s2i-liberty

[raffaelespazzoli]

No description provided.

[etsauer]

Is this using a red hat based base or debian?

[raffaelespazzoli]

the builder image can be any. The runtime image is created by IBM based on debian. I changed the user to our standard 1001. I think we want to keep the IBM's provided image as our base image because it increases the chances for our customers that IBM will support it.

[etsauer]

Overall this looks really nice. Just recommending a few changes to the Documentation.

@sabre1041 please review as well.

[etsauer]

Let's change "OpenShift Enterprise" to "OpenShift Container Platform" as that's the official name as of 3.3

[etsauer]

Again, "OpenShift Container Platform"

[etsauer]

switch "play-demo" for "liberty-demo"

[etsauer]

let's change the git repo name to https://github.com/redhat-cop/containers-quickstarts

[etsauer]

So this heading to me implies "Hey let's build an app from source using our liberty base image", which in actuality, this is the step to docker build the base image in OpenShift. I think we should change this heading to "Building the S2I Base Image", and then have a separate "Build from Git" heading that shows the oc new-app command pointing to an application git repo, in addition to the "Binary Build" steps below.

[raffaelespazzoli]

I didn't get this comment. can we talk about it? I applied the other feedback

[etsauer]

We can disregard this comment

[sabre1041]

Reviewed README only. Added some comments to the README. Also recommend changing the name of the file to the capitalize README to conform with conventions.

Looks good otherwise. Only suggestion is a validation step to demonstrate the application was successfully deployed (hit a web page etc)

[sabre1041]

This should reference the OCP docs instead of origin

https://docs.openshift.com/container-platform/3.3/dev_guide/builds.html#extended-builds

[sabre1041]

Can we provide this modifications as a patch command that users can easily apply?

[sabre1041]

Capitalize JEE

[sabre1041]

Change to hello-world assuming that is the correct label

[sabre1041]

Change to hello-world

[sabre1041]

Sentence needs to be cleaned up. "When liberty is deployed in a cloud environment, there are certain limitations that apply as explained in this document"

[etsauer]

@raffaelespazzoli this looks much better. However, after I run the oc new-app to create the deployment, the pod gets stuck in a CrashLoop with the following error:

[esauer@localhost containers-quickstarts]$ oc get pods
NAME                            READY     STATUS             RESTARTS   AGE
hello-world-1-build             0/1       Completed          0          14h
hello-world-1-mih0g             0/1       CrashLoopBackOff   2          14h
hello-world-artifacts-1-build   0/1       Completed          0          14h
s2i-liberty-1-build             0/1       Completed          0          14h
[esauer@localhost containers-quickstarts]$ oc logs -f hello-world-1-mih0g
JVMSHRC155E Error copying username into cache name
JVMSHRC686I Failed to startup shared class cache. Continue without using it as -Xshareclasses:nonfatal is specified
CWWKE0005E: The runtime environment could not be launched.
CWWKE0044E: There is no write permission for server directory /opt/ibm/wlp/output/defaultServer

[raffaelespazzoli]

@etsauer I tried to reproduce the error, but it works fine with me. Which approach are you trying? Also can you make sure you start from a clean project?

[sabre1041]

@raffaelespazzoli The issue is most likely caused by the relaxed permissions of the Red Hat CDK. By default, all containers are run with the anyuid scc. When I ran through the steps in the PR using the baseline CDK configuration, I was able to launch the container successfully (as it was running with the anyuid scc). When I removed that privilege, with the following command, I hit the same error as @etsauer

oc adm policy remove-scc-from-group anyuid system:authenticated

[etsauer]

@sabre1041 what would cause that? the dockerfile uses USER 1001 which should get a proper uuid right?

[sabre1041]

@etsauer no. by default in non-CDK installations, a user is randomly assigned from a range and the UID in the dockerfile is ignored as governed by the restricted scc. In the CDK, all authenticated users are given access to the anyuid scc.

[raffaelespazzoli]

I added some instructions to the docker file which should fix the issue.
The image still works for me but I don't have an easily accessible OCP (I'm working on it).
@etsauer do you mind retesting it?

[sabre1041]

@raffaelespazzoli validated latest updates allow container to start up successfully.

README needs to add instructions on how to view the sample application. This requires the service to be exposed and in particular, the correct port (default is 7777, but application is available on 9080). In addition, application is available at /hello-world-war-1.0.0 instead of /

[raffaelespazzoli]

@sabre1041 thanks, I addressed the port issue and added instructions on how to verify the application.
I didn't change the context root of the application as that would require a change in the application code which I don't own.

[sabre1041]

@raffaelespazzoli this looks great. Would you be able to squash all of the commits? Then we should be good to merge

[sabre1041]

@etsauer you will need to approve changes before we will eventually be able to merge