Merged in DCD-545-confluence-dc-updates (pull request #38)

DCD-545: Confluence Docker DB/cluster configuration updates Approved-by: Dave Chevell <dchevell@atlassian.com> Approved-by: Minh Tran <mtran@atlassian.com> Approved-by: Joe Xie <jxie@atlassian.com> Approved-by: Adam Brokes <abrokes@atlassian.com>
2024-08-30 18:22:16 +00:00 · 2019-08-18 23:06:14 +00:00
parent 26d7047500 776f73ec81
commit a4b7fde2b6
15 changed files with 868 additions and 220 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1,3 +1,2 @@
 .git
 scripts
 .idea
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 __pycache__/
 Pipfile
 Pipfile.lock
--- a/39
+++ b/39
@ -1,7 +1,9 @@
 FROM adoptopenjdk/openjdk8:slim
-ENV RUN_USER            					daemon
+ENV RUN_USER							confluence
-ENV RUN_GROUP           					daemon
+ENV RUN_GROUP							confluence
 ENV RUN_UID							2002
 ENV RUN_GID							2002
 # https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html
 ENV CONFLUENCE_HOME          				/var/atlassian/application-data/confluence
@ -14,25 +16,32 @@ WORKDIR $CONFLUENCE_HOME
 EXPOSE 8090
 EXPOSE 8091
-CMD ["/entrypoint.sh", "-fg"]
+CMD ["/entrypoint.py", "-fg"]
-ENTRYPOINT ["/tini", "--"]
+ENTRYPOINT ["/sbin/tini", "--"]
 RUN apt-get update \
-	&& apt-get install -y --no-install-recommends fontconfig \
+	&& apt-get install -y --no-install-recommends fontconfig python3 python3-jinja2 \
 	&& apt-get clean autoclean && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*
 ARG TINI_VERSION=v0.18.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
+ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
-RUN chmod +x /tini
+RUN chmod +x /sbin/tini
 COPY entrypoint.sh              			/entrypoint.sh
 ARG CONFLUENCE_VERSION
 ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
-RUN mkdir -p                             	${CONFLUENCE_INSTALL_DIR} \
+RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
-    && curl -L --silent                  	${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
+    && useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} ${RUN_USER} \
-    && chown -R ${RUN_USER}:${RUN_GROUP} 	${CONFLUENCE_INSTALL_DIR}/ \
+    \
-    && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \
+    && mkdir -p                       	 ${CONFLUENCE_INSTALL_DIR} \
-    && sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
+    && curl -L --silent                  ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
-    && sed -i -e 's/Context path=""/Context path="${catalinaContextPath}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml
+    && chmod -R "u=rwX,g=rX,o=rX"        ${CONFLUENCE_INSTALL_DIR}/ \
    && chown -R root.                    ${CONFLUENCE_INSTALL_DIR}/ \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
    \
    && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh
 COPY entrypoint.py              			/entrypoint.py
 COPY config/*						/opt/atlassian/etc/
--- a/43
+++ b/43
@ -1,25 +1,25 @@
 FROM adoptopenjdk/openjdk8:alpine
 MAINTAINER Atlassian Confluence
-ENV RUN_USER            daemon
+ENV RUN_USER							confluence
-ENV RUN_GROUP           daemon
+ENV RUN_GROUP							confluence
 ENV RUN_UID							2002
 ENV RUN_GID							2002
 # https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html
-ENV CONFLUENCE_HOME          /var/atlassian/application-data/confluence
+ENV CONFLUENCE_HOME          				/var/atlassian/application-data/confluence
-ENV CONFLUENCE_INSTALL_DIR   /opt/atlassian/confluence
+ENV CONFLUENCE_INSTALL_DIR   				/opt/atlassian/confluence
 VOLUME ["${CONFLUENCE_HOME}"]
 WORKDIR $CONFLUENCE_HOME
 # Expose HTTP and Synchrony ports
 EXPOSE 8090
 EXPOSE 8091
-WORKDIR $CONFLUENCE_HOME
+CMD ["/entrypoint.py", "-fg"]
 CMD ["/entrypoint.sh", "-fg"]
 ENTRYPOINT ["/sbin/tini", "--"]
-RUN apk add --no-cache ca-certificates wget curl openssh bash procps openssl perl ttf-dejavu tini
+RUN apk add --no-cache ca-certificates wget curl openssh bash procps openssl perl ttf-dejavu tini python3 py3-jinja2
 # Workaround for AdoptOpenJDK Alpine fontconfig bug
 RUN ln -s /usr/lib/libfontconfig.so.1 /usr/lib/libfontconfig.so \
@ -27,14 +27,21 @@ RUN ln -s /usr/lib/libfontconfig.so.1 /usr/lib/libfontconfig.so \
    && ln -s /lib/libc.musl-x86_64.so.1 /usr/lib/libc.musl-x86_64.so.1
 ENV LD_LIBRARY_PATH /usr/lib
 COPY entrypoint.sh              /entrypoint.sh
 ARG CONFLUENCE_VERSION
-ARG DOWNLOAD_URL=http://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
+ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
-RUN mkdir -p                             ${CONFLUENCE_INSTALL_DIR} \
+RUN addgroup -g ${RUN_GID} ${RUN_GROUP} \
-    && curl -L --silent                  ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "$CONFLUENCE_INSTALL_DIR" \
+    && adduser -u ${RUN_UID} -G ${RUN_GROUP} -h ${CONFLUENCE_HOME} -D ${RUN_USER} \
-    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/ \
+    \
-    && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \
+    && mkdir -p                          ${CONFLUENCE_INSTALL_DIR} \
-    && sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml  \
+    && curl -L --silent                  ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
-    && sed -i -e 's/Context path=""/Context path="${catalinaContextPath}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml
+    && chmod -R "u=rwX,g=rX,o=rX"        ${CONFLUENCE_INSTALL_DIR}/ \
    && chown -R root.                    ${CONFLUENCE_INSTALL_DIR}/ \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
    && chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
    \
    && sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh
 COPY entrypoint.py              			/entrypoint.py
 COPY config/*						/opt/atlassian/etc/
--- a/13
+++ b/13
@ -0,0 +1,13 @@
 Copyright © 2019 Atlassian Corporation Pty Ltd.
 Licensed under the Apache License, Version 2.0 (the "License"); you
 may not use this file except in compliance with the License. You may
 obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0.
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 implied. See the License for the specific language governing
 permissions and limitations under the License.
--- a/README.md
+++ b/README.md
@ -1,6 +1,11 @@
-![Atlassian Confluence Server](https://www.atlassian.com/dam/wac/legacy/confluence_logo_landing.png)
+[Atlassian Confluence Server][1]
-Confluence Server is where you create, organise and discuss work with your team. Capture the knowledge that's too often lost in email inboxes and shared network drives in Confluence <20> where it's easy to find, use, and update. Give every team, project, or department its own space to create the things they need, whether it's meeting notes, product requirements, file lists, or project plans, you can get more done in Confluence.
+Confluence Server is where you create, organise and discuss work with your
 team. Capture the knowledge that's too often lost in email inboxes and shared
 network drives in Confluence <20> where it's easy to find, use, and update. Give
 every team, project, or department its own space to create the things they need,
 whether it's meeting notes, product requirements, file lists, or project plans,
 you can get more done in Confluence.
 Learn more about Confluence Server: <https://www.atlassian.com/software/confluence>
@ -8,30 +13,38 @@ You can find the repository for this Dockerfile at <https://hub.docker.com/r/atl
 # Overview
-This Docker container makes it easy to get an instance of Confluence up and running.
