In the “Mendix Cloud” we are hosting thousands of Mendix Apps. All these Apps are running on top of the Oracle Java Runtime Environment (JRE) in Debian Linux environments. We use java-package to package the Oracle JRE to be able to easily redistribute it to all our servers.
After packaging and putting the Debian package in our local apt repository the Oracle JRE can be easily installed via apt-get.
# apt-get install oracle-java8-jre
When there is an update available of the Oracle JRE, we again package the new version and put it in our local apt repository. The update will now be available to all our Debian Linux environments.
# apt-get -V upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
oracle-java8-jre (8u40 => 8u45)
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 39.4 MB of archives.
After this operation, 26.6 kB of additional disk space will be used.
Do you want to continue [Y/n]?
But wait… it doesn’t warn you about it, but do you remember these screens when using Windows or Mac OSX?
This doesn’t mean that this doesn’t apply to Linux. 😉 Also on Linux it’s required to restart all java processes. In case of a Oracle JRE update it meant that we had to plan maintenance windows and restart all Mendix Apps while rolling out the update.
A new approach
It would have been much nicer if we could roll out updates without thinking about the Mendix Apps that are currently using the installed Java version. In the Linux universe this is not an unfamiliar issue. Look for example at the Linux kernel. The Linux kernel that is currently running also cannot be replaced or uninstalled. You would run into all kinds of issues regarding kernel modules and libraries that have been changed or removed. Therefore the packaging system is keeping the last X Linux kernels installed including the one you are currently running.
Since Debian 8.0 (Jessie) the apt package (since version 0.9.9.1) contains this file: “/etc/kernel/postinst.d/apt-auto-removal“. This file is executed after the installation (during “postinst“) of each “linux-image*” package. The “apt-auto-removal” script lists all installed kernels and creates an “APT::NeverAutoRemove” list in “/etc/apt/apt.conf.d/01autoremove-kernels” of the 3 most recent versions plus the one that is currently in use in. “linux-image*” packages that are not on that list may be “AutoRemoved“.
For Oracle JRE we can exactly use the same procedure. There are a few requirements:
- java-package needs to create versioned packages so we can install multiple versions at the same time.
- The oracle-java8uXX-jre package must run an apt-auto-removal script after installation to update an APT::NeverAutoRemove list.
- The apt-auto-removal script needs to be in a separate package, because its already required on installation of a oracle-java8uXX-jre package.
- We need an oracle-java8-jre-latest dependency package to install the latest oracle-java8uXX-jre package, also so that for example oracle-java8uXX-jre is marked as automatically installed so it can be removed using apt-get autoremove when it’s not on the APT::NeverAutoRemove list.
Versioned packages with java-package
java-package needed to be patched to produce versioned packages. Instead of “oracle-java8-jre” we needed to have “oracle-java8uXX-jre” where XX is the update version number, for example “oracle-java8u45-jre“.
Besides the package name, the package content needed to be installed in a different place. With “oracle-java8-jre” all files are installed in “/usr/lib/jvm/jre-8-oracle-x64/“. This needed to change to “/usr/lib/jvm/jre-8uXX-oracle-x64/“.
