Closed gmariotti closed 6 years ago
Hi @gmariotti -
Apologies for the delay in working on this. I've just completed a major overhaul of the integration test suite (see the pull request linked above). Instead of things working through "luck", they should now work through solid intent. :)
Closing this issue for now, but please feel free to re-open if you're still experiencing problems. Thanks!
Hi @steve-perkins , I'm still not able to make it work, this time the error that I get is
[Test worker] INFO π³ [vault:0.8.3] - Creating container for image: vault:0.8.3
[Test worker] INFO π³ [vault:0.8.3] - Starting container with ID: 3e946c93ce7d58865c77b8ef78623f7d4d23156d18eb192939d58ed6331c438a
[Test worker] INFO π³ [vault:0.8.3] - Container vault:0.8.3 is starting: 3e946c93ce7d58865c77b8ef78623f7d4d23156d18eb192939d58ed6331c438a
[Test worker] INFO π³ [vault:0.8.3] - Waiting for 60 seconds for URL: http://localhost:32814/v1/sys/seal-status
[Test worker] ERROR π³ [vault:0.8.3] - Could not start container
org.testcontainers.containers.ContainerLaunchException: Timed out waiting for URL to be accessible (http://localhost:8280/v1/sys/seal-status should return HTTP 400)
at org.testcontainers.containers.wait.HttpWaitStrategy.waitUntilReady(HttpWaitStrategy.java:146)
at org.testcontainers.containers.GenericContainer$AbstractWaitStrategy.waitUntilReady(GenericContainer.java:943)
at org.testcontainers.containers.GenericContainer.waitUntilContainerStarted(GenericContainer.java:466)
at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:235)
at org.testcontainers.containers.GenericContainer.lambda$start$0(GenericContainer.java:184)
at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:76)
at org.testcontainers.containers.GenericContainer.start(GenericContainer.java:182)
at org.testcontainers.containers.GenericContainer.starting(GenericContainer.java:544)
at org.testcontainers.containers.FailureDetectingExternalResource$1.evaluate(FailureDetectingExternalResource.java:29)
at org.junit.rules.RunRules.evaluate(RunRules.java:20)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.runTestClass(JUnitTestClassExecuter.java:114)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.execute(JUnitTestClassExecuter.java:57)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassProcessor.processTestClass(JUnitTestClassProcessor.java:66)
at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.processTestClass(SuiteTestClassProcessor.java:51)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:32)
at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:93)
at com.sun.proxy.$Proxy1.processTestClass(Unknown Source)
at org.gradle.api.internal.tasks.testing.worker.TestWorker.processTestClass(TestWorker.java:108)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:146)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:128)
at org.gradle.internal.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:404)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:46)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:55)
at java.lang.Thread.run(Thread.java:748)
[Test worker] ERROR π³ [vault:0.8.3] - Container log output (if any) will follow:
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/main/x86_64/APKINDEX.tar.gz
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/community/x86_64/APKINDEX.tar.gz
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: (1/2) Installing libressl2.5-libtls (2.5.5-r0)
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: (2/2) Installing libressl (2.5.5-r0)
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Executing busybox-1.26.2-r7.trigger
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Executing ca-certificates-20161130-r2.trigger
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: OK: 6 MiB in 15 packages
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Generating a 2048 bit RSA private key
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: ............................+++
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: ..........................+++
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: writing new private key to 'root-privkey.pem'
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: -----
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Generating a 1024 bit RSA private key
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: ..................................................................++++++
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: ..................++++++
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: writing new private key to 'vault-privkey.pem'
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: -----
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Using configuration from libressl.conf
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Check that the request matches the signature
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Signature ok
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: The Subject's Distinguished Name is as follows
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: countryName :PRINTABLE:'US'
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: stateOrProvinceName :ASN.1 12:'GA'
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: localityName :ASN.1 12:'Atlanta'
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: organizationName :ASN.1 12:'BetterCloud'
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: commonName :ASN.1 12:'127.0.0.1'
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Certificate is to be certified until Oct 28 14:22:16 2018 GMT (365 days)
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR:
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Write out database with 1 new entries
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDERR: Data Base Updated
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: ==> Vault server configuration:
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT:
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Cgo: disabled
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "enabled")