+This Docker container makes it easy to get an instance of Confluence up and
 running.
 # Quick Start
-For the directory in the environmental variable `CONFLUENCE_HOME` that is used to store Confluence data
+For the directory in the environmental variable `CONFLUENCE_HOME` that is used
-(amongst other things) we recommend mounting a host directory as a [data volume](https://docs.docker.com/userguide/dockervolumes/#mount-a-host-directory-as-a-data-volume):
+to store Confluence data (amongst other things) we recommend mounting a host
 directory as a [data volume][2]:
 Additionally, if running Confluence in Data Center mode it is required that a
 shared filesystem is mounted. The mountpoint (inside the container) can be
 configured with `CONFLUENCE_SHARED_HOME`.
 Start Atlassian Confluence Server:
    $> docker run -v /data/your-confluence-home:/var/atlassian/application-data/confluence --name="confluence" -d -p 8090:8090 -p 8091:8091 atlassian/confluence-server
-**Success**. Confluence is now available on [http://localhost:8090](http://localhost:8090)*
+**Success**. Confluence is now available on <http://localhost:8090>*
-Please ensure your container has the necessary resources allocated to it.
+Please ensure your container has the necessary resources allocated to it.  We
-We recommend 2GiB of memory allocated to accommodate the application server.
+recommend 2GiB of memory allocated to accommodate the application server.  See
-See [Supported Platforms](https://confluence.atlassian.com/display/DOC/Supported+platforms) for further information.
+[Supported Platforms][4] for further information.
 _* Note: If you are using `docker-machine` on Mac OS X, please use `open http://$(docker-machine ip default):8090` instead._
 ## Memory / Heap Size
-If you need to override Confluence Server's default memory allocation, you can control the minimum heap (Xms) and maximum heap (Xmx) via the below environment variables.
+If you need to override Confluence Server's default memory allocation, you can
 control the minimum heap (Xms) and maximum heap (Xmx) via the below environment
 variables.
 * `JVM_MINIMUM_MEMORY` (default: 1024m)
@ -41,33 +54,59 @@ If you need to override Confluence Server's default memory allocation, you can c
   The maximum heap size of the JVM
-## Reverse Proxy Settings
+## Tomcat and Reverse Proxy Settings
-If Confluence is run behind a reverse proxy server, then you need to specify extra options to make Confluence aware of the setup. They can be controlled via the below environment variables.
+If Confluence is run behind a reverse proxy server (e.g. a load-balancer or
 nginx server), then you need to specify extra options to make Confluence aware
 of the setup. They can be controlled via the below environment variables.
-* `CATALINA_CONNECTOR_PROXYNAME` (default: NONE)
+* `ATL_PROXY_NAME` (default: NONE)
-   The reverse proxy's fully qualified hostname.
+   The reverse proxy's fully qualified hostname. `CATALINA_CONNECTOR_PROXYNAME`
   is also supported for backwards compatability.
-* `CATALINA_CONNECTOR_PROXYPORT` (default: NONE)
+* `ATL_PROXY_PORT` (default: NONE)
-   The reverse proxy's port number via which Confluence is accessed.
+   The reverse proxy's port number via which Confluence is
   accessed. `CATALINA_CONNECTOR_PROXYPORT` is also supported for backwards
   compatability.
-* `CATALINA_CONNECTOR_SCHEME` (default: http)
+* `ATL_TOMCAT_PORT` (default: 8090)
-   The protocol via which Confluence is accessed.
+   The port for Tomcat/Confluence to listen on. Depending on your container
   deployment method this port may need to be 
   [exposed and published][docker-expose].
-* `CATALINA_CONNECTOR_SECURE` (default: false)
+* `ATL_TOMCAT_SCHEME` (default: http)
-   Set 'true' if CATALINA_CONNECTOR_SCHEME is 'https'.
+   The protocol via which Confluence is accessed. `CATALINA_CONNECTOR_SCHEME` is also
   supported for backwards compatability.
-* `CATALINA_CONTEXT_PATH` (default: NONE)
+* `ATL_TOMCAT_SECURE` (default: false)
-   The context path the application is served over.
+   Set 'true' if `ATL_TOMCAT_SCHEME` is 'https'. `CATALINA_CONNECTOR_SECURE` is
   also supported for backwards compatability.
 * `ATL_TOMCAT_CONTEXTPATH` (default: NONE)
   The context path the application is served over. `CATALINA_CONTEXT_PATH` is
   also supported for backwards compatability.
 The following Tomcat/Catalina options are also supported. For more information,
 see https://tomcat.apache.org/tomcat-7.0-doc/config/index.html.
 * `ATL_TOMCAT_MGMT_PORT` (default: 8000)
 * `ATL_TOMCAT_MAXTHREADS` (default: 100)
 * `ATL_TOMCAT_MINSPARETHREADS` (default: 10)
 * `ATL_TOMCAT_CONNECTIONTIMEOUT` (default: 20000)
 * `ATL_TOMCAT_ENABLELOOKUPS` (default: false)
 * `ATL_TOMCAT_PROTOCOL` (default: HTTP/1.1)
 * `ATL_TOMCAT_ACCEPTCOUNT` (default: 10)
 ## JVM configuration
-If you need to pass additional JVM arguments to Confluence such as specifying a custom trust store, you can add them via the below environment variable
+If you need to pass additional JVM arguments to Confluence such as specifying a
 custom trust store, you can add them via the below environment variable
 * `JVM_SUPPORT_RECOMMENDED_ARGS`
@ -75,13 +114,135 @@ If you need to pass additional JVM arguments to Confluence such as specifying a
 Example:
-    $> docker run -e JVM_SUPPORT_RECOMMENDED_ARGS=-Djavax.net.ssl.trustStore=/var/atlassian/application-data/confluence/cacerts -v confluenceVolume:/var/atlassian/application-data/confluence --name="confluence" -d -p 8090:8090 -p 8091:8091 atlassian/confluence-server
+    docker run -e JVM_SUPPORT_RECOMMENDED_ARGS=-Djavax.net.ssl.trustStore=/var/atlassian/application-data/confluence/cacerts -v confluenceVolume:/var/atlassian/application-data/confluence --name="confluence" -d -p 8090:8090 -p 8091:8091 atlassian/confluence-server
 ## Confluence-specific settings
 * `ATL_AUTOLOGIN_COOKIE_AGE` (default: 1209600; two weeks, in seconds)
   The maximum time a user can remain logged-in with 'Remember Me'.
 * `CONFLUENCE_HOME`
   The confluence home directory. This may be on an mounted volume; if so it
   should be writable by the user `confluence`. See note below about UID
   mappings.
 ## Database configuration
 It is optionally possible to configure the database from the environment,
 avoiding the need to do so through the web startup screen.
 The following variables are all must all be supplied if using this feature:
 * `ATL_JDBC_URL`
   The database URL; this is database-specific.
 * `ATL_JDBC_USER`
   The database user to connect as.
 * `ATL_JDBC_PASSWORD`
   The password for the database user.
 * `ATL_DB_TYPE`
   The type of database; valid supported values are:
   * `mssql`
   * `mysql`
   * `oracle12c`
   * `postgresql`
 The following variables are for the database connection pool, and are
 optional.
