Docker Containers
Starting from version 7.8.0.0, Universal Controller is available as a custom Docker image. The image is based on the official images for Eclipse Temurin project, which provides OpenJDK binaries.
The following base image is used:
- eclipse-temurin:21-jdk-ubi9-minimal
This image is based on the official Red Hat ubi9-minimal image.
For more information on getting started with OpenShift, see the OpenShift Start-Up Guide.
Supported Versions
The Docker image uses JDK 21 and Tomcat 10.1.
Image Labels
Universal Controller images have various labels set with helpful metadata.
We follow Docker best practices and use the suggested OCI labels for our images. The following labels are included:
OCI Label | Description | Example Value |
|---|---|---|
org.opencontainers.image.authors | The contact details of the organization that created the image. | |
org.opencontainers.image.base.digest | The digest of the base image the Controller image was created with. |
|
org.opencontainers.image.base.name | The name of the base image the Controller image was created with. | |
org.opencontainers.image.created | An ISO8601 timestamp of when the image was created. |
|
org.opencontainers.image.description | A description of the Controller image and what it is used for. | Universal Controller can be used for Orchestrating Automation for Hybrid IT Environments |
org.opencontainers.image.ref.name | The name of the component in the image. | universal-controller |
org.opencontainers.image.title | The title for the image. | Universal Controller, Tomcat 10.1, JDK 21 |
org.opencontainers.image.vendor | The organization distributing the image. | Stonebranch, Inc. |
org.opencontainers.image.version | The version of the Controller inside the image. |
|
Universal Controller images also come with the following Red Hat Catalog labels:
Label | Example Value |
|---|---|
name | universal-controller |
maintainer | |
vendor | Stonebranch, Inc. |
version | 8.0.0.0 |
release | build.96 |
summary | Universal Controller, Tomcat 10.1, JDK 21 |
description | Universal Controller can be used for Orchestrating Automation for Hybrid IT Environments |
Downloading a Universal Controller Docker Image
The Universal Controller Docker image can be downloaded from the Customer Portal.
Tomcat Configuration
Unless specified, Tomcat uses the default maximum heap size for the Java Virtual Machine (JVM), which is 1/4 of physical memory. Depending on the environment (Docker, OpenShift, Kubernetes, etc.) this value can be interpreted differently.
In order to accommodate large workloads, Universal Controller requires you to configure the initial and maximum heap size parameters using the CATALINA_OPTS environment variable. The following is the minimum recommended configuration:
CATALINA_OPTS="-Xms512m -Xmx2048m"
Customizing Universal Controller with the Entry-Point Script
The entry-point script manages all customizations before starting the Universal Controller. It overrides the entry-point script from the base image.
The entry-point script can perform the following customizations:
- Read secrets from a file.
- Convert environment variables to startup properties.
- Configure SSL for Tomcat.
Reading Secrets from a File
The entry-point script can read a secret from a file and convert it to an environment variable. For example, if UC_DB_PASSWORD_FILE is set, the script reads the file and sets UC_DB_PASSWORD to the contents of the file.
Three secrets are supported: UC_DB_PASSWORD_FILE, UC_TRUSTMANAGER_TRUSTSTORE_PASSWORD_FILE and KEYSTORE_PASSWORD_FILE.
Converting Environment Variables to Startup Properties
All Universal Controller startup properties (uc.properties) can be specified as environment variables simply capitalizing the property name and replacing . with _. For example uc.db.rdbms becomes UC_DB_RDBMS.
A single underscore (_) in the property name needs to be replaced with a double underscore (__) in the environment variable name.
For example, uc.system_identifier becomes UC_SYSTEM__IDENTIFIER.
The entry-point script converts environment variables to properties and adds/updates them in uc.properties file.
Only environment variables with the following prefixes can be converted:
UC_→ General Universal Controller settings.SAML_→ SAML authentication settings.JDK_→ Java-related settings.
The following environment variable is set by default in order to log Universal Controller messages to the console:
UC_LOGGING_APPENDERS=console.
Configuring SSL For Tomcat
The entry-point script configures SSL if the following environment variables are set:
KEYSTORE_PASSWORDTOMCAT_CERT_PATHTOMCAT_KEY_PATH
Specifically, the entry-point script does the following:
- Converts the SSL certificate & key into a PKCS12 keystore.
- Uses
opensslto generate/tmp/keystore.p12. - Updates Tomcat's
server.xmlfor HTTPS. If a keystore is generated:- Backs up the existing
server.xml. - Removes existing SSL configurations.
- Adds a new SSL/TLS HTTP/1.1 Connector that references the generated keystore. Uses the
KEYSTORE_PASSWORDenvironment variable value as the password.
- Backs up the existing
Docker Container Ports
The following ports may need to be mapped when running containers from the Universal Controller image.
Port | Description |
|---|---|
8080 | Tomcat Non-SSL/TLS HTTP/1.1 Connector Port |
8443 | Tomcat SSL/TLS HTTP/1.1 Connector Port (JSSE Implementation) |
License
Licenses for the products installed within the images:
- UAC: The project license is in the End User License Agreement (see the
/licensesfolder in the image). - OpenJDK: The project license is GNU GPL v2 with Classpath Exception.
- Tomcat: The project license is Apache License, Version 2.0.
As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).
As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.