From cd8b06b263a9d18ca820fb09860e51a6029e16eb Mon Sep 17 00:00:00 2001 From: chgl Date: Mon, 4 Jul 2022 19:44:20 +0200 Subject: [PATCH] Added OpenTelemetry Java Agent JAR to container image (#391) Closes #387 --- Dockerfile | 9 ++++++++- README.md | 25 +++++++++++++++++++++---- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3a8ea7a..4eba966 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,9 @@ FROM maven:3.8-openjdk-17-slim as build-hapi WORKDIR /tmp/hapi-fhir-jpaserver-starter +ARG OPENTELEMETRY_JAVA_AGENT_VERSION=1.15.0 +RUN curl -LSsO https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v${OPENTELEMETRY_JAVA_AGENT_VERSION}/opentelemetry-javaagent.jar + COPY pom.xml . COPY server.xml . RUN mvn -ntp dependency:go-offline @@ -29,15 +32,19 @@ USER 1001 COPY --chown=1001:1001 catalina.properties /opt/bitnami/tomcat/conf/catalina.properties COPY --chown=1001:1001 server.xml /opt/bitnami/tomcat/conf/server.xml COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/target/ROOT.war /opt/bitnami/tomcat/webapps_default/ROOT.war +COPY --from=build-hapi --chown=1001:1001 /tmp/hapi-fhir-jpaserver-starter/opentelemetry-javaagent.jar /app ENV ALLOW_EMPTY_PASSWORD=yes ########### distroless brings focus on security and runs on plain spring boot - this is the default image FROM gcr.io/distroless/java17:nonroot as default -COPY --chown=nonroot:nonroot --from=build-distroless /app /app # 65532 is the nonroot user's uid # used here instead of the name to allow Kubernetes to easily detect that the container # is running as a non-root (uid != 0) user. USER 65532:65532 WORKDIR /app + +COPY --chown=nonroot:nonroot --from=build-distroless /app /app +COPY --chown=nonroot:nonroot --from=build-hapi /tmp/hapi-fhir-jpaserver-starter/opentelemetry-javaagent.jar /app + CMD ["/app/main.war"] diff --git a/README.md b/README.md index 781429d..da7d46e 100644 --- a/README.md +++ b/README.md @@ -196,7 +196,7 @@ Also, make sure you are not setting the Hibernate dialect explicitly, in other w hibernate.dialect: {some none MySQL dialect} ``` -On some systems, it might be necessary to override hibernate's default naming strategy. The naming strategy must be set using spring.jpa.hibernate.physical_naming_strategy. +On some systems, it might be necessary to override hibernate's default naming strategy. The naming strategy must be set using spring.jpa.hibernate.physical_naming_strategy. ```yaml spring: @@ -239,8 +239,8 @@ spring: Because the integration tests within the project rely on the default H2 database configuration, it is important to either explicity skip the integration tests during the build process, i.e., `mvn install -DskipTests`, or delete the tests altogether. Failure to skip or delete the tests once you've configured PostgreSQL for the datasource.driver, datasource.url, and hibernate.dialect as outlined above will result in build errors and compilation failure. -NOTE: MS SQL Server by default uses a case-insensitive codepage. This will cause errors with some operations - such as when expanding case-sensitive valuesets (UCUM) as there are unique indexes defined on the terminology tables for codes. -It is recommended to deploy a case-sensitive database prior to running HAPI FHIR when using MS SQL Server to avoid these and potentially other issues. +NOTE: MS SQL Server by default uses a case-insensitive codepage. This will cause errors with some operations - such as when expanding case-sensitive valuesets (UCUM) as there are unique indexes defined on the terminology tables for codes. +It is recommended to deploy a case-sensitive database prior to running HAPI FHIR when using MS SQL Server to avoid these and potentially other issues. ## Customizing The Web Testpage UI @@ -390,7 +390,7 @@ Set `hapi.fhir.store_resource_in_lucene_index_enabled` in the [application.yaml] ## Changing cached search results time It is possible to change the cached search results time. The option `reuse_cached_search_results_millis` in the [application.yaml](https://github.com/hapifhir/hapi-fhir-jpaserver-starter/blob/master/src/main/resources/application.yaml) is 6000 miliseconds by default. -Set `reuse_cached_search_results_millis: -1` in the [application.yaml](https://github.com/hapifhir/hapi-fhir-jpaserver-starter/blob/master/src/main/resources/application.yaml) file to ignore the cache time every search. +Set `reuse_cached_search_results_millis: -1` in the [application.yaml](https://github.com/hapifhir/hapi-fhir-jpaserver-starter/blob/master/src/main/resources/application.yaml) file to ignore the cache time every search. ## Build the distroless variant of the image (for lower footprint and improved security) @@ -409,3 +409,20 @@ see the `-distroless` suffix in the image tags. To add a custom operation, refer to the documentation in the core hapi-fhir libraries [here](https://hapifhir.io/hapi-fhir/docs/server_plain/rest_operations_operations.html). Within `hapi-fhir-jpaserver-starter`, create a generic class (that does not extend or implement any classes or interfaces), add the `@Operation` as a method within the generic class, and then register the class as a provider using `RestfulServer.registerProvider()`. + +## Enable OpenTelemetry auto-instrumentation + +The container image includes the [OpenTelemetry Java auto-instrumentation](https://github.com/open-telemetry/opentelemetry-java-instrumentation) +Java agent JAR which can be used to export telemetry data for the HAPI FHIR JPA Server. You can enable it by specifying the `-javaagent` flag, +for example by overriding the `JAVA_TOOL_OPTIONS` environment variable: + +```sh +docker run --rm -it -p 8080:8080 \ + -e JAVA_TOOL_OPTIONS="-javaagent:/app/opentelemetry-javaagent.jar" \ + -e OTEL_TRACES_EXPORTER="jaeger" \ + -e OTEL_SERVICE_NAME="hapi-fhir-server" \ + -e OTEL_EXPORTER_JAEGER_ENDPOINT="http://jaeger:14250" \ + docker.io/hapiproject/hapi:latest +``` + +You can configure the agent using environment variables or Java system properties, see for details.