 * `ATL_DB_POOLMINSIZE` (default: 20)
 * `ATL_DB_POOLMAXSIZE` (default: 100)
 * `ATL_DB_TIMEOUT` (default: 30)
 * `ATL_DB_IDLETESTPERIOD` (default: 100)
 * `ATL_DB_MAXSTATEMENTS` (default: 0)
 * `ATL_DB_VALIDATE` (default: false)
 * `ATL_DB_ACQUIREINCREMENT` (default: 1)
 * `ATL_DB_VALIDATIONQUERY` (default: "select 1")
 ## Data Center configuration
 This docker image can be run as part of a [Data Center][5] cluster. You can
 specify the following properties to start Confluence as a Data Center node,
 instead of manually configuring a cluster. See [Installing Confluence Data
 Center][6] for more information.
 ### Cluster configuration
 Confluence Data Center allows clustering via various methods. For more
 information on the setting for each type see [this page][7].
 **NOTE:** The underlying network should be set-up to support the Confluence
 clustering type you are using. How to do this depends on the container
 management technology, and is beyond the scope of this documentation.
 #### Common cluster settings
 * `ATL_CLUSTER_TYPE`
   The cluster type. Setting this effectively enables clustering. Valid values
   are `aws`, `multicast`, and `tcp_ip`.
 * `ATL_CLUSTER_NAME`
   The cluster name; this should be common across all nodes.
 * `ATL_PRODUCT_HOME_SHARED`
   The location of the shared home directory for all Confluence nodes. **Note**:
   This must be real shared filesystem that is mounted inside the
   container. Additionally, see the note about UIDs.
 * `ATL_CLUSTER_TTL`
   The time-to-live for cluster packets. Primarily of use in multicast clusters.
 #### AWS cluster settings
   The following should be populated from the AWS environment.
 * `ATL_HAZELCAST_NETWORK_AWS_IAM_ROLE`
 * `ATL_HAZELCAST_NETWORK_AWS_IAM_REGION`
 * `ATL_HAZELCAST_NETWORK_AWS_HOST_HEADER`
 * `ATL_HAZELCAST_NETWORK_AWS_SECURITY_GROUP`
 * `ATL_HAZELCAST_NETWORK_AWS_TAG_KEY`
 * `ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE`
 #### TCP cluster settings
 * `ATL_CLUSTER_PEERS`
   A comma-separated list of peer IPs.
 #### Multicast cluster settings
 * `ATL_CLUSTER_ADDRESS`
   The multicast address the cluster will communicate on.
 # Shared directory and user IDs
 By default the Confuence application runs as the user `confluence`, with a UID
 and GID of 2002. Consequently this UID must have write access to the shared
 filesystem. If for some reason a different UID must be used, there are a number
 of options available:
 * The Docker image can be rebuilt with a different UID.
 * Under Linux, the UID can be remapped using 
  [user namespace remapping][8].
 # Upgrade
-To upgrade to a more recent version of Confluence Server you can simply stop the `Confluence`
+To upgrade to a more recent version of Confluence Server you can simply stop the
-container and start a new one based on a more recent image:
+`Confluence` container and start a new one based on a more recent image:
    $> docker stop confluence
    $> docker rm confluence
@ -95,42 +256,58 @@ container and its volumes using the `-v` option._
 # Backup
-For evaluating Confluence you can use the built-in database that will store its files in the Confluence Server home directory. In that case it is sufficient to create a backup archive of the directory on the host that is used as a volume (`/data/your-confluence-home` in the example above).
+For evaluating Confluence you can use the built-in database that will store its
 files in the Confluence Server home directory. In that case it is sufficient to
 create a backup archive of the directory on the host that is used as a volume
 (`/data/your-confluence-home` in the example above).
-Confluence's [automatic backup](https://confluence.atlassian.com/display/DOC/Configuring+Backups) is currently supported in the Docker setup. You can also use the [Production Backup Strategy](https://confluence.atlassian.com/display/DOC/Production+Backup+Strategy) approach if you're using an external database.
+Confluence's [automatic backup][9] is currently supported in the Docker
 setup. You can also use the [Production Backup Strategy][10] approach if you're
 using an external database.
-Read more about data recovery and backups: [Site Backup and Restore](https://confluence.atlassian.com/display/DOC/Site+Backup+and+Restore)
+Read more about data recovery and backups: [Site Backup and Restore][11]
 # Versioning
 The `latest` tag matches the most recent release of Atlassian Confluence Server.
-So `atlassian/confluence-server:latest` will use the newest stable version of Confluence Server available.
+So `atlassian/confluence-server:latest` will use the newest stable version of
 Confluence Server available.
-Alternatively, you can use a specific minor version of Confluence Server by using a version number
+Alternatively, you can use a specific minor version of Confluence Server by
-tag: `atlassian/confluence-server:6.13`. This will install the latest `6.13.x` version that
+using a version number tag: `atlassian/confluence-server:6.13`. This will
-is available.
+install the latest `6.13.x` version that is available.
-For the latest developer (EAP) release use `atlassian/confluence-server:eap`. This will install our latest milestone (not supported for use in production).
+For the latest developer (EAP) release use
 `atlassian/confluence-server:eap`. This will install our latest milestone (not
 supported for use in production).
-By default our Docker image uses OpenJDK, which is not supported for production sites. However we do provide a fully supported Docker image that uses AdoptOpenJDK 8. These images are tagged with the suffix `ubuntu-18.04-adoptopenjdk8` together with the Confluence version.
+For example, `atlassian/confluence-server:6.13-ubuntu-18.04-adoptopenjdk8` will
-
+install the latest 6.13.x version with AdoptOpenJDK 8.
 For example, `atlassian/confluence-server:6.13-ubuntu-18.04-adoptopenjdk8` will install the latest 6.13.x version with AdoptOpenJDK 8.
 # Known Problems
 In Mac OS X with Docker version 1.11.0, when running with docker-machine, there is a bug where the directory specified for `CONFLUENCE_HOME` in a volume mount will not have the correct permission, and thus startup fails with a permission denied error:
     Error writing state to confluence.cfg.xml
 com.atlassian.config.ConfigurationException: Couldn't save confluence.cfg.xml to /var/atlassian/confluence-home directory.
 See https://github.com/docker/docker/issues/4023 for details.
 To work around this issue, use a different host operating system other than Mac OSX until a newer release of Docker fixes this issue.
 # Support
-This Docker image is great for evaluating Confluence. However, it does not use an Oracle JDK due to licensing constraints. Instead, it uses OpenJDK which is not supported for running Confluence in production.
+These Confluence Docker images are presented as a technical preview, and not
 recommended for critical production deployments. However if you are interested
 in deploying with containers we would be interested in hearing your feedback.
-To meet our supported platform requirements, you'll need to either:
+Note that these images are built on the [AdoptOpenJDK][12] images. Prior to
 Confluence 6.13 OpenJDK was not a supported platform. See [the 6.13
 release-notes][13] for more information.
-* build your own image based on [Oracle JDK](https://github.com/oracle/docker-images/tree/master/OracleJDK). See [Update the Confluence Docker image to use Oracle JDK ](https://confluence.atlassian.com/display/CONFKB/Update+the+Confluence+Docker+image+to+use+Oracle+JDK) for more info.
+# License
 * use our image that is based on AdoptOpenJDK 8, which is fully supported for Confluence 6.13 and later. These images are tagged with the suffix `ubuntu-18.04-adoptopenjdk8` together with the Confluence version.
 Copyright <20> 2019 Atlassian Corporation Pty Ltd.
 Licensed under the Apache License, Version 2.0.
