...
- Tag in github docker is: 2.5.X where X is an integer that increases for each build
- There is a listing of each version in the Grouper 2.5 release notes, with an indication on if it is stable or not
- Every container will have "yum update" done before the container is released. As needed tomcat will be updated
Jstack
If you want to know what is hung or what is currently using CPU, you need to run jstack. You need to be able to shell in to your container, and the OS needs to allow jstack (lwp).
Know what node to be on, if it is a daemon node, and you have multiple, look in the daemon logs on the UI, see the running job, and see which node to go to.
Shell into your terminal and be the same user as tomcat/tomee.
PS and get the process ID of tomee/tomcat
Code Block |
---|
ps -ef | grep catalina |
Run jstack:
Code Block |
---|
jstack 71 |
Misc
- If you use Kubernetes, use an ARG for the "ui" or "ws" and not a COMMAND
- All of your containers must have the correct time and consistent timezones
- HTTP Strict Transport Security (HSTS) is enabled on the Apache HTTP Server.
- morphStrings functionality in Grouper is supported. It is recommended that the various morphString files be associated with the containers as Docker Secrets. Set the configuration file properties to use `/run/secrets/secretname`.
- /run/secrets
If you have a secret available in /run/secrets/grouper_fileName.pass, it will be linked from /opt/grouper/grouperWebapp/WEB-INF/classes/fileName.pass (change fileName.pass name as needed)
If you have a secret available in /run/secrets/shib_fileName.pass, it will be linked from /etc/shibboleth/fileName.pass (change fileName.pass name as needed)
If you have a secret available in /run/secrets/httpd_fileName.pass, it will be linked from /etc/httpd/conf.d/fileName.pass (change fileName.pass name as needed)
- If you have a secret named /run/secrets/host-key.pem, it will be linked from /etc/pki/tls/private/host-key.pem
- Configure Grouper UI and WS authentication
Take a heap snapshot
Code Block [root@43c6b6e000b3 ~]# sudo -u tomcat /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/jmap -dump:file=/tmp/memory.dump <pid>
See the env vars of a process, get the pid fist with ps-ef, then, run as the user (in this case tomcat) and substitute the pid in
Code Block [root@73e1e62a5fa1 bin]# sudo -u tomcat cat /proc/45/environ | tr '\0' '\n'
...