Best guess at modified entrypoint.sh

Dockerfile

@@ -14,10 +14,11 @@ FROM base
 # this will assume whatever FROM_TAG was set in first stage above
 ARG FROM_TAG
 
-ARG DEBUG=
+ARG DEBUG
 ARG LABKEY_VERSION
 ARG LABKEY_DISTRIBUTION
 ARG LABKEY_EK
+ARG LOG4J_CONFIG_OVERRIDE
 
 # dependent ENVs declared separately
 ENV POSTGRES_USER="postgres" \
@@ -35,11 +36,11 @@ ENV DEBUG="${DEBUG}" \
     \
     CATALINA_HOME="${TOMCAT_BASE_DIR}" \
     \
-    POSTGRES_PASSWORD= \
+    POSTGRES_PASSWORD="" \
     POSTGRES_HOST="localhost" \
     POSTGRES_PORT="5432" \
     POSTGRES_DB="${POSTGRES_USER}" \
-    POSTGRES_PARAMETERS= \
+    POSTGRES_PARAMETERS="" \
     \
     POSTGRES_MAX_TOTAL_CONNECTIONS=50 \
     POSTGRES_MAX_IDLE_CONNECTIONS=10 \
@@ -57,16 +58,16 @@ ENV DEBUG="${DEBUG}" \
     LABKEY_SYSTEM_DESCRIPTION="${LABKEY_SYSTEM_SHORT_NAME}" \
     LABKEY_BASE_SERVER_URL="https://${LABKEY_DEFAULT_DOMAIN}:${LABKEY_PORT}" \
     \
-    LABKEY_STARTUP_BASIC_EXTRA= \
-    LABKEY_STARTUP_DISTRIBUTION_EXTRA= \
+    LABKEY_STARTUP_BASIC_EXTRA="" \
+    LABKEY_STARTUP_DISTRIBUTION_EXTRA="" \
     \
-    LABKEY_CREATE_INITIAL_USER= \
+    LABKEY_CREATE_INITIAL_USER="" \
     LABKEY_INITIAL_USER_EMAIL="toor@localhost" \
     LABKEY_INITIAL_USER_ROLE="SiteAdminRole" \
     LABKEY_INITIAL_USER_GROUP="Administrators" \
     \
-    LABKEY_CREATE_INITIAL_USER_APIKEY= \
-    LABKEY_INITIAL_USER_APIKEY= \
+    LABKEY_CREATE_INITIAL_USER_APIKEY="" \
+    LABKEY_INITIAL_USER_APIKEY="" \
     \
     LOG_LEVEL_TOMCAT="OFF" \
     LOG_LEVEL_SPRING_WEB="OFF" \
@@ -80,7 +81,7 @@ ENV DEBUG="${DEBUG}" \
     TOMCAT_SSL_ENABLED_PROTOCOLS="TLSv1.3,TLSv1.2" \
     TOMCAT_SSL_PROTOCOL="TLS" \
     \
-    TOMCAT_ENABLE_ACCESS_LOG= 
+    TOMCAT_ENABLE_ACCESS_LOG=""
 
 ENV CERT_C="US" \
     CERT_ST="Washington" \
@@ -92,25 +93,25 @@ ENV CERT_C="US" \
     SMTP_HOST="localhost" \
     SMTP_USER="root" \
     SMTP_PORT="25" \
-    SMTP_PASSWORD= \
+    SMTP_PASSWORD="" \
     SMTP_FROM="${LABKEY_SYSTEM_EMAIL_ADDRESS}" \
-    SMTP_STARTTLS= \
+    SMTP_STARTTLS="" \
     SMTP_AUTH="false" \
     \
     MAX_JVM_RAM_PERCENT="90.0" \
     \
-    JAVA_PRE_JAR_EXTRA= \
-    JAVA_POST_JAR_EXTRA= \
+    JAVA_PRE_JAR_EXTRA="" \
+    JAVA_POST_JAR_EXTRA="" \
     JAVA_TMPDIR="/var/tmp" \
     JAVA_TIMEZONE="America/Los_Angeles" \
     \
     LOGGER_PATTERN="%-40.40logger{39}" \
-    LOG_LEVEL_DEFAULT= \
+    LOG_LEVEL_DEFAULT="" \
     \
-    LOG_LEVEL_LABKEY_DEFAULT= \
-    LOG_LEVEL_API_MODULELOADER= \
-    LOG_LEVEL_API_SETTINGS= \
-    LOG_LEVEL_API_PIPELINE=
+    LOG_LEVEL_LABKEY_DEFAULT="" \
+    LOG_LEVEL_API_MODULELOADER="" \
+    LOG_LEVEL_API_SETTINGS="" \
+    LOG_LEVEL_API_PIPELINE=""
 
