search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.49k stars 2.59k forks source link

Native s2i binary image fails to run SSL-enabled apps #3895

Closed jamesfalkner closed 4 days ago

jamesfalkner commented 4 years ago

Describe the bug I am using https://quay.io/repository/redhat/quarkus-binary-s2i to run a native Linux binary generated from a Quarkus app that uses MongoDB extension w/SSL.

I have set quarkus.ssl.native=true in my application.properties (which should not be needed according to https://quarkus.io/guides/native-and-ssl-guide when using the MongoDB extension.

Expected behavior The app works

Actual behavior The app fails with:

2019-09-06 01:31:05,660 INFO  [org.mon.dri.cluster] (main) Adding discovered server **REDACTED**:10255 to client view of cluster
WARNING: The sunec native library, required by the SunEC provider, could not be loaded. This library is usually shipped as part of the JDK and can be found under <JAVA_HOME>/jre/lib/<platform>/libsunec.so. It is loaded at run time via System.loadLibrary("sunec"), the first time services from SunEC are accessed. To use this provider's services the java.library.path system property needs to be set accordingly to point to a location that contains libsunec.so. Note that if java.library.path is not set it defaults to the current working directory.
2019-09-06 01:31:05,662 INFO  [org.mon.dri.cluster] (main) Cluster created with settings {hosts=[**REDACTED**:10255], mode=MULTIPLE, requiredClusterType=REPLICA_SET, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500, requiredReplicaSetName='globaldb'}
2019-09-06 01:31:05,662 INFO  [org.mon.dri.cluster] (main) Adding discovered server **REDACTED**:10255 to client view of cluster
2019-09-06 01:31:05,683 INFO  [io.quarkus] (main) Quarkus 0.21.2 started in 0.033s. Listening on: http://0.0.0.0:8080
2019-09-06 01:31:05,683 INFO  [io.quarkus] (main) Installed features: [cdi, jaeger, mongodb-client, resteasy, resteasy-jsonb, smallrye-context-propagation, smallrye-metrics, smallrye-opentracing, smallrye-reactive-streams-operators, vertx]
2019-09-06 01:31:05,764 ERROR [org.mon.dri.con.tls] (async-channel-group-0-handler-executor) error in operation: java.lang.UnsatisfiedLinkError: sun.security.ec.ECKeyPairGenerator.isCurveSupported([B)Z [symbol: Java_sun_security_ec_ECKeyPairGenerator_isCurveSupported or Java_sun_security_ec_ECKeyPairGenerator_isCurveSupported___3B]
    at com.oracle.svm.jni.access.JNINativeLinkage.getOrFindEntryPoint(JNINativeLinkage.java:145)
...

According to https://quarkus.io/guides/native-and-ssl-guide I need to set java.library.path to include the sunec lib, but it's not present in the s2i image so I have nothing to set it to.

To Reproduce Steps to reproduce the behavior:

  1. Build Quarkus MongoDB quickstart
  2. point to an ssl-enabled mongo server via application.properties
  3. build native linux binary
  4. deploy using above s2i image on Kubernetes

Configuration

# Add your application.properties here, if applicable.
quarkus.mongodb.connection-string=a_ssl_enabled_mongodb_server_uri
quarkus.mongodb.tls=true
quarkus.mongodb.tls-insecure=true
quarkus.ssl.native=true
rmh78 commented 4 years ago

+1

gastaldi commented 4 days ago

Closing as outdated. Reopen if the problem persists in more recent versions