build(docker): default to jemalloc; install mimalloc; add MS jaz java launcher (#35410)

Installing jemalloc for its profiling — we can see what is eating
off-heap mem when an OOM is issued.

## Summary

This PR bundles two related runtime-image changes:

### 1. Allocator: jemalloc as default, mimalloc still installed
- Install both `libjemalloc2` and `libmimalloc2.0` in the runtime image
(`dotCMS/src/main/docker/original/Dockerfile`) and the dev-env image
(`docker/dev-env/Dockerfile`).
- Switch the default `LD_PRELOAD` in `setenv.sh` from mimalloc to
`libjemalloc.so.2`. `LD_PRELOAD` is still overridable at runtime, so
operators can swap back to mimalloc via env var without an image change.

Context: original issue #32320 adopted mimalloc after jemalloc's
upstream archival; since then jemalloc has returned to active
development, and we want it back as the default while keeping mimalloc
installed for easy A/B.

### 2. JVM launcher: Microsoft `jaz` (Azure Command Launcher for Java)
- Add Microsoft's apt repo (`packages-microsoft-prod.deb`) and install
`jaz` in the runtime image.
- In `setenv.sh`, default `_RUNJAVA` to `jaz` when present. Tomcat
honors `_RUNJAVA` in place of `$JRE_HOME/bin/java`. `jaz` is a
transparent shim that invokes `java` from `PATH`, adding crash-dump
capture and arg validation.
- Override path: set `_RUNJAVA=/java/bin/java` to bypass `jaz`.

Both changes target diagnostics for native memory and JVM crashes — the
same problem space — which is why they ship together. Either piece can
be disabled at runtime without rebuilding.

### why jemalloc over mimalloc

No clear winner in general. They're both excellent and roughly
comparable on real workloads.

- **Raw performance:** For pure allocation throughput, mimalloc
frequently edges out jemalloc.
- **Fragmentation / RSS:** Roughly a tie. Both are far better than
glibc. Mimalloc has a slight theoretical edge on small-object workloads.
- **Battle-testing on JVMs:** jemalloc wins. It's been the de-facto
choice for Cassandra, Elasticsearch, Kafka, Hadoop, and countless JVMs.
- **Tooling:** jemalloc wins decisively. Its heap profiler is the reason
I suggested it — it's the best open-source tool for answering "what's
eating my native memory?" Mimalloc's diagnostics are minimal by
comparison.

Ref: #32320

## Test plan
- [ ] Confirm image builds successfully (`./mvnw install -pl
:dotcms-core -DskipTests` + docker build)
- [ ] Start container and verify `ldd` / `/proc/$PID/maps` on the Tomcat
process shows `libjemalloc.so.2` preloaded
- [ ] Verify both `/usr/lib/<arch>-linux-gnu/libjemalloc.so.2` and
`/usr/lib/<arch>-linux-gnu/libmimalloc.so.2` are present in the final
image
- [ ] Smoke test: run dotCMS, confirm startup is clean and no
allocator-related warnings in logs
- [ ] Verify `LD_PRELOAD=/usr/lib/.../libmimalloc.so.2` override still
works for A/B testing
- [ ] Confirm `jaz` is on `PATH` and Tomcat starts via
`_RUNJAVA=$(command -v jaz)` (check `ps -ef` shows the jaz wrapper)
- [ ] Verify `_RUNJAVA=/java/bin/java` override bypasses jaz cleanly

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: wezell

docker/dev-env/Dockerfile

@@ -36,7 +36,7 @@ RUN apt-get update && \
     apt-get upgrade -y && \
     apt-get install -y --no-install-recommends bash zip unzip wget libtcnative-1\
     tzdata tini ca-certificates openssl libapr1 libpq-dev curl gnupg\
-    vim libarchive-tools postgresql-common libmimalloc2.0 libarchive-tools 
+    vim libarchive-tools postgresql-common libmimalloc2.0 libjemalloc2 libarchive-tools
 
 
 RUN /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y

dotCMS/src/main/docker/original/Dockerfile

@@ -53,20 +53,30 @@ RUN apt update && \
         tzdata \
         ca-certificates \
         libmimalloc2.0 \
+        libjemalloc2 \
         openssl \
         libapr1 \
         libarchive-tools \
-        libpq-dev && \
+        libpq-dev \
+        apt-transport-https && \
     rm -rf /var/lib/apt/lists/*
 
-# Install PostgreSQL client and pg_dump
-RUN apt update && \
-    apt install -y --no-install-recommends postgresql-common && \
+# Install PostgreSQL client, pg_dump and MS jaz (java launcher).
+# postgresql-common is installed and purged in the same layer so it does not
+# bloat the final image (it is only needed as a script runner for pgdg setup).
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends postgresql-common && \
     /usr/share/postgresql-common/pgdg/apt.postgresql.org.sh -y && \
-    apt update && \
-    apt install -y --no-install-recommends postgresql-client-18 && \
-    /usr/bin/pg_dump --version || exit 1 && \
-    apt purge -y postgresql-common && \
+    wget -q "https://packages.microsoft.com/config/ubuntu/$(. /etc/os-release; echo $VERSION_ID)/packages-microsoft-prod.deb" -O packages-microsoft-prod.deb && \
+    dpkg -i packages-microsoft-prod.deb && \
+    rm packages-microsoft-prod.deb && \
+    apt-get update && \
+    apt-get install -y --no-install-recommends \
+        postgresql-client-18 \
+        jaz && \
+    /usr/bin/pg_dump --version && \
+    apt-get purge -y postgresql-common && \
+    apt-get autoremove -y && \
     rm -rf /var/lib/apt/lists/*
 
 ARG USER_UID="65001"

dotCMS/src/main/resources/container/tomcat9/bin/setenv.sh

@@ -104,8 +104,17 @@ export DOT_SAMESITE_COOKIES=${DOT_SAMESITE_COOKIES:-"lax"}
 export DOT_MAIL_SMTP_HOST=${DOT_MAIL_SMTP_HOST:-"smtp.dotcms.site"}
 export DOT_MAIL_SMTP_SSL_PROTOCOLS=${DOT_MAIL_SMTP_SSL_PROTOCOLS:-"TLSv1.2"}
 
-# Set environment variable for mimalloc
-export LD_PRELOAD=${LD_PRELOAD:-"/usr/lib/`uname -m`-linux-gnu/libmimalloc.so.2"}
+# Preload jemalloc as the default allocator (mimalloc is also installed in the image;
+# override LD_PRELOAD at runtime to switch, e.g. .../libmimalloc.so.2)
+export LD_PRELOAD=${LD_PRELOAD:-"/usr/lib/`uname -m`-linux-gnu/libjemalloc.so.2"}
+
+# Use Azure Command Launcher for Java (jaz) as the JVM launcher when installed.
+# jaz is a transparent shim that invokes `java` from PATH, adding crash-dump
+# capture and arg validation. Tomcat honors _RUNJAVA in place of $JRE_HOME/bin/java.
+# Set _RUNJAVA=/java/bin/java to bypass jaz.
+if [ -z "$_RUNJAVA" ] && command -v jaz >/dev/null 2>&1; then
+  export _RUNJAVA="$(command -v jaz)"
+fi
 
 # This needs to be set in order for catalina to read environmental properties
 export CATALINA_OPTS="$CATALINA_OPTS -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=org.apache.tomcat.util.digester.EnvironmentPropertySource"