 COPY entrypoint.sh /entrypoint.sh
 
@@ -212,7 +213,7 @@ COPY "startup/${LABKEY_DISTRIBUTION}.properties" \
     startup/49_distribution.properties
 
 # add logging config files
-COPY log4j2.xml log4j2.xml
+COPY "${LOG4J_CONFIG_OVERRIDE}" "config/${LOG4J_CONFIG_OVERRIDE}"
 
 # add aws cli & make it owned by labkey user so it can all be deleted after s3 downloads in entrypoint.sh
 RUN mkdir -p /usr/src/awsclizip "${LABKEY_HOME}/awsclibin" "${LABKEY_HOME}/aws-cli" \

Makefile

@@ -25,6 +25,8 @@ LABKEY_VERSION ?= 21.5-SNAPSHOT
 LABKEY_DISTRIBUTION ?= community
 LABKEY_EK ?= 123abc456
 
+LOG4J_CONFIG_OVERRIDE ?= default.log4j2.xml
+
 BUILD_ARCHITECTURE ?= linux/amd64
 
 # repo/image:tags must be lowercase
@@ -69,6 +71,7 @@ build:
 		--build-arg 'LABKEY_VERSION=$(LABKEY_VERSION)' \
 		--build-arg 'LABKEY_DISTRIBUTION=$(BUILD_DISTRIBUTION)' \
 		--build-arg 'LABKEY_EK=$(LABKEY_EK)' \
+		--build-arg 'LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}' \
 		.
 
 login:
@@ -101,27 +104,27 @@ push:
 
 up:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit ${BUILD_DISTRIBUTION} \
-			|| docker-compose stop ${BUILD_DISTRIBUTION} pg-${BUILD_DISTRIBUTION}
+	docker compose up --abort-on-container-exit ${BUILD_DISTRIBUTION} \
+			|| docker compose stop ${BUILD_DISTRIBUTION} pg-${BUILD_DISTRIBUTION}
 
 up-allpg:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit allpg \
-			|| docker-compose stop allpg pg-allpg
+	docker compose up --abort-on-container-exit allpg \
+			|| docker compose stop allpg pg-allpg
 
 up-enterprise:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit enterprise \
-			|| docker-compose stop enterprise pg-enterprise
+	docker compose up --abort-on-container-exit enterprise \
+			|| docker compose stop enterprise pg-enterprise
 
 up-lims_starter:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit lims_starter \
-			|| docker-compose stop lims_starter pg-lims_starter
+	docker compose up --abort-on-container-exit lims_starter \
+			|| docker compose stop lims_starter pg-lims_starter
 
 down:
 	$(call tc,tearing down compose)
-	docker-compose down -v --remove-orphans
+	docker compose down -v --remove-orphans
 
 clean:
 	docker images | grep -E '$(BUILD_REPO_NAME)|<none>' \
@@ -131,13 +134,13 @@ clean:
 
 test: down
 	$(call tc,running smoke tests)
-	IDENT=${BUILD_DISTRIBUTION} docker-compose up --detach ${BUILD_DISTRIBUTION};
+	IDENT=${BUILD_DISTRIBUTION} docker compose up --detach ${BUILD_DISTRIBUTION};
 	@./smoke.bash \
 		&& printf "##teamcity[progressMessage '%s']\n" 'smoke test succeeded' \
 		|| printf "##teamcity[buildProblem description='%s' identity='%s']\n" \
 			'smoke test failed' \
 			'failure'
-	IDENT=${BUILD_DISTRIBUTION} docker-compose down -v
+	IDENT=${BUILD_DISTRIBUTION} docker compose down -v
 
 pull: login
 	docker pull $(BUILD_REMOTE_REPO):$(PULL_TAG)

README.md

@@ -13,6 +13,9 @@ The policy itself can be overriden with an `optional.application.properties` fil
 
 CSP_REPORT and CSP_ENFORCE environment variables have been removed.
 
+## log4j2.xml
+March 2025 brings a new implementation of log4j2.xml. We're now using the default configuration from the [server repo](https://github.com/LabKey/server/blob/develop/server/embedded/src/main/resources/log4j2.xml), and overriding that as needed with the local file identified in the `LOG4J_CONFIG_OVERRIDE` environment variable. By default this is an empty file that makes no changes, which is due to some complications of the Docker `COPY` command. During startup, entrypoint.sh copies the local files into the configs directory after the jar has been opened up.
+
 ## Upgrading from 23.11 to 24.3
 March 2024 saw [many changes](https://github.com/LabKey/Dockerfile/commits/24.3.0) in an effort to bring this repo in line with LabKey server versioning/releases, starting with v24.3, in which the embedded tomcat version has been upgraded from 9 to 10. 
 
