Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat-multi-arch-containers #5533

Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
+56 −40
Open

Feat-multi-arch-containers #5533

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
e3e3e85
[refactor] remove dead code
duncdrum Nov 2, 2024
75981d8
[feature] add multi-arch images
duncdrum Nov 2, 2024
9bc97a1
[chore] bump base image
duncdrum Nov 12, 2024
bd809c9
[bugfix] workaround docker maven plugin issue
duncdrum Nov 12, 2024
5cf787a
[refactor] LegacyKeyValueFormat
duncdrum Nov 12, 2024
9b1a3cf
[chore] no more experimental images
duncdrum Nov 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion .github/workflows/ci-deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ jobs:
name: Build and Test Images
runs-on: ubuntu-latest
# NOTE (DP): Publish on develop and master, test on PRs against these
# TODO(DP) Reinstate CRONed release builds to update stock apps regularly
if: github.ref == 'refs/heads/develop' || github.ref == 'refs/heads/master' || github.base_ref == 'develop' || github.base_ref == 'master'
steps:
- uses: actions/checkout@v4
Expand All @@ -15,6 +16,10 @@ jobs:
with:
distribution: liberica
java-version: '17'
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
with:
platforms: linux/amd64,linux/arm64
- name: Make buildkit default
uses: docker/setup-buildx-action@v3
id: buildx
Expand All @@ -27,7 +32,11 @@ jobs:
key: deploy-${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: deploy-${{ runner.os }}-maven
- name: Install bats
run: sudo apt-get install bats
run: sudo apt-get install bats
# Hack around #5450
- name: pull base image
run: |
docker pull --platform linux/amd64 --platform linux/arm64 gcr.io/distroless/java17-debian12:latest
- name: Build images
run: mvn -V -B -q -Pdocker -DskipTests -Ddependency-check.skip=true -P !mac-dmg-on-unix,!installer,!concurrency-stress-tests,!micro-benchmarks,skip-build-dist-archives clean package
- name: Check local images
Expand Down
51 changes: 38 additions & 13 deletions exist-docker/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,9 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>

<parent>
Expand All @@ -42,14 +44,15 @@
<connection>scm:git:https://github.com/exist-db/exist.git</connection>
<developerConnection>scm:git:https://github.com/exist-db/exist.git</developerConnection>
<url>scm:git:https://github.com/exist-db/exist.git</url>
<tag>HEAD</tag>
</scm>
<tag>HEAD</tag>
</scm>

<properties>
<assemble.dir>${project.build.directory}/exist-docker-${project.version}-docker-dir</assemble.dir>
<exist.uber.jar.filename>exist.uber.jar</exist.uber.jar.filename>
<docker.tag>latest</docker.tag>
<docker.debug.tag>debug</docker.debug.tag>
<docker.platforms>linux/amd64, linux/arm64</docker.platforms>
</properties>

<dependencies>
Expand Down Expand Up @@ -106,7 +109,9 @@
<configuration>
<failOnWarning>true</failOnWarning>
<ignoredUnusedDeclaredDependencies>
<ignoredUnusedDeclaredDependency>${project.groupId}:exist-distribution:pom:${project.version}</ignoredUnusedDeclaredDependency> <!-- needed at runtime to support lucene query syntax -->
<ignoredUnusedDeclaredDependency>
${project.groupId}:exist-distribution:pom:${project.version}</ignoredUnusedDeclaredDependency> <!--
needed at runtime to support lucene query syntax -->
</ignoredUnusedDeclaredDependencies>
</configuration>
</execution>
Expand All @@ -124,7 +129,8 @@
<goal>single</goal>
</goals>
<configuration>
<archiveBaseDirectory>${project.basedir}/../exist-distribution/target/exist-distribution-${project.version}-dir</archiveBaseDirectory>
<archiveBaseDirectory>
${project.basedir}/../exist-distribution/target/exist-distribution-${project.version}-dir</archiveBaseDirectory>
<attach>false</attach>
<descriptors>
<descriptor>src/assembly/dist-assembly-docker.xml</descriptor>
Expand Down Expand Up @@ -183,18 +189,24 @@
</filter>
</filters>
<transformers>
<transformer implementation="org.apache.maven.plugins.shade.resource.ApacheLicenseResourceTransformer" />
<transformer implementation="org.apache.maven.plugins.shade.resource.ApacheNoticeResourceTransformer">
<transformer
implementation="org.apache.maven.plugins.shade.resource.ApacheLicenseResourceTransformer" />
<transformer
implementation="org.apache.maven.plugins.shade.resource.ApacheNoticeResourceTransformer">
<addHeader>false</addHeader>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<transformer
implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/mailcap</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<transformer
implementation="org.apache.maven.plugins.shade.resource.AppendingTransformer">
<resource>META-INF/mailcap.default</resource>
</transformer>
<transformer implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
<transformer implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<transformer
implementation="org.apache.maven.plugins.shade.resource.ServicesResourceTransformer" />
<transformer
implementation="org.apache.maven.plugins.shade.resource.ManifestResourceTransformer">
<manifestEntries>
<Multi-Release>true</Multi-Release>
</manifestEntries>
Expand All @@ -210,12 +222,19 @@
<artifactId>docker-maven-plugin</artifactId>
<version>0.45.1</version>
<configuration>
<verbose>true</verbose>
<verbose>true</verbose>
<pushRegistry>registry.hub.docker.com</pushRegistry>
<images>
<image>
<name>existdb/existdb:%v</name>
<registry>registry.hub.docker.com</registry>
<alias>exist</alias>
<build>
<buildx>
<platforms>
<platform>${docker.platforms}</platform>
</platforms>
</buildx>
<tags>
<tag>${docker.tag}</tag>
</tags>
Expand All @@ -225,8 +244,14 @@
</image>
<image>
<name>existdb/existdb:%v-DEBUG</name>
<registry>registry.hub.docker.com</registry>
<alias>exist-debug</alias>
<build>
<buildx>
<platforms>
<platform>${docker.platforms}</platform>
</platforms>
</buildx>
<tags>
<tag>${docker.debug.tag}</tag>
</tags>
Expand Down Expand Up @@ -256,4 +281,4 @@

