How to change the JVM parameter for a Docker container
The following article only applies when running Bitbucket Server up to version 4.x.
Starting from Bitbucket Server 5.0+, environment variables should be provided as Docker environment variables. For example, add the following when starting up or running the Docker container.
-e JVM_MINIMUM_MEMORY=1024m -e JVM_MAXIMUM_MEMORY=2048mPurpose
This article aims to provide customers with a way of customizing how much memory the JVM will use when Bitbucket server is run in a Docker instance or which Trust Store their JVM will point to, given that customers like to keep their cacerts the same between upgrades (please refer to Add env variable to change the location of the Java Trust Store for Tomcat to understand this use case).
This article assumes that you already have a running Docker instance.
Explanation
Running the container as we ship and instruct spins off the process below:
$ docker exec -it bitbucket /bin/bash $ ps -ef | grep bitbucket | grep -v elasticsearch daemon 52 45 33 03:55 ? 00:08:19 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Djava.util.logging.config.file=/opt/atlassian/bitbucket/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms512m -Xmx768m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Datlassian.standalone=BITBUCKET -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false -Dcom.sun.jndi.ldap.connect.pool.protocol=plain ssl -Dcom.sun.jndi.ldap.connect.pool.authentication=none simple DIGEST-MD5 -Djava.library.path=/opt/atlassian/bitbucket/lib/native:/var/atlassian/application-data/bitbucket/lib/native -Dbitbucket.home=/var/atlassian/application-data/bitbucket -Djdk.tls.ephemeralDHKeySize=2048 -Djava.endorsed.dirs=/opt/atlassian/bitbucket/endorsed -classpath /opt/atlassian/bitbucket/bin/bitbucket-bootstrap.jar:/opt/atlassian/bitbucket/bin/bootstrap.jar:/opt/atlassian/bitbucket/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/bitbucket -Dcatalina.home=/opt/atlassian/bitbucket -Djava.io.tmpdir=/opt/atlassian/bitbucket/temp com.atlassian.stash.internal.catalina.startup.Bootstrap start
- As you can see, we ship it with the default maximum memory of -Xmx768m. -Xms512m is the minimum memory the JVM currently runs with.
- Also by default Tomcat will use the certificates loaded into /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts
- If you want to change any of those, the best course of action is to rebuild the docker image yourself as these JVM parameters must be configured in the "Bitbucket binaries" namely /opt/atlassian/bitbucket/bin/setenv.sh within the image.
- This is a link to a fork of the current Atlassian official Docker repo. When the fork was done, this commit. All it does is to execute a sed command to change JVM_MAXIMUM_MEMORY="1024m" before starting up Bitbucket server and to set the Java Trust Store for being in $BITBUCKET_HOME. There is also a command to change the Java Trust Store that the Tomcat running Bitbucket uses in case you want to keep the
cacertsfile in the home directory (please refer to Add env variable to change the location of the Java Trust Store for Tomcat). You can review that commit to understand what was done.
Solution
These steps will have to be done every time there is a new Docker image available in our repository while a final solution to Add env variable to change the location of the Java Trust Store for Tomcat is not provided. You will need to clone the Docker image, build it and use that image on your environment.
First and foremost, you will need to save the current
cacertsinto your$BITBUCKET_HOME. Please make sure you copy this file by executing the following command into your container:# cp /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts $BITBUCKET_HOME
You clone our current Atlassian official Docker repo:
git clone git@bitbucket.org:atlassian/docker-atlassian-bitbucket-server.git
Once you cloned it, you will need to:
- First if your intention
- Change the
sedexpression as per your needs as done on this example. Notice that in the example on that link both the JVM argument for the memory and for the Java Trust store are set but you can choose which one you want.
Build the image:
$ docker build -t my-bitbucket-cacerts .
Once you've done that, you should be able to see the new image:
$ docker images REPOSITORY TAG IMAGE ID CREATED SIZE my-bitbucket latest 2314a3824123 39 minutes ago 641.9 MB ... ... atlassian/bitbucket-server latest fd9d482396ca 4 days ago 641.9 MB
- You need to stop your previous container now so that the ports used by Bitbucket server are free for you to run the new image:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
783c3cbb0501 atlassian/bitbucket-server "./bin/start-bitbucke" 28 seconds ago Up 27 seconds 0.0.0.0:7990->7990/tcp, 0.0.0.0:7999->7999/tcp bitbucket
$ docker stop 783c3cbb0501You might want to remove the container above as well to avoid naming conflicts. Once it is exited, the image named
bitbucketwill look like that:$ docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ... d985465a007b atlassian/bitbucket-server "/entrypoint.sh -fg" 2 hours ago Exited (143) About a minute ago bitbucketYou can go ahead and remove it:
$ docker rm d985465a007bOnce that's done, execute the commands as outlined on our on the Bitbucket Server Docker repo but using the image name we created above:
docker run -v bitbucketVolume:/var/atlassian/application-data/bitbucket --name="bitbucket" -d -p 7990:7990 -p 7999:7999 my-bitbucket-cacertsNote that the command above is using the same container name
–name="bitbucket"and therefore I had to remove the previous one. The most important part here is that you point the container to the same named volume (i.e.bitbucketVolume) so the data contained in theBITBUCKET_HOMEis preserved.
As soon as the image comes up, you will be able to see that it now initialized with the new parameter for Xmx. You could check by running:
# ps -ef | grep bitbuck | grep -v elastic root 7 1 0 03:57 ? 00:00:00 su -s /bin/bash daemon -c /opt/atlassian/bitbucket/bin/start-bitbucket.sh -fg daemon 11 7 0 03:57 ? 00:00:00 bash /opt/atlassian/bitbucket/bin/start-bitbucket.sh -fg daemon 50 11 0 03:57 ? 00:00:00 bash /opt/atlassian/bitbucket/bin/start-webapp.sh -fg daemon 56 50 12 03:57 ? 00:00:58 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java -Djava.util.logging.config.file=/opt/atlassian/bitbucket/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms512m -Xmx1024m -XX:+UseG1GC -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8 -Datlassian.standalone=BITBUCKET -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.apache.catalina.connector.Response.ENFORCE_ENCODING_IN_GET_WRITER=false -Dcom.sun.jndi.ldap.connect.pool.protocol=plain ssl -Dcom.sun.jndi.ldap.connect.pool.authentication=none simple DIGEST-MD5 -Djava.library.path=/opt/atlassian/bitbucket/lib/native:/var/atlassian/application-data/bitbucket/lib/native -Djavax.net.ssl.keyStore=/var/atlassian/application-data/bitbucket/cacerts -Dbitbucket.home=/var/atlassian/application-data/bitbucket -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -DcatalinaConnectorProxyName= -DcatalinaConnectorProxyPort= -DcatalinaConnectorScheme=http -DcatalinaConnectorSecure=false -Djava.endorsed.dirs=/opt/atlassian/bitbucket/endorsed -classpath /opt/atlassian/bitbucket/bin/bitbucket-bootstrap.jar:/opt/atlassian/bitbucket/bin/bootstrap.jar:/opt/atlassian/bitbucket/bin/tomcat-juli.jar -Dcatalina.base=/opt/atlassian/bitbucket -Dcatalina.home=/opt/atlassian/bitbucket -Djava.io.tmpdir=/opt/atlassian/bitbucket/temp com.atlassian.stash.internal.catalina.startup.Bootstrap start