search

cryostatio / cryostat-legacy

OUTDATED - See the new repository below! -- Secure JDK Flight Recorder management for containerized JVMs
https://github.com/cryostatio/cryostat
Other
224 stars 31 forks source link

Error starting with podman on mac os 10.15.7 #741

Closed starksm64 closed 2 years ago

starksm64 commented 3 years ago

I'm going through the "Manual Cryostat installation and setup" section of the following post: https://developers.redhat.com/blog/2021/01/25/introduction-to-containerjfr-jdk-flight-recorder-for-containers#manual_cryostat_installation_and_setup

and I'm seeing a failure on the initial podman run -it --rm -p 8181 -e CRYOSTAT_WEB_HOST=0.0.0.0 quay.io/:

└> podman run -it --rm -p 8181 -e CRYOSTAT_WEB_HOST=0.0.0.0 quay.io/cryostat/cryostat:latest
Trying to pull quay.io/cryostat/cryostat:latest...
Getting image source signatures
Copying blob sha256:82016dda5c0934fe4ee60d591655f0f77a8c8475be32caf905869aec8851e700
Copying blob sha256:40f6f6a95365b8eb54ef0aa4d048a34e890247f84e985cfee8cb6ec5606f78aa
Copying blob sha256:46cd172bdd7191d7b91c0f74ee743fd6aa58813d4af2eea3c0361fc0f476f80d
Copying blob sha256:a02c757dca15e1ae2e74fa8d9b679035ec3ee1642e7bf56101efe29f08f03dbf
Copying blob sha256:ca726ac32f081d8a472dfa3c92fe1a37e99d21cb29efde7adcd7472c366bb8e9
Copying blob sha256:ac8d99481d778af6ccaa61ebfd8b78156946f1e2c178aeba5d5d677c3698a0e1
Copying blob sha256:ca726ac32f081d8a472dfa3c92fe1a37e99d21cb29efde7adcd7472c366bb8e9
Copying blob sha256:a02c757dca15e1ae2e74fa8d9b679035ec3ee1642e7bf56101efe29f08f03dbf
Copying blob sha256:82016dda5c0934fe4ee60d591655f0f77a8c8475be32caf905869aec8851e700
Copying blob sha256:40f6f6a95365b8eb54ef0aa4d048a34e890247f84e985cfee8cb6ec5606f78aa
Copying blob sha256:d80a058db0963ad5f0bad0b1e7421d0669d444fbc6679d57b70732ab5523a3cd
Copying blob sha256:ac8d99481d778af6ccaa61ebfd8b78156946f1e2c178aeba5d5d677c3698a0e1
Copying blob sha256:08691dc12187995a289fd88f6e38a5a876055d1182f88a143d034aaa7724e9a5
Copying blob sha256:b17656165f3859ca03640fcb917221f508fbcc62f361f213928f7bdbd75c9b96
Copying blob sha256:46cd172bdd7191d7b91c0f74ee743fd6aa58813d4af2eea3c0361fc0f476f80d
Copying blob sha256:55a68efe12a691b2160dde1c1db87cb32b7462edcef56e8d22370b4ec22bcb0a
Copying blob sha256:b17656165f3859ca03640fcb917221f508fbcc62f361f213928f7bdbd75c9b96
Copying blob sha256:d80a058db0963ad5f0bad0b1e7421d0669d444fbc6679d57b70732ab5523a3cd
Copying blob sha256:55a68efe12a691b2160dde1c1db87cb32b7462edcef56e8d22370b4ec22bcb0a
Copying blob sha256:e812faa9ac9848400cfd8d7763b80b9cbb6255cc38fe25aad0d3f4a8f30c048a
Copying blob sha256:dfa9b7d2a6669eeb47dbece2f706d9946a42c94b06d73eaaf118da5e39a52e3a
Copying blob sha256:08691dc12187995a289fd88f6e38a5a876055d1182f88a143d034aaa7724e9a5
Copying blob sha256:e812faa9ac9848400cfd8d7763b80b9cbb6255cc38fe25aad0d3f4a8f30c048a
Copying blob sha256:92d94d3fc565a4fd5b3cd3e668d0323923865c207f463b872c1305a982734353
Copying blob sha256:dfa9b7d2a6669eeb47dbece2f706d9946a42c94b06d73eaaf118da5e39a52e3a
Copying blob sha256:2c98f646d90b15de142b8bb580e79e4a5d38b0f2f7faaf5d78ddefb4453538e1
Copying blob sha256:84ee93ee4630d1cecb025e665d487145450bcf5b96e4d1908ea67228265d8c1e
Copying blob sha256:84ee93ee4630d1cecb025e665d487145450bcf5b96e4d1908ea67228265d8c1e
Copying blob sha256:2c98f646d90b15de142b8bb580e79e4a5d38b0f2f7faaf5d78ddefb4453538e1
Copying blob sha256:92d94d3fc565a4fd5b3cd3e668d0323923865c207f463b872c1305a982734353
Copying config sha256:16bc625afedb17211c3dec0286de9c8186f03c05eabfc4e8c99a23828f865ff8
Writing manifest to image destination
Storing signatures
+------------------------------------------+
| Thu Oct 28 16:36:47 UTC 2021             |
|                                          |
| /truststore does not exist; no certificates to import |
+------------------------------------------+
/tmp ~
Generating 2,048 bit RSA key pair and self-signed certificate (SHA256withRSA) with a validity of 180 days
    for: CN=cryostat, O=Cryostat, C=CA
[Storing /opt/cryostat.d/keystore.p12]
Certificate stored in file <server.cer>
Certificate was added to keystore
[Storing /opt/cryostat.d/truststore.p12]
~
+------------------------------------------+
| Thu Oct 28 16:36:50 UTC 2021             |
|                                          |
| Using self-signed SSL certificate        |
+------------------------------------------+
