thomasdarimont/jlink-jdk11-with-jcmd-tools.md

## readme.md

      
    Raw
  

              readme.md
            
          
    This is a small PoC for creating a custom Java-Runtime with reduced dependencies and tools.
The idea is to use this JRE in a Docker image layer on top of a slim Linux distribution.
Cleanup java-runtime-kc

rm -rf java-runtime-kc

Create custom JRE with JLink

Produces a 51M custom JRE distribution
jlink \
  --no-header-files \
  --no-man-pages \
  --compress=2 \
  --strip-debug \
  --vm=server \
  --exclude-files="**/bin/rmiregistry,**/bin/jrunscript,**/bin/rmid" \
  --add-modules java.base,java.instrument,java.logging,java.management,java.naming,java.scripting,java.se,java.security.jgss,java.security.sasl,java.sql,java.transaction.xa,java.xml,java.xml.crypto,jdk.security.auth,jdk.xml.dom,jdk.unsupported,jdk.crypto.cryptoki,jdk.crypto.ec \
  --output java-runtime-kc

Optimize

Removing debug symbols. This step reduces the java-runtime-kc to 47M MB
strip -p --strip-unneeded java-runtime-kc/lib/server/libjvm.so

Java Runtime Directory Layout

$ tree -L 2 java-runtime-kc              
java-runtime-kc
├── bin
│   ├── java
│   └── keytool
├── conf
│   ├── logging.properties
│   ├── net.properties
│   ├── sdp
│   ├── security
│   └── sound.properties
├── legal
│   ├── java.base
│   ├── java.compiler
│   ├── java.datatransfer
│   ├── java.desktop
│   ├── java.instrument
│   ├── java.logging
│   ├── java.management
│   ├── java.management.rmi
│   ├── java.naming
│   ├── java.net.http
│   ├── java.prefs
│   ├── java.rmi
│   ├── java.scripting
│   ├── java.se
│   ├── java.security.jgss
│   ├── java.security.sasl
│   ├── java.sql
│   ├── java.sql.rowset
│   ├── java.transaction.xa
│   ├── java.xml
│   ├── java.xml.crypto
│   ├── jdk.security.auth
│   ├── jdk.unsupported
│   └── jdk.xml.dom
├── lib
│   ├── classlist
│   ├── jexec
│   ├── jrt-fs.jar
│   ├── jspawnhelper
│   ├── jvm.cfg
│   ├── libawt_headless.so
│   ├── libawt.so
│   ├── libawt_xawt.so
│   ├── libfontmanager.so
│   ├── libinstrument.so
│   ├── libj2gss.so
│   ├── libjaas.so
│   ├── libjavajpeg.so
│   ├── libjava.so
│   ├── libjawt.so
│   ├── libjimage.so
│   ├── libjli.so
│   ├── libjsig.so
│   ├── libjsound.so
│   ├── liblcms.so
│   ├── libmanagement.so
│   ├── libmlib_image.so
│   ├── libnet.so
│   ├── libnio.so
│   ├── libprefs.so
│   ├── librmi.so
│   ├── libsplashscreen.so
│   ├── libverify.so
│   ├── libzip.so
│   ├── modules
│   ├── psfontj2d.properties
│   ├── psfont.properties.ja
│   ├── security
│   ├── server
│   └── tzdb.dat
└── release

32 directories, 39 files

$ du -sh java-runtime-kc  
47M	java-runtime-kc

Run Keycloak

JAVA_HOME=/home/tom/dev/playground/java/jlink-demo/java-runtime-kc bin/standalone.sh

Output:
=========================================================================

  JBoss Bootstrap Environment

  JBOSS_HOME: /home/tom/dev/playground/keycloak/keycloak-6.0.1

  JAVA: /home/tom/dev/playground/java/jlink-demo/java-runtime-kc/bin/java

  JAVA_OPTS:  -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true  --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED --add-modules=java.se

