[#845] Setup with embedded DJ may crash (#853)

Author: vharseko

.github/workflows/build.yml

@@ -101,8 +101,31 @@ jobs:
       - name: Docker test
         shell: bash
         run: |
-          docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
+          docker run --rm -it -d --memory="1g" -h openam.example.org --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}
           timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
+          docker exec -w '/usr/openam/ssoconfiguratortools' test bash -c \
+          'echo "ACCEPT_LICENSES=true
+          SERVER_URL=http://openam.example.org:8080
+          DEPLOYMENT_URI=/$OPENAM_PATH
+          BASE_DIR=$OPENAM_DATA_DIR
+          locale=en_US
+          PLATFORM_LOCALE=en_US
+          AM_ENC_KEY=
+          ADMIN_PWD=passw0rd
+          AMLDAPUSERPASSWD=p@passw0rd
+          COOKIE_DOMAIN=example.org
+          ACCEPT_LICENSES=true
+          DATA_STORE=embedded
+          DIRECTORY_SSL=SIMPLE
+          DIRECTORY_SERVER=openam.example.org
+          DIRECTORY_PORT=50389
+          DIRECTORY_ADMIN_PORT=4444
+          DIRECTORY_JMX_PORT=1689
+          ROOT_SUFFIX=dc=openam,dc=example,dc=org
+          DS_DIRMGRDN=cn=Directory Manager
+          DS_DIRMGRPASSWD=passw0rd" > conf.file && java -jar openam-configurator-tool*.jar --file conf.file'
+          sleep 35
+          docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"
   build-docker-alpine:
     runs-on: 'ubuntu-latest'
     services:
@@ -150,5 +173,28 @@ jobs:
       - name: Docker test
         shell: bash
         run: |
-          docker run --rm -it -d --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
+          docker run --rm -it -d --memory="2g" -h openam.example.org --name=test localhost:5000/${GITHUB_REPOSITORY,,}:${{ env.release_version }}-alpine
           timeout 3m bash -c 'until docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"; do sleep 10; done'
+          docker exec -w '/usr/openam/ssoconfiguratortools' test bash -c \
+          'echo "ACCEPT_LICENSES=true
+          SERVER_URL=http://openam.example.org:8080
+          DEPLOYMENT_URI=/$OPENAM_PATH
+          BASE_DIR=$OPENAM_DATA_DIR
+          locale=en_US
+          PLATFORM_LOCALE=en_US
+          AM_ENC_KEY=
+          ADMIN_PWD=passw0rd
+          AMLDAPUSERPASSWD=p@passw0rd
+          COOKIE_DOMAIN=example.org
+          ACCEPT_LICENSES=true
+          DATA_STORE=embedded
+          DIRECTORY_SSL=SIMPLE
+          DIRECTORY_SERVER=openam.example.org
+          DIRECTORY_PORT=50389
+          DIRECTORY_ADMIN_PORT=4444
+          DIRECTORY_JMX_PORT=1689
+          ROOT_SUFFIX=dc=openam,dc=example,dc=org
+          DS_DIRMGRDN=cn=Directory Manager
+          DS_DIRMGRPASSWD=passw0rd" > conf.file && java -jar openam-configurator-tool*.jar --file conf.file'
+          sleep 35
+          docker inspect --format="{{json .State.Health.Status}}" test | grep -q \"healthy\"

openam-core/src/main/java/com/sun/identity/setup/EmbeddedOpenDS.java

@@ -25,6 +25,7 @@
  * $Id: EmbeddedOpenDS.java,v 1.27 2010/01/15 01:22:39 goodearth Exp $
  *
  * Portions Copyrighted 2010-2016 ForgeRock AS.
+ * Portions Copyrighted 2017-2025 3A Systems, LLC.
  */
 
 package com.sun.identity.setup;
@@ -468,7 +469,7 @@ public static void startServer(String odsRoot) throws Exception {
         debug.message("...EmbeddedOpenDS.startServer:DS Server started.");
 
