Quarterly manufacturing refreshes which represent a full install of the ACE product (used in combination with ot41/ace-docker content as part of an ACE base image rebuild process) contain many elements that generally are not used in flows.
Unused elements could include:
* Some of the resource managers and underlying packages like NPM.
* The web UI.
* Non-English message catalogues, bipbroker, transformationAdvisor, samples and patterns.
Additionally, other ACE product components could also be excluded when building a base image; where we know these are also not required through prior knowledge of what application content will be hosted by the image i.e., a tailored bespoke image.
Examples could include:
* Any un-required nodes and/or parsers.
* Any un-required whole runtimes, such as Java or node.js.
* Any un-required security providers.
This leads to two major concerns:
1. Increased attack vector
Additional unused packages lead to increased risk of exploit should the container be accessed by an unauthorised party. Keeping it lean reduces that risk and improves the vulnerability scanning outcome.
2. Inefficiencies in working with the image due to the large image size
After the initial transfer of an ACE manufacturing refresh tarball file from IBM’s Support Fix Central website to a user’s private rebuild environment, it should be possible for them to reduce what elements of the original product flow through into their final ACE docker image built from it.
Failure to reduce un-used product elements via a user’s private rebuild process will lead to needlessly large docker images being moved onto their owned lifecycle environments.
Consequently, these large ACE image sizes will add delays and reduce the overall efficiency of customer DevOps environments. For example, ACE container start-up times in production are slower than need be due to the cost of transferring and locally caching larger images prior to pod start-up.
If you could instead provide official support for:
1. Building ace-minimal ( ace-docker/experimental/ace-minimal at master · ot4i/ace-docker · GitHub ) docker images for ACE v12
The above ace-minimal GitHub repo location (https://github.com/ot4i/ace-docker/tree/master/experimental/ace-minimal) contains Dockerfiles for building ACE images that can run simple compact servers. For example:
__________________________________________________
| Image Type | Version | Linux O/S | Image Size |
| ----------------------------------------------- |
| ace-minimal | 12.0.2.0 | Ubuntu | 684MB |
| ace-full | 12.0.2.0 | Ubuntu | 3.02GB |
------------------------------------------------
As standard within these files, as part of the ‘Install ACE’ docker RUN step, an ACE 12 product archive file is decompressed upon unpacking (extracting files from the archive).
Additionally, as part of the construction of an ACE minimal image, during this file extraction process certain files and folders are ignored (excluded) and so not written to folder: /opt/ibm.
All exclusions are defined within a composite exclusion file: /tmp/all-excludes.txt. See tar command below:
tar zx --exclude-from=/tmp/all-excludes.txt --directory /opt/ibm
2. Extend ACE 12.0.4.0 (open beta) ibmint command to support a new "optimize image" subcommand.
ACE 12.0.4.0 (open beta) extended behaviour tied to the existing ibmint command, by introducing the new "optimize server" subcommand.
This subcommand targets an integration server’s work directory content, examining all run content such as flows, policies, config etc.
Based on this examination the command generates a “server.components.yaml” file, which is used to disable any server runtime components on start-up, that are not being used.
The proposal here is to further extend the ibmint command, by introducing the new "optimize image" subcommand.
This subcommand would mirror the exact behaviour of the "optimize server" subcommand and as such would again generate a server.components.yaml.
However, this subcommand would use the results recorded in the server.components.yaml file to additionally generate a docker minimal 'all-excludes.txt' exclusions file.
Knowing what server runtime components will be disabled on start-up also enables us to know which files and folders should be excluded from the base image which will host the examined integration server content.
Supporting these enhancements would allow organizations to leverage the minimal ‘’ bespoke” image and add only what is required.
RFE Review. Thank you for taking the time to submit this idea for enhancement, and we're pleased to hear that you have been looking at our open beta. ACEv12.0.4.0 (GA not Open Beta) did include the ibmint optimize server command, and this is now a supported part of the product (you can check out the tutorial in the Toolkit for a worked example too!). This command enables users to construct a yaml file which controls which parts of the runtime are not needed, based upon the currently deployed artifacts. We have further plans in this area to extend our capabilities to also influence the actual files which are required in a built container image. Given the current advances and wide-ranging suggestions in the idea, we are marking this one as delivered, but as ever would love to continue the discussion with you as we drive some of the other enhancements mentioned above into the GA vehicle potentially in 12.0.5.0 and beyond.