review: support for Jolokia 2.0.0

jkube-java-17.yaml

@@ -50,7 +50,7 @@ modules:
     - name: jboss.container.java.s2i.bash
     - name: jboss.container.java.run.bash
     - name: jboss.container.jolokia
-      version: jkube-1.7.2
+      version: jkube-2.0.0
     - name: jboss.container.prometheus
       version: jkube-0.20.0
     - name: jboss.container.util.logging.bash

modules/jboss.container.jolokia/jkube-1.7.2/module.yaml

@@ -3,7 +3,7 @@
 schema_version: 1
 
 name: jboss.container.jolokia
-version: 'jkube-2.0.0'
+version: 'jkube-1.7.2'
 description: ^
   Provides support for configuring Jolokia.  Basic usage is
   opts="$JBOSS_CONTAINER_JOLOKIA_MODULE/jolokia-opts"
@@ -15,7 +15,7 @@ labels:
 envs:
   - name: JOLOKIA_VERSION
     description: Version of Jolokia being used.
-    value: "2.0.0"
+    value: "1.7.2"
   - name: AB_JOLOKIA_PASSWORD_RANDOM
     description: Determines if a random AB_JOLOKIA_PASSWORD be generated. Set to **true** to generate random password. Generated value will be written to `/opt/jolokia/etc/jolokia.pw`.
     value: "true"
@@ -61,8 +61,8 @@ ports:
 artifacts:
   - name: jolokia-jvm.jar
     target: jolokia-jvm.jar
-    url: https://search.maven.org/remotecontent?filepath=org/jolokia/jolokia-jvm/2.0.0/jolokia-jvm-2.0.0.jar
-    md5: 163df91111e0277bbd5d37ba439f3e37
+    url: https://search.maven.org/remotecontent?filepath=org/jolokia/jolokia-jvm/1.7.2/jolokia-jvm-1.7.2.jar
+    md5: d489d62d1143e6a2e85a869a4b824a67
 
 execute:
   - script: configure.sh

modules/jboss.container.jolokia/jkube-2.0.0/artifacts/opt/jboss/container/jolokia/jolokia-opts