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Listener 2: tcp (addr: "127.0.0.1:8280", cluster address: "127.0.0.1:8281", tls: "disabled")
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Log Level: info
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Mlock: supported: true, enabled: false
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Storage: file
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Version: Vault v0.8.3
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: Version Sha: 6b29fb2b7f70ed538ee2b3c057335d706b6d4e36
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT:
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT: ==> Vault server started! Log data will stream in below:
[dockerjava-netty-1-1] INFO π³ [vault:0.8.3] - STDOUT:
com.bettercloud.vault.api.AuthBackendAppIdTests > classMethod FAILED
org.testcontainers.containers.ContainerLaunchException
Caused by: org.rnorth.ducttape.RetryCountExceededException
Caused by: org.testcontainers.containers.ContainerLaunchException
Caused by: org.testcontainers.containers.ContainerLaunchException
Container startup failed
org.testcontainers.containers.ContainerLaunchException: Container startup failed
at org.testcontainers.containers.GenericContainer.start(GenericContainer.java:189)
at org.testcontainers.containers.GenericContainer.starting(GenericContainer.java:544)
at org.testcontainers.containers.FailureDetectingExternalResource$1.evaluate(FailureDetectingExternalResource.java:29)
at org.junit.rules.RunRules.evaluate(RunRules.java:20)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.runTestClass(JUnitTestClassExecuter.java:114)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.execute(JUnitTestClassExecuter.java:57)
at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassProcessor.processTestClass(JUnitTestClassProcessor.java:66)
at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.processTestClass(SuiteTestClassProcessor.java:51)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:32)
at org.gradle.internal.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:93)
at com.sun.proxy.$Proxy1.processTestClass(Unknown Source)
at org.gradle.api.internal.tasks.testing.worker.TestWorker.processTestClass(TestWorker.java:108)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
at org.gradle.internal.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:146)
at org.gradle.internal.remote.internal.hub.MessageHubBackedObjectConnection$DispatchWrapper.dispatch(MessageHubBackedObjectConnection.java:128)
at org.gradle.internal.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:404)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
at org.gradle.internal.concurrent.ManagedExecutorImpl$1.run(ManagedExecutorImpl.java:46)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.gradle.internal.concurrent.ThreadFactoryImpl$ManagedThreadRunnable.run(ThreadFactoryImpl.java:55)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.rnorth.ducttape.RetryCountExceededException: Retry limit hit with exception
at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:83)
at org.testcontainers.containers.GenericContainer.start(GenericContainer.java:182)
... 33 more
Caused by: org.testcontainers.containers.ContainerLaunchException: Could not create/start container
at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:256)
at org.testcontainers.containers.GenericContainer.lambda$start$0(GenericContainer.java:184)
at org.rnorth.ducttape.unreliables.Unreliables.retryUntilSuccess(Unreliables.java:76)
... 34 more
Caused by: org.testcontainers.containers.ContainerLaunchException: Timed out waiting for URL to be accessible (http://localhost:32814/v1/sys/seal-status should return HTTP 400)
at org.testcontainers.containers.wait.HttpWaitStrategy.waitUntilReady(HttpWaitStrategy.java:146)
at org.testcontainers.containers.GenericContainer$AbstractWaitStrategy.waitUntilReady(GenericContainer.java:943)
at org.testcontainers.containers.GenericContainer.waitUntilContainerStarted(GenericContainer.java:466)
at org.testcontainers.containers.GenericContainer.tryStart(GenericContainer.java:235)
... 36 more
I've tried to use container.getMappedPort(8280)
instead of 8280
but nothing is changed, and if I connect inside the vault image
and run vault status -address=http://127.0.0.1:8280
I receive the message 2017/10/28 14:31:36.505706 [INFO ] core: seal configuration missing, not initialized
.
You should also change CONTAINER_OPENSSL_CONFIG_FILE
to "/vault/config/libressl.conf"
to avoid an error in the startup.sh
when you try to do cp ../libressl.conf .
This is the rest of the log from vault:
fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.6/community/x86_64/APKINDEX.tar.gz
(1/2) Installing libressl2.5-libtls (2.5.5-r0)
(2/2) Installing libressl (2.5.5-r0)
Executing busybox-1.26.2-r7.trigger
Executing ca-certificates-20161130-r2.trigger
OK: 6 MiB in 15 packages
Generating a 2048 bit RSA private key
...............................................+++
...+++
writing new private key to 'root-privkey.pem'
-----
Generating a 1024 bit RSA private key
......++++++
..........................++++++
writing new private key to 'vault-privkey.pem'
-----
Using configuration from libressl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :ASN.1 12:'GA'
localityName :ASN.1 12:'Atlanta'
organizationName :ASN.1 12:'BetterCloud'
commonName :ASN.1 12:'127.0.0.1'
Certificate is to be certified until Oct 28 14:31:03 2018 GMT (365 days)
2017-10-28T14:31:03.147745324Z
Write out database with 1 new entries
Data Base Updated
==> Vault server configuration:
2017-10-28T14:31:03.374359928Z
Cgo: disabled
Listener 1: tcp (addr: "127.0.0.1:8200", cluster address: "127.0.0.1:8201", tls: "enabled")
Listener 2: tcp (addr: "127.0.0.1:8280", cluster address: "127.0.0.1:8281", tls: "disabled")
Log Level: info
Mlock: supported: true, enabled: false
Storage: file
Version: Vault v0.8.3
Version Sha: 6b29fb2b7f70ed538ee2b3c057335d706b6d4e36
2017-10-28T14:31:03.374404737Z
==> Vault server started! Log data will stream in below:
I'll try to get a colleague with OS X to test this out in the office tomorrow and see what happens. My own dev environment is Linux-based, and I'm unable to replicate.
