[bot] Fast-forward for 24.7.0

.github/workflows/dockle_xeol.yml

@@ -18,24 +18,24 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
-      - name: Build an image from Dockerfile
-        run: |
-          cp labkeyServer-HelloWorld.jar labkeyServer.jar
-          LABKEY_VERSION=HelloWorld make build
-      - name: Run dockle on helloworld image
-        uses: goodwithtech/dockle-action@0.1.0
-        env:
-          DOCKER_CONTENT_TRUST: 0
-        with:
-          image: 'labkey/community:helloworld'
-          format: 'list'
-          exit-code: '1'
-          exit-level: 'warn'
-          ignore: 'CIS-DI-0005,CIS-DI-0009,CIS-DI-0010,DKL-DI-0001'
-      - name: Run xeol on helloworld image
-        uses: noqcks/xeol-action@v1.0.6
-        with:
-          image: "labkey/community:helloworld"
+      # - name: Build an image from Dockerfile
+      #   run: |
+      #     cp labkeyServer-HelloWorld.jar labkeyServer.jar
+      #     LABKEY_VERSION=HelloWorld make build
+      # - name: Run dockle on helloworld image
+      #   uses: goodwithtech/dockle-action@0.1.0
+      #   env:
+      #     DOCKER_CONTENT_TRUST: 0
+      #   with:
+      #     image: 'labkey/community:helloworld'
+      #     format: 'list'
+      #     exit-code: '1'
+      #     exit-level: 'warn'
+      #     ignore: 'CIS-DI-0005,CIS-DI-0009,CIS-DI-0010,DKL-DI-0001'
+      # - name: Run xeol on helloworld image
+      #   uses: noqcks/xeol-action@v1.0.6
+      #   with:
+      #     image: "labkey/community:helloworld"
       - name: Run xeol on dir
         uses: noqcks/xeol-action@v1.0.6
         with:

Dockerfile

@@ -1,6 +1,6 @@
 # main eclipse-temurin jre, which is debian-based
 ARG FROM_REPO_IMAGE=eclipse-temurin
-ARG FROM_TAG=17-jre
+ARG FROM_TAG=17-jre-jammy
 
 # uncomment for alpine-based eclipse-temurin jre
 # ARG FROM_TAG=17-jre-alpine
@@ -150,7 +150,7 @@ RUN [ -n "${DEBUG}" ] && set -x; \
         export DEBIAN_FRONTEND=noninteractive; \
         apt-get update; \
         apt-get -yq --no-install-recommends install \
-            openssl=3.0.2-0ubuntu1.15 \
+            openssl=3.0.2-0ubuntu1.16 \
             gettext-base=0.21-4ubuntu4 \
             unzip=6.0-26ubuntu3.1 \
             ; \

Makefile

@@ -8,7 +8,7 @@ endif
 
 DEBUG ?=
 
-FROM_TAG ?= 17-jre
+FROM_TAG ?= 17-jre-jammy
 
 CACHE_FLAG ?= --no-cache
 

README.md

@@ -251,6 +251,13 @@ Since java can be picky about the position of CLI values, `JAVA_PRE_JAR_EXTRA` a
 
 In contrast to `application.properties`, the "startup properties" files housed in `startup/`, are LabKey's own implementation of `.properties` file(s) and generally are less feature rich that Spring Boot's, and are specific to LabKey application settings.
 
+## JMX & Datadog
+For the datadog agent to collect JMX metrics from inside a container running in ECS, set the `JAVA_RMI_SERVER_HOSTNAME` env var. This can be set to 'localhost' in most deployments.
+
+If deploying to ECS with EC2 instances, and using `awsvpc` mode (instead of bridge), you will likely also need to set up Discovery Service for the ECS service, and use the resulting URI as both the `JAVA_RMI_SERVER_HOSTNAME` env var and as a [dockerLabel](https://docs.datadoghq.com/containers/docker/integrations/?tab=docker), for the [datadog agent](https://docs.datadoghq.com/containers/amazon_ecs/?tab=awscli) to see and use with [AutoDiscovery](https://docs.datadoghq.com/getting_started/containers/autodiscovery).
+
+Note: this is fairly specific to LabKey's usage. Your mileage may vary. 
+
 ## Tips
 
 Q: Why is my labkey container "unhealthy"?

docker-compose.yml

@@ -348,6 +348,7 @@ services:
       # - mailhog
     ports:
       - ${HOST_PORT:-8443}:8443
+      - 7199:7199
     volumes:
       - ./mounts/files:/labkey/files
       # - files:/labkey/files

entrypoint.sh

@@ -24,8 +24,9 @@ JSON_OUTPUT="${JSON_OUTPUT:-false}"
 CSP_REPORT="${CSP_REPORT:-}"
 CSP_ENFORCE="${CSP_ENFORCE:-}"
 