@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Check whether a given config is contained in AB_JOLOKIA_OPTS
+is_in_jolokia_opts() {
+  local prop=$1
+  if [ -n "${AB_JOLOKIA_OPTS}" ] && [ x"${AB_JOLOKIA_OPTS}" != x"${AB_JOLOKIA_OPTS/${prop}/}" ]; then
+     echo "yes"
+  else
+     echo "no"
+  fi
+}
+
+get_jolokia_properties() {
+
+  echo "host=${AB_JOLOKIA_HOST:-*}"
+  echo "port=${AB_JOLOKIA_PORT:-8778}"
+  echo "discoveryEnabled=${AB_JOLOKIA_DISCOVERY_ENABLED:=false}"
+
+  if [ -n "$AB_JOLOKIA_PASSWORD" ]; then
+     echo "user=${AB_JOLOKIA_USER:-jolokia}"
+     echo "password=${AB_JOLOKIA_PASSWORD}"
+  fi
+  if [ -n "$AB_JOLOKIA_HTTPS" ]; then
+     echo "protocol=https"
+     use_https=1
+  fi
+
+  # Integration with OpenShift client cert auth is enabled
+  # by default if not explicitly turned off by setting to 'false'
+  if [ "x${AB_JOLOKIA_AUTH_OPENSHIFT}" != "xfalse" ] && [ -f "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" ]; then
+     echo "useSslClientAuthentication=true"
+     echo "extraClientCheck=true"
+
+     if [ -z ${use_https+x} ]; then
+       echo "protocol=https"
+     fi
+     if [ $(is_in_jolokia_opts "caCert") != "yes" ]; then
+        echo "caCert=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+     fi
+
+     if [ $(is_in_jolokia_opts "clientPrincipal") != "yes" ]; then
+        if [ x"${AB_JOLOKIA_AUTH_OPENSHIFT}" != x"${AB_JOLOKIA_AUTH_OPENSHIFT/=/}" ]; then
+           # Supposed to contain a principal name to check
+           echo "clientPrincipal=`echo ${AB_JOLOKIA_AUTH_OPENSHIFT} | sed -e 's/ /\\\\ /g'`"
+        else
+           echo "clientPrincipal=cn=system:master-proxy"
+        fi
+     fi
+  fi
+
+  # Add extra opts
+  if [ -n "${AB_JOLOKIA_OPTS}" ]; then
+     echo "${AB_JOLOKIA_OPTS}" | tr "," "\n"
+  fi
+
+}
+
+write_jolokia_properties() {
+  local jolokia_property_file="$1"
+
+  # Setup Jolokia to accept basic auth, using a randomly generated password that is stored
+  # in the container in the ${DEPLOYMENTS_DIR}/jolokia.pw file.
+  if [ "$AB_JOLOKIA_PASSWORD_RANDOM" == "true" ]; then
+    pw_file="${JBOSS_CONTAINER_JOLOKIA_MODULE}/etc/jolokia.pw"
+    if [ -f "${pw_file}" ] ; then
+      AB_JOLOKIA_PASSWORD=`cat "${pw_file}"`
+    else
+      AB_JOLOKIA_PASSWORD=`tr -cd '[:alnum:]' < /dev/urandom | fold -w30 | head -n1`
+      touch "${pw_file}"
+      chmod 660 "${pw_file}"
+      cat > "${pw_file}" <<EOF
+$AB_JOLOKIA_PASSWORD
+EOF
+    fi
+    export AB_JOLOKIA_PASSWORD
+  fi
+
+  touch "${jolokia_property_file}"
+  chmod 660 "${jolokia_property_file}"
+  cat > "${jolokia_property_file}" <<EOF
+$(get_jolokia_properties)
+EOF
+
+}
+
+if [ -z "${AB_JOLOKIA_OFF+x}" ]; then
+  if [ -z "${AB_JOLOKIA_CONFIG}" ]; then
+    AB_JOLOKIA_CONFIG="${JBOSS_CONTAINER_JOLOKIA_MODULE}/etc/jolokia.properties"
+    write_jolokia_properties "$AB_JOLOKIA_CONFIG"
+  fi
+  echo "-javaagent:/usr/share/java/jolokia-jvm-agent/jolokia-jvm.jar=config=${AB_JOLOKIA_CONFIG}"
+fi

modules/jboss.container.jolokia/jkube-2.0.0/configure.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+# Configure module
+set -e
+
+SCRIPT_DIR=$(dirname $0)
+ARTIFACTS_DIR=${SCRIPT_DIR}/artifacts
+
+# Copy main artifact
+mkdir -p /usr/share/java/jolokia-jvm-agent/
+cp /tmp/artifacts/jolokia-jvm.jar /usr/share/java/jolokia-jvm-agent/
+
+# Copy module artifacts
+chown -R jboss:root $SCRIPT_DIR
+chmod -R ug+rwX $SCRIPT_DIR
+chmod ug+x ${ARTIFACTS_DIR}/opt/jboss/container/jolokia/*
+
+pushd ${ARTIFACTS_DIR}
+cp -pr * /
+popd
+
+mkdir -p /opt/jboss/container/jolokia/etc
+chmod 775 /opt/jboss/container/jolokia/etc
+chown -R jboss:root /opt/jboss/container/jolokia/etc

