CORDA-4954 : Improvements to docker image : compatible with v3.3; image size; truststore (#4965)

* CORDA-4954

* test-docker

* test fix

docker/src/bash/generate-config.sh

@@ -49,11 +49,11 @@ function generateGenericCZConfig(){
         java -jar config-exporter.jar "GENERIC-CZ" "/opt/corda/starting-node.conf" "${CONFIG_FOLDER}/node.conf"
 
         java -Djava.security.egd=file:/dev/./urandom -Dcapsule.jvm.args="${JVM_ARGS}" -jar /opt/corda/bin/corda.jar \
-                initial-registration \
-                --base-directory=/opt/corda \
-                --config-file=/etc/corda/node.conf \
-                --network-root-truststore-password=${NETWORK_TRUST_PASSWORD} \
-                --network-root-truststore=${CERTIFICATES_FOLDER}/${TRUST_STORE_NAME} &&\
+                --initial-registration \
+                --base-directory /opt/corda \
+                --config-file ${CONFIG_FOLDER}/node.conf \
+                --network-root-truststore-password ${NETWORK_TRUST_PASSWORD} \
+                --network-root-truststore ${CERTIFICATES_FOLDER}/${TRUST_STORE_NAME} &&\
         echo "Succesfully registered with ${DOORMAN_URL}, starting corda" && \
         run-corda
     fi

docker/src/bash/run-corda.sh

@@ -1,10 +1,7 @@
 #!/usr/bin/env bash
-: ${JVM_ARGS='-XX:+UseG1GC'}
-
-JVM_ARGS="-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap "${JVM_ARGS}
 
 if [[ ${JVM_ARGS} == *"Xmx"* ]]; then
   echo "WARNING: the use of the -Xmx flag is not recommended within docker containers. Use the --memory option passed to the container to limit heap size"
 fi
 
-java -Djava.security.egd=file:/dev/./urandom -Dcapsule.jvm.args="${JVM_ARGS}" -jar /opt/corda/bin/corda.jar --base-directory=/opt/corda --config-file=/etc/corda/node.conf ${CORDA_ARGS}
+java -Djava.security.egd=file:/dev/./urandom -Dcapsule.jvm.args="${JVM_ARGS}" -jar /opt/corda/bin/corda.jar --base-directory /opt/corda --config-file ${CONFIG_FOLDER}/node.conf ${CORDA_ARGS}

docker/src/docker/Dockerfile

@@ -1,35 +1,34 @@
 FROM azul/zulu-openjdk:8u192
 
-RUN apt-get update && apt-get -y upgrade && apt-get -y install bash curl unzip
+## Add packages, clean cache, create dirs, create corda user and change ownership
+RUN apt-get update && \
+    apt-get -y upgrade && \
+    apt-get -y install bash curl unzip && \
+    rm -rf /var/lib/apt/lists/* && \
+    mkdir -p /opt/corda/cordapps && \
+    mkdir -p /opt/corda/persistence && \
+    mkdir -p /opt/corda/certificates && \
+    mkdir -p /opt/corda/drivers && \
+    mkdir -p /opt/corda/logs && \
+    mkdir -p /opt/corda/bin && \
+    mkdir -p /opt/corda/additional-node-infos && \
+    mkdir -p /etc/corda && \
+    addgroup corda && \
+    useradd corda -g corda -m -d /opt/corda && \
+    chown -R corda:corda /opt/corda && \
+    chown -R corda:corda /etc/corda
 
