[Docker] build image找不到設(shè)置的openjdk8-jre版本

Pipeline 紅過夜的一次記錄

2019年03月18日周一晚上提交代碼,pipeline 掛了。

error image.png

根據(jù)圖上的信息,我們知道了Dockerfile中設(shè)置的apk add --no-cache 'openjdk8-jre=8.191.12-r0' 沒有找到安裝包,提示說可以使用openjdk8-jre-8.201.08-r0[openjdk8-jre] 這個(gè)版本。相應(yīng)的也需要將上一步中ENV JAVA_VERSION 8u191設(shè)置為對應(yīng)的版本。

使用提示信息中的版本.png

此時(shí),按照提示更改后,成功的build image。
但是,在第二個(gè)運(yùn)行測試的Job中,pipeline又掛了。
Dockerfile中的java環(huán)境就是為SonarQube設(shè)置的,現(xiàn)在發(fā)現(xiàn)Sonar不能正常運(yùn)行,腦子里想到了一些問題:

  • Sonar需要的Java版本必須是固定的?
  • 為什么下載不到之前設(shè)置的8u191 openjdk 版本?
  • 如何讓pipeline正常運(yùn)行通過?
sonar-scanner 運(yùn)行失敗.png

Dockerfile 信息

因?yàn)轫?xiàng)目的原因,使用的是node-alpine為基礎(chǔ)鏡像,然后安裝了SonarQube進(jìn)行代碼分析。
安裝docker-sonar-scanner Dockerfile的參考github repo newtmitch/docker-sonar-scanner

FROM node:8.12.0-alpine
WORKDIR /app
RUN cd /app \
    && apk update \
    && apk add --no-cache curl unzip

# Porperty for JDK
# Default to UTF-8 file.encoding
ENV LANG C.UTF-8
RUN { \
        echo '#!/bin/sh'; \
        echo 'set -e'; \
        echo; \
        echo 'dirname "$(dirname "$(readlink -f "$(which javac || which java)")")"'; \
    } > /usr/local/bin/docker-java-home \
    && chmod +x /usr/local/bin/docker-java-home

ENV JAVA_HOME /usr/lib/jvm/java-1.8-openjdk/jre
ENV PATH $PATH:/usr/lib/jvm/java-1.8-openjdk/jre/bin:/usr/lib/jvm/java-1.8-openjdk/bin
ENV JAVA_VERSION 8u201

RUN set -x \
    && apk add --no-cache openjdk8-jre=8.201.08-r0 \
    && [ "$JAVA_HOME" = "$(docker-java-home)" ]

# Install sonar-scanner
RUN curl --insecure -o ./sonarscanner.zip -L https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.0.3.778-linux.zip && \
    unzip sonarscanner.zip && \
    rm sonarscanner.zip && \
    mv sonar-scanner-3.0.3.778-linux sonar-scanner

ENV SONAR_RUNNER_HOME=/app/sonar-scanner
ENV PATH $PATH:/app/sonar-scanner/bin

COPY ./sonar-project.properties /app/sonar-scanner/conf/sonar-scanner.properties

#   ensure Sonar uses the provided Java for musl instead of a borked glibc one
RUN sed -i 's/use_embedded_jre=true/use_embedded_jre=false/g' /app/sonar-scanner/bin/sonar-scanner

解決問題的過程

openjdk8-jre版本問題分析

對于沒有玩過linux的我,用apk 安裝的包是從哪里找到的,需要搞清楚。

image.png

由這個(gè)圖直觀的看到:
第一個(gè)網(wǎng)站是openjdk8-jre,顯示是5天前進(jìn)行了更新,已經(jīng)是8.201.08-r0版本了,
第二個(gè)網(wǎng)站是openjdk-jre-base,看上去是還有8.191.12-r0 版本,但是點(diǎn)擊進(jìn)去也是8.201.08-r0版本了。
image.png