+ exec java -XX:+CrashOnOutOfMemoryError -Dcom.sun.management.jmxremote.autodiscovery=true -Dcom.sun.management.jmxremote.port=9091 -Dcom.sun.management.jmxremote.rmi.port=9091 -Djavax.net.ssl.trustStore=/opt/cryostat.d/truststore.p12 -Djavax.net.ssl.trustStorePassword=SgtmEEmXCqOyAup-Egt59MyOUJ7S0RDa -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=/tmp/jmxremote.password -Dcom.sun.management.jmxremote.access.file=/tmp/jmxremote.access -Dcom.sun.management.jmxremote.ssl.need.client.auth=true -Djavax.net.ssl.keyStore=/opt/cryostat.d/keystore.p12 -Djavax.net.ssl.keyStorePassword=tQ7idF7cpFLmV7ovVMekYdR0kmNoBfog -Dcom.sun.management.jmxremote.ssl=true -Dcom.sun.management.jmxremote.registry.ssl=true -cp '/app/resources:/app/classes:/app/libs/cryostat-core-2.3.1.jar:/app/libs/common-7.1.1.jar:/app/libs/encoder-1.2.2.jar:/app/libs/flightrecorder-7.1.1.jar:/app/libs/flightrecorder.rules-7.1.1.jar:/app/libs/flightrecorder.rules.jdk-7.1.1.jar:/app/libs/openshift-client-5.4.1.jar:/app/libs/openshift-model-5.4.1.jar:/app/libs/kubernetes-model-common-5.4.1.jar:/app/libs/jackson-annotations-2.11.2.jar:/app/libs/openshift-model-operator-5.4.1.jar:/app/libs/openshift-model-operatorhub-5.4.1.jar:/app/libs/openshift-model-monitoring-5.4.1.jar:/app/libs/openshift-model-console-5.4.1.jar:/app/libs/kubernetes-client-5.4.1.jar:/app/libs/kubernetes-model-core-5.4.1.jar:/app/libs/kubernetes-model-rbac-5.4.1.jar:/app/libs/kubernetes-model-admissionregistration-5.4.1.jar:/app/libs/kubernetes-model-apps-5.4.1.jar:/app/libs/kubernetes-model-autoscaling-5.4.1.jar:/app/libs/kubernetes-model-apiextensions-5.4.1.jar:/app/libs/kubernetes-model-batch-5.4.1.jar:/app/libs/kubernetes-model-certificates-5.4.1.jar:/app/libs/kubernetes-model-coordination-5.4.1.jar:/app/libs/kubernetes-model-discovery-5.4.1.jar:/app/libs/kubernetes-model-events-5.4.1.jar:/app/libs/kubernetes-model-extensions-5.4.1.jar:/app/libs/kubernetes-model-flowcontrol-5.4.1.jar:/app/libs/kubernetes-model-networking-5.4.1.jar:/app/libs/kubernetes-model-metrics-5.4.1.jar:/app/libs/kubernetes-model-policy-5.4.1.jar:/app/libs/kubernetes-model-scheduling-5.4.1.jar:/app/libs/kubernetes-model-storageclass-5.4.1.jar:/app/libs/kubernetes-model-node-5.4.1.jar:/app/libs/okhttp-3.12.12.jar:/app/libs/okio-1.15.0.jar:/app/libs/logging-interceptor-3.12.12.jar:/app/libs/slf4j-api-1.7.30.jar:/app/libs/jackson-dataformat-yaml-2.11.2.jar:/app/libs/snakeyaml-1.26.jar:/app/libs/jackson-datatype-jsr310-2.11.2.jar:/app/libs/jackson-databind-2.11.2.jar:/app/libs/jackson-core-2.11.2.jar:/app/libs/zjsonpatch-0.3.0.jar:/app/libs/generex-1.0.2.jar:/app/libs/automaton-1.11-8.jar:/app/libs/dagger-2.34.1.jar:/app/libs/javax.inject-1.jar:/app/libs/commons-lang3-3.12.0.jar:/app/libs/commons-codec-1.15.jar:/app/libs/commons-io-2.8.0.jar:/app/libs/commons-validator-1.7.jar:/app/libs/commons-beanutils-1.9.4.jar:/app/libs/commons-digester-2.1.jar:/app/libs/commons-logging-1.2.jar:/app/libs/commons-collections-3.2.2.jar:/app/libs/httpclient-4.5.13.jar:/app/libs/httpcore-4.4.13.jar:/app/libs/vertx-web-3.9.7.jar:/app/libs/vertx-web-common-3.9.7.jar:/app/libs/vertx-auth-common-3.9.7.jar:/app/libs/vertx-bridge-common-3.9.7.jar:/app/libs/vertx-core-3.9.7.jar:/app/libs/netty-common-4.1.60.Final.jar:/app/libs/netty-buffer-4.1.60.Final.jar:/app/libs/netty-transport-4.1.60.Final.jar:/app/libs/netty-handler-4.1.60.Final.jar:/app/libs/netty-codec-4.1.60.Final.jar:/app/libs/netty-handler-proxy-4.1.60.Final.jar:/app/libs/netty-codec-socks-4.1.60.Final.jar:/app/libs/netty-codec-http-4.1.60.Final.jar:/app/libs/netty-codec-http2-4.1.60.Final.jar:/app/libs/netty-resolver-4.1.60.Final.jar:/app/libs/netty-resolver-dns-4.1.60.Final.jar:/app/libs/netty-codec-dns-4.1.60.Final.jar:/app/libs/vertx-web-client-3.9.7.jar:/app/libs/slf4j-jdk14-1.7.30.jar:/app/libs/gson-2.8.6.jar:/app/libs/caffeine-3.0.1.jar:/app/libs/jsoup-1.14.2.jar:/*' @/app/jib-main-class-file
Oct 28, 2021 4:36:51 PM io.cryostat.core.log.Logger info
INFO: cryostat started.
Oct 28, 2021 4:36:52 PM io.cryostat.core.log.Logger info
INFO: Selected SSL KeyStore strategy with keystore /opt/cryostat.d/keystore.p12
Oct 28, 2021 4:36:52 PM io.cryostat.core.log.Logger info
INFO: Local config path set as /opt/cryostat.d/conf.d
Exception in thread "main" java.lang.RuntimeException: java.nio.file.NoSuchFileException: /opt/cryostat.d/conf.d/credentials
    at io.cryostat.configuration.ConfigurationModule.provideCredentialsManager(ConfigurationModule.java:92)
    at io.cryostat.configuration.ConfigurationModule_ProvideCredentialsManagerFactory.provideCredentialsManager(ConfigurationModule_ProvideCredentialsManagerFactory.java:51)
    at io.cryostat.configuration.ConfigurationModule_ProvideCredentialsManagerFactory.get(ConfigurationModule_ProvideCredentialsManagerFactory.java:40)
    at io.cryostat.configuration.ConfigurationModule_ProvideCredentialsManagerFactory.get(ConfigurationModule_ProvideCredentialsManagerFactory.java:12)
    at dagger.internal.DoubleCheck.get(DoubleCheck.java:47)
    at io.cryostat.DaggerCryostat_Client.credentialsManager(DaggerCryostat_Client.java:594)
    at io.cryostat.Cryostat.main(Cryostat.java:74)
Caused by: java.nio.file.NoSuchFileException: /opt/cryostat.d/conf.d/credentials
    at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
    at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)
    at java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:116)
    at java.base/sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:389)
    at java.base/java.nio.file.Files.createDirectory(Files.java:690)
    at io.cryostat.configuration.ConfigurationModule.provideCredentialsManager(ConfigurationModule.java:82)
    ... 6 more
ERRO[0290] accept tcp [::]:41969: use of closed network connection

