Provided support to get ready for dynamicRouting

The code is written out, but mostly commented out to use static routing
until WASdev/ci.docker.ibm-http-server#22 is
merged

Author: trajano

src/docker/README.md

@@ -4,12 +4,6 @@ docker stack  deploy --compose-file docker-compose.yml jeesample
 The controller replica may need to have a separate server so there's one "primary" which has the `volume` and the rest will pull from the core one.
 
 
-pluginUtility generate  --server=adminUser:adminPassword@controller:9443  --cluster=defaultCluster
-
-cat /defaultCluster-plugin-cfg.xml
-
-docker exec 82246b134e6b collective unregisterHost 3643a3abdfdf --user=adminUser --password=adminPassword --port=9443 --host=controller --autoAcceptCertificates
-
 # Notes
 
 * May need to change the appserver.base to just have SSH and WLP only do not start and then use autoscale to provision the server.
@@ -22,4 +16,5 @@ docker cp deployable.zip 98eac34a77af:/opt/ibm/wlp/usr/shared/stackGroups/defaul
 
 # TODO 
 
-* Replica Sets for the controller
+* Replica Sets for the controller (does not work correctly at the moent)
+* Dyanmic Routing (needs updated WebSphere Plugin with IHS)

src/docker/appserver.base/DockerFile

@@ -1,5 +1,5 @@
 FROM websphere-liberty:javaee7
-RUN apt-get update && apt-get install -y openssh-server curl && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y openssh-server && rm -rf /var/lib/apt/lists/*
 RUN installUtility install --acceptLicense clusterMember-1.0 scalingMember-1.0
 
 COPY . /config/

src/docker/appserver.base/startServer.sh

@@ -1,11 +1,4 @@
 #!/bin/bash
-# wait for controller to be up
-while ! curl --insecure -s https://controller:9443/ --output /dev/null; do
-  sleep 0.1 # wait for 1/10 of the second before check again
-done
-
-# Joining the collective needs to be done at runtime as the controller needs to be up.
-
 PASSWORD=$(openssl rand -base64 32)
 #ssh-keygen -t rsa -f $HOME/.ssh/id_rsa -N ""
 ssh-keygen -t rsa -N ""
@@ -21,7 +14,7 @@ ssh-keygen -t rsa -N ""
 #    --sshPrivateKey=$HOME/.ssh/id_rsa \
 #    --hostWritePath=/
 
-/opt/ibm/wlp/bin/collective join defaultServer \
+while ! collective join defaultServer \
     --host=controller \
     --port=9443 \
     --user=adminUser \
@@ -30,12 +23,13 @@ ssh-keygen -t rsa -N ""
     --keystorePassword=$PASSWORD \
     --hostJavaHome=$JAVA_HOME \
     --createConfigFile=/config/collective-join-include.xml
-
-#    --sshPrivateKey=$HOME/.ssh/id_rsa \
+do
+  sleep 1 # wait for 1/10 of the second before check again
+done
 
 # Unregister host when the script will terminate
 unregisterHost() {
-    /opt/ibm/wlp/bin/collective unregisterHost $(hostname) \
+    collective unregisterHost $(hostname) \
         --host=controller \
         --port=9443 \
         --user=adminUser \

src/docker/build.cmd

@@ -1,4 +1,5 @@
 docker build -t controller controller && docker tag controller trajano/jee-controller:base && docker push trajano/jee-controller:base
+rem docker build -t controller.replica controller.replica && docker tag controller.replica trajano/jee-controller:replica && docker push trajano/jee-controller:replica
 docker build -t trajano/jee-appserver:base appserver.base && docker tag trajano/jee-appserver:base trajano/jee-appserver:base && docker push trajano/jee-appserver:base
 
 rem docker build -t trajano/jee-appserver:withapp appserver

src/docker/controller/DockerFile

@@ -1,22 +1,6 @@
-# FROM websphere-liberty:kernel
 FROM websphere-liberty:javaee7
 RUN installUtility install --acceptLicense collectiveController-1.0 adminCenter-1.0 scalingController-1.0 dynamicRouting-1.0
-RUN apt-get update && apt-get install -y openssh-server zip && rm -rf /var/lib/apt/lists/*
-RUN mkdir -p /opt/ibm/wlp/usr/shared/stackGroups/defaultStackGroup/installables && \
-  server package --include=wlp --archive=/opt/ibm/wlp/usr/shared/stackGroups/defaultStackGroup/installables/wlp.default.zip
-RUN cd /opt/ibm/java && \
-  zip -r /opt/ibm/wlp/usr/shared/stackGroups/defaultStackGroup/installables/jre.default.zip .
-
 COPY . /config/
-# RUN collective create defaultServer --keystorePassword=controllerKSPassword --createConfigFile=/config/collective-create-include.xml
-
-RUN mkdir /var/run/sshd && chmod 0755 /var/run/sshd
-RUN echo 'root:screencast' | chpasswd
-RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
-RUN sed -i "s/#PasswordAuthentication yes/PasswordAuthentication yes/" /etc/ssh/sshd_config
-RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
-
-EXPOSE 22
 EXPOSE 9080
 EXPOSE 9443
 CMD ["/config/startController.sh"]

