{"id":2412,"date":"2022-10-18T18:46:39","date_gmt":"2022-10-18T18:46:39","guid":{"rendered":"https:\/\/brakkee.org\/site\/?p=2412"},"modified":"2022-10-30T22:21:56","modified_gmt":"2022-10-30T22:21:56","slug":"migrating-an-old-and-rusty-application-server-to-k8s","status":"publish","type":"post","link":"https:\/\/brakkee.org\/site\/2022\/10\/18\/migrating-an-old-and-rusty-application-server-to-k8s\/","title":{"rendered":"Migrating an old and (t)rusty application server to k8s"},"content":{"rendered":"

As part of my project to move everything from VMs to kubernetes and to get rid of some really old VMs (talking OpenSuSE 11 from 2010 here), it is now time to migrate my old java applications to kubernetes. These apps are basic web apps but I am using some advanced stuff such as my own flexible JDBC realm<\/a> database integration with Java EE and also using some tricky CDI<\/a> things. The applications are stable and I even use one of them on almost a daily basis. However, I don’t want to spend time porting these apps over to a different environment. This is why a want to migrate this old (ancient) Glassfish V4 application server as is to Kubernetes.<\/p>\n

The aim is to basically freeze this setup in time. I do not plan to work on these applications but I still use them. Instead of updating them at a later point in time, I would probably rewrite them from scratch and perhaps even in python instead of java using for instance django. Therefore, the aim is to freeze this setup in time as it were so I can keep on using it. No need to spend more time on it now. So this is going to get a little bit dirty.<\/p>\n

<\/p>\n

Still here? So let’s start. As part of my previous setup, I already created my own RPM for Glassfish V4 that has a single domain and an empty password as a basis. The first step therefore, it to deploy it into a container. This starts of course with a Dockerfile<\/em>:<\/p>\n