podman info:

└> podman info
host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers: []
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.30-2.fc34.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.30, commit: '
  cpus: 1
  distribution:
    distribution: fedora
    variant: coreos
    version: "34"
  eventLogger: journald
  hostname: localhost
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.14.11-200.fc34.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 846278656
  memTotal: 2061860864
  ociRuntime:
    name: crun
    package: crun-1.2-1.fc34.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.2
      commit: 4f6c8e0583c679bfee6a899c05ac6b916022561b
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.12-2.fc34.x86_64
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.0
  swapFree: 0
  swapTotal: 0
  uptime: 11m 9.15s
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 1
  runRoot: /run/user/1000/containers
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.0
  Built: 1633030821
  BuiltTime: Thu Sep 30 19:40:21 2021
  GitCommit: ""
  GoVersion: go1.16.8
  OsArch: linux/amd64
  Version: 3.4.0
andrewazores commented 3 years ago

Hi @starksm64 , that issue looks like #707 , so it should have been fixed by #708 / #739. Can you verify for me which branch you have checked out and that you have pulled the latest changes for that branch?

andrewazores commented 3 years ago

Sorry - I should have read your report closer. You're using the manual podman run invocation from an old blog post, which is now out-of-date. There are some additional volume mounts that need to be attached to the container.

Please try sh run.sh or sh smoketest.sh from this repository and let me know if that works for you. The podman run invocation would be fairly long with the additional volume mounts and environment variables that now need to be set.

andrewazores commented 2 years ago

Closing as stale. It looks like the initial podman run command was just out-of-date for the version being tried.