modules/jboss.container.jolokia/jkube-2.0.0/module.yaml

@@ -0,0 +1,68 @@
+# Ported from https://github.com/jboss-openshift/cct_module/tree/8411125f8e1b45d48c93c8bcd51d39541ce4a755/jboss/container/jolokia/8.2
+# Uses Maven Central Artifact instead of RPM package because there's no package (yet) for RHEL 9
+schema_version: 1
+
+name: jboss.container.jolokia
+version: 'jkube-2.0.0'
+description: ^
+  Provides support for configuring Jolokia.  Basic usage is
+  opts="$JBOSS_CONTAINER_JOLOKIA_MODULE/jolokia-opts"
+
+labels:
+  - name: io.fabric8.s2i.version.jolokia
+    value: "2.0.0"
+
+envs:
+  - name: JOLOKIA_VERSION
+    description: Version of Jolokia being used.
+    value: "2.0.0"
+  - name: AB_JOLOKIA_PASSWORD_RANDOM
+    description: Determines if a random AB_JOLOKIA_PASSWORD be generated. Set to **true** to generate random password. Generated value will be written to `/opt/jolokia/etc/jolokia.pw`.
+    value: "true"
+  - name: AB_JOLOKIA_AUTH_OPENSHIFT
+    description: Switch on client authentication for OpenShift TLS communication. The value of this parameter can be a relative distinguished name which must be contained in a presented client's certificate. Enabling this parameter will automatically switch Jolokia into https communication mode. The default CA cert is set to `/var/run/secrets/kubernetes.io/serviceaccount/ca.crt`.
+    value: "true"
+  - name: AB_JOLOKIA_HTTPS
+    description: Switch on secure communication with https. By default self signed server certificates are generated if no `serverCert` configuration is given in **AB_JOLOKIA_OPTS**.
+    value: "true"
+  - name: AB_JOLOKIA_OFF
+    description: If set disables activation of Joloka (i.e. echos an empty value). By default, Jolokia is enabled.
+    example: "true"
+  - name: AB_JOLOKIA_CONFIG
+    description: If set uses this file (including path) as Jolokia JVM agent properties (as described in Jolokia's link:https://www.jolokia.org/reference/html/agents.html#agents-jvm[reference manual]). If not set, the `/opt/jolokia/etc/jolokia.properties` will be created using the settings as defined in the manual. Otherwise the rest of the settings in this document are ignored.
+    example: "/opt/jolokia/custom.properties"
+  - name: AB_JOLOKIA_HOST
+    description: Host address to bind to. Defaults to **0.0.0.0**.
+    example: "127.0.0.1"
+  - name: AB_JOLOKIA_PORT
+    description: Port to listen to. Defaults to **8778**.
+    example: "5432"
+  - name: AB_JOLOKIA_USER
+    description: User for basic authentication. Defaults to **jolokia**.
+    example: "myusername"
+  - name: AB_JOLOKIA_PASSWORD
+    description: Password for basic authentication. By default authentication is switched off.
+    example: "mypassword"
+  - name: AB_JOLOKIA_ID
+    description: Agent ID to use (`$HOSTNAME` by default, which is the container id).
+    example: "openjdk-app-1-xqlsj"
+  - name: AB_JOLOKIA_DISCOVERY_ENABLED
+    description: Enable Jolokia discovery. Defaults to **false**.
+    example: "true"
+  - name: AB_JOLOKIA_OPTS
+    description: Additional options to be appended to the agent configuration. They should be given in the format `key=value,key=value,...`.
+    example: "backlog=20"
+  - name: JBOSS_CONTAINER_JOLOKIA_MODULE
+    value: /opt/jboss/container/jolokia
+
+ports:
+  - value: 8778
+
+artifacts:
+  - name: jolokia-jvm.jar
+    target: jolokia-jvm.jar
+    url: https://repo1.maven.org/maven2/org/jolokia/jolokia-agent-jvm/2.0.0/jolokia-agent-jvm-2.0.0-javaagent.jar
+    md5: 6f4d49d8f2e389878a2b698ee2ad586b
+
+execute:
+  - script: configure.sh

scripts/test-jkube-java-17.sh

@@ -72,7 +72,7 @@ assertContains "$env_variables" "JBOSS_CONTAINER_MAVEN_DEFAULT_MODULE=/opt/jboss
   || reportError "JBOSS_CONTAINER_MAVEN_DEFAULT_MODULE invalid"
 assertContains "$env_variables" "JBOSS_CONTAINER_S2I_CORE_MODULE=/opt/jboss/container/s2i/core/$" \
   || reportError "JBOSS_CONTAINER_S2I_CORE_MODULE invalid"
-assertContains "$env_variables" "JOLOKIA_VERSION=1.7.2$" \
+assertContains "$env_variables" "JOLOKIA_VERSION=2.0.0$" \
   || reportError "JOLOKIA_VERSION invalid"
 assertContains "$env_variables" "AB_JOLOKIA_PASSWORD_RANDOM=true$" \
   || reportError "AB_JOLOKIA_PASSWORD_RANDOM invalid"