 [1]: https://www.atlassian.com/dam/wac/legacy/confluence_logo_landing.png
 [2]: https://docs.docker.com/userguide/dockervolumes/#mount-a-host-directory-as-a-data-volume
 [4]: https://confluence.atlassian.com/display/DOC/Supported+platforms
 [5]: https://confluence.atlassian.com/doc/confluence-data-center-technical-overview-790795847.html
 [6]: https://confluence.atlassian.com/doc/installing-confluence-data-center-203603.html
 [7]: https://confluence.atlassian.com/doc/change-node-discovery-from-multicast-to-tcp-ip-or-aws-792297728.html#ChangeNodeDiscoveryfromMulticasttoTCP/IPorAWS-TochangefromTCP/IPtomulticast
 [8]: https://docs.docker.com/engine/security/userns-remap/
 [9]: https://confluence.atlassian.com/display/DOC/Configuring+Backups
 [10]: https://confluence.atlassian.com/display/DOC/Production+Backup+Strategy
 [11]: https://confluence.atlassian.com/display/DOC/Site+Backup+and+Restore
 [12]: https://adoptopenjdk.net/
 [13]: https://confluence.atlassian.com/doc/confluence-6-13-release-notes-959288785.html
--- a/config/confluence-init.properties.j2
+++ b/config/confluence-init.properties.j2
@ -0,0 +1 @@
 confluence.home = {{ atl_product_home | default(confluence_home) | default('') }}
--- a/config/confluence.cfg.xml.j2
+++ b/config/confluence.cfg.xml.j2
@ -0,0 +1,68 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <confluence-configuration>
  <setupStep>setupstart</setupStep>
  <setupType>custom</setupType>
  <buildNumber>0</buildNumber>
  <properties>
    <property name="confluence.database.connection.type">database-type-standard</property>
    <property name="webwork.multipart.saveDir">${localHome}/temp</property>
    <property name="attachments.dir">${confluenceHome}/attachments</property>
    {% if atl_jdbc_url is defined %}
      {% set databases =  {
           "mysql": ["com.mysql.jdbc.Driver", "MySQLDialect"],
           "postgresql": ["org.postgresql.Driver", "PostgreSQLDialect"],
           "mssql": ["com.microsoft.sqlserver.jdbc.SQLServerDriver", "SQLServerDialect"],
           "oracle12c": ["oracle.jdbc.driver.OracleDriver", "OracleDialect"]
          } %}
      <property name="confluence.database.choice">{{ atl_db_type }}</property>
      <property name="hibernate.connection.url">{{ atl_jdbc_url }}</property>
      <property name="hibernate.connection.username">{{ atl_jdbc_user }}</property>
      <property name="hibernate.connection.password">{{ atl_jdbc_password }}</property>
      <property name="hibernate.connection.driver_class">{{ databases[atl_db_type][0] }}</property>
      <property name="hibernate.dialect">com.atlassian.confluence.impl.hibernate.dialect.{{ databases[atl_db_type][1] }}</property>
      <property name="hibernate.c3p0.min_size">{{ atl_db_poolminsize | default('20') }}</property>
      <property name="hibernate.c3p0.max_size">{{ atl_db_poolmaxsize | default('100') }}</property>
      <property name="hibernate.c3p0.timeout">{{ atl_db_timeout | default('30') }}</property>
      <property name="hibernate.c3p0.idle_test_period">{{ atl_db_idletestperiod | default('100') }}</property>
      <property name="hibernate.c3p0.max_statements">{{ atl_db_maxstatements | default('0') }}</property>
      <property name="hibernate.c3p0.validate">{{ atl_db_validate | default('false') }}</property>
      <property name="hibernate.c3p0.acquire_increment">{{ atl_db_acquireincrement | default('1') }}</property>
      <property name="hibernate.c3p0.preferredTestQuery">{{ atl_db_validationquery | default('select 1') }}</property>
    {% endif %}
    {% if atl_cluster_type is defined %}
      <property name="confluence.cluster">true</property>
      <property name="confluence.cluster.name">{{ atl_cluster_name }}</property>
      <property name="confluence.cluster.node.name">{{ atl_cluster_node_name }}</property>
      <property name="confluence.cluster.home">{{ atl_product_home_shared | default(confluence_shared_home) | default('') }}</property>
      <property name="shared-home">{{ atl_product_home_shared | default(confluence_shared_home) | default('') }}</property>
      <property name="confluence.cluster.join.type">{{ atl_cluster_type }}</property>
      {% if atl_cluster_type == 'aws' %}
        <property name="confluence.cluster.aws.iam.role">{{ atl_hazelcast_network_aws_iam_role }}</property>
        <property name="confluence.cluster.aws.region">{{ atl_hazelcast_network_aws_iam_region }}</property>
        <property name="confluence.cluster.aws.host.header">{{ atl_hazelcast_network_aws_host_header }}</property>
        <property name="confluence.cluster.aws.security.group.name">{{ atl_hazelcast_network_aws_security_group }}</property>
        <property name="confluence.cluster.aws.tag.key">{{ atl_hazelcast_network_aws_tag_key }}</property>
        <property name="confluence.cluster.aws.tag.value">{{ atl_hazelcast_network_aws_tag_value }}</property>
        <property name="confluence.cluster.ttl">{{ atl_cluster_ttl }}</property>
      {% elif atl_cluster_type == 'tcp_ip' %}
        <property name="confluence.cluster.peers">{{ atl_cluster_peers }}</property>
      {% elif atl_cluster_type == 'multicast' %}
        <property name="confluence.cluster.address">{{ atl_cluster_address }}</property>
        <property name="confluence.cluster.ttl">{{ atl_cluster_ttl }}</property>
      {% endif %}
    {% endif %}
  </properties>
 </confluence-configuration>
--- a/config/seraph-config.xml.j2
+++ b/config/seraph-config.xml.j2
@ -0,0 +1,71 @@
 <security-config>
    <parameters>
        <init-param>
            <param-name>login.url</param-name>
            <param-value>/login.action?os_destination=${originalurl}&amp;permissionViolation=true</param-value>
        </init-param>
        <init-param>
            <param-name>link.login.url</param-name>
            <param-value>/login.action</param-value>
        </init-param>
        <init-param>
            <param-name>cookie.encoding</param-name>
            <param-value>cNf</param-value>
        </init-param>
        <init-param>
            <param-name>login.cookie.key</param-name>
            <param-value>seraph.confluence</param-value>
        </init-param>
        {% if atl_autologin_cookie_age is defined %}
          <init-param>
              <param-name>autologin.cookie.age</param-name>
              <param-value>{{ atl_autologin_cookie_age }}</param-value>
          </init-param>
        {% endif %}
        <!--only basic authentication available-->
        <init-param>
            <param-name>authentication.type</param-name>
            <param-value>os_authType</param-value>
        </init-param>
        <!-- Invalidate session on login to prevent session fixation attack -->
         <init-param>
            <param-name>invalidate.session.on.login</param-name>
            <param-value>true</param-value>
        </init-param>
        <!-- Add names for session attributes that must not be copied to a new session when the old one gets invalidated.
