PASOE Docker Image with hotfix 11.7.5.011

Posted by chris_riddell on 03-Dec-2019 15:30

Hi all,

I've just started to work on creating Docker images of our PASOE based, web applications. I actually was able to get the applications working, using the 11.7.5 base, PASOE image provided by Progress. However, once the application was up and running I started to hit problems with a bug we were aware of, and which Progress fixed in the 11.7.5.011 hotfix. I opened a tech support case to request an official image that includes the hotfix, and find out what the support policy is, and was basically told that the official policy is I should do it myself (https://knowledgebase.progress.com/articles/Article/Docker-images-do-not-include-hotfixes).

The only instructions available for applying hotfixes aren't exactly related to the base image's DLC, as many files that are not required by PASOE have been removed. In order to get a version working, I just untar the entire hotfix over the DLC in the image, chown everything to pscadmin:pscadmin and move on. While this is working, it results in a 4GB image (compared to the base image which is less than 1GB) and causes a few minor issues that I've had to work around.

Does anyone have any actual advice on how I can scale down my 11.7.5.011 image? I made a few other attempts that resulted in broken Docker builds, or broken applications, so have given up for now so I can move on with testing our applications. I've attached the Dockerfile I'm using to apply the hotfix now, and am willing to share whatever improvements I end up with; if Progress isn't interested in doing that, then hopefully we can help each other!

Thanks.

Posted by egarcia on 10-Dec-2019 23:18

You should be able to copy the fluent-bit files from the original image.

Here are the instructions to add to the Dockerfile.

FROM centos:7

COPY --from=builder /etc/fluent-bit /etc/fluent-bit

COPY --from=builder /usr/local/bin/fluent-bit /usr/local/bin

RUN groupadd pscadmin && useradd -g pscadmin pscadmin

I hope this helps.

Posted by egarcia on 03-Dec-2019 17:24

Hello Chris,

Here is a possible approach.

You can use the builder pattern to limit the layers created for the image. This would result on a container image of about 2.17GB.

FROM store/progresssoftware/pasoe:11.7.5 AS builder

ENV DLC /psc/dlc
WORKDIR /psc/wrk

USER root

ADD PROGRESS_OPENEDGE_11.7.5.011_LNX_X86_64.tar.gz ${DLC}

FROM centos:7

RUN groupadd pscadmin && useradd -g pscadmin pscadmin
USER pscadmin
COPY --from=builder --chown=pscadmin:pscadmin /psc /psc

RUN find /psc/dlc/bin -executable -exec chmod 'g+s' '{}' \;

The size is still large because the hotfix includes executables and files that are not part of PASOE.

In my opinion, I would have started by copying the files that are already used in the image.

You could potentially do some few diffs and try/error to remove extra files. For example, any file that you know that is not used by PASOE or at runtime could potentially be removed.

I hope this helps.

All Replies

Posted by chris_riddell on 03-Dec-2019 15:32

Sorry, the Dockerfile failed to upload. Here are the contents of it:

FROM store/progresssoftware/pasoe:11.7.5

ENV DLC /psc/dlc
WORKDIR /psc/wrk

USER root

ADD PROGRESS_OPENEDGE_11.7.5.011_LNX_X86_64.tar.gz ${DLC}

RUN chown -R pscadmin:pscadmin ${DLC}

Posted by egarcia on 03-Dec-2019 17:24

Hello Chris,

Here is a possible approach.

You can use the builder pattern to limit the layers created for the image. This would result on a container image of about 2.17GB.

FROM store/progresssoftware/pasoe:11.7.5 AS builder

ENV DLC /psc/dlc
WORKDIR /psc/wrk

USER root

ADD PROGRESS_OPENEDGE_11.7.5.011_LNX_X86_64.tar.gz ${DLC}

FROM centos:7

RUN groupadd pscadmin && useradd -g pscadmin pscadmin
USER pscadmin
COPY --from=builder --chown=pscadmin:pscadmin /psc /psc

RUN find /psc/dlc/bin -executable -exec chmod 'g+s' '{}' \;

The size is still large because the hotfix includes executables and files that are not part of PASOE.