@@ -165,19 +168,21 @@ A better description of the LabKey settings can be found in the LabKey docs [her
 
 `LABKEY_GUID` is only relevant if you are attempting to created/run a container destined to connect to a pre-existing database belonging to a pre-existing LabKey.
 
-| name                        | purpose                                                                                                  | default                  |
-| --------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------ |
-| LABKEY_BASE_SERVER_URL      | full URI LabKey will use to refer to itself                                                              | `https://localhost:8443` |
-| LABKEY_COMPANY_NAME         | name of your organization; appears in emails                                                             | `Sirius Cybernetics`     |
-| LABKEY_DEFAULT_DOMAIN       | (DNS) domain where the LabKey server resides                                                             | `localhost`              |
-| LABKEY_DISTRIBUTION         | "flavor" of labkey;                                                                                      | `community`              |
-| LABKEY_FILES_ROOT           | path within which will serve as the root of the "files" directory                                        | `/labkey/files`          |
-| LABKEY_GUID                 | LabKey [server GUID](https://www.labkey.org/Documentation/wiki-page.view?name=stagingServerTips#guid)    | `<empty>`                |
-| LABKEY_EK                  | LabKey [encryption key](https://www.labkey.org/Documentation/wiki-page.view?name=cpasxml#encrypt) | `123abc456`                |
-| LABKEY_PORT                 | port to which labkey will bind within the container                                                      | `8443`                   |
-| LABKEY_SYSTEM_DESCRIPTION   | brief description of server; appears in emails                                                           | `Sirius Cybernetics`     |
-| LABKEY_SYSTEM_EMAIL_ADDRESS | email address system email will be sent "from"                                                           | `do_not_reply@localhost` |
-| LABKEY_SYSTEM_SHORT_NAME    | name of server displayed in header                                                                       | `Sirius Cybernetics`     |
+| name                        | purpose                                                                                               | default                  |
+|-----------------------------|-------------------------------------------------------------------------------------------------------|--------------------------|
+| LABKEY_BASE_SERVER_URL      | full URI LabKey will use to refer to itself                                                           | `https://localhost:8443` |
+| LABKEY_COMPANY_NAME         | name of your organization; appears in emails                                                          | `Sirius Cybernetics`     |
+| LABKEY_DEFAULT_DOMAIN       | (DNS) domain where the LabKey server resides                                                          | `localhost`              |
+| LABKEY_DISTRIBUTION         | "flavor" of labkey;                                                                                   | `community`              |
+| LABKEY_FILES_ROOT           | path within which will serve as the root of the "files" directory                                     | `/labkey/files`          |
+| LABKEY_GUID                 | LabKey [server GUID](https://www.labkey.org/Documentation/wiki-page.view?name=stagingServerTips#guid) | `<empty>`                |
+| LABKEY_EK                   | LabKey [encryption key](https://www.labkey.org/Documentation/wiki-page.view?name=cpasxml#encrypt)     | `123abc456`              |
+| LABKEY_PORT                 | port to which labkey will bind within the container                                                   | `8443`                   |
+| LABKEY_SYSTEM_DESCRIPTION   | brief description of server; appears in emails                                                        | `Sirius Cybernetics`     |
+| LABKEY_SYSTEM_EMAIL_ADDRESS | email address system email will be sent "from"                                                        | `do_not_reply@localhost` |
+| LABKEY_SYSTEM_SHORT_NAME    | name of server displayed in header                                                                    | `Sirius Cybernetics`     |
+| LOG4J_CONFIG_OVERRIDE       | Filename for a file that provides logging configuration overrides                                     | `default.log4j.xml`      |
+
 
 You can optionally bypass the initial user creation "wizard" by creating an initial user using the following environment variables. **At time of writing, there is no way to set the initial user's password.** Assuming valid SMTP configuration, the "forgot password" link can be used to accomplish this. Additionally, an API can be created for that user. If both `LABKEY_CREATE_INITIAL_USER` & `LABKEY_CREATE_INITIAL_USER_APIKEY` are set to a values other than empty strings, but `LABKEY_INITIAL_USER_APIKEY` is not set, a randomly generated string will be used. Setting `LABKEY_CREATE_INITIAL_USER_APIKEY` without having set `LABKEY_CREATE_INITIAL_USER` will result in NO initial user being added.
 