Changing 4 lines of bash gave the expected result (github.com/mendix/java-package):
diff --git a/lib/jdk.sh b/lib/jdk.sh
index cd41772..bc981e1 100644
--- a/lib/jdk.sh
+++ b/lib/jdk.sh
@@ -57,8 +57,8 @@ j2sdk_run() {
echo
diskfree "$j2se_required_space"
read_maintainer_info
- j2se_package="$j2se_vendor-java$j2se_release-jdk"
- j2se_name="jdk-$j2se_release-$j2se_vendor-$j2se_arch"
+ j2se_package="$j2se_vendor-java${j2se_release}u$j2se_update-jdk"
+ j2se_name="jdk-${j2se_release}u$j2se_update-$j2se_vendor-$j2se_arch"
local target="$package_dir/$j2se_name"
install -d -m 755 "$( dirname "$target" )"
extract_bin "$archive_path" "$j2se_expected_min_size" "$target"
diff --git a/lib/jre.sh b/lib/jre.sh
index ecd6d41..b209fcb 100644
--- a/lib/jre.sh
+++ b/lib/jre.sh
@@ -42,8 +42,8 @@ j2re_run() {
echo
diskfree "$j2se_required_space"
read_maintainer_info
- j2se_package="$j2se_vendor-java$j2se_release-jre"
- j2se_name="jre-$j2se_release-$j2se_vendor-$j2se_arch"
+ j2se_package="$j2se_vendor-java${j2se_release}u$j2se_update-jre"
+ j2se_name="jre-${j2se_release}u$j2se_update-$j2se_vendor-$j2se_arch"
local target="$package_dir/$j2se_name"
install -d -m 755 "$( dirname "$target" )"
extract_bin "$archive_path" "$j2se_expected_min_size" "$target"
Now we were able to install multiple Oracle JRE versions alongside each other. I thought it was also nice to have a “/usr/bin/java8” symlink, which always points to the latest version. This was also easily implemented:
diff --git a/lib/oracle-jdk.sh b/lib/oracle-jdk.sh
index adb3dc2..bdd2b91 100644
--- a/lib/oracle-jdk.sh
+++ b/lib/oracle-jdk.sh
@@ -124,6 +124,10 @@ fi
install_no_man_alternatives $jvm_base$j2se_name/jre/lib $oracle_jre_lib_hl
install_alternatives $jvm_base$j2se_name/bin $oracle_bin_jdk
+if [[ -f "$jvm_base$j2se_name/bin/java" ]]; then
+ update-alternatives --install "/usr/bin/java$j2se_release" "java$j2se_release" "$jvm_base$j2se_name/bin/java" $j2se_priority
+fi
+
# No plugin for ARM architecture yet
if [ "${DEB_BUILD_ARCH:0:3}" != "arm" ]; then
plugin_dir="$jvm_base$j2se_name/jre/lib/$DEB_BUILD_ARCH"
@@ -148,6 +152,8 @@ fi
remove_alternatives $jvm_base$j2se_name/jre/lib $oracle_jre_lib_hl
remove_alternatives $jvm_base$j2se_name/bin $oracle_bin_jdk
+update-alternatives --remove "java$j2se_release" "$jvm_base$j2se_name/bin/java"
+
# No plugin for ARM architecture yet
if [ "${DEB_BUILD_ARCH:0:3}" != "arm" ]; then
plugin_dir="$jvm_base$j2se_name/jre/lib/$DEB_BUILD_ARCH"
diff --git a/lib/oracle-jre.sh b/lib/oracle-jre.sh
index 3958ea7..fcc2287 100644
--- a/lib/oracle-jre.sh
+++ b/lib/oracle-jre.sh
@@ -96,6 +96,10 @@ install_alternatives $jvm_base$j2se_name/bin $oracle_jre_bin_jre
install_no_man_alternatives $jvm_base$j2se_name/bin $oracle_no_man_jre_bin_jre
install_no_man_alternatives $jvm_base$j2se_name/lib $oracle_jre_lib_hl
+if [[ -f "$jvm_base$j2se_name/bin/java" ]]; then
+ update-alternatives --install "/usr/bin/java$j2se_release" "java$j2se_release" "$jvm_base$j2se_name/bin/java" $j2se_priority
+fi
+
plugin_dir="$jvm_base$j2se_name/lib/$DEB_BUILD_ARCH"
for b in $browser_plugin_dirs;do
install_browser_plugin "/usr/lib/\$b/plugins" "libjavaplugin.so" "\$b-javaplugin.so" "\$plugin_dir/libnpjp2.so"
@@ -114,6 +118,8 @@ remove_alternatives $jvm_base$j2se_name/bin $oracle_jre_bin_jre
remove_alternatives $jvm_base$j2se_name/bin $oracle_no_man_jre_bin_jre