FROM mydockerrepo.example.com\/java8:1.8.0_152\r\n\r\nCOPY wamblee.repo \/etc\/yum.repos.d\r\n\r\nRUN yum makecache\r\nRUN yum install wamblee-glassfish appserv expect -y \r\nCOPY entrypoint gf-changepassword gf-login \/usr\/java\/\r\nENV PATH=\"\/usr\/java\/glassfish\/bin:${PATH}\"\r\n\r\n# java user\r\nRUN mkdir \/home\/java\r\nRUN chown java:java \/home\/java\r\n\r\nENTRYPOINT \/usr\/java\/entrypoint\r\nUSER java\r\n<\/pre>\n
The Dockerfile<\/em> starts with extending a rocky linux 9 image that has an old java 8 version. I built this image previously and it is available in my own nexus repository (image name above was redacted). Using the most recent java 8 version resulted in several certificate errors when running it most likely because of more strict security configuration in the latest jdk.<\/p>\n
Then the next steps are installing my glassfish<\/em> RPM that I built years ago, together with an appserv<\/em> package, which contains some useful scripts that I developed myself also years ago to more easily deploy applications on glassfish. The availability of these RPMs simplified the setup considerably and I am glad I built those all these years ago. The expect package is also installed since that is used by the initialization scripts.<\/p>\n
Finally, the environment and entrypoint are setup. The entrypoint is a script that initializes the glassfish password when the container is starting up for the first time. The glassfish RPM contains a single domain named domain1<\/em>, but renamed to domain1.empty<\/em>. Then when the container starts up, it can determine whether glassfish has initialized by checking for the existence of a subdirectory in the domain1<\/em> directory. If it does not exist, then the container performs the one-time initialization.<\/p>\n
The entrypoint<\/em> script is as follows:<\/p>\n
#!\/bin\/bash\r\n\r\nif [[ -z \"$PASSWORD\" ]]\r\nthen\r\n  echo \"PASSWORD environment variable is not set, aborting\" 1>&2\r\n  exit 1\r\nfi\r\n\r\nif [[ -d \"\/usr\/java\/glassfish\/glassfish\/domains\/domain1\/config\" ]]\r\nthen\r\n  echo \"Previous installation exists, keeping domain1\"\r\n  rm -rf \/usr\/java\/glassfish\/glassfish\/domains\/domain1.empty\r\nelse\r\n  echo \"Setting up domain1\"\r\n  mkdir -p \/usr\/java\/glassfish\/glassfish\/domains\/domain1\/\r\n  rsync -av --delete \/usr\/java\/glassfish\/glassfish\/domains\/domain1.empty\/ \/usr\/java\/glassfish\/glassfish\/domains\/domain1\/\r\n  rm -rf \/usr\/java\/glassfish\/glassfish\/domains\/domain1.empty\/\r\n  echo \"Changing password\"\r\n  \/usr\/java\/gf-changepassword \"\" \"$PASSWORD\"\r\n  asadmin start-domain \r\n  \/usr\/java\/gf-login \"$PASSWORD\"\r\n  echo \"Enable secure admin\"\r\n  asadmin enable-secure-admin\r\n  echo \"Stopping\"\r\n  asadmin stop-domain\r\nfi\r\n\r\necho \"Starting glassfish\"\r\nasadmin start-domain\r\n<\/pre>\n
The gf-changepassword<\/em> script modifies the password from empty to the password given in the PASSWORD environment variable. This is an expect<\/a> script based on the output of autoexpect<\/em> asadmin change-admin-password<\/em>:<\/p>\n
#!\/usr\/bin\/expect -f\r\n\r\nset old [lindex $argv 0]\r\nset new [lindex $argv 1]\r\n\r\nset force_conservative 0  ;# set to 1 to force conservative mode even if\r\n                          ;# script wasn't run conservatively originally\r\nif {$force_conservative} {\r\n        set send_slow {1 .1}\r\n        proc send {ignore arg} {\r\n                sleep .1\r\n                exp_send -s -- $arg\r\n        }\r\n}\r\n\r\n\r\nset timeout -1\r\nspawn asadmin change-admin-password\r\nmatch_max 100000\r\nexpect -exact \"Enter admin user name \\[default: admin\\]>\"\r\nsend -- \"\\r\"\r\nexpect -exact \"\\r\r\nEnter the admin password> \"\r\nsend -- \"$old\\r\"\r\nexpect -exact \"\\r\r\nEnter the new admin password> \"\r\nsend -- \"$new\\r\"\r\nexpect -exact \"\\r\r\nEnter the new admin password again> \"\r\nsend -- \"$new\\r\"\r\nexpect eof\r\n<\/pre>\n
The gf-login<\/em> script similarly is based on the output of autoexpect asadmin login<\/em> to allow subsequent commands to be run without having to login. Since the results of this are persisted in the domain1<\/em> subdirectory this allows asadmin start-domain<\/em> to be used without entering the password. The gf-login<\/em> script is as follows:<\/p>\n
#!\/usr\/bin\/expect -f\r\n\r\nset new [lindex $argv 0]\r\n\r\nset force_conservative 0  ;# set to 1 to force conservative mode even if\r\n                          ;# script wasn't run conservatively originally\r\nif {$force_conservative} {\r\n        set send_slow {1 .1}\r\n        proc send {ignore arg} {\r\n                sleep .1\r\n                exp_send -s -- $arg\r\n        }\r\n}\r\n\r\nset timeout -1\r\nspawn asadmin login\r\nmatch_max 100000\r\nexpect -exact \"Enter admin user name \\[Enter to accept default\\]> \"\r\nsend -- \"\\r\"\r\nexpect -exact \"\\r\r\nEnter admin password> \"\r\nsend -- \"$new\\r\"\r\nexpect eof\r\n<\/pre>\n
This setup assumes that subsequent changes to the password are done using asadmin change-admin-password and asadmin login from inside the container and not from the glassfish UI. If you change the admin password through the UI then glassfish will no longer startup since the login does not match anymore.<\/p>\n
Finally, we are ready to deploy glassfish as a StatefulSet<\/em>:<\/p>\n
apiVersion: apps\/v1\r\nkind: StatefulSet\r\nmetadata:\r\n  name: glassfish\r\n  namespace: wamblee-org\r\nspec:\r\n  serviceName: glassfish\r\n  replicas: 1\r\n  selector:\r\n    matchLabels:\r\n      app: glassfish-server\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: glassfish-server\r\n    spec:\r\n      containers:\r\n        - name: glassfish\r\n          image: cat.wamblee.org\/glassfish:4-1\r\n          imagePullPolicy: Always\r\n          ports:\r\n            - containerPort: 4848\r\n            - containerPort: 8080\r\n          env:\r\n            - name: PASSWORD                                            # A\r\n              valueFrom:\r\n                secretKeyRef:\r\n                  name: glassfish-admin-password\r\n                  key: password\r\n          volumeMounts:\r\n            - name: glassfish-domain1                                   # B\r\n              mountPath: \/usr\/java\/glassfish\/glassfish\/domains\/domain1\r\n            - name: glassfish-wiki                                      # C\r\n              mountPath: \/usr\/java\/wiki\r\n  volumeClaimTemplates:\r\n    - metadata:\r\n        name: glassfish-domain1\r\n      spec:\r\n        volumeName: glassfish-domain1\r\n        accessModes:\r\n          - ReadWriteOnce\r\n        resources:\r\n          requests:\r\n            storage: 10Gi\r\n    - metadata:\r\n        name: glassfish-wiki\r\n      spec:\r\n        volumeName: glassfish-wiki\r\n        accessModes:\r\n          - ReadWriteOnce\r\n        resources:\r\n          requests:\r\n            storage: 10Gi\r\n<\/pre>\n