-# Create dirs
-RUN mkdir -p /opt/corda/cordapps
-RUN mkdir -p /opt/corda/persistence
-RUN mkdir -p /opt/corda/certificates
-RUN mkdir -p /opt/corda/drivers
-RUN mkdir -p /opt/corda/logs
-RUN mkdir -p /opt/corda/bin
-RUN mkdir -p /opt/corda/additional-node-infos
-RUN mkdir -p /etc/corda
-
-# Create corda user
-RUN addgroup corda && \
-    useradd corda -g corda -m -d /opt/corda
-
-WORKDIR /opt/corda
-
-ENV CORDAPPS_FOLDER="/opt/corda/cordapps"
-ENV PERSISTENCE_FOLDER="/opt/corda/persistence"
-ENV CERTIFICATES_FOLDER="/opt/corda/certificates"
-ENV DRIVERS_FOLDER="/opt/corda/drivers"
-ENV CONFIG_FOLDER="/etc/corda"
-
-ENV MY_P2P_PORT=10200
-ENV MY_RPC_PORT=10201
-ENV MY_RPC_ADMIN_PORT=10202
-
-RUN chown -R corda:corda /opt/corda
-RUN chown -R corda:corda /etc/corda
+ENV CORDAPPS_FOLDER="/opt/corda/cordapps" \
+    PERSISTENCE_FOLDER="/opt/corda/persistence" \
+    CERTIFICATES_FOLDER="/opt/corda/certificates" \
+    DRIVERS_FOLDER="/opt/corda/drivers" \
+    CONFIG_FOLDER="/etc/corda" \
+    MY_P2P_PORT=10200 \
+    MY_RPC_PORT=10201 \
+    MY_RPC_ADMIN_PORT=10202 \
+    PATH=$PATH:/opt/corda/bin \
+    JVM_ARGS="-XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap " \
+    CORDA_ARGS=""
 
 ##CORDAPPS FOLDER
 VOLUME ["/opt/corda/cordapps"]
@@ -46,25 +45,18 @@ VOLUME ["/opt/corda/additional-node-infos"]
 ##CONFIG LOCATION
 VOLUME ["/etc/corda"]
 
-
 ##CORDA JAR
-ADD --chown=corda:corda corda.jar /opt/corda/bin/corda.jar
+COPY --chown=corda:corda corda.jar /opt/corda/bin/corda.jar
 ##CONFIG MANIPULATOR JAR
-ADD --chown=corda:corda config-exporter.jar /opt/corda/config-exporter.jar
+COPY --chown=corda:corda config-exporter.jar /opt/corda/config-exporter.jar
 ##CONFIG GENERATOR SHELL SCRIPT
-ADD --chown=corda:corda generate-config.sh /opt/corda/bin/config-generator
+COPY --chown=corda:corda generate-config.sh /opt/corda/bin/config-generator
 ##CORDA RUN SCRIPT
-ADD --chown=corda:corda run-corda.sh /opt/corda/bin/run-corda
+COPY --chown=corda:corda run-corda.sh /opt/corda/bin/run-corda
 ##BASE CONFIG FOR GENERATOR
-ADD --chown=corda:corda starting-node.conf /opt/corda/starting-node.conf
-##SET EXECUTABLE PERMISSIONS
-RUN chmod +x /opt/corda/bin/config-generator
-RUN chmod +x /opt/corda/bin/run-corda
-
-ENV PATH=$PATH:/opt/corda/bin
-
-EXPOSE $MY_P2P_PORT
-EXPOSE $MY_RPC_PORT
+COPY --chown=corda:corda starting-node.conf /opt/corda/starting-node.conf
 
 USER "corda"
-CMD ["run-corda"]
+EXPOSE ${MY_P2P_PORT} ${MY_RPC_PORT} ${MY_RPC_ADMIN_PORT}
+WORKDIR /opt/corda
+CMD ["run-corda"]

docker/src/docker/DockerfileAL

@@ -1,39 +1,37 @@
 FROM amazonlinux:2
 
-RUN amazon-linux-extras enable corretto8
-RUN yum -y install java-1.8.0-amazon-corretto-devel
-RUN yum -y install bash
-RUN yum -y install curl
-RUN yum -y install unzip
+## Add packages, clean cache, create dirs, create corda user and change ownership
+RUN amazon-linux-extras enable corretto8 && \
+    yum -y install java-1.8.0-amazon-corretto-devel  && \
+    yum -y install bash && \
+    yum -y install curl && \
+    yum -y install unzip && \
+    yum clean all && \
+    rm -rf /var/cache/yum && \
+    mkdir -p /opt/corda/cordapps && \
+    mkdir -p /opt/corda/persistence && \
+    mkdir -p /opt/corda/certificates && \
+    mkdir -p /opt/corda/drivers && \
+    mkdir -p /opt/corda/logs && \
+    mkdir -p /opt/corda/bin && \
+    mkdir -p /opt/corda/additional-node-infos && \
+    mkdir -p /etc/corda && \
+    groupadd corda && \
+    useradd corda -g corda -m -d /opt/corda && \
+    chown -R corda:corda /opt/corda && \
+    chown -R corda:corda /etc/corda
 