remove_alternatives $jvm_base$j2se_name/lib $oracle_jre_lib_hl
+update-alternatives --remove "java$j2se_release" "$jvm_base$j2se_name/bin/java"
+
plugin_dir="$jvm_base$j2se_name/lib/$DEB_BUILD_ARCH"
for b in $browser_plugin_dirs;do
remove_browser_plugin "\$b-javaplugin.so" "\$plugin_dir/libnpjp2.so"
And the last part regarding java-package was to execute “/etc/oracle-java/postinst.d/apt-auto-removal” after installation:
diff --git a/lib/oracle-jre.sh b/lib/oracle-jre.sh
index fcc2287..ebebb1f 100644
--- a/lib/oracle-jre.sh
+++ b/lib/oracle-jre.sh
@@ -104,6 +104,10 @@ plugin_dir="$jvm_base$j2se_name/lib/$DEB_BUILD_ARCH"
for b in $browser_plugin_dirs;do
install_browser_plugin "/usr/lib/\$b/plugins" "libjavaplugin.so" "\$b-javaplugin.so" "\$plugin_dir/libnpjp2.so"
done
+
+if [ -d "/etc/oracle-java/postinst.d" ]; then
+ run-parts --report --exit-on-error --arg=$j2se_vendor-java${j2se_release}u$j2se_update-jre /etc/oracle-java/postinst.d
+fi
EOF
}
apt-auto-removal and APT::NeverAutoRemove
To generate the “APT::NeverAutoRemove” list, we’ve taken the “apt-auto-removal” script from the apt package and modified it to support oracle-java packages:
#!/bin/sh
set -e
# Author: Pim van den Berg <pim.van.den.berg@mendix.com>
#
# This is a modified version of the /etc/kernel/postinst.d/apt-auto-removal
# script from the apt package to mark kernel packages as NeverAutoRemove.
#
# Mark as not-for-autoremoval those oracle-java packages that are currently in use.
#
# We generate this list and save it to /etc/apt/apt.conf.d instead of marking
# packages in the database because this runs from a postinst script, and apt
# will overwrite the db when it exits.
eval $(apt-config shell APT_CONF_D Dir::Etc::parts/d)
test -n "${APT_CONF_D}" || APT_CONF_D="/etc/apt/apt.conf.d"
config_file=${APT_CONF_D}/01autoremove-oracle-java
eval $(apt-config shell DPKG Dir::bin::dpkg/f)
test -n "$DPKG" || DPKG="/usr/bin/dpkg"
if [ ! -e /bin/fuser ]; then
echo "WARNING: /bin/fuser is missing, could not generate reliable $config_file"
exit
fi
java_versions=""
for java_binary in /usr/lib/jvm/*/bin/java; do
if /bin/fuser $java_binary > /dev/null 2>&1; then
java_versions="$java_versions
$(dpkg -S $java_binary | sed 's/: .*//')"
fi
done
versions="$(echo "$java_versions" | sort -u | sed -e 's#\.#\\.#g' )"
generateconfig() {
cat <<EOF
// DO NOT EDIT! File autogenerated by $0
APT::NeverAutoRemove
{
EOF
for version in $versions; do
echo " \"^${version}$\";"
done
echo '};'
}
generateconfig > "${config_file}.dpkg-new"
mv "${config_file}.dpkg-new" "$config_file"
The “java-auto-removal” script will go through all “/usr/lib/jvm/*/bin/java” files and check whether they are in use, using the “/bin/fuser” command. When in use, the package the java binary is part of will be added to the “APT::NeverAutoRemove” list. This list will be written to /etc/apt/apt.conf.d/01autoremove-oracle-java.
Great improvement 😀
That’s it. We are now able to upgrade Oracle Java while the Mendix App keeps running. Once the Mendix App is stopped and then started by the customer, it will start to use the new version of Java. Once another new Oracle Java update is installed or the “java-auto-removal” script is run, the “APT::NeverAutoRemove” list is updated. After that the Oracle Java version that was in use by the Mendix App before it stopped can be “AutoRemoved“. 😀