0

I am using the docker image of tomcat with jre8, I have to change an option inside the java environment, it is possible to do it after the container is running, ssh to it and change

securerandom.source=file:/dev/random

to

securerandom.source=file:/dev/urandom

inside

root@112ecdd0b71f:/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security

However, I want to do it automatically on before the container is starting up, because the current setting takes a lot of time to the tomcat to start-up.

barha
  • 709
  • 1
  • 7
  • 22
  • 1
    The slow startup might be caused by lack of entropy. You might want to mount actual host /dev/random to you image. Check this SO answer http://stackoverflow.com/a/26024403/4990550. – David Siro Apr 10 '17 at 20:05

1 Answers1

2

There are two options for these kind of changes.

  1. Create a new image and override the JVM system property.

    You would generally create a new Dockerfile based on the original one you used and make your changes there. You could use JAVA_OPTS or CATALINA_OPTS like:

    FROM tomcat:8-jre8
ENV CATALINA_OPTS -Dsecurerandom.source=file:/dev/urandom

  2. Set the JVM system property at runtime in the existing image.

    This would be done using docker run. Just pass -e CATALINA_OPTS="-Dsecurerandom.source=file:/dev/urandom". Something like:

    docker run -e CATALINA_OPTS="-Dsecurerandom.source=file:/dev/urandom" tomcat:8-jre8

  3. Create a new image and change the file (not recommended).

    You can also create a new image and just make the change that you were originally making (though, I don't really like changing files inside an image when they don't need to).

    FROM tomcat:8-jre8
RUN sed -i 's/file:\/dev\/random/file:\/dev\/urandom/' /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/java.security
Andy Shinn
  • 26,561
  • 8
  • 75
  • 93