</plugins>
</build>
</project>
</project>
26 changes: 4 additions & 22 deletions exist-docker/src/main/resources-filtered/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,7 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
#

# Use Debian Bullseye (which is the base of gcr.io/distroless/java:17) for additional library dependencies that we need
# FROM debian:bullseye-slim as debian-slim
# RUN apt-get update && apt-get -y dist-upgrade
# RUN apt-get install -y openjdk-17-jre-headless
# RUN apt-get install -y expat fontconfig # Install tools required by FOP

FROM gcr.io/distroless/java17:latest

# Copy over dependencies for Apache FOP, missing from GCR's JRE
Copy link
Contributor

@adamretter adamretter Nov 19, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change breaks XSL:FO in eXist-db when using Apache FOP. Unfortunately, the gcr.io/distroless/java17-debian12:latest image you have chosen to update to does not include these libraries. Please test a proper XSL-FO to PDF transformation with these changes, and you will see the error.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR switches from gcr.io/distroless/java17:latest to gcr.io/distroless/java17-debian12:latest
The lines stating they would be needed for FOP are commented out (lines 24-27 and 32-41) and select a different base image debian:bullseye-slim.
So, even if those additional libraries were needed for PDF-generation using XSL:FO they are already missing and nothing is changed from the status quo.
It, therefore, would be beneficial to create an additional Dockerfile that has all that is needed for this specific use-case. This could also be provided by a third party.
This is all just under the pretense that this is really needed for PDF generation and the adoption rate would also show us how common it is.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@line-o It looks like they are only commented out because they were recently done so in a prior Pull Request that looks like it broke this.

I pointed out the problems in #4895 would break Apache FOP here, here, and here.

The response was that the base image now contains the required libraries, however, I have now checked the base image, and it is clear that that is not the case. See below:

Screenshot 2024-11-21 at 11 23 13

We can see in the above image that /usr/lib inside the base image does not contain the previously required libraries.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If they are no longer included that's a bug likely introduced when moving to debian 12. see GoogleContainerTools/distroless#321 or GoogleContainerTools/distroless#789 from 2019 and 2021 for relevant discussions. I will check the java-base image and move the discussion to the distroless repo

Copy link
Contributor

@adamretter adamretter Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see it as a bug with Debian 12 or GCR. Simply, GCR has never included these libraries as many Java Applications don't need them. However, we do need them for eXist-db, which is why previously we explicitly installed them into a base Debian image and then copied them into our derivative of GCR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@duncdrum I can't see it in the GCR java-base images (see below)... Where are you seeing it?

Screenshot 2024-11-21 at 15 43 57 Screenshot 2024-11-21 at 15 41 33

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adamretter https://github.com/GoogleContainerTools/distroless/blob/main/java/BUILD#L117 here actually. I also remember and tested that the files were present after the discussions 3-4 years ago. If they no longer are it's a bug. Only libssl should no longer be included on Debian 12 Java images. I won't have time to look into this for another week or so. But I will check again. In the meantime I don't see how keeping a failing deploy tank running is helping. More fixes should come in a separate PR.