-# for ecs/datadog, optionally enable APM metrics
+# for ecs/datadog, optionally enable APM and JMX metrics
 DD_COLLECT_APM="${DD_COLLECT_APM:-false}"
+JAVA_RMI_SERVER_HOSTNAME="${JAVA_RMI_SERVER_HOSTNAME:-}"
 
 SLEEP="${SLEEP:=0}"
 
@@ -227,12 +228,6 @@ main() {
 
   sed -i "s/@@encryptionKey@@/${LABKEY_EK}/" config/application.properties
 
-  echo "Purging secrets and other bits from environment variables..."
-  unset POSTGRES_USER POSTGRES_PASSWORD POSTGRES_HOST POSTGRES_PORT POSTGRES_DB POSTGRES_PARAMETERS CSP_REPORT CSP_ENFORCE
-  unset SMTP_HOST SMTP_USER SMTP_PORT SMTP_PASSWORD SMTP_AUTH SMTP_FROM SMTP_STARTTLS
-  unset LABKEY_CREATE_INITIAL_USER LABKEY_CREATE_INITIAL_USER_APIKEY LABKEY_INITIAL_USER_APIKEY LABKEY_INITIAL_USER_EMAIL LABKEY_INITIAL_USER_GROUP LABKEY_INITIAL_USER_ROLE
-  unset LABKEY_EK SLEEP
-
   if [ "$JSON_OUTPUT" = "true" ] && [ "$LOG4J_CONFIG_FILE" = "log4j2.xml" ]; then
     echo "JSON_OUTPUT==true && LOG4J_CONFIG_FILE==log4j2.xml, so updating application.properties and log4j2.xml to output JSON to console"
     sed -i '/<!-- p=priority c=category d=datetime t=thread m=message n=newline -->/d' $LOG4J_CONFIG_FILE
@@ -243,16 +238,31 @@ main() {
   fi
 
   export DD_JAVA_AGENT=""
+  export DD_JMX=""
   if [ "$DD_COLLECT_APM" = "true" ]; then
     echo "DD_COLLECT_APM==true , so adding EC2 host's private IP to env vars as DD_AGENT_HOST"
     export TOKEN=$(curl --max-time 3 -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"); 
     export DD_AGENT_HOST=$(curl --max-time 3 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/local-ipv4);
 
-    echo "Adding -javaagent to java command"
+    echo "Adding -javaagent and jmx settings to java command"
     export DD_JAVA_AGENT="-javaagent:./datadog/dd-java-agent.jar -Ddd.profiling.enabled=true -Ddd.logs.injection=true -XX:FlightRecorderOptions=stackdepth=256"
 
+    export DD_JMX="-Dspring.jmx.enabled=true \
+        -Dcom.sun.management.jmxremote \
+        -Dcom.sun.management.jmxremote.authenticate=false \
+        -Dcom.sun.management.jmxremote.ssl=false \
+        -Dcom.sun.management.jmxremote.local.only=false \
+        -Dcom.sun.management.jmxremote.port=7199 \
+        -Dcom.sun.management.jmxremote.rmi.port=7199 \
+        -Djava.rmi.server.hostname=${JAVA_RMI_SERVER_HOSTNAME}" 
   fi
 
+  echo "Purging secrets and other bits from environment variables..."
+  unset POSTGRES_USER POSTGRES_PASSWORD POSTGRES_HOST POSTGRES_PORT POSTGRES_DB POSTGRES_PARAMETERS CSP_REPORT CSP_ENFORCE
+  unset SMTP_HOST SMTP_USER SMTP_PORT SMTP_PASSWORD SMTP_AUTH SMTP_FROM SMTP_STARTTLS
+  unset LABKEY_CREATE_INITIAL_USER LABKEY_CREATE_INITIAL_USER_APIKEY LABKEY_INITIAL_USER_APIKEY LABKEY_INITIAL_USER_EMAIL LABKEY_INITIAL_USER_GROUP LABKEY_INITIAL_USER_ROLE
+  unset LABKEY_EK SLEEP CONTAINER_PRIVATE_IP
+
   HEAP_DUMP_PATH="$LABKEY_HOME/files/heap_dumps_$(date +%Y%m%d_%H%M%S)"
   mkdir -pv $HEAP_DUMP_PATH
 
@@ -295,6 +305,8 @@ main() {
     \
     ${DD_JAVA_AGENT} \
     \
+    ${DD_JMX} \
+    \
     ${JAVA_PRE_JAR_EXTRA} \
     \
     -jar labkeyServer.jar \

quickstart_envs.sh

@@ -3,7 +3,7 @@
 # example minimal set of environment variables to get started - see readme for additional envs you may wish to set
 
 # embedded tomcat LabKey .jar version to build container with
-export LABKEY_VERSION="24.3.4"
+export LABKEY_VERSION="24.6"
 
 # minimal SMTP settings
 export SMTP_HOST="localhost"