          Currently it is empty (i.e. all attributes will be copied). -->
        <init-param>
            <param-name>invalidate.session.exclude.list</param-name>
            <param-value></param-value>
        </init-param>
    </parameters>
    <rolemapper class="com.atlassian.confluence.security.ConfluenceRoleMapper"/>
    <controller class="com.atlassian.confluence.setup.seraph.ConfluenceSecurityController"/>
    <!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
    <authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
    <!-- Custom authenticators appear below. To enable one of them, comment out the default authenticator above and uncomment the one below. -->
    <!-- Authenticator with support for Crowd single-sign on (SSO). -->
    <!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
    <!-- Specialised version of the default authenticator which adds authenticated users to confluence-users if they aren't already a member. -->
    <!-- <authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/> -->
    <services>
        <service class="com.atlassian.seraph.service.PathService">
            <init-param>
                <param-name>config.file</param-name>
                <param-value>seraph-paths.xml</param-value>
            </init-param>
        </service>
    </services>
    <elevatedsecurityguard class="com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard"/>
 </security-config>
--- a/config/server.xml.j2
+++ b/config/server.xml.j2
@ -0,0 +1,70 @@
 <?xml version="1.0" encoding="utf-8"?>
 <Server port="{{ atl_tomcat_mgmt_port | default('8000') }}"
        shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
  <Listener className="org.apache.catalina.core.AprLifecycleListener"
            SSLEngine="on"/>
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
  <Service name="Catalina">
    <Connector port="{{ atl_tomcat_port | default('8090') }}"
               maxThreads="{{ atl_tomcat_maxthreads | default('100') }}"
               minSpareThreads="{{ atl_tomcat_minsparethreads | default('10') }}"
               connectionTimeout="{{ atl_tomcat_connectiontimeout | default('20000') }}"
               enableLookups="{{ atl_tomcat_enablelookups | default('false') }}"
               protocol="{{ atl_tomcat_protocol | default('HTTP/1.1') }}"
               redirectPort="{{ atl_tomcat_redirectport | default('8443') }}"
               acceptCount="{{ atl_tomcat_acceptcount | default('10') }}"
               secure="{{ atl_tomcat_secure | default(catalina_connector_secure) | default('false') }}"
               scheme="{{ atl_tomcat_scheme | default(catalina_connector_scheme) | default('http') }}"
               proxyName="{{ atl_proxy_name | default(catalina_connector_proxyname) | default('') }}"
               proxyPort="{{ atl_proxy_port | default(catalina_connector_proxyport) | default('') }}"
               relaxedPathChars="[]|"
               relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;"
               bindOnInit="false"
               maxHttpHeaderSize="8192"
               useBodyEncodingForURI="true"
               disableUploadTimeout="true" />
    <Engine name="Standalone"
            defaultHost="localhost"
            debug="0">
      <Host name="localhost"
            debug="0"
            appBase="webapps"
            unpackWARs="true"
            autoDeploy="false"
            startStopThreads="4">
        <Context path="{{ atl_tomcat_contextpath | default(catalina_context_path) | default('') }}"
                 docBase="../confluence"
                 debug="0"
                 reloadable="false"
                 useHttpOnly="true">
          <!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
          <Manager pathname=""/>
          <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
                 threshold="60"/>
        </Context>
        <Context path="${confluence.context.path}/synchrony-proxy"
                 docBase="../synchrony-proxy"
                 debug="0"
                 reloadable="false"
                 useHttpOnly="true">
          <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
                 threshold="60"/>
        </Context>
      </Host>
    </Engine>
  </Service>
 </Server>
--- a/entrypoint.py
+++ b/entrypoint.py
@ -0,0 +1,77 @@
 #!/usr/bin/python3
 import sys
 import os
 import shutil
 import logging
 import jinja2 as j2
 ######################################################################
 # Utils
 logging.basicConfig(level=logging.DEBUG)
 def set_perms(path, user, group, mode):
    shutil.chown(path, user=user, group=group)
    os.chmod(path, mode)
 # Setup Jinja2 for templating
 jenv = j2.Environment(
    loader=j2.FileSystemLoader('/opt/atlassian/etc/'),
    autoescape=j2.select_autoescape(['xml']))
 def gen_cfg(tmpl, target, env, user='root', group='root', mode=0o644):
    logging.info(f"Generating {target} from template {tmpl}")
    cfg = jenv.get_template(tmpl).render(env)
    with open(target, 'w') as fd:
        fd.write(cfg)
    set_perms(target, user, group, mode)
 ######################################################################
 # Setup inputs and outputs
 # Import all ATL_* and Dockerfile environment variables. We lower-case
 # these for compatability with Ansible template convention. We also
 # support CATALINA variables from older versions of the Docker images
 # for backwards compatability, if the new version is not set.
 env = {k.lower(): v
       for k, v in os.environ.items()
       if k.startswith(('ATL_', 'CONFLUENCE_', 'RUN_', 'CATALINA_'))}
 ######################################################################
 # Generate all configuration files for Confluence
 gen_cfg('server.xml.j2',
        f"{env['confluence_install_dir']}/conf/server.xml", env)
 gen_cfg('seraph-config.xml.j2',
        f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/seraph-config.xml", env)
 gen_cfg('confluence-init.properties.j2',
        f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/confluence-init.properties", env)
 gen_cfg('confluence.cfg.xml.j2',
        f"{env['confluence_home']}/confluence.cfg.xml", env,
        user=env['run_user'], group=env['run_group'], mode=0o640)
 ######################################################################
 # Start Confluence as the correct user
 start_cmd = f"{env['confluence_install_dir']}/bin/start-confluence.sh"
 if os.getuid() == 0:
    logging.info(f"User is currently root. Will change directory ownership to {env['run_user']} then downgrade permissions")
    set_perms(env['confluence_home'], env['run_user'], env['run_group'], 0o700)
    cmd = '/bin/su'
    start_cmd = ' '.join([start_cmd] + sys.argv[1:])
    args = [cmd, env['run_user'], '-c', start_cmd]
 else:
    cmd = start_cmd
    args = [start_cmd] + sys.argv[1:]
 logging.info(f"Running Confluence with command '{cmd}', arguments {args}")
 os.execv(cmd, args)
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -1,35 +0,0 @@
 #!/bin/bash
 set -euo pipefail
 # Setup Catalina Opts
 : ${CATALINA_CONNECTOR_PROXYNAME:=}
 : ${CATALINA_CONNECTOR_PROXYPORT:=}
 : ${CATALINA_CONNECTOR_SCHEME:=http}
 : ${CATALINA_CONNECTOR_SECURE:=false}
 : ${CATALINA_CONTEXT_PATH:=}
 : ${CATALINA_OPTS:=}
 CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyName=${CATALINA_CONNECTOR_PROXYNAME}"
 CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyPort=${CATALINA_CONNECTOR_PROXYPORT}"
 CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorScheme=${CATALINA_CONNECTOR_SCHEME}"
 CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorSecure=${CATALINA_CONNECTOR_SECURE}"
 CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaContextPath=${CATALINA_CONTEXT_PATH}"
 export CATALINA_OPTS
 # Start Confluence as the correct user
 if [ "${UID}" -eq 0 ]; then
    echo "User is currently root. Will change directory ownership to ${RUN_USER}:${RUN_GROUP}, then downgrade permission to ${RUN_USER}"
    PERMISSIONS_SIGNATURE=$(stat -c "%u:%U:%a" "${CONFLUENCE_HOME}")
    EXPECTED_PERMISSIONS=$(id -u ${RUN_USER}):${RUN_USER}:700
    if [ "${PERMISSIONS_SIGNATURE}" != "${EXPECTED_PERMISSIONS}" ]; then
        chmod -R 700 "${CONFLUENCE_HOME}" &&
            chown -R "${RUN_USER}:${RUN_GROUP}" "${CONFLUENCE_HOME}"
    fi
    # Now drop privileges
    exec su -s /bin/bash "${RUN_USER}" -c "$CONFLUENCE_INSTALL_DIR/bin/start-confluence.sh $@"
 else
    exec "$CONFLUENCE_INSTALL_DIR/bin/start-confluence.sh" "$@"
 fi
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -20,7 +20,6 @@ def docker_cli():
                container.remove(force=True)
@pytest.fixture(scope='module', params=DOCKERFILES)
 def image(request):
    r = requests.get(f'https://marketplace.atlassian.com/rest/2/products/key/{MAC_PRODUCT_KEY}/versions/latest')
--- a/tests/test-requirements.txt
+++ b/tests/test-requirements.txt
@ -17,3 +17,4 @@ urllib3==1.25.3
 wcwidth==0.1.7
 websocket-client==0.56.0
 zipp==0.5.2
 testinfra==3.0.6
--- a/tests/test_image.py
+++ b/tests/test_image.py
@ -2,103 +2,51 @@ import pytest
 import io
 import tarfile
 import testinfra
 import time
 import xml.etree.ElementTree as etree
 import requests
-# Helper function to get a file-like object from an image
+CONF_INSTALL = '/opt/atlassian/confluence'
-def get_fileobj_from_container(container, filepath):
+CONF_HOME = '/var/atlassian/application-data/confluence'
-    time.sleep(0.5) # Give container a moment if just started
+CONF_SHARED_HOME = '/media/atl/confluence/shared-home'
-    stream, stat = container.get_archive(filepath)
+
-    f = io.BytesIO()
+# Run an image and wrap it in a TestInfra host for convenience.
