/opensuse-tomcat-image

Primary LanguageXSLTApache License 2.0Apache-2.0

openSUSE with Java and Tomcat image

This project builds on the openSUSE Java 8 image here to build two pre-configured Tomcat Docker images that use two logging frameworks. One of the images uses the Logback logging framework and the other that uses Tomcat JULI logging.

They can be used as base images for hosting web projects which use Java technologies such as Java Servlets or JavaServer Pages.

Here is an example Dockerfile which uses one of the images as a base:

FROM cafapi/opensuse-tomcat:latest

COPY demowebapp/ $CATALINA_HOME/webapps/demowebapp/
COPY demowebapp-admin/ $CATALINA_HOME/adminapps/ROOT/

The derived image is expected to supply the web application being deployed, which should be copied into Tomcat's default webapps directory, and it is also expected to supply an administration application, which should be copied into the adminapps directory. The administration application must supply a /healthcheck endpoint which can be used by Docker, or the container orchestrator, to check on the health of the service when it is running. The administration application may optionally supply other administration or operations functionality, to assist with debugging for example, but it is required to supply a healthcheck endpoint.

Tini

Tini is pre-installed in the container. If the image entrypoint is not overwritten then it will be automatically used.

PostgreSQL Client

PostgreSQL Client is pre-installed in the container. psql is a terminal-based front-end to PostgreSQL. It enables you to type in queries interactively, issue them to PostgreSQL, and see the query results. Alternatively, input can be from a file or from command line arguments. In addition, psql provides a number of meta-commands and various shell-like features to facilitate writing scripts and automating a wide variety of tasks.

DejaVu Fonts

DejaVu Fonts is pre-installed in the container. The DejaVu fonts are a font family based on the Bitstream Vera Fonts. Its purpose is to provide a wider range of characters while maintaining the original look and feel through the process of collaborative development.

Gosu

Gosu is pre-installed in the container. Gosu allows derived images to run commands as a specified user, rather than as the default user.

To use gosu, set the RUNAS_USER environment variable in the derived container's Dockerfile. Subsequent commands will then be run as the specified user:

ENV RUNAS_USER=my-user
CMD ["whoami"] # Outputs my-user

Note: the user specified by the RUNAS_USER is expected to already exist, and the CMD will fail if this is not the case.

Startup Scripts

Any executable scripts added to the /startup/startup.d/ directory will be automatically run each time the container is started (assuming the image entrypoint is not overwritten).

Pre-Installed Startup Scripts

Certificate Installation

The image comes pre-installed with a startup script which provides a mechanism to extend the CA certificates which should be trusted.

Export File-Based Secrets Script

The image comes pre-installed with a startup script which provides support for file-based secrets.

It works by looking for environment variables ending with the _FILE prefix and setting the environment variable base name to the contents of the file.

For example, given this environment variable ending in the _FILE suffix:

ABC_PASSWORD_FILE=/var/somefile.txt

the script will read the contents of /var/somefile.txt (for example 'mypassword'), and export an environment variable named ABC_PASSWORD:

ABC_PASSWORD=mypassword

This feature is disabled by default. To enable it, ensure a USE_FILE_BASED_SECRETS environment variable is present, with a value of true, for example, USE_FILE_BASED_SECRETS=true.

Setup Log Level Script

The image comes pre-installed with a script that configures the Tomcat log level with the level set in the provided environment variable CAF_LOG_LEVEL. The levels available are mapped to Tomcat log levels as follows:

CAF_LOG_LEVEL Tomcat Log Level
FATAL SEVERE
ERROR SEVERE
WARN WARNING
INFO INFO
DEBUG FINE
TRACE FINEST

Setup SSL Certificate for Tomcat Script

This image comes pre-installed with a utility script which can be used to setup a SSL certificate for use with Tomcat.

If the SSL_TOMCAT_CA_CERT_LOCATION environment variable is present then the script will be executed and the following environment variables are read:

Environment Variable Required Description
SSL_TOMCAT_CA_CERT_LOCATION Yes Location of the SSL certificate to be setup. Note: this replaces the location of the default keystore.
SSL_TOMCAT_CA_CERT_KEYSTORE_PASS No Replaces the default keystore password.
SSL_TOMCAT_CA_CERT_KEY_PASS No Replaces the default key password.
SSL_TOMCAT_CA_CERT_KEYSTORE_ALIAS No Replaces the default keystore alias.

Pre-Installed Utility Scripts

Database Creation Script

The image comes pre-installed with a utility script which can be used to check if a PostgreSQL database exists and to create it if it does not.

When the script is called it must be passed an environment variable prefix for the service:

/scripts/check-create-pgdb.sh SERVICE_

The script then reads the database details from a set of environment variables with the specified prefix:

Environment Variable Description
SERVICE_DATABASE_HOST The host name of the machine on which the PostgreSQL server is running.
SERVICE_DATABASE_PORT The TCP port on which the PostgreSQL server is listening for connections.
SERVICE_DATABASE_USERNAME The username to use when establishing the connection to the PostgreSQL server.
SERVICE_DATABASE_PASSWORD The password to use when establishing the connection to the PostgreSQL server.
SERVICE_DATABASE_APPNAME The application name that PostgreSQL should associate with the connection for logging and monitoring.
SERVICE_DATABASE_NAME The name of the PostgreSQL database to be created.