src/docker/controller/server.xml

@@ -14,5 +14,4 @@
     <defaultScalingPolicy enabled="true" min="2" max="2"/>
   </scalingDefinitions>
   <include location="${server.config.dir}/resources/collective/collective-create-include.xml"/>
-  <stackManager controllerUser="adminUser" controllerUserPassword="adminPassword"/>
 </server>

src/docker/controller/startController.sh

@@ -8,6 +8,4 @@ createCollective() {
     sed -i 's#<quickStartSecurity .*/>#<quickStartSecurity userName="adminUser" userPassword="adminPassword"/>#' /config/resources/collective/collective-create-include.xml
 }
 [ -e  /config/resources/collective/collective-create-include.xml ] || createCollective
-/usr/sbin/sshd -D &
-
 exec /opt/ibm/wlp/bin/server run defaultServer

src/docker/docker-compose.yml

@@ -6,6 +6,12 @@ services:
     - "9443:9443"
     volumes:
     - 'collective_resources:/config/resources'
+  # controller-replica:
+  #   image: trajano/jee-controller:replica
+  #   deploy:
+  #     replicas: 2
+  #   volumes:
+  #   - 'collective_resources:/controllerResources'
   webserver:
     image: trajano/jee-webserver:base
     deploy:

src/docker/webserver/DockerFile

@@ -1,28 +1,10 @@
 FROM ibmcom/ibm-http-server:latest
+#FROM ibm-http-server:9.0.0.3
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends unzip wget ca-certificates openssl \
     && rm -rf /var/lib/apt/lists/*
 
-ENV JAVA_VERSION 1.8.0_sr4fp5
-
-RUN ESUM="187f67fa0fa23416811aa76df70d9e43ce75bb18bba0e7be080eb83f0c21fb20" \
-    && BASE_URL="https://public.dhe.ibm.com/ibmdl/export/pub/systems/cloud/runtimes/java/meta/" \
-    && YML_FILE="jre/linux/x86_64/index.yml" \
-    && wget -q -U UA_IBM_JAVA_Docker -O /tmp/index.yml $BASE_URL/$YML_FILE \
-    && JAVA_URL=$(cat /tmp/index.yml | sed -n '/'$JAVA_VERSION'/{n;p}' | sed -n 's/\s*uri:\s//p' | tr -d '\r') \
-    && wget -q -U UA_IBM_JAVA_Docker -O /tmp/ibm-java.bin $JAVA_URL \
-    && echo "$ESUM  /tmp/ibm-java.bin" | sha256sum -c - \
-    && echo "INSTALLER_UI=silent" > /tmp/response.properties \
-    && echo "USER_INSTALL_DIR=/opt/ibm/java" >> /tmp/response.properties \
-    && echo "LICENSE_ACCEPTED=TRUE" >> /tmp/response.properties \
-    && mkdir -p /opt/ibm \
-    && chmod +x /tmp/ibm-java.bin \
-    && /tmp/ibm-java.bin -i silent -f /tmp/response.properties \
-    && rm -f /tmp/response.properties \
-    && rm -f /tmp/index.yml \
-    && rm -f /tmp/ibm-java.bin
-    
 # Install WebSphere Liberty
 ENV LIBERTY_VERSION 17.0.0_01
 ARG LIBERTY_URL
@@ -31,10 +13,8 @@ RUN LIBERTY_URL=${LIBERTY_URL:-$(wget -q -O - https://public.dhe.ibm.com/ibmdl/e
     && wget $DOWNLOAD_OPTIONS $LIBERTY_URL -U UA-IBM-WebSphere-Liberty-Docker -O /tmp/wlp.zip \
     && unzip -q /tmp/wlp.zip -d /opt/ibm \
     && rm /tmp/wlp.zip
-#ENV JAVA_HOME=/opt/ibm/java/jre \
-#    PATH=/opt/ibm/java/jre/bin:$PATH \
-ENV JAVA_HOME=//opt/IBM/WebSphere/Plugins/java/8.0
-ENV JVM_ARGS=-Dcom.ibm.webserver.plugin.utility.autoAcceptCertificates=true
+ENV JAVA_HOME=/opt/IBM/WebSphere/Plugins/java/8.0 \
+    JVM_ARGS=-Dcom.ibm.webserver.plugin.utility.autoAcceptCertificates=true
 RUN /opt/ibm/wlp/bin/installUtility install --acceptLicense restConnector-2.0 restConnector-1.0 dynamicRouting-1.0
 