=========================================================================

00:39:20,360 INFO  [org.jboss.modules] (main) JBoss Modules version 1.9.0.Final
00:39:20,869 INFO  [org.jboss.msc] (main) JBoss MSC version 1.4.5.Final
00:39:20,883 INFO  [org.jboss.threads] (main) JBoss Threads version 2.3.3.Final
00:39:21,113 INFO  [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: Keycloak 6.0.1 (WildFly Core 8.0.0.Final) starting
00:39:22,123 INFO  [org.wildfly.security] (ServerService Thread Pool -- 19) ELY00001: WildFly Elytron version 1.8.0.Final
...
00:39:31,221 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
00:39:31,224 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
00:39:31,224 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0051: Admin console listening on http://127.0.0.1:9990
00:39:31,224 INFO  [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: Keycloak 6.0.1 (WildFly Core 8.0.0.Final) started in 11322ms - Started 616 of 879 services (563 services are lazy, passive or on-demand)


## jlink-jdk11-with-jcmd-tools.md

      
    Raw
  

              jlink-jdk11-with-jcmd-tools.md
            
          
    A custom JRE with Support for JCMD and Remote Debugging
# Java 11

JAVA_TARGET=custom-java-runtime

echo "Create trimmed down JDK" && \
      $JAVA_HOME/bin/jlink \
      --no-header-files \
       --strip-debug \
      --no-man-pages \
      --compress=2 \
      --vm=server \
      --exclude-files="**/bin/rmiregistry,**/bin/jrunscript,**/bin/rmid" \
      --module-path "$JAVA_HOME/jmods" \
      --add-modules java.base,java.instrument,java.logging,java.management,java.se,java.naming,java.security.jgss,java.security.sasl,java.sql,java.transaction.xa,java.xml,java.xml.crypto,jdk.security.auth,jdk.xml.dom,jdk.naming.dns,jdk.unsupported,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.jcmd,jdk.internal.ed,jdk.internal.jvmstat,jdk.internal.le,jdk.internal.opt,jdk.internal.vm.ci,jdk.internal.vm.compiler,jdk.internal.vm.compiler.management \
      --output $JAVA_TARGET && \
      echo "Add Java Debugging tools from JDK" && \
      cp $JAVA_HOME/lib/libjdwp.so $JAVA_TARGET/lib/ && \
      cp $JAVA_HOME/lib/libdt_socket.so $JAVA_TARGET/lib/ && \
      cp $JAVA_HOME/lib/*management*.so $JAVA_TARGET/lib/ && \
      echo "Remove debug symbols from JDK" && \
      strip -p --strip-unneeded $JAVA_TARGET/lib/server/libjvm.so


## jlink-jdk17-with-jcmd-tools.md

      
    Raw
  

              jlink-jdk17-with-jcmd-tools.md
            
          
    # Java 17

JAVA_TARGET=custom-java-runtime

echo "Create trimmed down JDK" && \
      $JAVA_HOME/bin/jlink \
      --no-header-files \
       --strip-debug \
      --no-man-pages \
      --compress=2 \
      --vm=server \
      --exclude-files="**/bin/rmiregistry,**/bin/jrunscript,**/bin/rmid" \
      --module-path "$JAVA_HOME/jmods" \
      --add-modules java.base,java.instrument,java.logging,java.management,java.se,java.naming,java.security.jgss,java.security.sasl,java.sql,java.transaction.xa,java.xml,java.xml.crypto,jdk.security.auth,jdk.xml.dom,jdk.naming.dns,jdk.unsupported,jdk.crypto.cryptoki,jdk.crypto.ec,jdk.jcmd,jdk.internal.ed,jdk.internal.jvmstat,jdk.internal.le,jdk.internal.opt,jdk.internal.vm.ci,jdk.internal.vm.ci \
      --output $JAVA_TARGET && \
      echo "Add Java Debugging tools from JDK" && \
      cp $JAVA_HOME/lib/libjdwp.so $JAVA_TARGET/lib/ && \
      cp $JAVA_HOME/lib/libdt_socket.so $JAVA_TARGET/lib/ && \
      cp $JAVA_HOME/lib/*management*.so $JAVA_TARGET/lib/ && \
      echo "Remove debug symbols from JDK" && \
      strip -p --strip-unneeded $JAVA_TARGET/lib/server/libjvm.so