search

exadel-inc / CompreFace

Leading free and open-source face recognition system
https://exadel.com/accelerator-showcase/compreface/
Apache License 2.0
5.7k stars 775 forks source link

Having JDWP enabled breaks usability in podman pods. #1101

Open tlsalmin opened 1 year ago

tlsalmin commented 1 year ago

If I take the docker-compose and translate all the env-variables and stuff into podman to a buildah file, the compreface-admin part will fail to start due to:

ERROR: transport error 202: bind failed: Address already in use
ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510)

This is due to ADMIN and API both having JDWP enabled on the same port. In podman the containers in a pod implicitly share a network namespace. This allows e.g. the pod to share a single public IP.

JDWP is enabled here:

 cat dev/Dockerfile |grep jdwp
ENTRYPOINT ["sh","-c","java $API_JAVA_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -jar /home/app.jar"]
ENTRYPOINT ["sh","-c","java $ADMIN_JAVA_OPTS -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -jar /home/app.jar"]

Now wouldn't it be more prudent to not enable the JDWP interface by default? I'm no java expert, but sounds like it's not used for control plane traffic. If someone want's to debug things, then enable it in API_JAVA_OPTS or ADMIN_JAVA_OPTS.

There seems to be no way to disable it as trying to e.g. change the port results in:

ERROR: Cannot load this JVM TI agent twice, check your java command line for duplicate jdwp options.

pospielov commented 1 year ago

You are totally right, I'll move it to the .env file