Out of curiosity, are you testing from master
or directly from the integrationTestFixes
branch on which that PR was based? I had caught a bad reference to "openssl" instead of "libressl" (among other things), but pushed the follow-up fixes straight to master
.
Tried again now from master
and still not working. From what I could see, TestContainers doesn't expose port 8280
, and probably 8200
too, and even if you use withExposed
, the port exposed is different from the one mapped on localhost
in OSX. I tried to get the correct port, but even in this case, it is not possible to talk with the container, like if it is in another network.
Any exposedPort(...)
setting is meaningless, because Docker is being configured to use host-mode networking (see VaultContainer.java, line 48). This means that effectively ALL ports are exposed and shared between the container and the host machine.
We switched to this from the default bridged mode early in 2017, and to be honest I don't quite remember the reason. I'm wanting to say that it had something to do with SSL/TLS, or with the switch from running Vault in "dev" mode to full standard mode.
At any rate, that could be the issue. I'm not 100% sure, as I can't find any support forum links that aren't a year or two old, but there's some indication that host-mode only works with Linux:
https://forums.docker.com/t/should-docker-run-net-host-work/14215/23
I'll see if I get a colleague with a MacBook to run it. If the error is confirmed, then I'll investigate switching back to bridged networking mode and exposing the ports explicitly.
Hi @gmariotti -
I remembered that the reason why I went with host-mode networking instead Docker's default bridged mode is that the SSL certificate needed to have the host as a subject. Using the IP address (127.0.0.1) caused problems, because of the Docker container seeing itself as a different IP from the actual host.
At any rate, I believe that I have worked through that original SSL issue (see PR #86). So in the master
branch, the integration test suite is now using default bridged mode networking... which SHOULD be much more friendly and compatible on non-Linux boxes.
When you get a chance, can you please clone the latest master
and confirm whether the integration tests are working on your machine? Thanks!
Hi @steve-perkins, I tried again a couple of minutes ago and I'm able to correctly run the integration test, thank you for your help! I have a couple of questions for you:
@Nullable
and @NotNull
annotations to improve the compatibility with Kotlin?Vault test container
? Because I can imagine other people needing it for integration tests where Vault
is used.Thanks so much for confirming, @gmariotti!
For your two follow-up questions:
I have only superficial experience with Kotlin so far, so I'm not 100% sure what you're proposing. I would not want to add Kotlin's runtime library as a dependency (or Clojure's, Scala's, Groovy's, etc).
I assume you're talking about adding a smaller, more specific dependency for JetBrains' null-checking annotations, and saying that having this in place will make life easier for Kotlin developers downstream?
If so, then does the Gradle dependency require compile
scope (and therefore becomes a runtime dependency for all users of this Vault library, Kotlin devs or not)? Or it like the existing Lombok dependency, where you can get away with using Gradle's compileOnly
scope and not require it at runtime?
I've definitely thought about it! To be candid though, right now I'd rather use what bandwidth I have to prioritize open issues and pull requests for THIS project. :)
When I was in the middle of migrating to TestContainers, I noticed that someone else in the community was working on a pull request for a Vault pre-packaged container. I decided to move forward on my own rather than waiting... because his test container runs Vault in "dev mode" (without SSL) support, while this project has VERY specific SSL needs and requires a full server.
There may be other people out there who likewise have similar needs, but I imagine that much of the target audience can get by just fine with the existing "dev mode" option. So it's a great idea, but a pretty low priority for now.
Hi @steve-perkins, about the annotations I was thinking of using the package org.jetbrains.annotations-java5
, that offers the @Nullable
and @NotNull
annotations.
The idea is that, even if they don't perform any kind of validation at runtime, they can be used by static analysis tool to give warnings if null values are used where a @NotNull
is in place, or if a method returns something that can be @Nullable
or not, improving the overall library readability. This annotations are not required at runtime, so I think that compileOnly
would be enough.
Maybe, I can try to open a Pull Request using these annotations, in order to give you an idea of how it would look like, what do you think?
Hi @gmariotti -
Absolutely, I'd love to see a PR. I'm happy enough with the idea in general (I've used the JSR-305 nullable and nonnullable annotations on work projects in the past). It's just that since this repo's main tagline is "Zero-dependency Java client", it would take an exceptional reason to add the first runtime dependency! If compileOnly
scope works, however, then awesome. Thanks!
Hi, I'm trying to run the integration test on my mac, but all the test that involve the Vault TestContainer returns the following errors
I tried to connect to the Vault container while it's running from outside the test, and I always get a connection refused error, with and without the mac firewall disabled.
My docker versions are:
am I doing something wrong or missing something?