Copy link
Contributor

@adamretter adamretter Nov 21, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@duncdrum Interesting that the files even though listed in that BUILD file don't seem to have ever been in the published GCR images as far as I can see.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to be sure @adamretter You are checking in subsequent layers as well, and not seeing the dependencies?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are checking in subsequent layers as well, and not seeing the dependencies?

@duncdrum Yes, I think so. What do you see when you look in the image?

# COPY --from=debian-slim /usr/lib/x86_64-linux-gnu/libfreetype.so.6 /usr/lib/x86_64-linux-gnu/libfreetype.so.6
# COPY --from=debian-slim /usr/lib/x86_64-linux-gnu/liblcms2.so.2 /usr/lib/x86_64-linux-gnu/liblcms2.so.2
# COPY --from=debian-slim /usr/lib/x86_64-linux-gnu/libpng16.so.16 /usr/lib/x86_64-linux-gnu/libpng16.so.16
# COPY --from=debian-slim /usr/lib/x86_64-linux-gnu/libfontconfig.so.1 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1

# Copy dependencies for Apache Batik (used by Apache FOP to handle SVG rendering)
# COPY --from=debian-slim /etc/fonts /etc/fonts
# COPY --from=debian-slim /lib/x86_64-linux-gnu/libexpat.so.1 /lib/x86_64-linux-gnu/libexpat.so.1
# COPY --from=debian-slim /usr/share/fontconfig /usr/share/fontconfig
# COPY --from=debian-slim /usr/share/fonts/truetype/dejavu /usr/share/fonts/truetype/dejavu
FROM gcr.io/distroless/java17-debian12:latest

# Copy eXist-db
COPY LICENSE /exist/LICENSE
Expand Down Expand Up @@ -66,10 +48,10 @@ ARG CACHE_MEM
ARG MAX_BROKER
ARG JVM_MAX_RAM_PERCENTAGE

ENV EXIST_HOME "/exist"
ENV EXIST_HOME=/exist
ENV CLASSPATH=/exist/lib/${exist.uber.jar.filename}

ENV JAVA_TOOL_OPTIONS \
ENV JAVA_TOOL_OPTIONS="\
-Dfile.encoding=UTF8 \
-Dsun.jnu.encoding=UTF-8 \
-Djava.awt.headless=true \
Expand All @@ -85,7 +67,7 @@ ENV JAVA_TOOL_OPTIONS \
-XX:+UseStringDeduplication \
duncdrum marked this conversation as resolved.
Show resolved Hide resolved
-XX:+UseContainerSupport \
-XX:MaxRAMPercentage=${JVM_MAX_RAM_PERCENTAGE:-75.0} \
-XX:+ExitOnOutOfMemoryError
-XX:+ExitOnOutOfMemoryError"

HEALTHCHECK CMD [ "java", \
"org.exist.start.Main", "client", \
Expand Down
8 changes: 4 additions & 4 deletions exist-docker/src/main/resources-filtered/Dockerfile-DEBUG
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
#

# Use JDK 17 in Debian Bullseye (as our production image gcr.io/distroless/java:17 is based on Debian Bullseye with just a JRE)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this comment is out of date if you are switching the non-debug build to bookworm also.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, better remove the name of a specific build of Debian from the comment, otherwise we will need to change it everytime the base image changes

FROM debian:bullseye-slim
FROM debian:bookworm-slim
RUN apt-get update && apt-get -y dist-upgrade
RUN apt-get install -y openjdk-17-jdk-headless
RUN apt-get install -y expat fontconfig # Install tools required by FOP
Expand Down Expand Up @@ -52,10 +52,10 @@ ARG MAX_BROKER
ARG JVM_MAX_RAM_PERCENTAGE
ARG JVM_JDWP_SUSPEND

ENV EXIST_HOME "/exist"
ENV EXIST_HOME=/exist
ENV CLASSPATH=/exist/lib/${exist.uber.jar.filename}

ENV JAVA_TOOL_OPTIONS \
ENV JAVA_TOOL_OPTIONS="\
-Dfile.encoding=UTF8 \
-Dsun.jnu.encoding=UTF-8 \
-Djava.awt.headless=true \
Expand All @@ -72,7 +72,7 @@ ENV JAVA_TOOL_OPTIONS \
-XX:+UseContainerSupport \
-XX:MaxRAMPercentage=${JVM_MAX_RAM_PERCENTAGE:-75.0} \
-XX:+ExitOnOutOfMemoryError \
-agentlib:jdwp=transport=dt_socket,server=y,suspend=${JVM_JDWP_SUSPEND:-n},address=5005
-agentlib:jdwp=transport=dt_socket,server=y,suspend=${JVM_JDWP_SUSPEND:-n},address=5005"

HEALTHCHECK CMD [ "java", \
"org.exist.start.Main", "client", \
Expand Down
Loading