-# Create dirs
-RUN mkdir -p /opt/corda/cordapps
-RUN mkdir -p /opt/corda/persistence
-RUN mkdir -p /opt/corda/certificates
-RUN mkdir -p /opt/corda/drivers
-RUN mkdir -p /opt/corda/logs
-RUN mkdir -p /opt/corda/bin
-RUN mkdir -p /opt/corda/additional-node-infos
-RUN mkdir -p /etc/corda
-
-# Create corda user
-RUN groupadd corda && \
-    useradd corda -g corda -m -d /opt/corda
-
-WORKDIR /opt/corda
-
-ENV CORDAPPS_FOLDER="/opt/corda/cordapps"
-ENV PERSISTENCE_FOLDER="/opt/corda/persistence"
-ENV CERTIFICATES_FOLDER="/opt/corda/certificates"
-ENV DRIVERS_FOLDER="/opt/corda/drivers"
-ENV CONFIG_FOLDER="/etc/corda"
-
-ENV MY_P2P_PORT=10200
-ENV MY_RPC_PORT=10201
-ENV MY_RPC_ADMIN_PORT=10202
-
-RUN chown -R corda:corda /opt/corda
-RUN chown -R corda:corda /etc/corda
+ENV CORDAPPS_FOLDER="/opt/corda/cordapps" \
+    PERSISTENCE_FOLDER="/opt/corda/persistence" \
+    CERTIFICATES_FOLDER="/opt/corda/certificates" \
+    DRIVERS_FOLDER="/opt/corda/drivers" \
+    CONFIG_FOLDER="/etc/corda" \
+    MY_P2P_PORT=10200 \
+    MY_RPC_PORT=10201 \
+    MY_RPC_ADMIN_PORT=10202 \
+    PATH=$PATH:/opt/corda/bin \
+    JVM_ARGS="-XX:+UseG1GC -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap " \
+    CORDA_ARGS=""
 
 ##CORDAPPS FOLDER
 VOLUME ["/opt/corda/cordapps"]
@@ -50,25 +48,18 @@ VOLUME ["/opt/corda/additional-node-infos"]
 ##CONFIG LOCATION
 VOLUME ["/etc/corda"]
 
-
 ##CORDA JAR
-ADD --chown=corda:corda corda.jar /opt/corda/bin/corda.jar
+COPY --chown=corda:corda corda.jar /opt/corda/bin/corda.jar
 ##CONFIG MANIPULATOR JAR
-ADD --chown=corda:corda config-exporter.jar /opt/corda/config-exporter.jar
+COPY --chown=corda:corda config-exporter.jar /opt/corda/config-exporter.jar
 ##CONFIG GENERATOR SHELL SCRIPT
-ADD --chown=corda:corda generate-config.sh /opt/corda/bin/config-generator
+COPY --chown=corda:corda generate-config.sh /opt/corda/bin/config-generator
 ##CORDA RUN SCRIPT
-ADD --chown=corda:corda run-corda.sh /opt/corda/bin/run-corda
+COPY --chown=corda:corda run-corda.sh /opt/corda/bin/run-corda
 ##BASE CONFIG FOR GENERATOR
-ADD --chown=corda:corda starting-node.conf /opt/corda/starting-node.conf
-##SET EXECUTABLE PERMISSIONS
-RUN chmod +x /opt/corda/bin/config-generator
-RUN chmod +x /opt/corda/bin/run-corda
-
-ENV PATH=$PATH:/opt/corda/bin
-
-EXPOSE $MY_P2P_PORT
-EXPOSE $MY_RPC_PORT
+COPY --chown=corda:corda starting-node.conf /opt/corda/starting-node.conf
 