         int sleepcount = 0;
-        while (!EmbeddedUtils.isRunning() && (sleepcount < 60)) {
+        while ((!EmbeddedUtils.isRunning() || !com.sun.identity.setup.AMSetupDSConfig.getInstance().isDServerUp()) && (sleepcount < 60)) {
             sleepcount++;
             SetupProgress.reportStart("emb.waitingforstarted", null);
             Thread.sleep(1000);

openam-distribution/openam-distribution-docker/Dockerfile

@@ -1,23 +1,21 @@
 FROM tomcat:9-jre21
 
-MAINTAINER Open Identity Platform Community <[email protected]>
-
-ENV CATALINA_HOME=/usr/local/tomcat \
-    OPENAM_PATH="openam" \
-    OPENAM_USER="openam" \
-    OPENAM_DATA_DIR="/usr/openam/config" 
-ENV PATH=$CATALINA_HOME/bin:$PATH \
- 	JAVA_OPTS="--add-exports java.base/sun.security.util=ALL-UNNAMED --add-exports java.security.jgss/sun.security.krb5=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED" \
- 	MEMORY="-server -XX:+UseG1GC -XX:+UseContainerSupport" \
-    CATALINA_OPTS="$MEMORY -Dcom.iplanet.services.configpath=$OPENAM_DATA_DIR -Dcom.sun.identity.configuration.directory=$OPENAM_DATA_DIR"
-
-WORKDIR $CATALINA_HOME
-
-ARG VERSION @project_version@
-
-RUN apt-get update && apt-get install -y curl unzip 
-
-RUN rm -rf  $CATALINA_HOME/webapps/* \
+LABEL org.opencontainers.image.authors="Open Identity Platform Community"
+
+ENV CATALINA_HOME=/usr/local/tomcat
+ENV OPENAM_PATH="openam"
+ENV OPENAM_USER="openam"
+ENV OPENAM_DATA_DIR="/usr/openam/config"
+ENV PATH="$CATALINA_HOME/bin:$PATH"
+ENV JAVA_OPTS="--add-exports java.base/sun.security.util=ALL-UNNAMED --add-exports java.security.jgss/sun.security.krb5=ALL-UNNAMED --add-exports java.base/sun.security.x509=ALL-UNNAMED --add-exports java.base/sun.security.tools.keytool=ALL-UNNAMED --add-exports java.xml/com.sun.org.apache.xerces.internal.dom=ALL-UNNAMED"
+ENV MEMORY="-server"
+ENV CATALINA_OPTS="$MEMORY -Dcom.iplanet.services.configpath=$OPENAM_DATA_DIR -Dcom.sun.identity.configuration.directory=$OPENAM_DATA_DIR"
+
+ARG VERSION
+
+RUN apt-get update && apt-get install -y curl unzip \
+ && rm -rf  $CATALINA_HOME/webapps/* \
+ && if [ -z "$VERSION" ] ; then VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenAM/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)"; fi \
  && curl -L https://github.com/OpenIdentityPlatform/OpenAM/releases/download/$VERSION/OpenAM-$VERSION.war --output $CATALINA_HOME/webapps/$OPENAM_PATH.war  \
  && mkdir /usr/openam \
  && curl -L https://github.com/OpenIdentityPlatform/OpenAM/releases/download/$VERSION/SSOConfiguratorTools-$VERSION.zip --output /usr/openam/ssoconfiguratortools.zip  \
@@ -29,14 +27,13 @@ RUN rm -rf  $CATALINA_HOME/webapps/* \
  && useradd -m -r -u 1001 -g root $OPENAM_USER \
  && install -d -o $OPENAM_USER $OPENAM_DATA_DIR \
  && chown -R $OPENAM_USER:root $CATALINA_HOME \
+ && apt-get remove -y --purge unzip \
+ && rm -rf /var/lib/apt/lists/* \
  && sed -i '/<\/Host>/i \ \ \ \ <Valve className=\"org.apache.catalina.valves.RemoteIpValve\" httpServerPort=\"8080\" httpsServerPort=\"443\" />' $CATALINA_HOME/conf/server.xml
 
-RUN  apt-get remove -y --purge unzip \
- && rm -rf /var/lib/apt/lists/*
- 
 USER $OPENAM_USER
 
