /config/datagrid
COPY --chown=1001:0 featureUtility.properties /opt/ibm/wlp/etc/featureUtility.properties
ARG VERBOSE=true ARG FULL_IMAGE=false
RUN if [ "$FULL_IMAGE" = "true" ] ; then echo "Skip running features.sh for full image" ; else features.sh ; fi
COPY --chown=1001:0 interim-fixes /opt/ol/fixes/ COPY --chown=1001:0 interim-fixes /opt/ibm/fixes/
RUN configure.sh
USER root RUN rm -rf /config/configDropins/overrides/infinispan-client-sessioncache.xml USER 1001
RUN checkpoint.sh beforeAppStart
- Run checkpoint
podman build -t qs10-beforeappstart:wl-full-java17-x86 --cap-add=CHECKPOINT_RESTORE --cap-add=SYS_PTRACE --cap-add=SETPCAP --security-opt seccomp=unconfined -f Containerfile --no-cache --volume /opt/liberty-mavenartf:/opt/libertyrepo .
- push the _qs10-beforeappstart:wl-full-java17-x86_ image to some repository that can be pulled from OCP
- On OCP with rook-cephfs storageclass , install RH Datagrid Operator
- Install WebSphere Liberty Operator
- Create a namespace to work on this app
- deploy Infinispan using yamls under `deploy/datagrid` folder
- Deploy Ldap container (`deploy/svt-ldap.yaml`)
- Deploy DB2 container (`deploy/db2`)
- create service account and security context per this slack https://ibm-cloud.slack.com/archives/C03MR7EC3NG/p1693408875306839?thread_ts=1693328418.096989&cid=C03MR7EC3NG
- Update `spec.applicationImage` and add the following to `deploy/05-app-deploy-wlo.yaml` and deploy the app
serviceAccountName: instanton-sa securityContext: allowPrivilegeEscalation: true privileged: false runAsNonRoot: true capabilities: add:
Test Quicksec SVT application with
<feature>sessionCache-1.0</feature>
. It is configured to run with httpSessionCache and it runs ok on OCP without instantOn checkpoint. After perform checkpoint and deploy it to OCP, the app fails to run. I tried with checkpoint at beforeAppStart and afterAppStart and they both fail to run.I have the following in bootstrap.properties when checkpoint to workaround the non-support full EJB support with instantOn
Errors in messages.log:
Error on the browser when clicking on "Go & Get..." button on the quicksec app