 USER "corda"
-CMD ["run-corda"]
+EXPOSE ${MY_P2P_PORT} ${MY_RPC_PORT} ${MY_RPC_ADMIN_PORT}
+WORKDIR /opt/corda
+CMD ["run-corda"]

docker/test-docker.sh

@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+# Tests Corda docker by registering with a test doorman
+# usage: ./test-docker.sh <IMAGE UNDER TEST>
+# example: ./test-docker.sh corda/corda-corretto-4.0:RELEASE
+IMAGE=${1:-corda/corda-corretto-4.0}
+SALT=${RANDOM}
+
+# Start up test-doorman, if not already running
+if [ ! "$(docker ps -q -f name=test-doorman)" ]; then
+    if [ "$(docker ps -aq -f status=exited -f name=test-doorman)" ]; then
+        echo "TEST-IMAGE-${IMAGE}: test-doorman is in a status=exited state. I will remove."
+        docker rm -f test-doorman
+    fi
+    echo "TEST-IMAGE-${IMAGE}: test-doorman is not running. I will start."
+    docker run -d --rm --name test-doorman -p 8080:8080 \
+    -e NMS_MONGO_CONNECTION_STRING=embed \
+    -e NMS_TLS=false \
+    -e NMS_DOORMAN=true \
+    -e NMS_CERTMAN=false \
+    cordite/network-map
+else
+    echo "TEST-IMAGE-${IMAGE}: test-door man is already running. I will use this instance."
+fi
+
+# Wait for test-doorman and then download truststore
+while [[ "$(curl -s -o network-root-truststore.jks -w ''%{http_code}'' http://localhost:8080/network-map/truststore)" != "200" ]]; do
+    echo "TEST-IMAGE-${IMAGE}: waiting 5 seconds for test-doorman to serve..."
+    sleep 5
+done
+
+# Test corda docker
+echo "TEST-IMAGE-${IMAGE}: Run config-generator in corda docker with image: ${IMAGE}"
+docker run -d --name corda-test-${SALT} --network=host --hostname=127.0.0.1 \
+        -e MY_LEGAL_NAME="O=Test-${SALT},L=Berlin,C=DE"     \
+        -e MY_PUBLIC_ADDRESS="localhost"       \
+        -e NETWORKMAP_URL="http://localhost:8080"    \
+        -e DOORMAN_URL="http://localhost:8080"      \
+        -e NETWORK_TRUST_PASSWORD="trustpass"       \
+        -e MY_EMAIL_ADDRESS="cordauser@r3.com"      \
+        -v $(pwd)/network-root-truststore.jks:/opt/corda/certificates/network-root-truststore.jks \
+        -e CORDA_ARGS="--log-to-console --no-local-shell" \
+        $IMAGE  config-generator --generic
+
+# Succesfully registered (with http://localhost:8080)
+docker logs -f corda-test-${SALT} | grep -q "Succesfully registered"
+if [ ! "$(docker ps -q -f name=corda-test-${SALT})" ]; then
+    echo "TEST-IMAGE-${IMAGE}: FAIL corda-test has exited."
+    docker logs corda-test-${SALT}
+    rm -f $(pwd)/network-root-truststore.jks
+    docker rm -f corda-test-${SALT}
+    exit 1
+else
+    echo "TEST-IMAGE-${IMAGE}: SUCCESS : Succesfully registered with http://localhost:8080"
+fi
+
+# Node started up and registered
+docker logs -f corda-test-${SALT} | grep -q "started up and registered in"
+if [ ! "$(docker ps -q -f name=corda-test-${SALT})" ]; then
+    echo "TEST-IMAGE-${IMAGE}: FAIL corda-test has exited."
+    docker logs corda-test-${SALT}
+    rm -f $(pwd)/network-root-truststore.jks
+    docker rm -f corda-test-${SALT}
+    exit 1
+else
+    echo "TEST-IMAGE-${IMAGE}:  SUCCESS : Node started up and registered"
+    echo "TEST-IMAGE-${IMAGE}:  SUCCESS : tear down"
+    rm -f $(pwd)/network-root-truststore.jks
+    docker rm -f corda-test-${SALT}
+    exit 0
+fi