 # Cleanup
@@ -43,8 +23,7 @@ RUN apt-get purge -y unzip wget && apt-get -y autoremove && rm -rf /var/lib/apt/
 # Add include to the configuration file
 RUN mkdir /share
 COPY startHttpServer.sh /work/
-COPY defaultClusterPlugin.conf /opt/IBM/HTTPServer/conf/
-COPY plugin-cfg.xml /opt/IBM/HTTPServer/conf/
+COPY defaultClusterPlugin.conf plugin-cfg.xml /opt/IBM/HTTPServer/conf/
 RUN echo "Include /opt/IBM/HTTPServer/conf/defaultClusterPlugin.conf" >> /opt/IBM/HTTPServer/conf/httpd.conf
 
 EXPOSE 80

src/docker/webserver/defaultClusterPlugin.conf

@@ -1,7 +1,8 @@
 LoadModule ibm_ssl_module modules/mod_ibm_ssl.so
-#LoadModule was_ap22_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap22_http.so
 LoadModule was_ap24_module /opt/IBM/WebSphere/Plugins/bin/64bits/mod_was_ap24_http.so
 WebSpherePluginConfig "/defaultCluster-plugin-cfg.xml"
+
+# When 9.0.0.3 code is released...
 #WebSpherePluginConfig "/opt/IBM/HTTPServer/conf/plugin-cfg.xml"
 
 Listen 443

src/docker/webserver/plugin-cfg.xml

@@ -6,14 +6,14 @@
     <Property Name="ESIInvalidationMonitor" Value="false"/>
     <Property Name="ESIEnableToPassCookies" Value="false"/>
     <Property Name="PluginInstallRoot" Value="/opt/IBM/WebSphere/Plugins/"/>
-    <Property Name="Keyfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb"/>
-    <Property Name="Stashfile" Value="/opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.sth"/>
+    <Property Name="Keyfile" Value="/plugin-key.kdb"/>
+    <Property Name="Stashfile" Value="/plugin-key.sth"/>
     <IntelligentManagement>
         <Property name="webserverName" value="webserver1"/>
         <ConnectorCluster enabled="true" maxRetries="-1" name="defaultCollective" retryInterval="60">
             <Property name="uri" value="/ibm/api/dynamicRouting"/>
             <Connector host="controller" port="9443" protocol="https">
-                <Property name="keyring" value="/opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb"/>
+                <Property name="keyring" value="/plugin-key.kdb"/>
             </Connector>
         </ConnectorCluster>
         <Property name="RoutingRulesConnectorClusterName" value="defaultCollective"/>

src/docker/webserver/startHttpServer.sh

@@ -4,8 +4,8 @@ if [ ! -e /share/selfsigned.kdb ]
 then
   ( 
     flock 200
-    /opt/IBM/HTTPServer/bin/gskcapicmd -keydb -create -db /share/selfsigned.kdb -stash -genpw
-    /opt/IBM/HTTPServer/bin/gskcapicmd -cert \
+    gskcapicmd -keydb -create -db /share/selfsigned.kdb -stash -genpw
+    gskcapicmd -cert \
         -create \
         -db /share/selfsigned.kdb \
         -label default \
@@ -37,13 +37,39 @@ do
     -type p12 \
     -file $memberHost.pem \
     -target /opt/IBM/WebSphere/Plugins/config/webserver1/plugin-key.kdb \
-    -target-pw $PASSWORD
+    -target_stashed
 done
 
 # Remove the administrative URIs from the configuration
 sed -i 's#<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/IBMJMXConnectorREST/\*"/>##' /defaultCluster-plugin-cfg.xml
 sed -i 's#<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/ibm/api/\*"/>##' /defaultCluster-plugin-cfg.xml
 
+# The following sets up dynamic routing but it is not used until 9.0.0.3 docker image is released.  Remove from after fi
+PASSWORD=$(openssl rand -hex 16)
+
+while ! /opt/ibm/wlp/bin/dynamicRouting genKeystore \
+    --host=controller \
+    --user=adminUser \
+    --password=adminPassword \
+    --port=9443 \
+    --keystorePassword="$PASSWORD" \
+    --autoAcceptCertificates
+do
+  sleep 1
+done
+
+# needs 9.0.0.3 to work
+# gskcmd -keydb -convert \
+#   -db /plugin-key.jks \
+#   -pw $PASSWORD \
+#   -target /plugin-key.kdb \
+#   -new_format cms \
+#   -stash
+# gskcmd -cert -setdefault \
+#   -label default \
+#   -db /plugin-key.kdb \
+#   -stashed
+
 # Make directory used for the plugin logs
 mkdir -p /opt/IBM/WebSphere/Plugins/logs/webserver1