-EXPOSE 8080 
+EXPOSE 8080/tcp
 
 HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD curl -v -L --fail http://localhost:8080/$OPENAM_PATH/isAlive.jsp || exit 1
 

openam-distribution/openam-distribution-docker/Dockerfile-alpine

@@ -1,22 +1,20 @@
 FROM tomcat:9-jre8-alpine
 
-MAINTAINER Open Identity Platform Community <[email protected]>
+LABEL org.opencontainers.image.authors="Open Identity Platform Community"
 
-ENV CATALINA_HOME=/usr/local/tomcat \
-    OPENAM_PATH="openam" \
-    OPENAM_USER="openam" \
-    OPENAM_DATA_DIR="/usr/openam/config"    
-ENV PATH=$CATALINA_HOME/bin:$PATH \
-    MEMORY="-server -XX:+UseG1GC -XX:+UseContainerSupport" \
-    CATALINA_OPTS="$MEMORY -Dcom.iplanet.services.configpath=$OPENAM_DATA_DIR -Dcom.sun.identity.configuration.directory=$OPENAM_DATA_DIR"
+ENV CATALINA_HOME=/usr/local/tomcat
+ENV OPENAM_PATH="openam"
+ENV OPENAM_USER="openam"
+ENV OPENAM_DATA_DIR="/usr/openam/config"
+ENV PATH="$CATALINA_HOME/bin:$PATH"
+ENV MEMORY="-server -XX:+UseG1GC -XX:+UseContainerSupport"
+ENV CATALINA_OPTS="$MEMORY -Dcom.iplanet.services.configpath=$OPENAM_DATA_DIR -Dcom.sun.identity.configuration.directory=$OPENAM_DATA_DIR"
 
-WORKDIR $CATALINA_HOME
+ARG VERSION
 
-ARG VERSION @project_version@
-
-RUN apk add --update --no-cache --virtual curl builddeps unzip bash && apk upgrade --update --no-cache 
-
-RUN rm -rf  $CATALINA_HOME/webapps/* \
+RUN apk add --update --no-cache --virtual curl builddeps unzip bash && apk upgrade --update --no-cache \
+ && rm -rf  $CATALINA_HOME/webapps/* \
+ && if [ -z "$VERSION" ] ; then VERSION="$(curl -i -o - --silent https://api.github.com/repos/OpenIdentityPlatform/OpenAM/releases/latest | grep -m1 "\"name\"" | cut -d\" -f4)"; fi \
  && curl -L https://github.com/OpenIdentityPlatform/OpenAM/releases/download/$VERSION/OpenAM-$VERSION.war --output $CATALINA_HOME/webapps/$OPENAM_PATH.war  \
  && mkdir /usr/openam \
  && curl -L https://github.com/OpenIdentityPlatform/OpenAM/releases/download/$VERSION/SSOConfiguratorTools-$VERSION.zip --output /usr/openam/ssoconfiguratortools.zip  \
@@ -27,14 +25,13 @@ RUN rm -rf  $CATALINA_HOME/webapps/* \
  && chmod -R g=u /usr/openam/ \
  && adduser -S -u 1001 -G root $OPENAM_USER \
  && install -d -o $OPENAM_USER $OPENAM_DATA_DIR \
- && chown -R $OPENAM_USER:root $CATALINA_HOME/webapps \
+ && chown -R $OPENAM_USER:root $CATALINA_HOME \
+ && apk del unzip && rm -rf /var/cache/apk/* \
  && sed -i '/<\/Host>/i \ \ \ \ <Valve className=\"org.apache.catalina.valves.RemoteIpValve\" httpServerPort=\"8080\" httpsServerPort=\"443\" />' $CATALINA_HOME/conf/server.xml
 
-RUN  apk del unzip && rm -rf /var/cache/apk/* 
- 
 USER $OPENAM_USER
 
-EXPOSE 8080 
+EXPOSE 8080/tcp
 
 HEALTHCHECK --interval=30s --timeout=30s --start-period=1s --retries=3 CMD curl -v -L --fail http://localhost:8080/$OPENAM_PATH/isAlive.jsp || exit 1