Alpine Linux Package 里面搜索openjdk8-jre,發(fā)現(xiàn)在2019年03月14日更新為8.201.08-r0版本,而且找不到舊版本8.191.12-r0了。
所以build image的時(shí)候 pipeline在安裝舊版本的openjdk8-jre的時(shí)候掛了。

image.png
Sonar-scanner 運(yùn)行失敗問題分析

根據(jù)詳細(xì)的Error信息,可以知道是

java.lang.ExceptionInInitializerError  
Caused by: java.security.ProviderException: Could not initialize NSS
Caused by: java.io.FileNotFoundException: /usr/lib/libnss3.so

看到這個(gè)錯(cuò)誤信息一臉懵逼,也不知道是為什么,最后在github上找到了一個(gè)類似的issue,是關(guān)于docker openjdk的,issue 創(chuàng)建時(shí)間是3天前,大概是2019年03月17日docker-library / openjdk / issue - Missing libnss3.so after updating openjdk:8-jdk-alpine image

image.png

issue的評論中,有人說自己手動(dòng)在dockerfile中install nss可以覺得這個(gè)問題,嘗試了一下,也解決了我所面臨的問題,sonar-scanner可以正常運(yùn)行了。

RUN apk add --no-cache nss

有人直接po出了上游問題,是在Alpine Linux中提出的。

Looks like someone filed a bug upstream about this https://bugs.alpinelinux.org/issues/10126

思考

早上和TL說在整理這篇文章,TL說這個(gè)不是正確的解決方式,因?yàn)槿绻鹢penjdk8-jre的版本又突然間本改變呢?我們又會(huì)重復(fù)面臨這個(gè)問題。從長遠(yuǎn)角度考慮,應(yīng)該是要選擇長期穩(wěn)定的jdk版本才是解決之道。

附上詳細(xì)的Error信息:

ERROR: Error during SonarQube Scanner execution
java.lang.ExceptionInInitializerError
    at sun.security.ssl.SSLSessionImpl.<init>(SSLSessionImpl.java:188)
    at sun.security.ssl.SSLSessionImpl.<init>(SSLSessionImpl.java:152)
    at sun.security.ssl.SSLSessionImpl.<clinit>(SSLSessionImpl.java:79)
    at sun.security.ssl.SSLSocketImpl.init(SSLSocketImpl.java:598)
    at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:566)
    at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:110)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTls(RealConnection.java:256)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.establishProtocol(RealConnection.java:237)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:148)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:186)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:179)
    at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:63)
    at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:113)
    at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
    at org.sonarsource.scanner.api.internal.Jars.getBootstrapIndex(Jars.java:96)
    at org.sonarsource.scanner.api.internal.Jars.getScannerEngineFiles(Jars.java:76)
    at org.sonarsource.scanner.api.internal.Jars.download(Jars.java:70)
    at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:39)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:75)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:71)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:71)
    at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:67)
    at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:218)
    at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:156)
    at org.sonarsource.scanner.cli.Main.execute(Main.java:74)
    at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.security.ProviderException: Could not initialize NSS
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:223)
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:224)
    at sun.security.jca.ProviderConfig$2.run(ProviderConfig.java:206)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:206)
    at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:187)
    at sun.security.jca.ProviderList.getProvider(ProviderList.java:233)
    at sun.security.jca.ProviderList.getIndex(ProviderList.java:263)
    at sun.security.jca.ProviderList.getProviderConfig(ProviderList.java:247)
    at sun.security.jca.ProviderList.getProvider(ProviderList.java:253)
    at java.security.Security.getProvider(Security.java:503)
    at sun.security.ssl.SignatureAndHashAlgorithm.<clinit>(SignatureAndHashAlgorithm.java:415)
    ... 40 more
Caused by: java.io.FileNotFoundException: /usr/lib/libnss3.so
    at sun.security.pkcs11.Secmod.initialize(Secmod.java:193)
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:218)
    ... 56 more
ERROR: 
ERROR: Re-run SonarQube Scanner using the -X switch to enable full debug logging.
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

友情鏈接更多精彩內(nèi)容