From cd5cc0cb5ca38b155d6e58af87145771f358d5cd Mon Sep 17 00:00:00 2001 From: LI Qing Date: Wed, 22 Jul 2020 14:53:33 +0800 Subject: [PATCH] Update Java toolchains 1. Replace the OpenJDK with an unmodified OpenJDK from Alpine Linux 2. Add Alibaba Dragonwell as the default JDK for the Java demos --- demos/java/README.md | 4 +- demos/java/download_and_build_web_app.sh | 2 +- demos/java/run_java_on_occlum.sh | 28 ++++++------- tools/docker/Dockerfile.centos7.5 | 13 ++++++- tools/docker/Dockerfile.ubuntu18.04 | 15 ++++++- ...openjdk11-Xhook-SYS_getcpu-vdso-call.patch | 39 ------------------- .../{install.sh => install_dragonwell.sh} | 21 +++++----- 7 files changed, 55 insertions(+), 67 deletions(-) delete mode 100644 tools/toolchains/java/0001-openjdk11-Xhook-SYS_getcpu-vdso-call.patch rename tools/toolchains/java/{install.sh => install_dragonwell.sh} (57%) diff --git a/demos/java/README.md b/demos/java/README.md index a5bf4d1e..62387d60 100644 --- a/demos/java/README.md +++ b/demos/java/README.md @@ -4,7 +4,9 @@ This project demonstrates how Occlum enables _unmodified_ Java programs running # About JDK -JDK 11 is supported currently. The source code of JDK 11 can be found [here](https://hg.openjdk.java.net/portola/jdk11). In order for it to cooperate with Occlum, a [minor modification](../../tools/toolchains/java/) has been made to it. The modified JDK is compiled in Alpine Linux with `bash configure && make images` commands. We have installed it at `/opt/occlum/toolchains/jvm/java-11-openjdk/jre` while making the Docker image. +Both the unmodified [OpenJDK 11](https://hg.openjdk.java.net/portola/jdk11), which is imported from Alpine Linux, and the [Alibaba Dragonwell](https://github.com/alibaba/dragonwell11/tree/dragonwell-for-enclave), which is a downstream version of OpenJDK, are supported now. We have already installed OpenJDK and Dragonwell while building the Docker image, the OpenJDK is installed at `/opt/occlum/toolchains/jvm/java-11-openjdk`, and the Dragonwell is installed at `/opt/occlum/toolchains/jvm/java-11-alibaba-dragonwell`. + +Our demos use Dragonwell as the default JDK, you are free to change to OpenJDK by setting the `JAVA_HOME` to point to the installation directory of OpenJDK and copying it into Occlum instance. ## Demo: Hello World diff --git a/demos/java/download_and_build_web_app.sh b/demos/java/download_and_build_web_app.sh index 8cbf9225..fd2ebff9 100755 --- a/demos/java/download_and_build_web_app.sh +++ b/demos/java/download_and_build_web_app.sh @@ -10,5 +10,5 @@ git checkout -b 2.1.6.RELEASE tags/2.1.6.RELEASE # 2. Build the Fat JAR file with Maven cd complete export LD_LIBRARY_PATH=/opt/occlum/toolchains/gcc/x86_64-linux-musl/lib -export JAVA_HOME=/opt/occlum/toolchains/jvm/java-11-openjdk/jre +export JAVA_HOME=/opt/occlum/toolchains/jvm/java-11-alibaba-dragonwell ./mvnw clean package diff --git a/demos/java/run_java_on_occlum.sh b/demos/java/run_java_on_occlum.sh index 7acc411b..6a04ac56 100755 --- a/demos/java/run_java_on_occlum.sh +++ b/demos/java/run_java_on_occlum.sh @@ -19,8 +19,8 @@ check_file_exist() { fi } -init_workspace() { - # Init Occlum Workspace +init_instance() { + # Init Occlum instance rm -rf occlum_instance && mkdir occlum_instance cd occlum_instance occlum init @@ -29,15 +29,15 @@ init_workspace() { .resource_limits.max_num_of_threads = 64 | .process.default_heap_size = "256MB" | .process.default_mmap_size = "1120MB" | - .entry_points = [ "/usr/lib/jvm/java-11-openjdk/jre/bin" ] | - .env.default = [ "LD_LIBRARY_PATH=/usr/lib/jvm/java-11-openjdk/jre/lib/server:/usr/lib/jvm/java-11-openjdk/jre/lib:/usr/lib/jvm/java-11-openjdk/jre/../lib" ]' Occlum.json)" && \ + .entry_points = [ "/usr/lib/jvm/java-11-alibaba-dragonwell/jre/bin" ] | + .env.default = [ "LD_LIBRARY_PATH=/usr/lib/jvm/java-11-alibaba-dragonwell/jre/lib/server:/usr/lib/jvm/java-11-alibaba-dragonwell/jre/lib:/usr/lib/jvm/java-11-alibaba-dragonwell/jre/../lib" ]' Occlum.json)" && \ echo "${new_json}" > Occlum.json } build_web() { - # Copy JVM and JAR file into Occlum Workspace and build - mkdir -p image/usr/lib - cp -r /opt/occlum/toolchains/jvm image/usr/lib/ + # Copy JVM and JAR file into Occlum instance and build + mkdir -p image/usr/lib/jvm + cp -r /opt/occlum/toolchains/jvm/java-11-alibaba-dragonwell image/usr/lib/jvm cp /usr/local/occlum/x86_64-linux-musl/lib/libz.so.1 image/lib mkdir -p image/usr/lib/spring cp ../${jar_path} image/usr/lib/spring/ @@ -48,16 +48,16 @@ run_web() { jar_path=./gs-messaging-stomp-websocket/complete/target/gs-messaging-stomp-websocket-0.1.0.jar check_file_exist ${jar_path} jar_file=`basename "${jar_path}"` - init_workspace + init_instance build_web echo -e "${BLUE}occlum run JVM web app${NC}" - occlum run /usr/lib/jvm/java-11-openjdk/jre/bin/java -Xmx512m -XX:MaxMetaspaceSize=64m -Dos.name=Linux -jar /usr/lib/spring/${jar_file} + occlum run /usr/lib/jvm/java-11-alibaba-dragonwell/jre/bin/java -Xmx512m -XX:MaxMetaspaceSize=64m -Dos.name=Linux -jar /usr/lib/spring/${jar_file} } build_hello() { - # Copy JVM and class file into Occlum Workspace and build - mkdir -p image/usr/lib - cp -r /opt/occlum/toolchains/jvm image/usr/lib/ + # Copy JVM and class file into Occlum instance and build + mkdir -p image/usr/lib/jvm + cp -r /opt/occlum/toolchains/jvm/java-11-alibaba-dragonwell image/usr/lib/jvm cp /usr/local/occlum/x86_64-linux-musl/lib/libz.so.1 image/lib cp ../${hello} image occlum build @@ -66,10 +66,10 @@ build_hello() { run_hello() { hello=./hello_world/Main.class check_file_exist ${hello} - init_workspace + init_instance build_hello echo -e "${BLUE}occlum run JVM hello${NC}" - occlum run /usr/lib/jvm/java-11-openjdk/jre/bin/java -Xmx512m -XX:MaxMetaspaceSize=64m -Dos.name=Linux Main + occlum run /usr/lib/jvm/java-11-alibaba-dragonwell/jre/bin/java -Xmx512m -XX:MaxMetaspaceSize=64m -Dos.name=Linux Main } arg=$1 diff --git a/tools/docker/Dockerfile.centos7.5 b/tools/docker/Dockerfile.centos7.5 index ff56b9ba..cb36469b 100644 --- a/tools/docker/Dockerfile.centos7.5 +++ b/tools/docker/Dockerfile.centos7.5 @@ -1,3 +1,10 @@ +FROM alpine:3.11 AS alpine + +LABEL maintainer="Qing Li " + +RUN apk update && \ + apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community + FROM centos:7.5.1804 LABEL maintainer="He Sun " @@ -108,9 +115,13 @@ ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH" ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/intel/sgxsdk/sdk_libs" # Install Occlum Java toolchain (JDK 11) +ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk +COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH +RUN rm $JDK11_PATH/lib/security/cacerts +COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts COPY toolchains/java /tmp/java WORKDIR /tmp -RUN cd java && ./install.sh && rm -rf /tmp/java +RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH" # Install the latest version of Occlum diff --git a/tools/docker/Dockerfile.ubuntu18.04 b/tools/docker/Dockerfile.ubuntu18.04 index d32d35e4..028946bd 100644 --- a/tools/docker/Dockerfile.ubuntu18.04 +++ b/tools/docker/Dockerfile.ubuntu18.04 @@ -1,6 +1,13 @@ +FROM alpine:3.11 AS alpine + +LABEL maintainer="Qing Li " + +RUN apk update && \ + apk --no-cache add openjdk11 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community + FROM ubuntu:18.04 -LABEL maintainer="Qing Li " +LABEL maintainer="Qing Li " RUN apt-get update && DEBIAN_FRONTEND="noninteractive" apt-get install -y --no-install-recommends \ alien \ @@ -95,9 +102,13 @@ ENV PATH="/opt/occlum/toolchains/rust/bin:$PATH" ENV LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/opt/intel/sgxsdk/sdk_libs" # Install Occlum Java toolchain (JDK 11) +ARG JDK11_PATH=/opt/occlum/toolchains/jvm/java-11-openjdk +COPY --from=alpine /usr/lib/jvm/java-11-openjdk $JDK11_PATH +RUN rm $JDK11_PATH/lib/security/cacerts +COPY --from=alpine /etc/ssl/certs/java/cacerts $JDK11_PATH/lib/security/cacerts COPY toolchains/java /tmp/java WORKDIR /tmp -RUN cd java && ./install.sh && rm -rf /tmp/java +RUN cd java && ./install_dragonwell.sh && rm -rf /tmp/java ENV PATH="/opt/occlum/toolchains/jvm/bin:$PATH" # Install the latest version of Occlum diff --git a/tools/toolchains/java/0001-openjdk11-Xhook-SYS_getcpu-vdso-call.patch b/tools/toolchains/java/0001-openjdk11-Xhook-SYS_getcpu-vdso-call.patch deleted file mode 100644 index 5404a508..00000000 --- a/tools/toolchains/java/0001-openjdk11-Xhook-SYS_getcpu-vdso-call.patch +++ /dev/null @@ -1,39 +0,0 @@ -From f195a65829b168efddad9cbe41b6154c4483005f Mon Sep 17 00:00:00 2001 -From: "jeffery.wsj" -Date: Fri, 10 Jul 2020 08:31:42 +0000 -Subject: [PATCH] Xhook SYS_getcpu vdso call - ---- - src/hotspot/os/linux/os_linux.cpp | 16 +++++++++------- - 1 file changed, 9 insertions(+), 7 deletions(-) - -diff --git a/src/hotspot/os/linux/os_linux.cpp b/src/hotspot/os/linux/os_linux.cpp -index dbf18b7b5f..59a2ef3ab6 100644 ---- a/src/hotspot/os/linux/os_linux.cpp -+++ b/src/hotspot/os/linux/os_linux.cpp -@@ -2876,13 +2876,15 @@ int os::Linux::sched_getcpu_syscall(void) { - #elif defined(AMD64) - // Unfortunately we have to bring all these macros here from vsyscall.h - // to be able to compile on old linuxes. -- #define __NR_vgetcpu 2 -- #define VSYSCALL_START (-10UL << 20) -- #define VSYSCALL_SIZE 1024 -- #define VSYSCALL_ADDR(vsyscall_nr) (VSYSCALL_START+VSYSCALL_SIZE*(vsyscall_nr)) -- typedef long (*vgetcpu_t)(unsigned int *cpu, unsigned int *node, unsigned long *tcache); -- vgetcpu_t vgetcpu = (vgetcpu_t)VSYSCALL_ADDR(__NR_vgetcpu); -- retval = vgetcpu(&cpu, NULL, NULL); -+// #define __NR_vgetcpu 2 -+// #define VSYSCALL_START (-10UL << 20) -+// #define VSYSCALL_SIZE 1024 -+// #define VSYSCALL_ADDR(vsyscall_nr) (VSYSCALL_START+VSYSCALL_SIZE*(vsyscall_nr)) -+// typedef long (*vgetcpu_t)(unsigned int *cpu, unsigned int *node, unsigned long *tcache); -+// vgetcpu_t vgetcpu = (vgetcpu_t)VSYSCALL_ADDR(__NR_vgetcpu); -+// retval = vgetcpu(&cpu, NULL, NULL); -+ cpu = get_nprocs(); -+ retval = 0; - #endif - - return (retval == -1) ? retval : cpu; --- -2.17.1 - diff --git a/tools/toolchains/java/install.sh b/tools/toolchains/java/install_dragonwell.sh similarity index 57% rename from tools/toolchains/java/install.sh rename to tools/toolchains/java/install_dragonwell.sh index 1b71cb0c..a801a35e 100755 --- a/tools/toolchains/java/install.sh +++ b/tools/toolchains/java/install_dragonwell.sh @@ -2,24 +2,25 @@ THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" DOWNLOAD_DIR=/tmp/occlum_java_toolchain INSTALL_DIR=/opt/occlum/toolchains/jvm +JDK=java-11-alibaba-dragonwell # Exit if any command fails set -e # Clean previous download and installation if any rm -rf ${DOWNLOAD_DIR} -rm -rf ${INSTALL_DIR} +rm -rf ${INSTALL_DIR}/${JDK} # Create the download directory mkdir -p ${DOWNLOAD_DIR} cd ${DOWNLOAD_DIR} -# Download and install JDK 11 -JDK=openjdk-11-for-occlum-0.14.0 -wget https://github.com/occlum/occlum/releases/download/0.14.0/${JDK}.tar.gz -tar -xf ${JDK}.tar.gz -mkdir -p ${INSTALL_DIR}/java-11-openjdk -mv ${DOWNLOAD_DIR}/${JDK} ${INSTALL_DIR}/java-11-openjdk/jre +# Download and install Dragonwell JDK +wget https://dragonwell.oss-cn-shanghai.aliyuncs.com/11/11.0.8.3_GA/linux/x64/Alibaba_Dragonwell_11.0.8.3-Enclave-Experimental-WithoutDebugInfo_x64.zip +unzip Alibaba_Dragonwell_11.0.8.3-Enclave-Experimental-WithoutDebugInfo_x64.zip +mkdir -p ${INSTALL_DIR} +mv ${DOWNLOAD_DIR}/jdk ${INSTALL_DIR}/${JDK} +ln -sf . ${INSTALL_DIR}/${JDK}/jre # Clean the download directory rm -rf ${DOWNLOAD_DIR} @@ -28,12 +29,14 @@ rm -rf ${DOWNLOAD_DIR} mkdir -p ${INSTALL_DIR}/bin cat > ${INSTALL_DIR}/bin/occlum-java < ${INSTALL_DIR}/bin/occlum-javac <