-    for chunk in stream:
+# FIXME: There's probably a way to turn this into a fixture with parameters.
-        f.write(chunk)
+def run_image(docker_cli, image, environment={}, ports={}):
-    f.seek(0)
+    container = docker_cli.containers.run(image, environment=environment, ports=ports, detach=True)
-    with tarfile.open(fileobj=f, mode='r') as tar:
+    return testinfra.get_host("docker://"+container.id)
-        filename = tar.getmembers()[0].name
+
-        file = tar.extractfile(filename)
+# TestInfra's process command doesn't seem to work for arg matching
-    return file
+def get_procs(container):
    ps = container.run('ps -axo args')
    return ps.stdout.split('\n')
 def wait_for_proc(container, proc_str, max_wait=10):
    waited = 0
    while waited < max_wait:
        procs = list(filter(lambda p: proc_str in p, get_procs(container)))
        if len(procs) > 0:
            return procs[0]
        time.sleep(0.1)
        waited += 0.1
    raise TimeoutError("Failed to find target process")
 def wait_for_file(container, path, max_wait=10):
    waited = 0
    while waited < max_wait:
        if container.file(path).exists:
            return
        time.sleep(0.1)
        waited += 0.1
    raise TimeoutError("Failed to find target process")
-# def test_server_xml_defaults(docker_cli, image):
+######################################################################
-#     container = docker_cli.containers.run(image, detach=True)
+# Tests
 #     server_xml = get_fileobj_from_container(container, '/opt/atlassian/jira/conf/server.xml')
 #     xml = etree.parse(server_xml) 
 #     connector = xml.find('.//Connector')
 #     context = xml.find('.//Context')
 #     
 #     assert connector.get('port') == '8090'
 #     assert connector.get('maxThreads') == '200'
 #     assert connector.get('minSpareThreads') == '10'
 #     assert connector.get('connectionTimeout') == '20000'
 #     assert connector.get('enableLookups') == 'false'
 #     assert connector.get('protocol') == 'HTTP/1.1'
 #     assert connector.get('acceptCount') == '10'
 #     assert connector.get('secure') == 'false'
 #     assert connector.get('scheme') == 'http'
 #     assert connector.get('proxyName') == ''
 #     assert connector.get('proxyPort') == ''
 # 
 # 
 # def test_server_xml_params(docker_cli, image):
 #     environment = {
 #         'ATL_TOMCAT_MGMT_PORT': '8006',
 #         'ATL_TOMCAT_PORT': '9090',
 #         'ATL_TOMCAT_MAXTHREADS': '201',
 #         'ATL_TOMCAT_MINSPARETHREADS': '11',
 #         'ATL_TOMCAT_CONNECTIONTIMEOUT': '20001',
 #         'ATL_TOMCAT_ENABLELOOKUPS': 'true',
 #         'ATL_TOMCAT_PROTOCOL': 'HTTP/2',
 #         'ATL_TOMCAT_ACCEPTCOUNT': '11',
 #         'ATL_TOMCAT_SECURE': 'true',
 #         'ATL_TOMCAT_SCHEME': 'https',
 #         'ATL_PROXY_NAME': 'jira.atlassian.com',
 #         'ATL_PROXY_PORT': '443',
 #         'ATL_TOMCAT_CONTEXTPATH': '/myjira',
 #     }
 #     container = docker_cli.containers.run(image, environment=environment, detach=True)
 #     server_xml = get_fileobj_from_container(container, '/opt/atlassian/jira/conf/server.xml')
 #     xml = etree.parse(server_xml)
 #     server = xml.getroot()
 #     connector = xml.find('.//Connector')
 #     context = xml.find('.//Context')
 #     
 #     assert server.get('port') == environment.get('ATL_TOMCAT_MGMT_PORT')
 #     
 #     assert connector.get('port') == environment.get('ATL_TOMCAT_PORT')
 #     assert connector.get('maxThreads') == environment.get('ATL_TOMCAT_MAXTHREADS')
 #     assert connector.get('minSpareThreads') == environment.get('ATL_TOMCAT_MINSPARETHREADS')
 #     assert connector.get('connectionTimeout') == environment.get('ATL_TOMCAT_CONNECTIONTIMEOUT')
 #     assert connector.get('enableLookups') == environment.get('ATL_TOMCAT_ENABLELOOKUPS')
 #     assert connector.get('protocol') == environment.get('ATL_TOMCAT_PROTOCOL')
 #     assert connector.get('acceptCount') == environment.get('ATL_TOMCAT_ACCEPTCOUNT')
 #     assert connector.get('secure') == environment.get('ATL_TOMCAT_SECURE')
 #     assert connector.get('scheme') == environment.get('ATL_TOMCAT_SCHEME')
 #     assert connector.get('proxyName') == environment.get('ATL_PROXY_NAME')
 #     assert connector.get('proxyPort') == environment.get('ATL_PROXY_PORT')
 #     
 #     assert context.get('path') == environment.get('ATL_TOMCAT_CONTEXTPATH')
 # 
 # 
 # def test_confluence_cfg_xml_defaults(docker_cli, image):
 #     environment = {
 #     
 #     }
 #     container = docker_cli.containers.run(image, environment=environment, detach=True)
 #     confluence_cfg_xml = get_fileobj_from_container(container, '/var/atlassian/application-data/confluence/confluence.cfg.xml')
 #     xml = etree.parse(confluence_cfg_xml)
 #     
 # 
 # def test_confluence_cfg_xml_params(docker_cli, image):
 #     environment = {
 #     
 #     }
 #     container = docker_cli.containers.run(image, environment=environment, detach=True)
 #     confluence_cfg_xml = get_fileobj_from_container(container, '/var/atlassian/application-data/confluence/confluence.cfg.xml')
 #     xml = etree.parse(confluence_cfg_xml)
 def test_jvm_args(docker_cli, image):
    environment = {
@ -106,19 +54,29 @@ def test_jvm_args(docker_cli, image):
        'JVM_MAXIMUM_MEMORY': '2047m',
        'JVM_SUPPORT_RECOMMENDED_ARGS': '-verbose:gc',
    }
-    container = docker_cli.containers.run(image, environment=environment, detach=True)
+    container = run_image(docker_cli, image, environment=environment)
-    time.sleep(0.5) # JVM doesn't start immediately when container runs
+    jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
-    procs = container.exec_run('ps aux')
+
    procs_list = procs.output.decode().split('\n')
    jvm = [proc for proc in procs_list if '-Dconfluence.home' in proc][0]
    assert f'-Xms{environment.get("JVM_MINIMUM_MEMORY")}' in jvm
    assert f'-Xmx{environment.get("JVM_MAXIMUM_MEMORY")}' in jvm
    assert environment.get('JVM_SUPPORT_RECOMMENDED_ARGS') in jvm
 def test_install_permissions(docker_cli, image):
    container = run_image(docker_cli, image)
    assert container.file(f'{CONF_INSTALL}/conf/server.xml').user == 'root'
    for d in ['logs', 'work', 'temp']:
        path = f'{CONF_INSTALL}/{d}/'
        assert container.file(path).user == 'confluence'
 def test_first_run_state(docker_cli, image):
    PORT = 8090
-    container = docker_cli.containers.run(image, ports={PORT: PORT}, detach=True)