In my opinion, I would have started by copying the files that are already used in the image.

You could potentially do some few diffs and try/error to remove extra files. For example, any file that you know that is not used by PASOE or at runtime could potentially be removed.

I hope this helps.

Posted by egarcia on 03-Dec-2019 17:48

One more thing... Are you using the FluentBit support? If so then you would need to add it to the image.

Posted by chris_riddell on 03-Dec-2019 18:05

Thanks Edsel! That definitely helped. All my images are significantly smaller than they were, the applications are working and this resolved some of the minor issues I said I had workarounds for.

I had also considered doing some diffs to try to remove extra files, but had put any more work on it on hold while I was waiting on information from tech support. My only concern with diffs was that if a hotfix ever included a brand new file, that I would miss adding it to my image. Is that possible?

At the moment, we are not using the FluentBit support but it's something I plan on exploring in the near future. Now that you've pointed me in a better direction, I'll keep working on this.

My primary concern is that any build process I create could end up being incorrect, and I don't really have a way of ensuring my hotfixed image is 100% correct. Personally, I would like to see Progress provide these, or official Dockerfiles to build them (maybe), or at the very least an improved/updated set of instructions (you just gave me a good start).

Posted by egarcia on 03-Dec-2019 18:37

You are welcome, Chris. I am glad to help.

> My only concern with diffs was that if a hotfix ever included a brand new file, that I would miss adding it to my image. Is that possible?

I think that there is a possibility.

> My primary concern is that any build process I create could end up being incorrect, and I don't really have a way of ensuring my

> hotfixed image is 100% correct. Personally, I would like to see Progress provide these, or official Dockerfiles to build them (maybe), or

> at the very least an improved/updated set of instructions (you just gave me a good start).

I like your suggestions. Perhaps, you should submit them as an idea.

Are you running this new image in your development environment or production?

Thanks.

Posted by chris_riddell on 03-Dec-2019 18:57

We are only running our new images in development at this point. We've only been playing with Docker for a little while, trying to improve internal deployments. I imagine by the time we're prepared to go into production, we'll have moved on from 11.7.5 (hopefully to 12.2 at least!).

I will submit an idea for official support of hotfix versions. In the meantime, I will try to find time to work on file diffs and hopefully that's the right approach for now.

Posted by chris_riddell on 09-Dec-2019 21:24

Do you have any further advice for adding the fluent-bit support? Now that the applications are working, I'd like to start figuring out how to consolidate logs effectively. I actually have 3 webapps that work together (2 pasoe, and 1 just tomcat and not OE), so consolidating the logs will be needed for real support. I've been starting to play around with the EFK logging from the base 11.7.5 image, but it would be a lot more useful if I could add it to my hotfixed version.

Thanks!

Posted by egarcia on 10-Dec-2019 23:18

You should be able to copy the fluent-bit files from the original image.

Here are the instructions to add to the Dockerfile.

FROM centos:7

COPY --from=builder /etc/fluent-bit /etc/fluent-bit

COPY --from=builder /usr/local/bin/fluent-bit /usr/local/bin

RUN groupadd pscadmin && useradd -g pscadmin pscadmin

I hope this helps.

Posted by chris_riddell on 11-Dec-2019 02:55

Yes! That worked great. Thanks for your help Edsel.

Honestly, I think you guys did a great job with this. Actually getting the EFK stack up and running, and consolidating logs from multiple PASOE containers, was pretty straightforward. We're getting excited about this!

Posted by Ravi Sankar on 11-Dec-2019 13:05

Thanks for the feedback. In 12.1 we enhanced the EFK support to stream all logs to standard console as json. For more information see docs.progress.com/.../How-to-Enable-Unified-Logging.html and subsequent sections under it. Please have a look and provide your feedback/thoughts.

This thread is closed