docker-compose.yml

@@ -83,6 +83,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}      
       - SLEEP=${SLEEP:-0}
@@ -196,6 +197,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}
       - SLEEP=${SLEEP:-0}
@@ -307,6 +309,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}
       - SLEEP=${SLEEP:-0}
@@ -419,6 +422,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}
       - SLEEP=${SLEEP:-0}

entrypoint.sh

@@ -224,13 +224,14 @@ main() {
 
   sed -i "s/@@encryptionKey@@/${LABKEY_EK}/" config/application.properties
 
-  if [ "$JSON_OUTPUT" = "true" ] && [ "$LOG4J_CONFIG_FILE" = "log4j2.xml" ]; then
-    echo "JSON_OUTPUT==true && LOG4J_CONFIG_FILE==log4j2.xml, so updating application.properties and log4j2.xml to output JSON to console"
-    sed -i '/<!-- p=priority c=category d=datetime t=thread m=message n=newline -->/d' $LOG4J_CONFIG_FILE
-    sed -i 's/<PatternLayout.*\/>/<JSONLayout compact="true" eventEol="true" properties="true" stacktraceAsString="true" \/>/' $LOG4J_CONFIG_FILE
-    sed -i 's/^logging.pattern.console/# logging.pattern.console/' config/application.properties
+  # TODO: do we need the JSON check anymore? should we just take the override if it is set?
+  # Check if we want JSON output, we are using the base log4j2.xml config, and have an override config to use
+  if [ "${JSON_OUTPUT}" = "true" ] && [ "${LOG4J_CONFIG_FILE}" = "log4j2.xml" ] && [ -s "config/${LOG4J_CONFIG_OVERRIDE}" ]; then
+    echo "JSON_OUTPUT==true && LOG4J_CONFIG_FILE==log4j2.xml && LOG4J_CONFIG_OVERRIDE is set, so updating application.properties and log4j2.xml to output JSON to console"
+    LOG4J_CONFIG_FILE="${LOG4J_CONFIG_FILE:=log4j2.xml},config/${LOG4J_CONFIG_OVERRIDE}"
+    echo "Log4j configuration files: $LOG4J_CONFIG_FILE"
   else
-    echo "saw JSON_OUTPUT=$JSON_OUTPUT and LOG4J_CONFIG_FILE=$LOG4J_CONFIG_FILE"
+    echo "saw JSON_OUTPUT=$JSON_OUTPUT and LOG4J_CONFIG_FILE=$LOG4J_CONFIG_FILE and LOG4J_CONFIG_OVERRIDE=$LOG4J_CONFIG_OVERRIDE"
   fi
 
   export DD_JAVA_AGENT=""

labkey.log4j2.xml

@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<Configuration packages="org.labkey.api.util,org.labkey.embedded">
+
+    <Appenders>
+        <Console name="CONSOLE" target="SYSTEM_OUT">
+            <JSONLayout compact="true" eventEol="true" properties="true" stacktraceAsString="true" />
+        </Console>
+    </Appenders>
+
+    <Loggers>
+        <Logger name="org.labkey.api.script.ScriptService.Console" additivity="false" level="info">
+            <AppenderRef ref="SessionAppender"/>
+        </Logger>
+
+        <Logger name="org.fhcrc" level="info" />
+        <Logger name="org.labkey" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}" />
+
+        <!--        Override the additivity -->
+        <Logger name="org.labkey.api.util.DebugInfoDumper" additivity="false" level="debug">
+            <AppenderRef ref="THREAD_DUMP"/>
+        </Logger>
+
+        <!-- Override the additivity, and output to Console -->
+        <Logger name="org.labkey.core.admin.AdminController.ContentSecurityPolicyReportAction" additivity="false" level="warn">
+            <AppenderRef ref="CSP_REPORT" />
+            <AppenderRef ref="CONSOLE" />
+        </Logger>
+
+        <!--        Override the additivity -->
+        <Logger name="org.labkey.core.admin.ActionsTsvWriter" additivity="false" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}">
+            <AppenderRef ref="ACTION_STATS"/>
+        </Logger>
+
+        <!--        Override the output level -->
+        <Logger name="org.labkey.api.data.queryprofiler.QueryProfiler.QueryProfilerThread" additivity="false" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}">
+            <AppenderRef ref="QUERY_STATS"/>
+        </Logger>
+
+        <!-- Override the audit log behavior -->
+<!--        <Logger name="org.labkey.audit.event" additivity="false" level="OFF">-->
+<!--            <AppenderRef ref="LABKEY_AUDIT"/>-->
+<!--            <AppenderRef ref="CONSOLE" />-->
+<!--        </Logger>-->
+    </Loggers>
+</Configuration>