+    container = run_image(docker_cli, image, ports={PORT: PORT})
    jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
    for i in range(20):
        try:
            r = requests.get(f'http://localhost:{PORT}/status')
@ -132,3 +90,234 @@ def test_first_run_state(docker_cli, image):
        time.sleep(1)
    raise TimeoutError
 def test_server_xml_defaults(docker_cli, image):
    container = run_image(docker_cli, image)
    _jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
    xml = etree.fromstring(container.file(f'{CONF_INSTALL}/conf/server.xml').content)
    connector = xml.find('.//Connector')
    context = xml.find('.//Context')
    assert connector.get('port') == '8090'
    assert connector.get('maxThreads') == '100'
    assert connector.get('minSpareThreads') == '10'
    assert connector.get('connectionTimeout') == '20000'
    assert connector.get('enableLookups') == 'false'
    assert connector.get('protocol') == 'HTTP/1.1'
    assert connector.get('acceptCount') == '10'
    assert connector.get('secure') == 'false'
    assert connector.get('scheme') == 'http'
    assert connector.get('proxyName') == ''
    assert connector.get('proxyPort') == ''
 def test_server_xml_catalina_fallback(docker_cli, image):
    environment = {
        'CATALINA_CONNECTOR_PROXYNAME': 'PROXYNAME',
        'CATALINA_CONNECTOR_PROXYPORT': 'PROXYPORT',
        'CATALINA_CONNECTOR_SECURE': 'SECURE',
        'CATALINA_CONNECTOR_SCHEME': 'SCHEME',
        'CATALINA_CONTEXT_PATH': 'CONTEXT'
    }
    container = run_image(docker_cli, image, environment=environment)
    _jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
    xml = etree.fromstring(container.file(f'{CONF_INSTALL}/conf/server.xml').content)
    connector = xml.find('.//Connector')
    context = xml.find('.//Context')
    assert connector.get('proxyName') == 'PROXYNAME'
    assert connector.get('proxyPort') == 'PROXYPORT'
    assert connector.get('scheme') == 'SCHEME'
    assert connector.get('secure') == 'SECURE'
    assert context.get('path') == 'CONTEXT'
 def test_server_xml_params(docker_cli, image):
    environment = {
        'ATL_TOMCAT_MGMT_PORT': '8006',
        'ATL_TOMCAT_PORT': '9090',
        'ATL_TOMCAT_MAXTHREADS': '201',
        'ATL_TOMCAT_MINSPARETHREADS': '11',
        'ATL_TOMCAT_CONNECTIONTIMEOUT': '20001',
        'ATL_TOMCAT_ENABLELOOKUPS': 'true',
        'ATL_TOMCAT_PROTOCOL': 'HTTP/2',
        'ATL_TOMCAT_ACCEPTCOUNT': '11',
        'ATL_TOMCAT_SECURE': 'true',
        'ATL_TOMCAT_SCHEME': 'https',
        'ATL_PROXY_NAME': 'conf.atlassian.com',
        'ATL_PROXY_PORT': '443',
        'ATL_TOMCAT_CONTEXTPATH': '/myconf',
    }
    container = run_image(docker_cli, image, environment=environment)
    _jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
    xml = etree.fromstring(container.file(f'{CONF_INSTALL}/conf/server.xml').content)
    connector = xml.find('.//Connector')
    context = xml.find('.//Context')
    assert xml.get('port') == environment.get('ATL_TOMCAT_MGMT_PORT')
    assert connector.get('port') == environment.get('ATL_TOMCAT_PORT')
    assert connector.get('maxThreads') == environment.get('ATL_TOMCAT_MAXTHREADS')
    assert connector.get('minSpareThreads') == environment.get('ATL_TOMCAT_MINSPARETHREADS')
    assert connector.get('connectionTimeout') == environment.get('ATL_TOMCAT_CONNECTIONTIMEOUT')
    assert connector.get('enableLookups') == environment.get('ATL_TOMCAT_ENABLELOOKUPS')
    assert connector.get('protocol') == environment.get('ATL_TOMCAT_PROTOCOL')
    assert connector.get('acceptCount') == environment.get('ATL_TOMCAT_ACCEPTCOUNT')
    assert connector.get('secure') == environment.get('ATL_TOMCAT_SECURE')
    assert connector.get('scheme') == environment.get('ATL_TOMCAT_SCHEME')
    assert connector.get('proxyName') == environment.get('ATL_PROXY_NAME')
    assert connector.get('proxyPort') == environment.get('ATL_PROXY_PORT')
    assert context.get('path') == environment.get('ATL_TOMCAT_CONTEXTPATH')
 def test_seraph_defaults(docker_cli, image):
    container = run_image(docker_cli, image)
    wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml")
    xml = etree.fromstring(container.file(f'{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml').content)
    #param = xml.findall('//param-name[text()="autologin.cookie.age"]') == []
    param = xml.findall('.//param-name[.="autologin.cookie.age"]') == []
 def test_seraph_login_set(docker_cli, image):
    container = run_image(docker_cli, image, environment={"ATL_AUTOLOGIN_COOKIE_AGE": "TEST_VAL"})
    wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml")
    xml = etree.fromstring(container.file(f'{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml').content)
    assert xml.findall('.//param-value[.="TEST_VAL"]')[0].text == "TEST_VAL"
 def test_conf_init_set(docker_cli, image):
    container = run_image(docker_cli, image, environment={"CONFLUENCE_HOME": "/tmp/"})
    wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties")
    init = container.file(f'{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties')
    assert init.contains("confluence.home = /tmp/")
 def test_confluence_xml_default(docker_cli, image):
    container = run_image(docker_cli, image)
    wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties")
    #_jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
    xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
    assert xml.findall('.//buildNumber')[0].text == "0"
    assert xml.findall('.//property[@name="hibernate.connection.url"]') == []
    assert xml.findall('.//property[@name="confluence.cluster.home"]') == []
 def test_confluence_xml_postgres(docker_cli, image):
    environment = {
        'ATL_DB_TYPE': 'postgresql',
        'ATL_JDBC_URL': 'atl_jdbc_url',
        'ATL_JDBC_USER': 'atl_jdbc_user',
        'ATL_JDBC_PASSWORD': 'atl_jdbc_password'
    }
    container = run_image(docker_cli, image, environment=environment)
    wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties")
    xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
    assert xml.findall('.//property[@name="hibernate.connection.url"]')[0].text == "atl_jdbc_url"
    assert xml.findall('.//property[@name="hibernate.connection.username"]')[0].text == "atl_jdbc_user"
    assert xml.findall('.//property[@name="hibernate.connection.password"]')[0].text == "atl_jdbc_password"
    assert xml.findall('.//property[@name="confluence.database.choice"]')[0].text == "postgresql"
    assert xml.findall('.//property[@name="hibernate.dialect"]')[0].text == "com.atlassian.confluence.impl.hibernate.dialect.PostgreSQLDialect"
    assert xml.findall('.//property[@name="hibernate.connection.driver_class"]')[0].text == "org.postgresql.Driver"
    assert xml.findall('.//property[@name="hibernate.c3p0.min_size"]')[0].text == "20"
    assert xml.findall('.//property[@name="hibernate.c3p0.max_size"]')[0].text == "100"
    assert xml.findall('.//property[@name="hibernate.c3p0.timeout"]')[0].text == "30"
    assert xml.findall('.//property[@name="hibernate.c3p0.idle_test_period"]')[0].text == "100"
    assert xml.findall('.//property[@name="hibernate.c3p0.max_statements"]')[0].text == "0"
    assert xml.findall('.//property[@name="hibernate.c3p0.validate"]')[0].text == "false"
    assert xml.findall('.//property[@name="hibernate.c3p0.acquire_increment"]')[0].text == "1"
    assert xml.findall('.//property[@name="hibernate.c3p0.preferredTestQuery"]')[0].text == "select 1"
 def test_confluence_xml_postgres_all_set(docker_cli, image):
    environment = {
        'ATL_DB_TYPE': 'postgresql',
        'ATL_JDBC_URL': 'atl_jdbc_url',
        'ATL_JDBC_USER': 'atl_jdbc_user',
        'ATL_JDBC_PASSWORD': 'atl_jdbc_password',
        'ATL_DB_POOLMAXSIZE': 'x100',
        'ATL_DB_POOLMINSIZE': 'x20',
        'ATL_DB_TIMEOUT': 'x30',
        'ATL_DB_IDLETESTPERIOD': 'x100',
        'ATL_DB_MAXSTATEMENTS': 'x0',
        'ATL_DB_VALIDATE': 'xfalse',
        'ATL_DB_ACQUIREINCREMENT': 'x1',
        'ATL_DB_VALIDATIONQUERY': 'xselect 1'
    }
    container = run_image(docker_cli, image, environment=environment)
    wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
    xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
    assert xml.findall('.//property[@name="hibernate.connection.driver_class"]')[0].text == "org.postgresql.Driver"
    assert xml.findall('.//property[@name="hibernate.dialect"]')[0].text == "com.atlassian.confluence.impl.hibernate.dialect.PostgreSQLDialect"
    assert xml.findall('.//property[@name="hibernate.c3p0.min_size"]')[0].text == "x20"
    assert xml.findall('.//property[@name="hibernate.c3p0.max_size"]')[0].text == "x100"
    assert xml.findall('.//property[@name="hibernate.c3p0.timeout"]')[0].text == "x30"
    assert xml.findall('.//property[@name="hibernate.c3p0.idle_test_period"]')[0].text == "x100"
    assert xml.findall('.//property[@name="hibernate.c3p0.max_statements"]')[0].text == "x0"
    assert xml.findall('.//property[@name="hibernate.c3p0.validate"]')[0].text == "xfalse"
    assert xml.findall('.//property[@name="hibernate.c3p0.acquire_increment"]')[0].text == "x1"
    assert xml.findall('.//property[@name="hibernate.c3p0.preferredTestQuery"]')[0].text == "xselect 1"
 def test_confluence_xml_cluster_aws(docker_cli, image):
    environment = {
        'ATL_CLUSTER_TYPE': 'aws',
        'ATL_HAZELCAST_NETWORK_AWS_IAM_ROLE': 'atl_hazelcast_network_aws_iam_role',
        'ATL_HAZELCAST_NETWORK_AWS_IAM_REGION': 'atl_hazelcast_network_aws_iam_region',
        'ATL_HAZELCAST_NETWORK_AWS_HOST_HEADER': 'atl_hazelcast_network_aws_host_header',
        'ATL_HAZELCAST_NETWORK_AWS_TAG_KEY': 'atl_hazelcast_network_aws_tag_key',
        'ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE': 'atl_hazelcast_network_aws_tag_value',
        'ATL_CLUSTER_NAME': 'atl_cluster_name',
        'ATL_CLUSTER_TTL': 'atl_cluster_ttl'
    }
    container = run_image(docker_cli, image, environment=environment)
    wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
    xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
    assert xml.findall('.//property[@name="confluence.cluster"]')[0].text == "true"
    assert xml.findall('.//property[@name="confluence.cluster.join.type"]')[0].text == "aws"
    assert xml.findall('.//property[@name="confluence.cluster.aws.iam.role"]')[0].text == "atl_hazelcast_network_aws_iam_role"
    assert xml.findall('.//property[@name="confluence.cluster.aws.region"]')[0].text == "atl_hazelcast_network_aws_iam_region"
    assert xml.findall('.//property[@name="confluence.cluster.aws.host.header"]')[0].text == "atl_hazelcast_network_aws_host_header"
    assert xml.findall('.//property[@name="confluence.cluster.aws.tag.key"]')[0].text == "atl_hazelcast_network_aws_tag_key"
    assert xml.findall('.//property[@name="confluence.cluster.aws.tag.value"]')[0].text == "atl_hazelcast_network_aws_tag_value"
    assert xml.findall('.//property[@name="confluence.cluster.name"]')[0].text == "atl_cluster_name"
    assert xml.findall('.//property[@name="confluence.cluster.ttl"]')[0].text == "atl_cluster_ttl"
 def test_confluence_xml_cluster_multicast(docker_cli, image):
    environment = {
        'ATL_CLUSTER_TYPE': 'multicast',
        'ATL_CLUSTER_NAME': 'atl_cluster_name',
        'ATL_CLUSTER_TTL': 'atl_cluster_ttl',
        'ATL_CLUSTER_ADDRESS': '99.99.99.99'
    }
    container = run_image(docker_cli, image, environment=environment)
    wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
    xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
    assert xml.findall('.//property[@name="confluence.cluster"]')[0].text == "true"
    assert xml.findall('.//property[@name="confluence.cluster.join.type"]')[0].text == "multicast"
    assert xml.findall('.//property[@name="confluence.cluster.name"]')[0].text == "atl_cluster_name"
    assert xml.findall('.//property[@name="confluence.cluster.ttl"]')[0].text == "atl_cluster_ttl"
    assert xml.findall('.//property[@name="confluence.cluster.address"]')[0].text == "99.99.99.99"
 def test_confluence_xml_cluster_tcp(docker_cli, image):
    environment = {
        'ATL_CLUSTER_TYPE': 'tcp_ip',
        'ATL_CLUSTER_PEERS': '1.1.1.1,99.99.99.99',
        'ATL_CLUSTER_NAME': 'atl_cluster_name',
    }
    container = run_image(docker_cli, image, environment=environment)
    wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
    xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
    assert xml.findall('.//property[@name="confluence.cluster"]')[0].text == "true"
    assert xml.findall('.//property[@name="confluence.cluster.join.type"]')[0].text == "tcp_ip"
    assert xml.findall('.//property[@name="confluence.cluster.name"]')[0].text == "atl_cluster_name"
    assert xml.findall('.//property[@name="confluence.cluster.peers"]')[0].text == "1.1.1.1,99.99.99.99"
		`@ -0,0 +1 @@`
							`confluence.home = {{ atl_product_home \| default(confluence_home) \| default('') }}`